Kernel: Add try_copy_kstring_from_user()

This is a convenience function that works the same as our old copy_string_from_user(), but this returns a KString (and can fail!)
2025-10-31 19:22:45 +00:00 · 2021-05-28 09:29:16 +02:00 · 2021-05-28 09:29:16 +02:00 · 856f20f91f
commit 856f20f91f
parent 279383a8f3
3 changed files with 43 additions and 0 deletions
--- a/Kernel/Process.h
+++ b/Kernel/Process.h
@ -814,6 +814,11 @@ inline static String copy_string_from_user(const Kernel::Syscall::StringArgument
    return copy_string_from_user(string.characters, string.length);
 }

+inline static KResultOr<NonnullOwnPtr<KString>> try_copy_kstring_from_user(const Kernel::Syscall::StringArgument& string)
+{
+    return try_copy_kstring_from_user(string.characters, string.length);
+}
+
 template<>
 struct AK::Formatter<Kernel::Process> : AK::Formatter<String> {
    void format(FormatBuilder& builder, const Kernel::Process& value)
--- a/Kernel/StdLib.cpp
+++ b/Kernel/StdLib.cpp
@ -43,6 +43,40 @@ String copy_string_from_user(Userspace<const char*> user_str, size_t user_str_si
    return copy_string_from_user(user_str.unsafe_userspace_ptr(), user_str_size);
 }

+Kernel::KResultOr<NonnullOwnPtr<Kernel::KString>> try_copy_kstring_from_user(const char* user_str, size_t user_str_size)
+{
+    bool is_user = Kernel::is_user_range(VirtualAddress(user_str), user_str_size);
+    if (!is_user)
+        return EFAULT;
+    Kernel::SmapDisabler disabler;
+    void* fault_at;
+    ssize_t length = Kernel::safe_strnlen(user_str, user_str_size, fault_at);
+    if (length < 0) {
+        dbgln("copy_kstring_from_user({:p}, {}) failed at {} (strnlen)", static_cast<const void*>(user_str), user_str_size, VirtualAddress { fault_at });
+        return EFAULT;
+    }
+    char* buffer;
+    auto new_string = Kernel::KString::try_create_uninitialized(length, buffer);
+    if (!new_string)
+        return ENOMEM;
+
+    buffer[length] = '\0';
+
+    if (length == 0)
+        return new_string.release_nonnull();
+
+    if (!Kernel::safe_memcpy(buffer, user_str, (size_t)length, fault_at)) {
+        dbgln("copy_kstring_from_user({:p}, {}) failed at {} (memcpy)", static_cast<const void*>(user_str), user_str_size, VirtualAddress { fault_at });
+        return EFAULT;
+    }
+    return new_string.release_nonnull();
+}
+
+Kernel::KResultOr<NonnullOwnPtr<Kernel::KString>> try_copy_kstring_from_user(Userspace<const char*> user_str, size_t user_str_size)
+{
+    return try_copy_kstring_from_user(user_str.unsafe_userspace_ptr(), user_str_size);
+}
+
 [[nodiscard]] Optional<Time> copy_time_from_user(const timespec* ts_user)
 {
    timespec ts;
--- a/Kernel/StdLib.h
+++ b/Kernel/StdLib.h
@ -10,6 +10,8 @@
 #include <AK/Forward.h>
 #include <AK/Time.h>
 #include <AK/Userspace.h>
+#include <Kernel/KResult.h>
+#include <Kernel/KString.h>
 #include <Kernel/UnixTypes.h>

 namespace Syscall {
@ -18,6 +20,8 @@ struct StringArgument;

 [[nodiscard]] String copy_string_from_user(const char*, size_t);
 [[nodiscard]] String copy_string_from_user(Userspace<const char*>, size_t);
+[[nodiscard]] Kernel::KResultOr<NonnullOwnPtr<Kernel::KString>> try_copy_kstring_from_user(const char*, size_t);
+[[nodiscard]] Kernel::KResultOr<NonnullOwnPtr<Kernel::KString>> try_copy_kstring_from_user(Userspace<const char*>, size_t);
 [[nodiscard]] Optional<Time> copy_time_from_user(const timespec*);
 [[nodiscard]] Optional<Time> copy_time_from_user(const timeval*);
 template<typename T>