From: James Hogan <james.hogan@imgtec.com>
To: <linux-metag@vger.kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
James Hogan <james.hogan@imgtec.com>, <stable@vger.kernel.org>
Subject: [PATCH v2 3/9] metag/usercopy: Add early abort to copy_to_user
Date: Wed, 5 Apr 2017 15:15:03 +0100 [thread overview]
Message-ID: <fb8ea062a8f2e85256e13f55696c5c5f0dfdcc8b.1491401555.git-series.james.hogan@imgtec.com> (raw)
In-Reply-To: <cover.9d8cef22e7d1fc48955098a7161938dfc3e50db7.1491401555.git-series.james.hogan@imgtec.com>
When copying to userland on Meta, if any faults are encountered
immediately abort the copy instead of continuing on and repeatedly
faulting, and worse potentially copying further bytes successfully to
subsequent valid pages.
Fixes: 373cd784d0fc ("metag: Memory handling")
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Cc: stable@vger.kernel.org
---
arch/metag/lib/usercopy.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+), 0 deletions(-)
diff --git a/arch/metag/lib/usercopy.c b/arch/metag/lib/usercopy.c
index a6ced9691ddb..714d8562aa20 100644
--- a/arch/metag/lib/usercopy.c
+++ b/arch/metag/lib/usercopy.c
@@ -538,23 +538,31 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
if ((unsigned long) src & 1) {
__asm_copy_to_user_1(dst, src, retn);
n--;
+ if (retn)
+ return retn + n;
}
if ((unsigned long) dst & 1) {
/* Worst case - byte copy */
while (n > 0) {
__asm_copy_to_user_1(dst, src, retn);
n--;
+ if (retn)
+ return retn + n;
}
}
if (((unsigned long) src & 2) && n >= 2) {
__asm_copy_to_user_2(dst, src, retn);
n -= 2;
+ if (retn)
+ return retn + n;
}
if ((unsigned long) dst & 2) {
/* Second worst case - word copy */
while (n >= 2) {
__asm_copy_to_user_2(dst, src, retn);
n -= 2;
+ if (retn)
+ return retn + n;
}
}
@@ -569,6 +577,8 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
while (n >= 8) {
__asm_copy_to_user_8x64(dst, src, retn);
n -= 8;
+ if (retn)
+ return retn + n;
}
}
if (n >= RAPF_MIN_BUF_SIZE) {
@@ -581,6 +591,8 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
while (n >= 8) {
__asm_copy_to_user_8x64(dst, src, retn);
n -= 8;
+ if (retn)
+ return retn + n;
}
}
#endif
@@ -588,11 +600,15 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
while (n >= 16) {
__asm_copy_to_user_16(dst, src, retn);
n -= 16;
+ if (retn)
+ return retn + n;
}
while (n >= 4) {
__asm_copy_to_user_4(dst, src, retn);
n -= 4;
+ if (retn)
+ return retn + n;
}
switch (n) {
@@ -609,6 +625,10 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
break;
}
+ /*
+ * If we get here, retn correctly reflects the number of failing
+ * bytes.
+ */
return retn;
}
EXPORT_SYMBOL(__copy_user);
--
git-series 0.8.10
WARNING: multiple messages have this Message-ID (diff)
From: James Hogan <james.hogan@imgtec.com>
To: linux-metag@vger.kernel.org
Cc: Al Viro <viro@zeniv.linux.org.uk>,
James Hogan <james.hogan@imgtec.com>,
stable@vger.kernel.org
Subject: [PATCH v2 3/9] metag/usercopy: Add early abort to copy_to_user
Date: Wed, 5 Apr 2017 15:15:03 +0100 [thread overview]
Message-ID: <fb8ea062a8f2e85256e13f55696c5c5f0dfdcc8b.1491401555.git-series.james.hogan@imgtec.com> (raw)
In-Reply-To: <cover.9d8cef22e7d1fc48955098a7161938dfc3e50db7.1491401555.git-series.james.hogan@imgtec.com>
When copying to userland on Meta, if any faults are encountered
immediately abort the copy instead of continuing on and repeatedly
faulting, and worse potentially copying further bytes successfully to
subsequent valid pages.
Fixes: 373cd784d0fc ("metag: Memory handling")
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Cc: stable@vger.kernel.org
---
arch/metag/lib/usercopy.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+), 0 deletions(-)
diff --git a/arch/metag/lib/usercopy.c b/arch/metag/lib/usercopy.c
index a6ced9691ddb..714d8562aa20 100644
--- a/arch/metag/lib/usercopy.c
+++ b/arch/metag/lib/usercopy.c
@@ -538,23 +538,31 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
if ((unsigned long) src & 1) {
__asm_copy_to_user_1(dst, src, retn);
n--;
+ if (retn)
+ return retn + n;
}
if ((unsigned long) dst & 1) {
/* Worst case - byte copy */
while (n > 0) {
__asm_copy_to_user_1(dst, src, retn);
n--;
+ if (retn)
+ return retn + n;
}
}
if (((unsigned long) src & 2) && n >= 2) {
__asm_copy_to_user_2(dst, src, retn);
n -= 2;
+ if (retn)
+ return retn + n;
}
if ((unsigned long) dst & 2) {
/* Second worst case - word copy */
while (n >= 2) {
__asm_copy_to_user_2(dst, src, retn);
n -= 2;
+ if (retn)
+ return retn + n;
}
}
@@ -569,6 +577,8 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
while (n >= 8) {
__asm_copy_to_user_8x64(dst, src, retn);
n -= 8;
+ if (retn)
+ return retn + n;
}
}
if (n >= RAPF_MIN_BUF_SIZE) {
@@ -581,6 +591,8 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
while (n >= 8) {
__asm_copy_to_user_8x64(dst, src, retn);
n -= 8;
+ if (retn)
+ return retn + n;
}
}
#endif
@@ -588,11 +600,15 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
while (n >= 16) {
__asm_copy_to_user_16(dst, src, retn);
n -= 16;
+ if (retn)
+ return retn + n;
}
while (n >= 4) {
__asm_copy_to_user_4(dst, src, retn);
n -= 4;
+ if (retn)
+ return retn + n;
}
switch (n) {
@@ -609,6 +625,10 @@ unsigned long __copy_user(void __user *pdst, const void *psrc,
break;
}
+ /*
+ * If we get here, retn correctly reflects the number of failing
+ * bytes.
+ */
return retn;
}
EXPORT_SYMBOL(__copy_user);
--
git-series 0.8.10
next prev parent reply other threads:[~2017-04-05 14:15 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-05 14:15 [PATCH v2 0/9] metag/usercopy: Fault handling fixes & cleanups James Hogan
2017-04-05 14:15 ` James Hogan
2017-04-05 14:15 ` [PATCH v2 1/9] metag/usercopy: Drop unused macros James Hogan
2017-04-05 14:15 ` James Hogan
2017-04-05 14:15 ` [PATCH v2 2/9] metag/usercopy: Fix alignment error checking James Hogan
2017-04-05 14:15 ` James Hogan
2017-04-05 14:15 ` James Hogan [this message]
2017-04-05 14:15 ` [PATCH v2 3/9] metag/usercopy: Add early abort to copy_to_user James Hogan
2017-04-05 14:15 ` [PATCH v2 4/9] metag/usercopy: Zero rest of buffer from copy_from_user James Hogan
2017-04-05 14:15 ` James Hogan
2017-04-05 14:15 ` [PATCH v2 5/9] metag/usercopy: Set flags before ADDZ James Hogan
2017-04-05 14:15 ` James Hogan
2017-04-05 14:15 ` [PATCH v2 6/9] metag/usercopy: Fix src fixup in from user rapf loops James Hogan
2017-04-05 14:15 ` James Hogan
2017-04-05 14:15 ` [PATCH v2 7/9] metag/usercopy: Add missing fixups James Hogan
2017-04-05 14:15 ` James Hogan
[not found] ` <cover.9d8cef22e7d1fc48955098a7161938dfc3e50db7.1491401555.git-series.james.hogan-1AXoQHu6uovQT0dZR+AlfA@public.gmane.org>
2017-04-05 14:15 ` [PATCH v2 8/9] metag/usercopy: Reformat rapf loop inline asm James Hogan
2017-04-05 14:15 ` [PATCH v2 9/9] metag/usercopy: Simplify rapf loop fixup corner case James Hogan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fb8ea062a8f2e85256e13f55696c5c5f0dfdcc8b.1491401555.git-series.james.hogan@imgtec.com \
--to=james.hogan@imgtec.com \
--cc=linux-metag@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.