diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2017-06-29 21:42:43 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2017-06-29 22:21:21 -0400 |
commit | b0377fedb6528087ed319b0d054d6ed82240372c (patch) | |
tree | ec1836456be61ee80f6cd416d9d98fcdbe548cd5 | |
parent | 9c5f6908de03a4f52ba7364b11fcd6116225480c (diff) | |
download | op-kernel-dev-b0377fedb6528087ed319b0d054d6ed82240372c.zip op-kernel-dev-b0377fedb6528087ed319b0d054d6ed82240372c.tar.gz |
copy_{to,from}_user(): consolidate object size checks
... and move them into thread_info.h, next to check_object_size()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | include/linux/thread_info.h | 27 | ||||
-rw-r--r-- | include/linux/uaccess.h | 28 |
2 files changed, 29 insertions, 26 deletions
diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h index d7d3ea6..250a276 100644 --- a/include/linux/thread_info.h +++ b/include/linux/thread_info.h @@ -113,6 +113,33 @@ static inline void check_object_size(const void *ptr, unsigned long n, { } #endif /* CONFIG_HARDENED_USERCOPY */ +extern void __compiletime_error("copy source size is too small") +__bad_copy_from(void); +extern void __compiletime_error("copy destination size is too small") +__bad_copy_to(void); + +static inline void copy_overflow(int size, unsigned long count) +{ + WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count); +} + +static __always_inline bool +check_copy_size(const void *addr, size_t bytes, bool is_source) +{ + int sz = __compiletime_object_size(addr); + if (unlikely(sz >= 0 && sz < bytes)) { + if (!__builtin_constant_p(bytes)) + copy_overflow(sz, bytes); + else if (is_source) + __bad_copy_from(); + else + __bad_copy_to(); + return false; + } + check_object_size(addr, bytes, is_source); + return true; +} + #ifndef arch_setup_new_exec static inline void arch_setup_new_exec(void) { } #endif diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index e573288..80b5870 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -139,43 +139,19 @@ extern unsigned long _copy_to_user(void __user *, const void *, unsigned long); #endif -extern void __compiletime_error("usercopy buffer size is too small") -__bad_copy_user(void); - -static inline void copy_user_overflow(int size, unsigned long count) -{ - WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count); -} - static __always_inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { - int sz = __compiletime_object_size(to); - - if (likely(sz < 0 || sz >= n)) { - check_object_size(to, n, false); + if (likely(check_copy_size(to, n, false))) n = _copy_from_user(to, from, n); - } else if (!__builtin_constant_p(n)) - copy_user_overflow(sz, n); - else - __bad_copy_user(); - return n; } static __always_inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { - int sz = __compiletime_object_size(from); - - if (likely(sz < 0 || sz >= n)) { - check_object_size(from, n, true); + if (likely(check_copy_size(from, n, true))) n = _copy_to_user(to, from, n); - } else if (!__builtin_constant_p(n)) - copy_user_overflow(sz, n); - else - __bad_copy_user(); - return n; } #ifdef CONFIG_COMPAT |