source: mainline/kernel/generic/src/syscall/copy.c

Last change on this file was 5a5269d, checked in by GitHub <noreply@…>, 6 years ago

Change type of uspace pointers in kernel from pointer type to numeric (#170)

From kernel's perspective, userspace addresses are not valid pointers,
and can only be used in calls to copy_to/from_uspace().
Therefore, we change the type of those arguments and variables to
uspace_addr_t which is an alias for sysarg_t.

This allows the compiler to catch accidental direct accesses to
userspace addresses.

Additionally, to avoid losing the type information in code,
a macro uspace_ptr(type) is used that translates to uspace_addr_t.
I makes no functional difference, but allows keeping the type information
in code in case we implement some sort of static checking for it in the future.

However, ccheck doesn't like that, so instead of using uspace_ptr(char),
we use uspace_ptr_char which is defined as
#define uspace_ptr_char uspace_ptr(char).
  • Property mode set to 100644
File size: 4.2 KB
Line 
1/*
2 * Copyright (c) 2006 Jakub Jermar
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * - Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * - Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * - The name of the author may not be used to endorse or promote products
15 * derived from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 */
28
29/** @addtogroup kernel_generic
30 * @{
31 */
32
33/**
34 * @file
35 * @brief Copying between kernel and userspace.
36 *
37 * This file contains sanitized functions for copying data
38 * between kernel and userspace.
39 */
40
41#include <assert.h>
42#include <syscall/copy.h>
43#include <proc/thread.h>
44#include <mm/as.h>
45#include <macros.h>
46#include <arch.h>
47#include <errno.h>
48
49/** Copy data from userspace to kernel.
50 *
51 * Provisions are made to return value even after page fault.
52 *
53 * This function can be called only from syscall.
54 *
55 * @param dst Destination kernel address.
56 * @param uspace_src Source userspace address.
57 * @param size Size of the data to be copied.
58 *
59 * @return EOK on success or an error code from @ref errno.h.
60 */
61errno_t copy_from_uspace(void *dst, uspace_addr_t uspace_src, size_t size)
62{
63 ipl_t ipl;
64 errno_t rc;
65
66 assert(THREAD);
67 assert(!THREAD->in_copy_from_uspace);
68
69 if (!KERNEL_ADDRESS_SPACE_SHADOWED) {
70 if (overlaps(uspace_src, size,
71 KERNEL_ADDRESS_SPACE_START,
72 KERNEL_ADDRESS_SPACE_END - KERNEL_ADDRESS_SPACE_START)) {
73 /*
74 * The userspace source block conflicts with kernel address space.
75 */
76 return EPERM;
77 }
78 }
79
80#ifdef ADDRESS_SPACE_HOLE_START
81 /*
82 * Check whether the address is outside the address space hole.
83 */
84 if (overlaps(uspace_src, size, ADDRESS_SPACE_HOLE_START,
85 ADDRESS_SPACE_HOLE_END - ADDRESS_SPACE_HOLE_START))
86 return EPERM;
87#endif
88
89 ipl = interrupts_disable();
90 THREAD->in_copy_from_uspace = true;
91
92 rc = !memcpy_from_uspace(dst, uspace_src, size) ? EPERM : EOK;
93
94 THREAD->in_copy_from_uspace = false;
95
96 interrupts_restore(ipl);
97 return rc;
98}
99
100/** Copy data from kernel to userspace.
101 *
102 * Provisions are made to return value even after page fault.
103 *
104 * This function can be called only from syscall.
105 *
106 * @param uspace_dst Destination userspace address.
107 * @param src Source kernel address.
108 * @param size Size of the data to be copied.
109 *
110 * @return 0 on success or an error code from @ref errno.h.
111 */
112errno_t copy_to_uspace(uspace_addr_t uspace_dst, const void *src, size_t size)
113{
114 ipl_t ipl;
115 errno_t rc;
116
117 assert(THREAD);
118 assert(!THREAD->in_copy_to_uspace);
119
120 if (!KERNEL_ADDRESS_SPACE_SHADOWED) {
121 if (overlaps(uspace_dst, size,
122 KERNEL_ADDRESS_SPACE_START,
123 KERNEL_ADDRESS_SPACE_END - KERNEL_ADDRESS_SPACE_START)) {
124 /*
125 * The userspace destination block conflicts with kernel address space.
126 */
127 return EPERM;
128 }
129 }
130
131#ifdef ADDRESS_SPACE_HOLE_START
132 /*
133 * Check whether the address is outside the address space hole.
134 */
135 if (overlaps(uspace_dst, size, ADDRESS_SPACE_HOLE_START,
136 ADDRESS_SPACE_HOLE_END - ADDRESS_SPACE_HOLE_START))
137 return EPERM;
138#endif
139
140 ipl = interrupts_disable();
141 THREAD->in_copy_to_uspace = true;
142
143 rc = !memcpy_to_uspace(uspace_dst, src, size) ? EPERM : EOK;
144
145 THREAD->in_copy_to_uspace = false;
146
147 interrupts_restore(ipl);
148 return rc;
149}
150
151/** @}
152 */
Note: See TracBrowser for help on using the repository browser.