xref: /linux-6.15/include/linux/ucopysize.h (revision 496d2d23) 
1808aac63SKees Cook /* SPDX-License-Identifier: GPL-2.0 */
2808aac63SKees Cook /* Perform sanity checking for object sizes for uaccess.h and uio.h. */
3808aac63SKees Cook #ifndef __LINUX_UCOPYSIZE_H__
4808aac63SKees Cook #define __LINUX_UCOPYSIZE_H__
5808aac63SKees Cook 
6808aac63SKees Cook #include <linux/bug.h>
7808aac63SKees Cook 
8808aac63SKees Cook #ifdef CONFIG_HARDENED_USERCOPY
9*496d2d23SMel Gorman #include <linux/jump_label.h>
10808aac63SKees Cook extern void __check_object_size(const void *ptr, unsigned long n,
11808aac63SKees Cook 					bool to_user);
12808aac63SKees Cook 
13*496d2d23SMel Gorman DECLARE_STATIC_KEY_MAYBE(CONFIG_HARDENED_USERCOPY_DEFAULT_ON,
14*496d2d23SMel Gorman 			   validate_usercopy_range);
15*496d2d23SMel Gorman 
check_object_size(const void * ptr,unsigned long n,bool to_user)16808aac63SKees Cook static __always_inline void check_object_size(const void *ptr, unsigned long n,
17808aac63SKees Cook 					      bool to_user)
18808aac63SKees Cook {
19*496d2d23SMel Gorman 	if (!__builtin_constant_p(n) &&
20*496d2d23SMel Gorman 	    static_branch_maybe(CONFIG_HARDENED_USERCOPY_DEFAULT_ON,
21*496d2d23SMel Gorman 				&validate_usercopy_range)) {
22808aac63SKees Cook 		__check_object_size(ptr, n, to_user);
23808aac63SKees Cook 	}
24*496d2d23SMel Gorman }
25808aac63SKees Cook #else
check_object_size(const void * ptr,unsigned long n,bool to_user)26808aac63SKees Cook static inline void check_object_size(const void *ptr, unsigned long n,
27808aac63SKees Cook 				     bool to_user)
28808aac63SKees Cook { }
29808aac63SKees Cook #endif /* CONFIG_HARDENED_USERCOPY */
30808aac63SKees Cook 
31808aac63SKees Cook extern void __compiletime_error("copy source size is too small")
32808aac63SKees Cook __bad_copy_from(void);
33808aac63SKees Cook extern void __compiletime_error("copy destination size is too small")
34808aac63SKees Cook __bad_copy_to(void);
35808aac63SKees Cook 
36808aac63SKees Cook void __copy_overflow(int size, unsigned long count);
37808aac63SKees Cook 
copy_overflow(int size,unsigned long count)38808aac63SKees Cook static inline void copy_overflow(int size, unsigned long count)
39808aac63SKees Cook {
40808aac63SKees Cook 	if (IS_ENABLED(CONFIG_BUG))
41808aac63SKees Cook 		__copy_overflow(size, count);
42808aac63SKees Cook }
43808aac63SKees Cook 
44808aac63SKees Cook static __always_inline __must_check bool
check_copy_size(const void * addr,size_t bytes,bool is_source)45808aac63SKees Cook check_copy_size(const void *addr, size_t bytes, bool is_source)
46808aac63SKees Cook {
47808aac63SKees Cook 	int sz = __builtin_object_size(addr, 0);
48808aac63SKees Cook 	if (unlikely(sz >= 0 && sz < bytes)) {
49808aac63SKees Cook 		if (!__builtin_constant_p(bytes))
50808aac63SKees Cook 			copy_overflow(sz, bytes);
51808aac63SKees Cook 		else if (is_source)
52808aac63SKees Cook 			__bad_copy_from();
53808aac63SKees Cook 		else
54808aac63SKees Cook 			__bad_copy_to();
55808aac63SKees Cook 		return false;
56808aac63SKees Cook 	}
57808aac63SKees Cook 	if (WARN_ON_ONCE(bytes > INT_MAX))
58808aac63SKees Cook 		return false;
59808aac63SKees Cook 	check_object_size(addr, bytes, is_source);
60808aac63SKees Cook 	return true;
61808aac63SKees Cook }
62808aac63SKees Cook 
63808aac63SKees Cook #endif /* __LINUX_UCOPYSIZE_H__ */
64