diff options
author | Kees Cook <keescook@chromium.org> | 2016-06-23 15:06:53 -0700 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2016-07-26 14:41:49 -0700 |
commit | dfd45b6103c973bfcea2341d89e36faf947dbc33 (patch) | |
tree | 7f9a7a3069064efc667a8845ca0a263a8c620315 /arch/arm/include | |
parent | 5b710f34e194c6b7710f69fdb5d798fdf35b98c1 (diff) |
ARM: uaccess: Enable hardened usercopy
Enables CONFIG_HARDENED_USERCOPY checks on arm.
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'arch/arm/include')
-rw-r--r-- | arch/arm/include/asm/uaccess.h | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h index 35c9db857ebe..7fb59199c6bb 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -496,7 +496,10 @@ arm_copy_from_user(void *to, const void __user *from, unsigned long n); static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n) { - unsigned int __ua_flags = uaccess_save_and_enable(); + unsigned int __ua_flags; + + check_object_size(to, n, false); + __ua_flags = uaccess_save_and_enable(); n = arm_copy_from_user(to, from, n); uaccess_restore(__ua_flags); return n; @@ -511,11 +514,15 @@ static inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n) { #ifndef CONFIG_UACCESS_WITH_MEMCPY - unsigned int __ua_flags = uaccess_save_and_enable(); + unsigned int __ua_flags; + + check_object_size(from, n, true); + __ua_flags = uaccess_save_and_enable(); n = arm_copy_to_user(to, from, n); uaccess_restore(__ua_flags); return n; #else + check_object_size(from, n, true); return arm_copy_to_user(to, from, n); #endif } |