mm/usercopy.c
Source file repositories/reference/linux-study-clean/mm/usercopy.c
File Facts
- System
- Linux kernel
- Corpus path
mm/usercopy.c- Extension
.c- Size
- 8608 bytes
- Lines
- 288
- Domain
- Core OS
- Bucket
- Memory Management
- Inferred role
- Core OS: exported/initcall integration point
- Status
- integration implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Exports symbols or registers init work; inspect boot/module ordering and who consumes the exported contract.
- Touches user memory; correctness depends on fault-safe copying and privilege boundary handling.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/mm.hlinux/highmem.hlinux/kstrtox.hlinux/slab.hlinux/sched.hlinux/sched/task.hlinux/sched/task_stack.hlinux/ucopysize.hlinux/vmalloc.hlinux/atomic.hlinux/jump_label.hasm/sections.hslab.h
Detected Declarations
function Copyrightfunction copy_from_userfunction overlapsfunction check_kernel_text_objectfunction check_bogus_addressfunction check_heap_objectfunction __check_object_sizefunction parse_hardened_usercopyfunction set_hardened_usercopyexport validate_usercopy_rangeexport __check_object_size
Annotated Snippet
if (n > area->va_end - addr) {
offset = addr - area->va_start;
usercopy_abort("vmalloc", NULL, to_user, offset, n);
}
return;
}
if (!virt_addr_valid(ptr))
return;
page = virt_to_page(ptr);
slab = page_slab(page);
if (slab) {
/* Check slab allocator for flags and size. */
__check_heap_object(ptr, n, slab, to_user);
} else if (PageCompound(page)) {
page = compound_head(page);
offset = ptr - page_address(page);
if (n > page_size(page) - offset)
usercopy_abort("page alloc", NULL, to_user, offset, n);
}
/*
* We cannot check non-compound pages. They might be part of
* a large allocation, in which case crossing a page boundary
* is fine.
*/
}
DEFINE_STATIC_KEY_MAYBE_RO(CONFIG_HARDENED_USERCOPY_DEFAULT_ON,
validate_usercopy_range);
EXPORT_SYMBOL(validate_usercopy_range);
/*
* Validates that the given object is:
* - not bogus address
* - fully contained by stack (or stack frame, when available)
* - fully within SLAB object (or object whitelist area, when available)
* - not in kernel text
*/
void __check_object_size(const void *ptr, unsigned long n, bool to_user)
{
/* Skip all tests if size is zero. */
if (!n)
return;
/* Check for invalid addresses. */
check_bogus_address((const unsigned long)ptr, n, to_user);
/* Check for bad stack object. */
switch (check_stack_object(ptr, n)) {
case NOT_STACK:
/* Object is not touching the current process stack. */
break;
case GOOD_FRAME:
case GOOD_STACK:
/*
* Object is either in the correct frame (when it
* is possible to check) or just generally on the
* process stack (when frame checking not available).
*/
return;
default:
usercopy_abort("process stack", NULL, to_user,
#ifdef CONFIG_ARCH_HAS_CURRENT_STACK_POINTER
IS_ENABLED(CONFIG_STACK_GROWSUP) ?
ptr - (void *)current_stack_pointer :
(void *)current_stack_pointer - ptr,
#else
0,
#endif
n);
}
/* Check for bad heap object. */
check_heap_object(ptr, n, to_user);
/* Check for object in kernel to avoid text exposure. */
check_kernel_text_object((const unsigned long)ptr, n, to_user);
}
EXPORT_SYMBOL(__check_object_size);
static bool enable_checks __initdata =
IS_ENABLED(CONFIG_HARDENED_USERCOPY_DEFAULT_ON);
static int __init parse_hardened_usercopy(char *str)
{
if (kstrtobool(str, &enable_checks))
pr_warn("Invalid option string for hardened_usercopy: '%s'\n",
str);
Annotation
- Immediate include surface: `linux/mm.h`, `linux/highmem.h`, `linux/kstrtox.h`, `linux/slab.h`, `linux/sched.h`, `linux/sched/task.h`, `linux/sched/task_stack.h`, `linux/ucopysize.h`.
- Detected declarations: `function Copyright`, `function copy_from_user`, `function overlaps`, `function check_kernel_text_object`, `function check_bogus_address`, `function check_heap_object`, `function __check_object_size`, `function parse_hardened_usercopy`, `function set_hardened_usercopy`, `export validate_usercopy_range`.
- Atlas domain: Core OS / Memory Management.
- Implementation status: integration implementation candidate.
- This snippet crosses the user/kernel memory boundary; validate fault handling and access checks before translating the pattern.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.