diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2015-12-17 09:57:27 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-12-17 09:57:27 -0800 |
commit | 5b24a7a2aa2040c8c50c3b71122901d01661ff78 (patch) | |
tree | b7c953730df4a96ee18ed4d082fee57fb9ad305a /lib/strnlen_user.c | |
parent | 11f1a4b9755f5dbc3e822a96502ebe9b044b14d8 (diff) | |
download | linux-5b24a7a2aa2040c8c50c3b71122901d01661ff78.tar.gz linux-5b24a7a2aa2040c8c50c3b71122901d01661ff78.tar.bz2 linux-5b24a7a2aa2040c8c50c3b71122901d01661ff78.zip |
Add 'unsafe' user access functions for batched accesses
The naming is meant to discourage random use: the helper functions are
not really any more "unsafe" than the traditional double-underscore
functions (which need the address range checking), but they do need even
more infrastructure around them, and should not be used willy-nilly.
In addition to checking the access range, these user access functions
require that you wrap the user access with a "user_acess_{begin,end}()"
around it.
That allows architectures that implement kernel user access control
(x86: SMAP, arm64: PAN) to do the user access control in the wrapping
user_access_begin/end part, and then batch up the actual user space
accesses using the new interfaces.
The main (and hopefully only) use for these are for core generic access
helpers, initially just the generic user string functions
(strnlen_user() and strncpy_from_user()).
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'lib/strnlen_user.c')
0 files changed, 0 insertions, 0 deletions