From: Jiri Slaby <jslaby@suse.cz>
To: stable@vger.kernel.org
Cc: Al Viro <viro@zeniv.linux.org.uk>, Jiri Slaby <jslaby@suse.cz>
Subject: [patch added to 3.12-stable] cris: buggered copy_from_user/copy_to_user/clear_user
Date: Thu, 29 Sep 2016 11:06:38 +0200 [thread overview]
Message-ID: <20160929090654.27405-27-jslaby@suse.cz> (raw)
In-Reply-To: <20160929090654.27405-1-jslaby@suse.cz>
From: Al Viro <viro@zeniv.linux.org.uk>
This patch has been added to the 3.12 stable tree. If you have any
objections, please let us know.
===============
commit eb47e0293baaa3044022059f1fa9ff474bfe35cb upstream.
* copy_from_user() on access_ok() failure ought to zero the destination
* none of those primitives should skip the access_ok() check in case of
small constant size.
Acked-by: Jesper Nilsson <jesper.nilsson@axis.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
arch/cris/include/asm/uaccess.h | 71 +++++++++++++++++++----------------------
1 file changed, 32 insertions(+), 39 deletions(-)
diff --git a/arch/cris/include/asm/uaccess.h b/arch/cris/include/asm/uaccess.h
index 914540801c5e..93bfa8acc38b 100644
--- a/arch/cris/include/asm/uaccess.h
+++ b/arch/cris/include/asm/uaccess.h
@@ -176,30 +176,6 @@ extern unsigned long __copy_user(void __user *to, const void *from, unsigned lon
extern unsigned long __copy_user_zeroing(void *to, const void __user *from, unsigned long n);
extern unsigned long __do_clear_user(void __user *to, unsigned long n);
-static inline unsigned long
-__generic_copy_to_user(void __user *to, const void *from, unsigned long n)
-{
- if (access_ok(VERIFY_WRITE, to, n))
- return __copy_user(to,from,n);
- return n;
-}
-
-static inline unsigned long
-__generic_copy_from_user(void *to, const void __user *from, unsigned long n)
-{
- if (access_ok(VERIFY_READ, from, n))
- return __copy_user_zeroing(to,from,n);
- return n;
-}
-
-static inline unsigned long
-__generic_clear_user(void __user *to, unsigned long n)
-{
- if (access_ok(VERIFY_WRITE, to, n))
- return __do_clear_user(to,n);
- return n;
-}
-
static inline long
__strncpy_from_user(char *dst, const char __user *src, long count)
{
@@ -262,7 +238,7 @@ __constant_copy_from_user(void *to, const void __user *from, unsigned long n)
else if (n == 24)
__asm_copy_from_user_24(to, from, ret);
else
- ret = __generic_copy_from_user(to, from, n);
+ ret = __copy_user_zeroing(to, from, n);
return ret;
}
@@ -312,7 +288,7 @@ __constant_copy_to_user(void __user *to, const void *from, unsigned long n)
else if (n == 24)
__asm_copy_to_user_24(to, from, ret);
else
- ret = __generic_copy_to_user(to, from, n);
+ ret = __copy_user(to, from, n);
return ret;
}
@@ -344,26 +320,43 @@ __constant_clear_user(void __user *to, unsigned long n)
else if (n == 24)
__asm_clear_24(to, ret);
else
- ret = __generic_clear_user(to, n);
+ ret = __do_clear_user(to, n);
return ret;
}
-#define clear_user(to, n) \
-(__builtin_constant_p(n) ? \
- __constant_clear_user(to, n) : \
- __generic_clear_user(to, n))
+static inline size_t clear_user(void __user *to, size_t n)
+{
+ if (unlikely(!access_ok(VERIFY_WRITE, to, n)))
+ return n;
+ if (__builtin_constant_p(n))
+ return __constant_clear_user(to, n);
+ else
+ return __do_clear_user(to, n);
+}
-#define copy_from_user(to, from, n) \
-(__builtin_constant_p(n) ? \
- __constant_copy_from_user(to, from, n) : \
- __generic_copy_from_user(to, from, n))
+static inline size_t copy_from_user(void *to, const void __user *from, size_t n)
+{
+ if (unlikely(!access_ok(VERIFY_READ, from, n))) {
+ memset(to, 0, n);
+ return n;
+ }
+ if (__builtin_constant_p(n))
+ return __constant_copy_from_user(to, from, n);
+ else
+ return __copy_user_zeroing(to, from, n);
+}
-#define copy_to_user(to, from, n) \
-(__builtin_constant_p(n) ? \
- __constant_copy_to_user(to, from, n) : \
- __generic_copy_to_user(to, from, n))
+static inline size_t copy_to_user(void __user *to, const void *from, size_t n)
+{
+ if (unlikely(!access_ok(VERIFY_WRITE, to, n)))
+ return n;
+ if (__builtin_constant_p(n))
+ return __constant_copy_to_user(to, from, n);
+ else
+ return __copy_user(to, from, n);
+}
/* We let the __ versions of copy_from/to_user inline, because they're often
* used in fast paths and have only a small space overhead.
--
2.10.0
next prev parent reply other threads:[~2016-09-29 9:07 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-29 9:06 [patch added to 3.12-stable] clocksource/drivers/sun4i: Clear interrupts after stopping timer in probe function Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] powerpc/mm: Don't alias user region to other regions below PAGE_OFFSET Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] NFSv4.x: Fix a refcount leak in nfs_callback_up_net Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] dm flakey: fix reads to be issued if drop_writes configured Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] x86/paravirt: Do not trace _paravirt_ident_*() functions Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] kvm-arm: Unmap shadow pagetables properly Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] iio: accel: kxsd9: Fix raw read return Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] iio: accel: kxsd9: Fix scaling bug Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] USB: serial: simple: add support for another Infineon flashloader Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] usb: renesas_usbhs: fix clearing the {BRDY,BEMP}STS condition Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] USB: change bInterval default to 10 ms Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] ARM: OMAP3: hwmod data: Add sysc information for DSI Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] arm64: spinlocks: implement smp_mb__before_spinlock() as smp_mb() Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] crypto: cryptd - initialize child shash_desc on import Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] microblaze: fix __get_user() Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] avr32: fix copy_from_user() Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] microblaze: " Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] fix minor infoleak in get_user_ex() Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] mn10300: failing __get_user() and get_user() should zero Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] m32r: fix __get_user() Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] sh64: failing __get_user() should zero Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] score: fix __get_user/get_user Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] s390: get_user() should zero on failure Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] ARC: uaccess: get_user to zero out dest in cause of fault Jiri Slaby
2016-09-29 9:06 ` Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] asm-generic: make get_user() clear the destination on errors Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] frv: fix clear_user() Jiri Slaby
2016-09-29 9:06 ` Jiri Slaby [this message]
2016-09-29 9:06 ` [patch added to 3.12-stable] blackfin: fix copy_from_user() Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] score: fix copy_from_user() and friends Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] sh: fix copy_from_user() Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] hexagon: fix strncpy_from_user() error return Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] mips: copy_from_user() must zero the destination on access_ok() failure Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] asm-generic: make copy_from_user() zero the destination properly Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] alpha: fix copy_from_user() Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] metag: copy_from_user() should zero the destination on access_ok() failure Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] parisc: fix copy_from_user() Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] openrisc: " Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] mn10300: copy_from_user() should zero on access_ok() failure Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] sparc32: fix copy_from_user() Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] ppc32: " Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] ia64: copy_from_user() should zero the destination on access_ok() failure Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] avr32: fix 'undefined reference to `___copy_from_user' Jiri Slaby
2016-09-29 9:06 ` [patch added to 3.12-stable] openrisc: fix the fix of copy_from_user() Jiri Slaby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160929090654.27405-27-jslaby@suse.cz \
--to=jslaby@suse.cz \
--cc=stable@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.