From: James Hogan <james.hogan@imgtec.com> To: <linux-metag@vger.kernel.org> Cc: Al Viro <viro@zeniv.linux.org.uk>, James Hogan <james.hogan@imgtec.com>, <stable@vger.kernel.org> Subject: [PATCH v2 3/9] metag/usercopy: Add early abort to copy_to_user Date: Wed, 5 Apr 2017 15:15:03 +0100 [thread overview] Message-ID: <fb8ea062a8f2e85256e13f55696c5c5f0dfdcc8b.1491401555.git-series.james.hogan@imgtec.com> (raw) In-Reply-To: <cover.9d8cef22e7d1fc48955098a7161938dfc3e50db7.1491401555.git-series.james.hogan@imgtec.com> When copying to userland on Meta, if any faults are encountered immediately abort the copy instead of continuing on and repeatedly faulting, and worse potentially copying further bytes successfully to subsequent valid pages. Fixes: 373cd784d0fc ("metag: Memory handling") Reported-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: linux-metag@vger.kernel.org Cc: stable@vger.kernel.org --- arch/metag/lib/usercopy.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+), 0 deletions(-) diff --git a/arch/metag/lib/usercopy.c b/arch/metag/lib/usercopy.c index a6ced9691ddb..714d8562aa20 100644 --- a/arch/metag/lib/usercopy.c +++ b/arch/metag/lib/usercopy.c @@ -538,23 +538,31 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, if ((unsigned long) src & 1) { __asm_copy_to_user_1(dst, src, retn); n--; + if (retn) + return retn + n; } if ((unsigned long) dst & 1) { /* Worst case - byte copy */ while (n > 0) { __asm_copy_to_user_1(dst, src, retn); n--; + if (retn) + return retn + n; } } if (((unsigned long) src & 2) && n >= 2) { __asm_copy_to_user_2(dst, src, retn); n -= 2; + if (retn) + return retn + n; } if ((unsigned long) dst & 2) { /* Second worst case - word copy */ while (n >= 2) { __asm_copy_to_user_2(dst, src, retn); n -= 2; + if (retn) + return retn + n; } } @@ -569,6 +577,8 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, while (n >= 8) { __asm_copy_to_user_8x64(dst, src, retn); n -= 8; + if (retn) + return retn + n; } } if (n >= RAPF_MIN_BUF_SIZE) { @@ -581,6 +591,8 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, while (n >= 8) { __asm_copy_to_user_8x64(dst, src, retn); n -= 8; + if (retn) + return retn + n; } } #endif @@ -588,11 +600,15 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, while (n >= 16) { __asm_copy_to_user_16(dst, src, retn); n -= 16; + if (retn) + return retn + n; } while (n >= 4) { __asm_copy_to_user_4(dst, src, retn); n -= 4; + if (retn) + return retn + n; } switch (n) { @@ -609,6 +625,10 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, break; } + /* + * If we get here, retn correctly reflects the number of failing + * bytes. + */ return retn; } EXPORT_SYMBOL(__copy_user); -- git-series 0.8.10
WARNING: multiple messages have this Message-ID (diff)
From: James Hogan <james.hogan@imgtec.com> To: linux-metag@vger.kernel.org Cc: Al Viro <viro@zeniv.linux.org.uk>, James Hogan <james.hogan@imgtec.com>, stable@vger.kernel.org Subject: [PATCH v2 3/9] metag/usercopy: Add early abort to copy_to_user Date: Wed, 5 Apr 2017 15:15:03 +0100 [thread overview] Message-ID: <fb8ea062a8f2e85256e13f55696c5c5f0dfdcc8b.1491401555.git-series.james.hogan@imgtec.com> (raw) In-Reply-To: <cover.9d8cef22e7d1fc48955098a7161938dfc3e50db7.1491401555.git-series.james.hogan@imgtec.com> When copying to userland on Meta, if any faults are encountered immediately abort the copy instead of continuing on and repeatedly faulting, and worse potentially copying further bytes successfully to subsequent valid pages. Fixes: 373cd784d0fc ("metag: Memory handling") Reported-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: linux-metag@vger.kernel.org Cc: stable@vger.kernel.org --- arch/metag/lib/usercopy.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+), 0 deletions(-) diff --git a/arch/metag/lib/usercopy.c b/arch/metag/lib/usercopy.c index a6ced9691ddb..714d8562aa20 100644 --- a/arch/metag/lib/usercopy.c +++ b/arch/metag/lib/usercopy.c @@ -538,23 +538,31 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, if ((unsigned long) src & 1) { __asm_copy_to_user_1(dst, src, retn); n--; + if (retn) + return retn + n; } if ((unsigned long) dst & 1) { /* Worst case - byte copy */ while (n > 0) { __asm_copy_to_user_1(dst, src, retn); n--; + if (retn) + return retn + n; } } if (((unsigned long) src & 2) && n >= 2) { __asm_copy_to_user_2(dst, src, retn); n -= 2; + if (retn) + return retn + n; } if ((unsigned long) dst & 2) { /* Second worst case - word copy */ while (n >= 2) { __asm_copy_to_user_2(dst, src, retn); n -= 2; + if (retn) + return retn + n; } } @@ -569,6 +577,8 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, while (n >= 8) { __asm_copy_to_user_8x64(dst, src, retn); n -= 8; + if (retn) + return retn + n; } } if (n >= RAPF_MIN_BUF_SIZE) { @@ -581,6 +591,8 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, while (n >= 8) { __asm_copy_to_user_8x64(dst, src, retn); n -= 8; + if (retn) + return retn + n; } } #endif @@ -588,11 +600,15 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, while (n >= 16) { __asm_copy_to_user_16(dst, src, retn); n -= 16; + if (retn) + return retn + n; } while (n >= 4) { __asm_copy_to_user_4(dst, src, retn); n -= 4; + if (retn) + return retn + n; } switch (n) { @@ -609,6 +625,10 @@ unsigned long __copy_user(void __user *pdst, const void *psrc, break; } + /* + * If we get here, retn correctly reflects the number of failing + * bytes. + */ return retn; } EXPORT_SYMBOL(__copy_user); -- git-series 0.8.10
next prev parent reply other threads:[~2017-04-05 14:15 UTC|newest] Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-04-05 14:15 [PATCH v2 0/9] metag/usercopy: Fault handling fixes & cleanups James Hogan 2017-04-05 14:15 ` James Hogan 2017-04-05 14:15 ` [PATCH v2 1/9] metag/usercopy: Drop unused macros James Hogan 2017-04-05 14:15 ` James Hogan 2017-04-05 14:15 ` [PATCH v2 2/9] metag/usercopy: Fix alignment error checking James Hogan 2017-04-05 14:15 ` James Hogan 2017-04-05 14:15 ` James Hogan [this message] 2017-04-05 14:15 ` [PATCH v2 3/9] metag/usercopy: Add early abort to copy_to_user James Hogan 2017-04-05 14:15 ` [PATCH v2 4/9] metag/usercopy: Zero rest of buffer from copy_from_user James Hogan 2017-04-05 14:15 ` James Hogan 2017-04-05 14:15 ` [PATCH v2 5/9] metag/usercopy: Set flags before ADDZ James Hogan 2017-04-05 14:15 ` James Hogan 2017-04-05 14:15 ` [PATCH v2 6/9] metag/usercopy: Fix src fixup in from user rapf loops James Hogan 2017-04-05 14:15 ` James Hogan 2017-04-05 14:15 ` [PATCH v2 7/9] metag/usercopy: Add missing fixups James Hogan 2017-04-05 14:15 ` James Hogan [not found] ` <cover.9d8cef22e7d1fc48955098a7161938dfc3e50db7.1491401555.git-series.james.hogan-1AXoQHu6uovQT0dZR+AlfA@public.gmane.org> 2017-04-05 14:15 ` [PATCH v2 8/9] metag/usercopy: Reformat rapf loop inline asm James Hogan 2017-04-05 14:15 ` [PATCH v2 9/9] metag/usercopy: Simplify rapf loop fixup corner case James Hogan
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=fb8ea062a8f2e85256e13f55696c5c5f0dfdcc8b.1491401555.git-series.james.hogan@imgtec.com \ --to=james.hogan@imgtec.com \ --cc=linux-metag@vger.kernel.org \ --cc=stable@vger.kernel.org \ --cc=viro@zeniv.linux.org.uk \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.