include/linux/uaccess.h
Source file repositories/reference/linux-study-clean/include/linux/uaccess.h
File Facts
- System
- Linux kernel
- Corpus path
include/linux/uaccess.h- Extension
.h- Size
- 31320 bytes
- Lines
- 945
- Domain
- Core OS
- Bucket
- Core Kernel Interface
- Inferred role
- Core OS: syscall or user/kernel boundary
- Status
- core implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Defines or participates in a user/kernel boundary; inspect argument validation, copy_from_user/copy_to_user, credentials, and dispatch target.
- Touches user memory; correctness depends on fault-safe copying and privilege boundary handling.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/cleanup.hlinux/fault-inject-usercopy.hlinux/instrumented.hlinux/minmax.hlinux/nospec.hlinux/sched.hlinux/ucopysize.hasm/uaccess.h
Detected Declarations
function raw_copy_in_userfunction __copy_from_userfunction access_okfunction __copy_to_userfunction _inline_copy_from_userfunction _inline_copy_to_userfunction copy_from_userfunction copy_to_userfunction copy_mc_to_kernelfunction pagefault_disabled_incfunction pagefault_disabled_decfunction pagefault_disabledfunction pagefault_enablefunction pagefault_disabledfunction pagefault_disablefunction copy_from_user_inatomic_nontemporalfunction Returnsfunction __copy_struct_generic_bounce_bufferfunction copy_struct_from_userfunction copy_struct_to_userfunction user_access_savefunction user_access_restorefunction __scoped_user_read_access_endfunction __scoped_user_write_access_endfunction __scoped_user_rw_access_endfunction scoped_user_rw_access
Annotated Snippet
* SYSCALL_DEFINE2(foobar, const struct foo __user *, uarg, size_t, usize)
* {
* int err;
* struct foo karg = {};
*
* if (usize > PAGE_SIZE)
* return -E2BIG;
* if (usize < FOO_SIZE_VER0)
* return -EINVAL;
*
* err = copy_struct_from_user(&karg, sizeof(karg), uarg, usize);
* if (err)
* return err;
*
* // ...
* }
*
* There are three cases to consider:
* * If @usize == @ksize, then it's copied verbatim.
* * If @usize < @ksize, then the userspace has passed an old struct to a
* newer kernel. The rest of the trailing bytes in @dst (@ksize - @usize)
* are to be zero-filled.
* * If @usize > @ksize, then the userspace has passed a new struct to an
* older kernel. The trailing bytes unknown to the kernel (@usize - @ksize)
* are checked to ensure they are zeroed, otherwise -E2BIG is returned.
*
* Returns (in all cases, some data may have been copied):
* * -E2BIG: (@usize > @ksize) and there are non-zero trailing bytes in @src.
* * -EFAULT: access to userspace failed.
*/
static __always_inline __must_check int
copy_struct_from_user(void *dst, size_t ksize, const void __user *src,
size_t usize)
{
size_t size = min(ksize, usize);
size_t rest = max(ksize, usize) - size;
/* Double check if ksize is larger than a known object size. */
if (WARN_ON_ONCE(ksize > __builtin_object_size(dst, 1)))
return -E2BIG;
/* Deal with trailing bytes. */
if (usize < ksize) {
memset(dst + size, 0, rest);
} else if (usize > ksize) {
int ret = check_zeroed_user(src + size, rest);
if (ret <= 0)
return ret ?: -E2BIG;
}
/* Copy the interoperable parts of the struct. */
if (copy_from_user(dst, src, size))
return -EFAULT;
return 0;
}
/**
* copy_struct_to_user: copy a struct to userspace
* @dst: Destination address, in userspace. This buffer must be @ksize
* bytes long.
* @usize: (Alleged) size of @dst struct.
* @src: Source address, in kernel space.
* @ksize: Size of @src struct.
* @ignored_trailing: Set to %true if there was a non-zero byte in @src that
* userspace cannot see because they are using an smaller struct.
*
* Copies a struct from kernel space to userspace, in a way that guarantees
* backwards-compatibility for struct syscall arguments (as long as future
* struct extensions are made such that all new fields are *appended* to the
* old struct, and zeroed-out new fields have the same meaning as the old
* struct).
*
* Some syscalls may wish to make sure that userspace knows about everything in
* the struct, and if there is a non-zero value that userspce doesn't know
* about, they want to return an error (such as -EMSGSIZE) or have some other
* fallback (such as adding a "you're missing some information" flag). If
* @ignored_trailing is non-%NULL, it will be set to %true if there was a
* non-zero byte that could not be copied to userspace (ie. was past @usize).
*
* While unconditionally returning an error in this case is the simplest
* solution, for maximum backward compatibility you should try to only return
* -EMSGSIZE if the user explicitly requested the data that couldn't be copied.
* Note that structure sizes can change due to header changes and simple
* recompilations without code changes(!), so if you care about
* @ignored_trailing you probably want to make sure that any new field data is
* associated with a flag. Otherwise you might assume that a program knows
* about data it does not.
*
* @ksize is just sizeof(*src), and @usize should've been passed by userspace.
* The recommended usage is something like the following:
*
Annotation
- Immediate include surface: `linux/cleanup.h`, `linux/fault-inject-usercopy.h`, `linux/instrumented.h`, `linux/minmax.h`, `linux/nospec.h`, `linux/sched.h`, `linux/ucopysize.h`, `asm/uaccess.h`.
- Detected declarations: `function raw_copy_in_user`, `function __copy_from_user`, `function access_ok`, `function __copy_to_user`, `function _inline_copy_from_user`, `function _inline_copy_to_user`, `function copy_from_user`, `function copy_to_user`, `function copy_mc_to_kernel`, `function pagefault_disabled_inc`.
- Atlas domain: Core OS / Core Kernel Interface.
- Implementation status: core implementation candidate.
- This snippet crosses the user/kernel memory boundary; validate fault handling and access checks before translating the pattern.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.