From f2af7b01b05545fff1cea0768c14e2da552a56ee Mon Sep 17 00:00:00 2001 From: Danilo Krummrich Date: Wed, 22 Oct 2025 16:30:36 +0200 Subject: rust: uaccess: add UserSliceReader::read_slice_partial() The existing read_slice() method is a wrapper around copy_from_user() and expects the user buffer to be larger than the destination buffer. However, userspace may split up writes in multiple partial operations providing an offset into the destination buffer and a smaller user buffer. In order to support this common case, provide a helper for partial reads. Reviewed-by: Greg Kroah-Hartman Reviewed-by: Matthew Maurer Reviewed-by: Alice Ryhl Reviewed-by: Alexandre Courbot Acked-by: Miguel Ojeda [ Replace map_or() with let-else; use saturating_add(). - Danilo ] Signed-off-by: Danilo Krummrich --- rust/kernel/uaccess.rs | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'rust/kernel/uaccess.rs') diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs index a8fb4764185a..1409cb907015 100644 --- a/rust/kernel/uaccess.rs +++ b/rust/kernel/uaccess.rs @@ -287,6 +287,23 @@ impl UserSliceReader { self.read_raw(out) } + /// Reads raw data from the user slice into a kernel buffer partially. + /// + /// This is the same as [`Self::read_slice`] but considers the given `offset` into `out` and + /// truncates the read to the boundaries of `self` and `out`. + /// + /// On success, returns the number of bytes read. + pub fn read_slice_partial(&mut self, out: &mut [u8], offset: usize) -> Result { + let end = offset.saturating_add(self.len()).min(out.len()); + + let Some(dst) = out.get_mut(offset..end) else { + return Ok(0); + }; + + self.read_slice(dst)?; + Ok(dst.len()) + } + /// Reads a value of the specified type. /// /// Fails with [`EFAULT`] if the read happens on a bad address, or if the read goes out of -- cgit From 5829e330482b67a14c8c6d2d500431846d493d67 Mon Sep 17 00:00:00 2001 From: Danilo Krummrich Date: Wed, 22 Oct 2025 16:30:37 +0200 Subject: rust: uaccess: add UserSliceReader::read_slice_file() Add UserSliceReader::read_slice_file(), which is the same as UserSliceReader::read_slice_partial() but updates the given file::Offset by the number of bytes read. This is equivalent to C's `simple_write_to_buffer()` and useful when dealing with file offsets from file operations. Reviewed-by: Alice Ryhl Reviewed-by: Alexandre Courbot Acked-by: Miguel Ojeda [ Replace saturating_add() with the raw operator and a corresponding OVERFLOW comment. - Danilo ] Signed-off-by: Danilo Krummrich --- rust/kernel/uaccess.rs | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'rust/kernel/uaccess.rs') diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs index 1409cb907015..dde8a0abb46d 100644 --- a/rust/kernel/uaccess.rs +++ b/rust/kernel/uaccess.rs @@ -9,6 +9,7 @@ use crate::{ bindings, error::Result, ffi::{c_char, c_void}, + fs::file, prelude::*, transmute::{AsBytes, FromBytes}, }; @@ -304,6 +305,31 @@ impl UserSliceReader { Ok(dst.len()) } + /// Reads raw data from the user slice into a kernel buffer partially. + /// + /// This is the same as [`Self::read_slice_partial`] but updates the given [`file::Offset`] by + /// the number of bytes read. + /// + /// This is equivalent to C's `simple_write_to_buffer()`. + /// + /// On success, returns the number of bytes read. + pub fn read_slice_file(&mut self, out: &mut [u8], offset: &mut file::Offset) -> Result { + if offset.is_negative() { + return Err(EINVAL); + } + + let Ok(offset_index) = (*offset).try_into() else { + return Ok(0); + }; + + let read = self.read_slice_partial(out, offset_index)?; + + // OVERFLOW: `offset + read <= data.len() <= isize::MAX <= Offset::MAX` + *offset += read as i64; + + Ok(read) + } + /// Reads a value of the specified type. /// /// Fails with [`EFAULT`] if the read happens on a bad address, or if the read goes out of -- cgit From 86150533476774ee6ad5875e764ff6acc9a2e48a Mon Sep 17 00:00:00 2001 From: Danilo Krummrich Date: Wed, 22 Oct 2025 16:30:38 +0200 Subject: rust: uaccess: add UserSliceWriter::write_slice_partial() The existing write_slice() method is a wrapper around copy_to_user() and expects the user buffer to be larger than the source buffer. However, userspace may split up reads in multiple partial operations providing an offset into the source buffer and a smaller user buffer. In order to support this common case, provide a helper for partial writes. Reviewed-by: Greg Kroah-Hartman Reviewed-by: Matthew Maurer Reviewed-by: Alice Ryhl Reviewed-by: Alexandre Courbot Acked-by: Miguel Ojeda [ Replace map_or() with let-else; use saturating_add(). - Danilo ] Signed-off-by: Danilo Krummrich --- rust/kernel/uaccess.rs | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'rust/kernel/uaccess.rs') diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs index dde8a0abb46d..38d1404ed9b4 100644 --- a/rust/kernel/uaccess.rs +++ b/rust/kernel/uaccess.rs @@ -481,6 +481,23 @@ impl UserSliceWriter { Ok(()) } + /// Writes raw data to this user pointer from a kernel buffer partially. + /// + /// This is the same as [`Self::write_slice`] but considers the given `offset` into `data` and + /// truncates the write to the boundaries of `self` and `data`. + /// + /// On success, returns the number of bytes written. + pub fn write_slice_partial(&mut self, data: &[u8], offset: usize) -> Result { + let end = offset.saturating_add(self.len()).min(data.len()); + + let Some(src) = data.get(offset..end) else { + return Ok(0); + }; + + self.write_slice(src)?; + Ok(src.len()) + } + /// Writes the provided Rust value to this userspace pointer. /// /// Fails with [`EFAULT`] if the write happens on a bad address, or if the write goes out of -- cgit From 0ddceba2701e7012646f6df6d32c4e4b7c4dc938 Mon Sep 17 00:00:00 2001 From: Danilo Krummrich Date: Wed, 22 Oct 2025 16:30:39 +0200 Subject: rust: uaccess: add UserSliceWriter::write_slice_file() Add UserSliceWriter::write_slice_file(), which is the same as UserSliceWriter::write_slice_partial() but updates the given file::Offset by the number of bytes written. This is equivalent to C's `simple_read_from_buffer()` and useful when dealing with file offsets from file operations. Reviewed-by: Alice Ryhl Acked-by: Miguel Ojeda [ Replace saturating_add() with the raw operator and a corresponding OVERFLOW comment. - Danilo ] Signed-off-by: Danilo Krummrich --- rust/kernel/uaccess.rs | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'rust/kernel/uaccess.rs') diff --git a/rust/kernel/uaccess.rs b/rust/kernel/uaccess.rs index 38d1404ed9b4..f989539a31b4 100644 --- a/rust/kernel/uaccess.rs +++ b/rust/kernel/uaccess.rs @@ -498,6 +498,31 @@ impl UserSliceWriter { Ok(src.len()) } + /// Writes raw data to this user pointer from a kernel buffer partially. + /// + /// This is the same as [`Self::write_slice_partial`] but updates the given [`file::Offset`] by + /// the number of bytes written. + /// + /// This is equivalent to C's `simple_read_from_buffer()`. + /// + /// On success, returns the number of bytes written. + pub fn write_slice_file(&mut self, data: &[u8], offset: &mut file::Offset) -> Result { + if offset.is_negative() { + return Err(EINVAL); + } + + let Ok(offset_index) = (*offset).try_into() else { + return Ok(0); + }; + + let written = self.write_slice_partial(data, offset_index)?; + + // OVERFLOW: `offset + written <= data.len() <= isize::MAX <= Offset::MAX` + *offset += written as i64; + + Ok(written) + } + /// Writes the provided Rust value to this userspace pointer. /// /// Fails with [`EFAULT`] if the write happens on a bad address, or if the write goes out of -- cgit