1 files changed, 103 insertions, 0 deletions
diff --git a/arch/x86/lib/usercopy.c b/arch/x86/lib/usercopy.c
index 97be9cb54483..57252c928f56 100644
--- a/arch/x86/lib/usercopy.c
+++ b/arch/x86/lib/usercopy.c
@@ -7,6 +7,8 @@
 #include <linux/highmem.h>
 #include <linux/module.h>
+#include <asm/word-at-a-time.h>
 /*
 * best effort, GUP based copy_from_user() that is NMI-safe
 */
@@ -41,3 +43,104 @@ copy_from_user_nmi(void *to, const void __user *from, unsigned long n)
        return len;
 }
 EXPORT_SYMBOL_GPL(copy_from_user_nmi);
+static inline unsigned long count_bytes(unsigned long mask)
+{
+        mask = (mask - 1) & ~mask;
+        mask >>= 7;
+        return count_masked_bytes(mask);
+}
+/*
+ * Do a strncpy, return length of string without final '\0'.
+ * 'count' is the user-supplied count (return 'count' if we
+ * hit it), 'max' is the address space maximum (and we return
+ * -EFAULT if we hit it).
+ */
+static inline long do_strncpy_from_user(char *dst, const char __user *src, long count, long max)
+{
+        long res = 0;
+        /*
+         * Truncate 'max' to the user-specified limit, so that
+         * we only have one limit we need to check in the loop
+         */
+        if (max > count)
+                max = count;
+        while (max >= sizeof(unsigned long)) {
+                unsigned long c;
+                /* Fall back to byte-at-a-time if we get a page fault */
+                if (unlikely(__get_user(c,(unsigned long __user *)(src+res))))
+                        break;
+                /* This can write a few bytes past the NUL character, but that's ok */
+                *(unsigned long *)(dst+res) = c;
+                c = has_zero(c);
+                if (c)
+                        return res + count_bytes(c);
+                res += sizeof(unsigned long);
+                max -= sizeof(unsigned long);
+        }
+        while (max) {
+                char c;
+                if (unlikely(__get_user(c,src+res)))
+                        return -EFAULT;
+                dst[res] = c;
+                if (!c)
+                        return res;
+                res++;
+                max--;
+        }
+        /*
+         * Uhhuh. We hit 'max'. But was that the user-specified maximum
+         * too? If so, that's ok - we got as much as the user asked for.
+         */
+        if (res >= count)
+                return count;
+        /*
+         * Nope: we hit the address space limit, and we still had more
+         * characters the caller would have wanted. That's an EFAULT.
+         */
+        return -EFAULT;
+}
+/**
+ * strncpy_from_user: - Copy a NUL terminated string from userspace.
+ * @dst:   Destination address, in kernel space.  This buffer must be at
+ *         least @count bytes long.
+ * @src:   Source address, in user space.
+ * @count: Maximum number of bytes to copy, including the trailing NUL.
+ *
+ * Copies a NUL-terminated string from userspace to kernel space.
+ *
+ * On success, returns the length of the string (not including the trailing
+ * NUL).
+ *
+ * If access to userspace fails, returns -EFAULT (some data may have been
+ * copied).
+ *
+ * If @count is smaller than the length of the string, copies @count bytes
+ * and returns @count.
+ */
+long
+strncpy_from_user(char *dst, const char __user *src, long count)
+{
+        unsigned long max_addr, src_addr;
+        if (unlikely(count <= 0))
+                return 0;
+        max_addr = current_thread_info()->addr_limit.seg;
+        src_addr = (unsigned long)src;
+        if (likely(src_addr < max_addr)) {
+                unsigned long max = max_addr - src_addr;
+                return do_strncpy_from_user(dst, src, count, max);
+        }
+        return -EFAULT;
+}
+EXPORT_SYMBOL(strncpy_from_user);

diff --git a/arch/x86/lib/usercopy.c b/arch/x86/lib/usercopy.c index 97be9cb54483..57252c928f56 100644 --- a/arch/x86/lib/usercopy.c +++ b/arch/x86/lib/usercopy.c
@@ -7,6 +7,8 @@
7	#include <linux/highmem.h>	7	#include <linux/highmem.h>
8	#include <linux/module.h>	8	#include <linux/module.h>
9		9
		10	#include <asm/word-at-a-time.h>
		11
10	/*	12	/*
11	* best effort, GUP based copy_from_user() that is NMI-safe	13	* best effort, GUP based copy_from_user() that is NMI-safe
12	*/	14	*/
@@ -41,3 +43,104 @@ copy_from_user_nmi(void to, const void __user from, unsigned long n)
41	return len;	43	return len;
42	}	44	}
43	EXPORT_SYMBOL_GPL(copy_from_user_nmi);	45	EXPORT_SYMBOL_GPL(copy_from_user_nmi);
		46
		47	static inline unsigned long count_bytes(unsigned long mask)
		48	{
		49	mask = (mask - 1) & ~mask;
		50	mask >>= 7;
		51	return count_masked_bytes(mask);
		52	}
		53
		54	/*
		55	* Do a strncpy, return length of string without final '\0'.
		56	* 'count' is the user-supplied count (return 'count' if we
		57	* hit it), 'max' is the address space maximum (and we return
		58	* -EFAULT if we hit it).
		59	*/
		60	static inline long do_strncpy_from_user(char dst, const char __user src, long count, long max)
		61	{
		62	long res = 0;
		63
		64	/*
		65	* Truncate 'max' to the user-specified limit, so that
		66	* we only have one limit we need to check in the loop
		67	*/
		68	if (max > count)
		69	max = count;
		70
		71	while (max >= sizeof(unsigned long)) {
		72	unsigned long c;
		73
		74	/* Fall back to byte-at-a-time if we get a page fault */
		75	if (unlikely(__get_user(c,(unsigned long __user *)(src+res))))
		76	break;
		77	/* This can write a few bytes past the NUL character, but that's ok */
		78	(unsigned long )(dst+res) = c;
		79	c = has_zero(c);
		80	if (c)
		81	return res + count_bytes(c);
		82	res += sizeof(unsigned long);
		83	max -= sizeof(unsigned long);
		84	}
		85
		86	while (max) {
		87	char c;
		88
		89	if (unlikely(__get_user(c,src+res)))
		90	return -EFAULT;
		91	dst[res] = c;
		92	if (!c)
		93	return res;
		94	res++;
		95	max--;
		96	}
		97
		98	/*
		99	* Uhhuh. We hit 'max'. But was that the user-specified maximum
		100	* too? If so, that's ok - we got as much as the user asked for.
		101	*/
		102	if (res >= count)
		103	return count;
		104
		105	/*
		106	* Nope: we hit the address space limit, and we still had more
		107	* characters the caller would have wanted. That's an EFAULT.
		108	*/
		109	return -EFAULT;
		110	}
		111
		112	/**
		113	* strncpy_from_user: - Copy a NUL terminated string from userspace.
		114	* @dst: Destination address, in kernel space. This buffer must be at
		115	* least @count bytes long.
		116	* @src: Source address, in user space.
		117	* @count: Maximum number of bytes to copy, including the trailing NUL.
		118	*
		119	* Copies a NUL-terminated string from userspace to kernel space.
		120	*
		121	* On success, returns the length of the string (not including the trailing
		122	* NUL).
		123	*
		124	* If access to userspace fails, returns -EFAULT (some data may have been
		125	* copied).
		126	*
		127	* If @count is smaller than the length of the string, copies @count bytes
		128	* and returns @count.
		129	*/
		130	long
		131	strncpy_from_user(char dst, const char __user src, long count)
		132	{
		133	unsigned long max_addr, src_addr;
		134
		135	if (unlikely(count <= 0))
		136	return 0;
		137
		138	max_addr = current_thread_info()->addr_limit.seg;
		139	src_addr = (unsigned long)src;
		140	if (likely(src_addr < max_addr)) {
		141	unsigned long max = max_addr - src_addr;
		142	return do_strncpy_from_user(dst, src, count, max);
		143	}
		144	return -EFAULT;
		145	}
		146	EXPORT_SYMBOL(strncpy_from_user);