D57663.diff
No OneTemporary
Actions

Size

3 KB

Referenced Files

None

Subscribers

None

D57663.diff
View Options

	diff --git a/share/man/man9/copy.9 b/share/man/man9/copy.9
	--- a/share/man/man9/copy.9
	+++ b/share/man/man9/copy.9
	@@ -32,15 +32,19 @@
	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	.\" SUCH DAMAGE.
	.\"
	-.Dd May 11, 2020
	+.Dd December 19, 2025
	.Dt COPY 9
	.Os
	.Sh NAME
	.Nm copy ,
	.Nm copyin ,
	.Nm copyin_nofault ,
	+.Nm copyinptr ,
	+.Nm copyinptr_nofault ,
	.Nm copyout ,
	.Nm copyout_nofault ,
	+.Nm copyoutptr ,
	+.Nm copyoutptr_nofault ,
	.Nm copystr ,
	.Nm copyinstr
	.Nd heterogeneous address space copy functions
	@@ -52,9 +56,15 @@
	.Ft int
	.Fn copyin_nofault "const void uaddr" "void kaddr" "size_t len"
	.Ft int
	+.Fn copyinptr "const void uaddr" "void kaddr" "size_t len"
	+.Ft int
	.Fn copyout "const void kaddr" "void uaddr" "size_t len"
	.Ft int
	.Fn copyout_nofault "const void kaddr" "void uaddr" "size_t len"
	+.Ft int
	+.Fn copyoutptr "const void kaddr" "void uaddr" "size_t len"
	+.Ft int
	+.Fn copyoutptr_nofault "const void kaddr" "void uaddr" "size_t len"
	.Ft int __deprecated
	.Fn copystr "const void kfaddr" "void kdaddr" "size_t len" "size_t *done"
	.Ft int
	@@ -81,7 +91,12 @@
	bytes of data from the user-space address
	.Fa uaddr
	to the kernel-space address
	-.Fa kaddr .
	+.Fa kaddr
	+without preserving pointer provenance.
	+The
	+.Fn copyinptr
	+function does the same,
	+but preserve the provenance of copied pointers.
	.Pp
	The
	.Fn copyout
	@@ -92,7 +107,14 @@
	bytes of data from the kernel-space address
	.Fa kaddr
	to the user-space address
	-.Fa uaddr .
	+.Fa uaddr
	+without perservice pointer provenance.
	+The
	+.Fn copyoutptr
	+and
	+.Fn copyoutptr_nofault
	+functions do the same,
	+but preserve the provenance of copied pointers.
	.Pp
	The
	.Fn copyin_nofault
	@@ -105,6 +127,15 @@
	destination addresses may be pageable.
	.Pp
	The
	+.Fn copyinptr ,
	+.Fn copyoutptr ,
	+and
	+.Fn copyoutptr_nofault
	+functions must be used when copying data which may contain pointers,
	+but they should only be used when necessary to limit the number of
	+code paths that could leak pointers.
	+.Pp
	+The
	.Fn copystr
	function copies a NUL-terminated string, at most
	.Fa len
	diff --git a/sys/kern/subr_uio.c b/sys/kern/subr_uio.c
	--- a/sys/kern/subr_uio.c
	+++ b/sys/kern/subr_uio.c
	@@ -88,6 +88,19 @@
	return (error);
	}

	+#ifdef __CHERI__
	+int
	+copyoutptr_nofault(const void kaddr, void udaddr, size_t len)
	+{
	+ int error, save;
	+
	+ save = vm_fault_disable_pagefaults();
	+ error = copyoutptr(kaddr, udaddr, len);
	+ vm_fault_enable_pagefaults(save);
	+ return (error);
	+}
	+#endif
	+
	#define PHYS_PAGE_COUNT(len) (howmany(len, PAGE_SIZE) + 1)

	int
	diff --git a/sys/sys/systm.h b/sys/sys/systm.h
	--- a/sys/sys/systm.h
	+++ b/sys/sys/systm.h
	@@ -324,6 +324,22 @@
	const void * _Nonnull __restrict kaddr, void * __restrict udaddr,
	size_t len);

	+#ifdef __CHERI__
	+int __result_use_check copyinptr(const void * __restrict udaddr,
	+ void * _Nonnull __restrict kaddr, size_t len);
	+int __result_use_check copyoutptr(
	+ const void * _Nonnull __restrict kaddr, void * __restrict udaddr,
	+ size_t len);
	+int __result_use_check copyoutptr_nofault(
	+ const void * _Nonnull __restrict kaddr, void * __restrict udaddr,
	+ size_t len);
	+#else
	+#define copyinptr copyin
	+/* copyinptr_nofault not implemented due to no users */
	+#define copyoutptr copyout
	+#define copyoutptr_nofault copyout_nofault
	+#endif
	+
	#ifdef SAN_NEEDS_INTERCEPTORS
	int SAN_INTERCEPTOR(copyin)(const void , void , size_t);
	int SAN_INTERCEPTOR(copyinstr)(const void , void , size_t, size_t *);

File Metadata

Mime Type: text/plain
Expires: Thu, Jun 25, 3:01 AM (15 h, 24 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 34261066
Default Alt Text: D57663.diff (3 KB)

D57663.diffNo OneTemporaryActions

D57663.diffView Options

File Metadata

Event Timeline

D57663.diff
No OneTemporary
Actions

D57663.diff
View Options