From 9c5f6908de03a4f52ba7364b11fcd6116225480c Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 29 Jun 2017 21:39:54 -0400 Subject: copy_{from,to}_user(): move kasan checks and might_fault() out-of-line Signed-off-by: Al Viro --- include/linux/uaccess.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'include/linux/uaccess.h') diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 201418d5e15c..e57328896a16 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -109,8 +109,11 @@ static inline unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n) { unsigned long res = n; - if (likely(access_ok(VERIFY_READ, from, n))) + might_fault(); + if (likely(access_ok(VERIFY_READ, from, n))) { + kasan_check_write(to, n); res = raw_copy_from_user(to, from, n); + } if (unlikely(res)) memset(to + (n - res), 0, res); return res; @@ -124,8 +127,11 @@ _copy_from_user(void *, const void __user *, unsigned long); static inline unsigned long _copy_to_user(void __user *to, const void *from, unsigned long n) { - if (access_ok(VERIFY_WRITE, to, n)) + might_fault(); + if (access_ok(VERIFY_WRITE, to, n)) { + kasan_check_read(from, n); n = raw_copy_to_user(to, from, n); + } return n; } #else @@ -146,9 +152,6 @@ copy_from_user(void *to, const void __user *from, unsigned long n) { int sz = __compiletime_object_size(to); - might_fault(); - kasan_check_write(to, n); - if (likely(sz < 0 || sz >= n)) { check_object_size(to, n, false); n = _copy_from_user(to, from, n); @@ -165,9 +168,6 @@ copy_to_user(void __user *to, const void *from, unsigned long n) { int sz = __compiletime_object_size(from); - kasan_check_read(from, n); - might_fault(); - if (likely(sz < 0 || sz >= n)) { check_object_size(from, n, true); n = _copy_to_user(to, from, n); -- cgit v1.2.3 From b0377fedb6528087ed319b0d054d6ed82240372c Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 29 Jun 2017 21:42:43 -0400 Subject: copy_{to,from}_user(): consolidate object size checks ... and move them into thread_info.h, next to check_object_size() Signed-off-by: Al Viro --- include/linux/thread_info.h | 27 +++++++++++++++++++++++++++ include/linux/uaccess.h | 28 ++-------------------------- 2 files changed, 29 insertions(+), 26 deletions(-) (limited to 'include/linux/uaccess.h') diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h index d7d3ea637dd0..250a27614328 100644 --- a/include/linux/thread_info.h +++ b/include/linux/thread_info.h @@ -113,6 +113,33 @@ static inline void check_object_size(const void *ptr, unsigned long n, { } #endif /* CONFIG_HARDENED_USERCOPY */ +extern void __compiletime_error("copy source size is too small") +__bad_copy_from(void); +extern void __compiletime_error("copy destination size is too small") +__bad_copy_to(void); + +static inline void copy_overflow(int size, unsigned long count) +{ + WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count); +} + +static __always_inline bool +check_copy_size(const void *addr, size_t bytes, bool is_source) +{ + int sz = __compiletime_object_size(addr); + if (unlikely(sz >= 0 && sz < bytes)) { + if (!__builtin_constant_p(bytes)) + copy_overflow(sz, bytes); + else if (is_source) + __bad_copy_from(); + else + __bad_copy_to(); + return false; + } + check_object_size(addr, bytes, is_source); + return true; +} + #ifndef arch_setup_new_exec static inline void arch_setup_new_exec(void) { } #endif diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index e57328896a16..80b587085e79 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -139,43 +139,19 @@ extern unsigned long _copy_to_user(void __user *, const void *, unsigned long); #endif -extern void __compiletime_error("usercopy buffer size is too small") -__bad_copy_user(void); - -static inline void copy_user_overflow(int size, unsigned long count) -{ - WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count); -} - static __always_inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { - int sz = __compiletime_object_size(to); - - if (likely(sz < 0 || sz >= n)) { - check_object_size(to, n, false); + if (likely(check_copy_size(to, n, false))) n = _copy_from_user(to, from, n); - } else if (!__builtin_constant_p(n)) - copy_user_overflow(sz, n); - else - __bad_copy_user(); - return n; } static __always_inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { - int sz = __compiletime_object_size(from); - - if (likely(sz < 0 || sz >= n)) { - check_object_size(from, n, true); + if (likely(check_copy_size(from, n, true))) n = _copy_to_user(to, from, n); - } else if (!__builtin_constant_p(n)) - copy_user_overflow(sz, n); - else - __bad_copy_user(); - return n; } #ifdef CONFIG_COMPAT -- cgit v1.2.3 From 119d0312c766773ca3238b9d926077664eed22be Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 25 May 2017 16:28:49 -0400 Subject: kill __copy_in_user() no users left Signed-off-by: Al Viro --- include/linux/uaccess.h | 6 ------ 1 file changed, 6 deletions(-) (limited to 'include/linux/uaccess.h') diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 201418d5e15c..97c93bc6f72a 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -180,12 +180,6 @@ copy_to_user(void __user *to, const void *from, unsigned long n) } #ifdef CONFIG_COMPAT static __always_inline unsigned long __must_check -__copy_in_user(void __user *to, const void *from, unsigned long n) -{ - might_fault(); - return raw_copy_in_user(to, from, n); -} -static __always_inline unsigned long __must_check copy_in_user(void __user *to, const void *from, unsigned long n) { might_fault(); -- cgit v1.2.3