diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2017-06-29 21:39:54 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2017-06-29 22:21:20 -0400 |
commit | 9c5f6908de03a4f52ba7364b11fcd6116225480c (patch) | |
tree | 9512430004d33389622c6535c2097a96b1b15c93 | |
parent | 2ea659a9ef488125eb46da6eb571de5eae5c43f6 (diff) |
copy_{from,to}_user(): move kasan checks and might_fault() out-of-line
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | include/linux/uaccess.h | 16 | ||||
-rw-r--r-- | lib/usercopy.c | 10 |
2 files changed, 16 insertions, 10 deletions
diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 201418d5e15c..e57328896a16 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -109,8 +109,11 @@ static inline unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n) { unsigned long res = n; - if (likely(access_ok(VERIFY_READ, from, n))) + might_fault(); + if (likely(access_ok(VERIFY_READ, from, n))) { + kasan_check_write(to, n); res = raw_copy_from_user(to, from, n); + } if (unlikely(res)) memset(to + (n - res), 0, res); return res; @@ -124,8 +127,11 @@ _copy_from_user(void *, const void __user *, unsigned long); static inline unsigned long _copy_to_user(void __user *to, const void *from, unsigned long n) { - if (access_ok(VERIFY_WRITE, to, n)) + might_fault(); + if (access_ok(VERIFY_WRITE, to, n)) { + kasan_check_read(from, n); n = raw_copy_to_user(to, from, n); + } return n; } #else @@ -146,9 +152,6 @@ copy_from_user(void *to, const void __user *from, unsigned long n) { int sz = __compiletime_object_size(to); - might_fault(); - kasan_check_write(to, n); - if (likely(sz < 0 || sz >= n)) { check_object_size(to, n, false); n = _copy_from_user(to, from, n); @@ -165,9 +168,6 @@ copy_to_user(void __user *to, const void *from, unsigned long n) { int sz = __compiletime_object_size(from); - kasan_check_read(from, n); - might_fault(); - if (likely(sz < 0 || sz >= n)) { check_object_size(from, n, true); n = _copy_to_user(to, from, n); diff --git a/lib/usercopy.c b/lib/usercopy.c index 1b6010a3beb8..f5d9f08ee032 100644 --- a/lib/usercopy.c +++ b/lib/usercopy.c @@ -6,8 +6,11 @@ unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n) { unsigned long res = n; - if (likely(access_ok(VERIFY_READ, from, n))) + might_fault(); + if (likely(access_ok(VERIFY_READ, from, n))) { + kasan_check_write(to, n); res = raw_copy_from_user(to, from, n); + } if (unlikely(res)) memset(to + (n - res), 0, res); return res; @@ -18,8 +21,11 @@ EXPORT_SYMBOL(_copy_from_user); #ifndef INLINE_COPY_TO_USER unsigned long _copy_to_user(void *to, const void __user *from, unsigned long n) { - if (likely(access_ok(VERIFY_WRITE, to, n))) + might_fault(); + if (likely(access_ok(VERIFY_WRITE, to, n))) { + kasan_check_read(from, n); n = raw_copy_to_user(to, from, n); + } return n; } EXPORT_SYMBOL(_copy_to_user); |