1 files changed, 78 insertions, 4 deletions

diff --git a/lib/usercopy.c b/lib/usercopy.c
index 4f5b1ddbcd25..b00a3a957de6 100644
--- a/lib/usercopy.c
+++ b/lib/usercopy.c
@@ -1,9 +1,83 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <linux/compiler.h>
+#include <linux/errno.h>
 #include <linux/export.h>
-#include <linux/bug.h>
+#include <linux/fault-inject-usercopy.h>
+#include <linux/instrumented.h>
+#include <linux/kernel.h>
+#include <linux/nospec.h>
+#include <linux/string.h>
 #include <linux/uaccess.h>
+#include <linux/wordpart.h>
 
-void copy_from_user_overflow(void)
+/* out-of-line parts */
+
+#if !defined(INLINE_COPY_FROM_USER)
+unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n)
+{
+	return _inline_copy_from_user(to, from, n);
+}
+EXPORT_SYMBOL(_copy_from_user);
+#endif
+
+#if !defined(INLINE_COPY_TO_USER)
+unsigned long _copy_to_user(void __user *to, const void *from, unsigned long n)
 {
-	WARN(1, "Buffer overflow detected!\n");
+	return _inline_copy_to_user(to, from, n);
+}
+EXPORT_SYMBOL(_copy_to_user);
+#endif
+
+/**
+ * check_zeroed_user: check if a userspace buffer only contains zero bytes
+ * @from: Source address, in userspace.
+ * @size: Size of buffer.
+ *
+ * This is effectively shorthand for "memchr_inv(from, 0, size) == NULL" for
+ * userspace addresses (and is more efficient because we don't care where the
+ * first non-zero byte is).
+ *
+ * Returns:
+ *  * 0: There were non-zero bytes present in the buffer.
+ *  * 1: The buffer was full of zero bytes.
+ *  * -EFAULT: access to userspace failed.
+ */
+int check_zeroed_user(const void __user *from, size_t size)
+{
+	unsigned long val;
+	uintptr_t align = (uintptr_t) from % sizeof(unsigned long);
+
+	if (unlikely(size == 0))
+		return 1;
+
+	from -= align;
+	size += align;
+
+	if (!user_read_access_begin(from, size))
+		return -EFAULT;
+
+	unsafe_get_user(val, (unsigned long __user *) from, err_fault);
+	if (align)
+		val &= ~aligned_byte_mask(align);
+
+	while (size > sizeof(unsigned long)) {
+		if (unlikely(val))
+			goto done;
+
+		from += sizeof(unsigned long);
+		size -= sizeof(unsigned long);
+
+		unsafe_get_user(val, (unsigned long __user *) from, err_fault);
+	}
+
+	if (size < sizeof(unsigned long))
+		val &= aligned_byte_mask(size);
+
+done:
+	user_read_access_end();
+	return (val == 0);
+err_fault:
+	user_read_access_end();
+	return -EFAULT;
 }
-EXPORT_SYMBOL(copy_from_user_overflow);
+EXPORT_SYMBOL(check_zeroed_user);