Linux copy from user copy to user

These two functions are used very frequently in the kernel and are responsible for copying data from user space to kernel space and copying data from kernel space to user space.

Under the arm architecture, copy_from_user The relevant documents are mainly

Let’s look first copy_from_user , Its implementation is in arch/arm/include/asm/uaccess.h:

The function first passes access_ok Do the first layer address range validity check, and then pass __copy_from_user Make an official copy. The reason why only the first layer of inspection is done, because the second layer of inspection (the address does not have a corresponding physical page) can only be solved by exception handling!

Look below access_ok The realization of it! (The code implementation is still in the same file) Similarly, different architectures have different implementation methods. Even mmu and no mmu are different.

For those without mmu, the check is not to check, because no mmu means that there is no virtual address mapping, and the physical address is used (if something goes wrong, it cannot be solved).

For those with mmu, it will be first __chk_user_ptr Check addr, the function is generally empty! (Its implementation involves __CHECKER__ Macro judgment, __CHECKER__ Macros are defined when the kernel code is checked through the Sparse (Semantic Parser for C) tool. This tool will be called when using make C=1 or C=2. This tool can check the kernel functions and variables that declare the relevant attributes that sparse can check in the code. If defined __CHECKER__ ， __chk_user_ptr with __chk_io_ptr Here only the function is declared, there is no function body, the purpose is that Sparse can catch the compilation error during the compilation process and check the type of the parameter. If not defined __CHECKER__ , This is an empty statement). The core content is

This is a section of C inline assembly (Linux uses AT&T encoding, the left side is the original operand, and the right side is the destination operand, which is different from the intel encoding, refer toGNU C embedded assembly language)! The core idea is to determine whether the source address + the size to be copied exceeds the address limit range restricted by the process. The following line by line analysis, first look at the input and output settings section:

& Indicates that the output data will not be overwritten, «=&r» (flag), «=&r» (roksum) Indicates that the output is stored in a general-purpose register, and points to flag and roksum at the same time, the input general-purpose register is used to store addr, and 32 is an integer size, and the initial value of flag is set to current_thread_info()->addr_limit , «Cc» means the embedded __asm__ Assembly instructions will change the CPU’s condition status register cc.

Continue to look at the command section below:

Add addr and size first and store it in roksum (the calculation result will set cpsr), if the previous calculation does not carry, then the addition of add and size does not exceed the unsigned int range, so use sbc to implement addr+size -flag-!C, which is addr+size-current_thread_info()->addr_limit-1 Finally, if the previous command execution does not result in the C bit being 1, then execute mov %0, #0, which means that the flag is set to 0. If the C bit is 1, then explain ( addr + size）>=（current_thread_info()->addr_limit ). It should be noted here that when the subtraction instruction is not borrowed, C is 0; when there is a borrow, C is 1.

Finally, let me explain __range_ok There is a flag at the end of the definition; this is an extension supported by gnu. In the code surrounded by (<>), the last expression or value will be the return value of the entire (<>). In other words, the flag is __range_ok The return value. __range_ok If all goes well, then the return is 0, if any of the instructions have a problem, then it will not be 0 (the initial value of the initial flag is current_thread_info()->addr_limit , Not 0)

Okay, after analysis __range_ok Realization, now continue to watch __copy_from_user , Still in the same file (there are also mmu and non-mmu points):

When there is mmu, its corresponding implementation is arch/arm/lib/copy_from_user.S inside:

The core implementation is arch/arm/lib/copy_template.S in. This code of arm is quite complicated. There are many similar overviews on the Internet, all of which describe the x86 architecture below.

The reason why the code is so complicated is found in the «Linux kernel source code scenario analysis» book:

When the kernel obtains the pointer passed from user space from a process, it is difficult to ensure the validity of this pointer, and it is even more difficult to ensure that the entire range of length len is legal. Therefore, for security reasons, you should first check the validity of this interval to see if the virtual memory space determined by the pointer and length parameters has been mapped. Each process has a mm_struct structure representing its Xu village space, which records all the mapped regions of the process in user space. As long as you search the linked list in this data structure, you can find out whether the virtual memory space has been mapped. The old Linux version does this, but this detection will bring a lot of burden. The possibility that the pointer is really problematic is actually relatively small, so the new version of linux removes these tests. When you encounter a bad pointer, the page exception occurs.

How to do it. When a bad real happens and a page anomaly really occurs, in do_page_fault, first search the current virtual memory list of the current process through find_vma, and if the search fails, transfer to bad_area. Although the target address of the access failure is in the user space, the execution address of the cpu is in the system space. In other words, if the kernel can find the address of the abnormal instruction in an exception table and get the corresponding repair address fixup, it will replace the address to be re-executed with the repair address after the exception returns. Why do you do that? Because in this case the kernel cannot fill up a page for the current process, then the content of the user space to be copied will be completely empty (this is that the kernel state cannot encounter a page fault exception like the user mode. Allocate space to the abnormal address during processing to solve the cause of the page fault problem) . If you let it happen, after the exception returns, the current process will inevitably generate new exceptions due to the execution of the same instruction, so it must be pulled out of the mud pit. The corresponding carefully designed code to fix the address fixup plays such a role.

The original text has a description of the address jump for the exception repair under x86. For more details, please refer to the original text.

Источник

copy_to_user() and copy_from_user() for basic data type

I’m writing a linux kernel driver and for every function that sends data up to userspace or reads data from userspace, I am using copy_to_user() and copy_from_user(). My question is: do I need to use these calls if I am just copying a basic data type such as a u32 or an int?

3 Answers 3

If the function receives a pointer to user-space data, you have to use copy_from_user() to copy the pointed-to data from user space into kernel space (and vice versa).

Note that the pointer value itself is passed by value (like all C parameters), so you don’t have to do a copy_from_user() to obtain the pointer value before you can copy_from_user() the data it points to.

Numeric arguments work the same way as pointer arguments; in C terms, they’re both scalars. You don’t have to use copy_from_user() to copy the value of the parameter; that’s already been copied. You only have to use it to copy data that’s pointed to by a passed pointer.

So if you have a parameter of type int , you can use it directly. If your parameter points to an int , then the int object will be in user space, and you need to use copy_to_user to copy the value of that object into kernel space.

When a user passes data to kernel space, this data can be split on several pages, and these pages can be even in swapped out memory. In these cases, you’ll have to wait for the kernel to swap in the page and get access to the page where the data is in. In the case of elementary data types (like int or pointers) it is also true that some architectures (notably x86 intel) don’t force the user to align the data so even an integer can be split around a page border. You can have access to the first part of you integer, but to wait for the second to get swapped in by the memory manager before the whole thing is accessed.

You can save some roundtrips by putting all user data in a structure whose pointer is passed to the kernel. You can copy_from_user it as a block and save accesses (and running into the risk of being blocked several times)

So, and as a conclusion, use the functions even for basic types, as there are plenty of them. Don’t assume anything about where the user data can be when running in kernel mode. You have access to it, but the kernel virtual addresses of user data have nothing to do with the virtual addresses seen in user mode.

Источник

copying files from one user to another in a single machine

How to copy any files or directories from one user to another user in a same machine via terminal?

Suppose there is one file test.txt in home directory of USER1. I need to copy that file to the home directory of USER2 in my machine. How can I do it via terminal?

6 Answers 6

Assuming that you have sudo privileges the following command will do.

Will copy the file from USER1 to USER2, and then change the owner of the copy in /home/USER2 to USER2

If you do not have sudo privileges, then the two users will need to ensure that you have read permissions on the USER1 directory, and write access on the USER2 directory. If you have these accesses, you can enter the command:

This will copy the file in question, but USER2 may not be able to manipulate the file until they have appropriate permissions.

if you dont have sudo privileges but you can login with the two users then you can use scp with localhost :

Assume you either do not have ssh installed, or cannot do do not want to share keys/secrets.

Suppose user1 is in group1, and user2 is in group2, and both user1 != user2 and group1 != group2.

Create a shared group, group3s.

Add both user1 and user2 to group3s.

Create a directory in a mutually accessible place, where one user owns, but has group ownership of group3s.

But, suppose you cannot create the new, shared group, and place both users in that group?

Create the directory and give it 770 permissions,

Then, as root/admin, change the group ownership to the other user’s group,

The command chmod g+s sets the setgid bit so that files placed into the directory have the group ownership set to group2.

Every other answer here requires root access, allows any user on the same machine to copy the file, or requires password sharing. Here is a method that does not:

Have USER2 (let’s call him Bob) run the following commands (you can replace /tmp with any directory that both users have permissions to write to, but /tmp is ideal because by default it is sticky, which prevents a malicious user from subverting this process. A directory owned by Bob that is world-readable also works):

This creates a file that is world-writable, but not readable.

Then have USER1 (let’s call her Alice) run (if you’re paranoid, Alice can check the permissions first to make sure the file is owned by Bob):

This overwrites the contents of /tmp/test.txt . If you want to check integrity of the file, Alice should also generate a hash of the file. For instance:

You can instead digitally sign the file, or any other method of guaranteeing its integrity.

And finally Bob moves the file and takes ownership of it:

And Bob can check the integrity if he likes. If so, he should check to make sure only Alice can write to /tmp/test.txt .

If the file was copied correctly, this should display no output.

Источник

Clone Linux user (copy user, based on another one)

How can I create a new system user, an exact copy of another one (having the same groups, permissions, privileges and settings), but with different username, password and home directory?

5 Answers 5

This script will do it (updated as per comments):

It gets the source user’s groups (not including the group that’s the same as their login) and shell, then creates a new user with the same shell and secondary groups.

There is no error checking, it’s just a quick and dirty clone script.

Edit /etc/passwd and duplicate the line of the user you want an exact copy of. Modify the logon name, real name and the home directory.
Edit /etc/shadow and again duplicate the line of the original user. Modify the logon name.
Finally execute passwd newuser to modify the password.

Be aware that system wise both users are the same (same UID), so one will be able to enter the other one’s home directory and modify at will.

For Linux Mint 18 Mate

Based on Mike Anderson’s script, I made one that asks questions about the new user, the old user, the new password, and then copies the old user’s home directory and replaces all instances of the old user’s name in the new home directory with the new user’s name.

The main difference in my script regarding the useradd line is that the passwd fails in Linux Mint 18, replaced by chpasswd. To get the password to work I had the create a new line: echo $newuser:$newpassword | chpasswd.

Another difference is that I couldn’t get —create-home to work so I just used mkdir in a new line instead.

Watch out if you have a huge old user’s home directory.

Take what you need and leave the rest. You are responsible for any code you copy — make backups!

Thanks to everyone in the world who helped me with this script. John in Oregon

Источник

Linux copy from user copy to user

The purpose of the COPY_FROM_USER function is to copy data from the user space to the kernel space, and the failure returns the number of bytes that are not copied, and the success is successfully returned. Its internal implementation is of course not only copying data, but also considers whether the incoming user space address is valid, such as the address is not exceeding the user’s space range, is not the corresponding physical page, otherwise the kernel is OOPS. Different architectures, the implementation of this function is different. The following is mainly described in ARM Example.

This function is first valid for the address range of the first layer by Access_ok, and then formally copied by __copy_from_user. The reason why only the first layer is used is because the second layer is inspected (the address is not a corresponding physical page) can only be solved by exception processing.

1.1. Three parameters:

* TO is the pointer of the kernel space

* From is user space pointer

n Number of bytes indicating copy data from the user space.

If you have successfully executed a copy operation, return 0, otherwise the number of bytes that have not been completed yet.

1.2. Divide two parts:

First check if the address pointer of the user space is valid;
Call the __arch_copy_from_user function.

Access_ok is used to make a validity check for the address pointer from the user space. This macro and architecture are related to the ARM platform (Linux / include / asm-arm / uaccess.h):

For MMU, first __chk_user_ptr, check addr, this function is generally empty! (It achieves the judgment of __Checker__ macro,The Checker__ macro is defined when checking the kernel code via the Sparse (Semantic Parser For C). This tool is called when using Make C = 1 or C = 2, which checks the kernel functions and variables of the relevant attributes that sparse can check in the code. If defined __checker，CHK_USER_PTR and __CHK_IO_PTR Only the function is declared here, without a function body, the purpose is to capture the compilation error and check the type of the parameter during the compilation process. If there is no definition __CheckerThis is an empty statement). Core content:

Core Thought: Decision Source Address + SIZE to be copied is outside the address LIMIT range restricted by the process. The following row is analyzed, first look at the input and output settings section:

& Indicates that the output data will not be overwritten, «= & r» (= & r «(= & r» (= & r «(ROKSUM) indicates that the output general-purpose register is stored, while pointing in the FLAG and ROKSUM, the input is stored with the General Register AddR, and 32 is shaping SIZE, at the same time, the initial value of the FLAG is set to current_thread_info () -> addr_limit, «cc» indicates that the embedded __ASM__ assemble instruction will change the CPU’s conditional status register CC.

Let’s continue to see the command section:

First add the addr to the size, stored in the roksum (the calculation result sets the CPSR), if the previous calculation does not carry, then the addition of the add and size does not exceed the Unsigned Int range, so use SBC to implement Addr + Size -flag-! c, that is, addr + size-current_thread_info () -> addr_limit-1, finally if the previous command does not cause the C bit to 1, then execute MOV% 0, # 0, that is, set the FLAG to be set to 0. If the C bit is 1, then the description (AddR + Size)> = (current_thread_info () -> addr_limit). Here to note that the subtraction command is not borrowed, C is 0; when there is a borrow, C is 1.

Finally, you must explain that the last one of the __ range_ok definition has a FLAG; this is an extension supported by the GNU, in the code surrounded by (<>), the last expression or value is the return value of the entire (<>). That is to say that Flag is the return value of __range_ok. __RANGE_OK If everything goes well, then return is 0, if any of the instructions have problems, then it will not be 0 (the initial value of the FLAG is current_thread_info () -> addr_limit, non-0).

Источник