Re: [PATCH v2 net-next 1/2] lib: introduce strncpy_from_unsafe()
From: Steven Rostedt
Date: Fri Aug 28 2015 - 17:48:20 EST
On Fri, 28 Aug 2015 12:51:48 -0700
Alexei Starovoitov <ast@xxxxxxxxxxxx> wrote:
> EXPORT_SYMBOL(strncpy_from_user);
> +
> +/**
> + * strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address.
> + * @dst: Destination address, in kernel space. This buffer must be at
> + * least @count bytes long.
> + * @src: Unsafe address.
> + * @count: Maximum number of bytes to copy, including the trailing NUL.
> + *
> + * Copies a NUL-terminated string from unsafe address to kernel buffer.
> + *
> + * On success, returns the length of the string (not including the trailing
> + * NUL).
I think it includes the NUL.
> + *
> + * If access fails, returns -EFAULT (some data may have been copied).
> + *
> + * If @count is smaller than the length of the string, copies @count bytes
> + * and returns @count.
> + */
> +long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count)
> +{
> + mm_segment_t old_fs = get_fs();
> + const void *src = unsafe_addr;
src = unsafe_addr = 0x100;
*unsafe_addr = "1\0";
> + long ret;
> +
> + if (unlikely(count <= 0))
> + return 0;
> +
> + set_fs(KERNEL_DS);
> + pagefault_disable();
> +
> + do {
> + ret = __copy_from_user_inatomic(dst++,
> + (const void __user __force *)src++, 1);
First loop:
dst[-1] = '1'
src = 0x101
Second loop:
dst[-1] = '\0'
src = 0x102
> + } while (dst[-1] && ret == 0 && src - unsafe_addr < count);
> +
> + dst[-1] = '\0';
> + pagefault_enable();
> + set_fs(old_fs);
> +
> + return ret < 0 ? ret : src - unsafe_addr;
src - unsafe_addr = 0x102 - 0x100 = 2
Included the NUL.
-- Steve
> +}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/