1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _LINUX_FORTIFY_STRING_H_
3 #define _LINUX_FORTIFY_STRING_H_
4
5
6 #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
7 extern void *__underlying_memchr(const void *p, int c, __kernel_size_t size) __RENAME(memchr);
8 extern int __underlying_memcmp(const void *p, const void *q, __kernel_size_t size) __RENAME(memcmp);
9 extern void *__underlying_memcpy(void *p, const void *q, __kernel_size_t size) __RENAME(memcpy);
10 extern void *__underlying_memmove(void *p, const void *q, __kernel_size_t size) __RENAME(memmove);
11 extern void *__underlying_memset(void *p, int c, __kernel_size_t size) __RENAME(memset);
12 extern char *__underlying_strcat(char *p, const char *q) __RENAME(strcat);
13 extern char *__underlying_strcpy(char *p, const char *q) __RENAME(strcpy);
14 extern __kernel_size_t __underlying_strlen(const char *p) __RENAME(strlen);
15 extern char *__underlying_strncat(char *p, const char *q, __kernel_size_t count) __RENAME(strncat);
16 extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size) __RENAME(strncpy);
17 #else
18 #define __underlying_memchr __builtin_memchr
19 #define __underlying_memcmp __builtin_memcmp
20 #define __underlying_memcpy __builtin_memcpy
21 #define __underlying_memmove __builtin_memmove
22 #define __underlying_memset __builtin_memset
23 #define __underlying_strcat __builtin_strcat
24 #define __underlying_strcpy __builtin_strcpy
25 #define __underlying_strlen __builtin_strlen
26 #define __underlying_strncat __builtin_strncat
27 #define __underlying_strncpy __builtin_strncpy
28 #endif
29
strncpy(char * p,const char * q,__kernel_size_t size)30 __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size)
31 {
32 size_t p_size = __builtin_object_size(p, 1);
33
34 if (__builtin_constant_p(size) && p_size < size)
35 __write_overflow();
36 if (p_size < size)
37 fortify_panic(__func__);
38 return __underlying_strncpy(p, q, size);
39 }
40
strcat(char * p,const char * q)41 __FORTIFY_INLINE char *strcat(char *p, const char *q)
42 {
43 size_t p_size = __builtin_object_size(p, 1);
44
45 if (p_size == (size_t)-1)
46 return __underlying_strcat(p, q);
47 if (strlcat(p, q, p_size) >= p_size)
48 fortify_panic(__func__);
49 return p;
50 }
51
strlen(const char * p)52 __FORTIFY_INLINE __kernel_size_t strlen(const char *p)
53 {
54 __kernel_size_t ret;
55 size_t p_size = __builtin_object_size(p, 1);
56
57 /* Work around gcc excess stack consumption issue */
58 if (p_size == (size_t)-1 ||
59 (__builtin_constant_p(p[p_size - 1]) && p[p_size - 1] == '\0'))
60 return __underlying_strlen(p);
61 ret = strnlen(p, p_size);
62 if (p_size <= ret)
63 fortify_panic(__func__);
64 return ret;
65 }
66
67 extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen);
strnlen(const char * p,__kernel_size_t maxlen)68 __FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen)
69 {
70 size_t p_size = __builtin_object_size(p, 1);
71 __kernel_size_t ret = __real_strnlen(p, maxlen < p_size ? maxlen : p_size);
72
73 if (p_size <= ret && maxlen != ret)
74 fortify_panic(__func__);
75 return ret;
76 }
77
78 /* defined after fortified strlen to reuse it */
79 extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy);
strlcpy(char * p,const char * q,size_t size)80 __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size)
81 {
82 size_t ret;
83 size_t p_size = __builtin_object_size(p, 1);
84 size_t q_size = __builtin_object_size(q, 1);
85
86 if (p_size == (size_t)-1 && q_size == (size_t)-1)
87 return __real_strlcpy(p, q, size);
88 ret = strlen(q);
89 if (size) {
90 size_t len = (ret >= size) ? size - 1 : ret;
91
92 if (__builtin_constant_p(len) && len >= p_size)
93 __write_overflow();
94 if (len >= p_size)
95 fortify_panic(__func__);
96 __underlying_memcpy(p, q, len);
97 p[len] = '\0';
98 }
99 return ret;
100 }
101
102 /* defined after fortified strnlen to reuse it */
103 extern ssize_t __real_strscpy(char *, const char *, size_t) __RENAME(strscpy);
strscpy(char * p,const char * q,size_t size)104 __FORTIFY_INLINE ssize_t strscpy(char *p, const char *q, size_t size)
105 {
106 size_t len;
107 /* Use string size rather than possible enclosing struct size. */
108 size_t p_size = __builtin_object_size(p, 1);
109 size_t q_size = __builtin_object_size(q, 1);
110
111 /* If we cannot get size of p and q default to call strscpy. */
112 if (p_size == (size_t) -1 && q_size == (size_t) -1)
113 return __real_strscpy(p, q, size);
114
115 /*
116 * If size can be known at compile time and is greater than
117 * p_size, generate a compile time write overflow error.
118 */
119 if (__builtin_constant_p(size) && size > p_size)
120 __write_overflow();
121
122 /*
123 * This call protects from read overflow, because len will default to q
124 * length if it smaller than size.
125 */
126 len = strnlen(q, size);
127 /*
128 * If len equals size, we will copy only size bytes which leads to
129 * -E2BIG being returned.
130 * Otherwise we will copy len + 1 because of the final '\O'.
131 */
132 len = len == size ? size : len + 1;
133
134 /*
135 * Generate a runtime write overflow error if len is greater than
136 * p_size.
137 */
138 if (len > p_size)
139 fortify_panic(__func__);
140
141 /*
142 * We can now safely call vanilla strscpy because we are protected from:
143 * 1. Read overflow thanks to call to strnlen().
144 * 2. Write overflow thanks to above ifs.
145 */
146 return __real_strscpy(p, q, len);
147 }
148
149 /* defined after fortified strlen and strnlen to reuse them */
strncat(char * p,const char * q,__kernel_size_t count)150 __FORTIFY_INLINE char *strncat(char *p, const char *q, __kernel_size_t count)
151 {
152 size_t p_len, copy_len;
153 size_t p_size = __builtin_object_size(p, 1);
154 size_t q_size = __builtin_object_size(q, 1);
155
156 if (p_size == (size_t)-1 && q_size == (size_t)-1)
157 return __underlying_strncat(p, q, count);
158 p_len = strlen(p);
159 copy_len = strnlen(q, count);
160 if (p_size < p_len + copy_len + 1)
161 fortify_panic(__func__);
162 __underlying_memcpy(p + p_len, q, copy_len);
163 p[p_len + copy_len] = '\0';
164 return p;
165 }
166
memset(void * p,int c,__kernel_size_t size)167 __FORTIFY_INLINE void *memset(void *p, int c, __kernel_size_t size)
168 {
169 size_t p_size = __builtin_object_size(p, 0);
170
171 if (__builtin_constant_p(size) && p_size < size)
172 __write_overflow();
173 if (p_size < size)
174 fortify_panic(__func__);
175 return __underlying_memset(p, c, size);
176 }
177
memcpy(void * p,const void * q,__kernel_size_t size)178 __FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size)
179 {
180 size_t p_size = __builtin_object_size(p, 0);
181 size_t q_size = __builtin_object_size(q, 0);
182
183 if (__builtin_constant_p(size)) {
184 if (p_size < size)
185 __write_overflow();
186 if (q_size < size)
187 __read_overflow2();
188 }
189 if (p_size < size || q_size < size)
190 fortify_panic(__func__);
191 return __underlying_memcpy(p, q, size);
192 }
193
memmove(void * p,const void * q,__kernel_size_t size)194 __FORTIFY_INLINE void *memmove(void *p, const void *q, __kernel_size_t size)
195 {
196 size_t p_size = __builtin_object_size(p, 0);
197 size_t q_size = __builtin_object_size(q, 0);
198
199 if (__builtin_constant_p(size)) {
200 if (p_size < size)
201 __write_overflow();
202 if (q_size < size)
203 __read_overflow2();
204 }
205 if (p_size < size || q_size < size)
206 fortify_panic(__func__);
207 return __underlying_memmove(p, q, size);
208 }
209
210 extern void *__real_memscan(void *, int, __kernel_size_t) __RENAME(memscan);
memscan(void * p,int c,__kernel_size_t size)211 __FORTIFY_INLINE void *memscan(void *p, int c, __kernel_size_t size)
212 {
213 size_t p_size = __builtin_object_size(p, 0);
214
215 if (__builtin_constant_p(size) && p_size < size)
216 __read_overflow();
217 if (p_size < size)
218 fortify_panic(__func__);
219 return __real_memscan(p, c, size);
220 }
221
memcmp(const void * p,const void * q,__kernel_size_t size)222 __FORTIFY_INLINE int memcmp(const void *p, const void *q, __kernel_size_t size)
223 {
224 size_t p_size = __builtin_object_size(p, 0);
225 size_t q_size = __builtin_object_size(q, 0);
226
227 if (__builtin_constant_p(size)) {
228 if (p_size < size)
229 __read_overflow();
230 if (q_size < size)
231 __read_overflow2();
232 }
233 if (p_size < size || q_size < size)
234 fortify_panic(__func__);
235 return __underlying_memcmp(p, q, size);
236 }
237
memchr(const void * p,int c,__kernel_size_t size)238 __FORTIFY_INLINE void *memchr(const void *p, int c, __kernel_size_t size)
239 {
240 size_t p_size = __builtin_object_size(p, 0);
241
242 if (__builtin_constant_p(size) && p_size < size)
243 __read_overflow();
244 if (p_size < size)
245 fortify_panic(__func__);
246 return __underlying_memchr(p, c, size);
247 }
248
249 void *__real_memchr_inv(const void *s, int c, size_t n) __RENAME(memchr_inv);
memchr_inv(const void * p,int c,size_t size)250 __FORTIFY_INLINE void *memchr_inv(const void *p, int c, size_t size)
251 {
252 size_t p_size = __builtin_object_size(p, 0);
253
254 if (__builtin_constant_p(size) && p_size < size)
255 __read_overflow();
256 if (p_size < size)
257 fortify_panic(__func__);
258 return __real_memchr_inv(p, c, size);
259 }
260
261 extern void *__real_kmemdup(const void *src, size_t len, gfp_t gfp) __RENAME(kmemdup);
kmemdup(const void * p,size_t size,gfp_t gfp)262 __FORTIFY_INLINE void *kmemdup(const void *p, size_t size, gfp_t gfp)
263 {
264 size_t p_size = __builtin_object_size(p, 0);
265
266 if (__builtin_constant_p(size) && p_size < size)
267 __read_overflow();
268 if (p_size < size)
269 fortify_panic(__func__);
270 return __real_kmemdup(p, size, gfp);
271 }
272
273 /* defined after fortified strlen and memcpy to reuse them */
strcpy(char * p,const char * q)274 __FORTIFY_INLINE char *strcpy(char *p, const char *q)
275 {
276 size_t p_size = __builtin_object_size(p, 1);
277 size_t q_size = __builtin_object_size(q, 1);
278 size_t size;
279
280 if (p_size == (size_t)-1 && q_size == (size_t)-1)
281 return __underlying_strcpy(p, q);
282 size = strlen(q) + 1;
283 /* Compile-time check for const size overflow. */
284 if (__builtin_constant_p(size) && p_size < size)
285 __write_overflow();
286 /* Run-time check for dynamic size overflow. */
287 if (p_size < size)
288 fortify_panic(__func__);
289 memcpy(p, q, size);
290 return p;
291 }
292
293 /* Don't use these outside the FORITFY_SOURCE implementation */
294 #undef __underlying_memchr
295 #undef __underlying_memcmp
296 #undef __underlying_memcpy
297 #undef __underlying_memmove
298 #undef __underlying_memset
299 #undef __underlying_strcat
300 #undef __underlying_strcpy
301 #undef __underlying_strlen
302 #undef __underlying_strncat
303 #undef __underlying_strncpy
304
305 #endif /* _LINUX_FORTIFY_STRING_H_ */
306