diff options
author | Helge Deller <deller@gmx.de> | 2016-10-06 09:07:30 +0200 |
---|---|---|
committer | Helge Deller <deller@gmx.de> | 2016-10-06 22:10:19 +0200 |
commit | 9e91db6b4abecd58647a5e984d538187f1c2ea09 (patch) | |
tree | 40f94e8c4561e7214784995cb03a828f27df3737 | |
parent | f39cce654f9a1df331d7e1ba703f5f06a79f2159 (diff) |
parisc: Add hardened usercopy feature
Add hardened usercopy checks to parisc architecture and clean up
indenting.
Signed-off-by: Helge Deller <deller@gmx.de>
-rw-r--r-- | arch/parisc/Kconfig | 1 | ||||
-rw-r--r-- | arch/parisc/include/asm/uaccess.h | 48 | ||||
-rw-r--r-- | arch/parisc/lib/memcpy.c | 11 |
3 files changed, 41 insertions, 19 deletions
diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig index f8dc10dcf292..689eb74b34b5 100644 --- a/arch/parisc/Kconfig +++ b/arch/parisc/Kconfig @@ -23,6 +23,7 @@ config PARISC select SYSCTL_ARCH_UNALIGN_ALLOW select SYSCTL_EXCEPTION_TRACE select HAVE_MOD_ARCH_SPECIFIC + select HAVE_ARCH_HARDENED_USERCOPY select VIRT_TO_BUS select MODULES_USE_ELF_RELA select CLONE_BACKWARDS diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h index 482847865dac..9a2aee1b90fc 100644 --- a/arch/parisc/include/asm/uaccess.h +++ b/arch/parisc/include/asm/uaccess.h @@ -11,6 +11,7 @@ #include <linux/bug.h> #include <linux/string.h> +#include <linux/thread_info.h> #define VERIFY_READ 0 #define VERIFY_WRITE 1 @@ -201,10 +202,12 @@ extern long lstrnlen_user(const char __user *, long); #define clear_user lclear_user #define __clear_user lclear_user -unsigned long copy_to_user(void __user *dst, const void *src, unsigned long len); -#define __copy_to_user copy_to_user -unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long len); -unsigned long copy_in_user(void __user *dst, const void __user *src, unsigned long len); +unsigned long __must_check __copy_to_user(void __user *dst, const void *src, + unsigned long len); +unsigned long __must_check __copy_from_user(void *dst, const void __user *src, + unsigned long len); +unsigned long copy_in_user(void __user *dst, const void __user *src, + unsigned long len); #define __copy_in_user copy_in_user #define __copy_to_user_inatomic __copy_to_user #define __copy_from_user_inatomic __copy_from_user @@ -217,23 +220,40 @@ static inline void copy_user_overflow(int size, unsigned long count) WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count); } -static inline unsigned long __must_check copy_from_user(void *to, - const void __user *from, - unsigned long n) +static __always_inline unsigned long __must_check +copy_from_user(void *to, const void __user *from, unsigned long n) { - int sz = __compiletime_object_size(to); - unsigned long ret = n; + int sz = __compiletime_object_size(to); + unsigned long ret = n; - if (likely(sz == -1 || sz >= n)) - ret = __copy_from_user(to, from, n); - else if (!__builtin_constant_p(n)) + if (likely(sz < 0 || sz >= n)) { + check_object_size(to, n, false); + ret = __copy_from_user(to, from, n); + } else if (!__builtin_constant_p(n)) copy_user_overflow(sz, n); else - __bad_copy_user(); + __bad_copy_user(); if (unlikely(ret)) memset(to + (n - ret), 0, ret); - return ret; + + return ret; +} + +static __always_inline unsigned long __must_check +copy_to_user(void __user *to, const void *from, unsigned long n) +{ + int sz = __compiletime_object_size(from); + + if (likely(sz < 0 || sz >= n)) { + check_object_size(from, n, true); + n = __copy_to_user(to, from, n); + } else if (!__builtin_constant_p(n)) + copy_user_overflow(sz, n); + else + __bad_copy_user(); + + return n; } struct pt_regs; diff --git a/arch/parisc/lib/memcpy.c b/arch/parisc/lib/memcpy.c index b2b441b32341..f82ff10ed974 100644 --- a/arch/parisc/lib/memcpy.c +++ b/arch/parisc/lib/memcpy.c @@ -489,20 +489,23 @@ static unsigned long pa_memcpy(void *dstp, const void *srcp, unsigned long len) } #ifdef __KERNEL__ -unsigned long copy_to_user(void __user *dst, const void *src, unsigned long len) +unsigned long __copy_to_user(void __user *dst, const void *src, + unsigned long len) { mtsp(get_kernel_space(), 1); mtsp(get_user_space(), 2); return pa_memcpy((void __force *)dst, src, len); } +EXPORT_SYMBOL(__copy_to_user); -EXPORT_SYMBOL(__copy_from_user); -unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long len) +unsigned long __copy_from_user(void *dst, const void __user *src, + unsigned long len) { mtsp(get_user_space(), 1); mtsp(get_kernel_space(), 2); return pa_memcpy(dst, (void __force *)src, len); } +EXPORT_SYMBOL(__copy_from_user); unsigned long copy_in_user(void __user *dst, const void __user *src, unsigned long len) { @@ -520,8 +523,6 @@ void * memcpy(void * dst,const void *src, size_t count) return dst; } -EXPORT_SYMBOL(copy_to_user); -EXPORT_SYMBOL(copy_from_user); EXPORT_SYMBOL(copy_in_user); EXPORT_SYMBOL(memcpy); |