Re: [PATCH v2 net-next 1/2] lib: introduce strncpy_from_unsafe()

[Steven Rostedt]

On Fri, 28 Aug 2015 12:51:48 -0700
Alexei Starovoitov <ast@xxxxxxxxxxxx> wrote:

>  EXPORT_SYMBOL(strncpy_from_user);
> +
> +/**
> + * strncpy_from_unsafe: - Copy a NUL terminated string from unsafe address.
> + * @dst:   Destination address, in kernel space.  This buffer must be at
> + *         least @count bytes long.
> + * @src:   Unsafe address.
> + * @count: Maximum number of bytes to copy, including the trailing NUL.
> + *
> + * Copies a NUL-terminated string from unsafe address to kernel buffer.
> + *
> + * On success, returns the length of the string (not including the trailing
> + * NUL).

I think it includes the NUL.

> + *
> + * If access fails, returns -EFAULT (some data may have been copied).
> + *
> + * If @count is smaller than the length of the string, copies @count bytes
> + * and returns @count.
> + */
> +long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count)
> +{
> +	mm_segment_t old_fs = get_fs();
> +	const void *src = unsafe_addr;

src = unsafe_addr = 0x100;

*unsafe_addr = "1\0";

> +	long ret;
> +
> +	if (unlikely(count <= 0))
> +		return 0;
> +
> +	set_fs(KERNEL_DS);
> +	pagefault_disable();
> +
> +	do {
> +		ret = __copy_from_user_inatomic(dst++,
> +						(const void __user __force *)src++, 1);

First loop:

  dst[-1] = '1'
  src = 0x101

Second loop:

  dst[-1] = '\0'
  src = 0x102


> +	} while (dst[-1] && ret == 0 && src - unsafe_addr < count);
> +
> +	dst[-1] = '\0';
> +	pagefault_enable();
> +	set_fs(old_fs);
> +
> +	return ret < 0 ? ret : src - unsafe_addr;

  src - unsafe_addr = 0x102 - 0x100 = 2

Included the NUL.

-- Steve

> +}

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/