mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-17 02:36:21 +00:00
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument of the user address range verification function since we got rid of the old racy i386-only code to walk page tables by hand. It existed because the original 80386 would not honor the write protect bit when in kernel mode, so you had to do COW by hand before doing any user access. But we haven't supported that in a long time, and these days the 'type' argument is a purely historical artifact. A discussion about extending 'user_access_begin()' to do the range checking resulted this patch, because there is no way we're going to move the old VERIFY_xyz interface to that model. And it's best done at the end of the merge window when I've done most of my merges, so let's just get this done once and for all. This patch was mostly done with a sed-script, with manual fix-ups for the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form. There were a couple of notable cases: - csky still had the old "verify_area()" name as an alias. - the iter_iov code had magical hardcoded knowledge of the actual values of VERIFY_{READ,WRITE} (not that they mattered, since nothing really used it) - microblaze used the type argument for a debug printout but other than those oddities this should be a total no-op patch. I tried to fix up all architectures, did fairly extensive grepping for access_ok() uses, and the changes are trivial, but I may have missed something. Any missed conversion should be trivially fixable, though. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
135143b2ca
commit
96d4f267e4
@ -68,7 +68,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
|
|||||||
int ret = 0, cmp;
|
int ret = 0, cmp;
|
||||||
u32 prev;
|
u32 prev;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
|
if (!access_ok(uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
__asm__ __volatile__ (
|
__asm__ __volatile__ (
|
||||||
|
@ -36,7 +36,7 @@
|
|||||||
#define __access_ok(addr, size) \
|
#define __access_ok(addr, size) \
|
||||||
((get_fs().seg & (addr | size | (addr+size))) == 0)
|
((get_fs().seg & (addr | size | (addr+size))) == 0)
|
||||||
|
|
||||||
#define access_ok(type, addr, size) \
|
#define access_ok(addr, size) \
|
||||||
({ \
|
({ \
|
||||||
__chk_user_ptr(addr); \
|
__chk_user_ptr(addr); \
|
||||||
__access_ok(((unsigned long)(addr)), (size)); \
|
__access_ok(((unsigned long)(addr)), (size)); \
|
||||||
|
@ -65,7 +65,7 @@ SYSCALL_DEFINE3(osf_sigaction, int, sig,
|
|||||||
|
|
||||||
if (act) {
|
if (act) {
|
||||||
old_sigset_t mask;
|
old_sigset_t mask;
|
||||||
if (!access_ok(VERIFY_READ, act, sizeof(*act)) ||
|
if (!access_ok(act, sizeof(*act)) ||
|
||||||
__get_user(new_ka.sa.sa_handler, &act->sa_handler) ||
|
__get_user(new_ka.sa.sa_handler, &act->sa_handler) ||
|
||||||
__get_user(new_ka.sa.sa_flags, &act->sa_flags) ||
|
__get_user(new_ka.sa.sa_flags, &act->sa_flags) ||
|
||||||
__get_user(mask, &act->sa_mask))
|
__get_user(mask, &act->sa_mask))
|
||||||
@ -77,7 +77,7 @@ SYSCALL_DEFINE3(osf_sigaction, int, sig,
|
|||||||
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
|
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
|
||||||
|
|
||||||
if (!ret && oact) {
|
if (!ret && oact) {
|
||||||
if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) ||
|
if (!access_ok(oact, sizeof(*oact)) ||
|
||||||
__put_user(old_ka.sa.sa_handler, &oact->sa_handler) ||
|
__put_user(old_ka.sa.sa_handler, &oact->sa_handler) ||
|
||||||
__put_user(old_ka.sa.sa_flags, &oact->sa_flags) ||
|
__put_user(old_ka.sa.sa_flags, &oact->sa_flags) ||
|
||||||
__put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask))
|
__put_user(old_ka.sa.sa_mask.sig[0], &oact->sa_mask))
|
||||||
@ -207,7 +207,7 @@ do_sigreturn(struct sigcontext __user *sc)
|
|||||||
sigset_t set;
|
sigset_t set;
|
||||||
|
|
||||||
/* Verify that it's a good sigcontext before using it */
|
/* Verify that it's a good sigcontext before using it */
|
||||||
if (!access_ok(VERIFY_READ, sc, sizeof(*sc)))
|
if (!access_ok(sc, sizeof(*sc)))
|
||||||
goto give_sigsegv;
|
goto give_sigsegv;
|
||||||
if (__get_user(set.sig[0], &sc->sc_mask))
|
if (__get_user(set.sig[0], &sc->sc_mask))
|
||||||
goto give_sigsegv;
|
goto give_sigsegv;
|
||||||
@ -235,7 +235,7 @@ do_rt_sigreturn(struct rt_sigframe __user *frame)
|
|||||||
sigset_t set;
|
sigset_t set;
|
||||||
|
|
||||||
/* Verify that it's a good ucontext_t before using it */
|
/* Verify that it's a good ucontext_t before using it */
|
||||||
if (!access_ok(VERIFY_READ, &frame->uc, sizeof(frame->uc)))
|
if (!access_ok(&frame->uc, sizeof(frame->uc)))
|
||||||
goto give_sigsegv;
|
goto give_sigsegv;
|
||||||
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
||||||
goto give_sigsegv;
|
goto give_sigsegv;
|
||||||
@ -332,7 +332,7 @@ setup_frame(struct ksignal *ksig, sigset_t *set, struct pt_regs *regs)
|
|||||||
|
|
||||||
oldsp = rdusp();
|
oldsp = rdusp();
|
||||||
frame = get_sigframe(ksig, oldsp, sizeof(*frame));
|
frame = get_sigframe(ksig, oldsp, sizeof(*frame));
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
err |= setup_sigcontext(&frame->sc, regs, set->sig[0], oldsp);
|
err |= setup_sigcontext(&frame->sc, regs, set->sig[0], oldsp);
|
||||||
@ -377,7 +377,7 @@ setup_rt_frame(struct ksignal *ksig, sigset_t *set, struct pt_regs *regs)
|
|||||||
|
|
||||||
oldsp = rdusp();
|
oldsp = rdusp();
|
||||||
frame = get_sigframe(ksig, oldsp, sizeof(*frame));
|
frame = get_sigframe(ksig, oldsp, sizeof(*frame));
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
err |= copy_siginfo_to_user(&frame->info, &ksig->info);
|
err |= copy_siginfo_to_user(&frame->info, &ksig->info);
|
||||||
|
@ -333,7 +333,7 @@ csum_partial_copy_from_user(const void __user *src, void *dst, int len,
|
|||||||
unsigned long doff = 7 & (unsigned long) dst;
|
unsigned long doff = 7 & (unsigned long) dst;
|
||||||
|
|
||||||
if (len) {
|
if (len) {
|
||||||
if (!access_ok(VERIFY_READ, src, len)) {
|
if (!access_ok(src, len)) {
|
||||||
if (errp) *errp = -EFAULT;
|
if (errp) *errp = -EFAULT;
|
||||||
memset(dst, 0, len);
|
memset(dst, 0, len);
|
||||||
return sum;
|
return sum;
|
||||||
|
@ -126,7 +126,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, u32 expval,
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
u32 existval;
|
u32 existval;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
|
if (!access_ok(uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
#ifndef CONFIG_ARC_HAS_LLSC
|
#ifndef CONFIG_ARC_HAS_LLSC
|
||||||
|
@ -61,7 +61,7 @@ SYSCALL_DEFINE3(arc_usr_cmpxchg, int *, uaddr, int, expected, int, new)
|
|||||||
/* Z indicates to userspace if operation succeded */
|
/* Z indicates to userspace if operation succeded */
|
||||||
regs->status32 &= ~STATUS_Z_MASK;
|
regs->status32 &= ~STATUS_Z_MASK;
|
||||||
|
|
||||||
ret = access_ok(VERIFY_WRITE, uaddr, sizeof(*uaddr));
|
ret = access_ok(uaddr, sizeof(*uaddr));
|
||||||
if (!ret)
|
if (!ret)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
|
@ -169,7 +169,7 @@ SYSCALL_DEFINE0(rt_sigreturn)
|
|||||||
|
|
||||||
sf = (struct rt_sigframe __force __user *)(regs->sp);
|
sf = (struct rt_sigframe __force __user *)(regs->sp);
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, sf, sizeof(*sf)))
|
if (!access_ok(sf, sizeof(*sf)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (__get_user(magic, &sf->sigret_magic))
|
if (__get_user(magic, &sf->sigret_magic))
|
||||||
@ -219,7 +219,7 @@ static inline void __user *get_sigframe(struct ksignal *ksig,
|
|||||||
frame = (void __user *)((sp - framesize) & ~7);
|
frame = (void __user *)((sp - framesize) & ~7);
|
||||||
|
|
||||||
/* Check that we can actually write to the signal frame */
|
/* Check that we can actually write to the signal frame */
|
||||||
if (!access_ok(VERIFY_WRITE, frame, framesize))
|
if (!access_ok(frame, framesize))
|
||||||
frame = NULL;
|
frame = NULL;
|
||||||
|
|
||||||
return frame;
|
return frame;
|
||||||
|
@ -50,7 +50,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
|
|||||||
int ret;
|
int ret;
|
||||||
u32 val;
|
u32 val;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
|
if (!access_ok(uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
smp_mb();
|
smp_mb();
|
||||||
@ -104,7 +104,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
u32 val;
|
u32 val;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
|
if (!access_ok(uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
preempt_disable();
|
preempt_disable();
|
||||||
|
@ -279,7 +279,7 @@ static inline void set_fs(mm_segment_t fs)
|
|||||||
|
|
||||||
#endif /* CONFIG_MMU */
|
#endif /* CONFIG_MMU */
|
||||||
|
|
||||||
#define access_ok(type, addr, size) (__range_ok(addr, size) == 0)
|
#define access_ok(addr, size) (__range_ok(addr, size) == 0)
|
||||||
|
|
||||||
#define user_addr_max() \
|
#define user_addr_max() \
|
||||||
(uaccess_kernel() ? ~0UL : get_fs())
|
(uaccess_kernel() ? ~0UL : get_fs())
|
||||||
@ -560,7 +560,7 @@ raw_copy_to_user(void __user *to, const void *from, unsigned long n)
|
|||||||
|
|
||||||
static inline unsigned long __must_check clear_user(void __user *to, unsigned long n)
|
static inline unsigned long __must_check clear_user(void __user *to, unsigned long n)
|
||||||
{
|
{
|
||||||
if (access_ok(VERIFY_WRITE, to, n))
|
if (access_ok(to, n))
|
||||||
n = __clear_user(to, n);
|
n = __clear_user(to, n);
|
||||||
return n;
|
return n;
|
||||||
}
|
}
|
||||||
|
@ -37,7 +37,7 @@ user_backtrace(struct frame_tail __user *tail,
|
|||||||
struct frame_tail buftail;
|
struct frame_tail buftail;
|
||||||
unsigned long err;
|
unsigned long err;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, tail, sizeof(buftail)))
|
if (!access_ok(tail, sizeof(buftail)))
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
pagefault_disable();
|
pagefault_disable();
|
||||||
|
@ -241,7 +241,7 @@ asmlinkage int sys_sigreturn(struct pt_regs *regs)
|
|||||||
|
|
||||||
frame = (struct sigframe __user *)regs->ARM_sp;
|
frame = (struct sigframe __user *)regs->ARM_sp;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof (*frame)))
|
if (!access_ok(frame, sizeof (*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (restore_sigframe(regs, frame))
|
if (restore_sigframe(regs, frame))
|
||||||
@ -271,7 +271,7 @@ asmlinkage int sys_rt_sigreturn(struct pt_regs *regs)
|
|||||||
|
|
||||||
frame = (struct rt_sigframe __user *)regs->ARM_sp;
|
frame = (struct rt_sigframe __user *)regs->ARM_sp;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof (*frame)))
|
if (!access_ok(frame, sizeof (*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (restore_sigframe(regs, &frame->sig))
|
if (restore_sigframe(regs, &frame->sig))
|
||||||
@ -355,7 +355,7 @@ get_sigframe(struct ksignal *ksig, struct pt_regs *regs, int framesize)
|
|||||||
/*
|
/*
|
||||||
* Check that we can actually write to the signal frame.
|
* Check that we can actually write to the signal frame.
|
||||||
*/
|
*/
|
||||||
if (!access_ok(VERIFY_WRITE, frame, framesize))
|
if (!access_ok(frame, framesize))
|
||||||
frame = NULL;
|
frame = NULL;
|
||||||
|
|
||||||
return frame;
|
return frame;
|
||||||
|
@ -198,7 +198,7 @@ static int swp_handler(struct pt_regs *regs, unsigned int instr)
|
|||||||
destreg, EXTRACT_REG_NUM(instr, RT2_OFFSET), data);
|
destreg, EXTRACT_REG_NUM(instr, RT2_OFFSET), data);
|
||||||
|
|
||||||
/* Check access in reasonable access range for both SWP and SWPB */
|
/* Check access in reasonable access range for both SWP and SWPB */
|
||||||
if (!access_ok(VERIFY_WRITE, (address & ~3), 4)) {
|
if (!access_ok((address & ~3), 4)) {
|
||||||
pr_debug("SWP{B} emulation: access to %p not allowed!\n",
|
pr_debug("SWP{B} emulation: access to %p not allowed!\n",
|
||||||
(void *)address);
|
(void *)address);
|
||||||
res = -EFAULT;
|
res = -EFAULT;
|
||||||
|
@ -285,7 +285,7 @@ asmlinkage long sys_oabi_epoll_wait(int epfd,
|
|||||||
maxevents > (INT_MAX/sizeof(*kbuf)) ||
|
maxevents > (INT_MAX/sizeof(*kbuf)) ||
|
||||||
maxevents > (INT_MAX/sizeof(*events)))
|
maxevents > (INT_MAX/sizeof(*events)))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
if (!access_ok(VERIFY_WRITE, events, sizeof(*events) * maxevents))
|
if (!access_ok(events, sizeof(*events) * maxevents))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
kbuf = kmalloc_array(maxevents, sizeof(*kbuf), GFP_KERNEL);
|
kbuf = kmalloc_array(maxevents, sizeof(*kbuf), GFP_KERNEL);
|
||||||
if (!kbuf)
|
if (!kbuf)
|
||||||
@ -326,7 +326,7 @@ asmlinkage long sys_oabi_semtimedop(int semid,
|
|||||||
|
|
||||||
if (nsops < 1 || nsops > SEMOPM)
|
if (nsops < 1 || nsops > SEMOPM)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
if (!access_ok(VERIFY_READ, tsops, sizeof(*tsops) * nsops))
|
if (!access_ok(tsops, sizeof(*tsops) * nsops))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
sops = kmalloc_array(nsops, sizeof(*sops), GFP_KERNEL);
|
sops = kmalloc_array(nsops, sizeof(*sops), GFP_KERNEL);
|
||||||
if (!sops)
|
if (!sops)
|
||||||
|
@ -582,7 +582,7 @@ do_cache_op(unsigned long start, unsigned long end, int flags)
|
|||||||
if (end < start || flags)
|
if (end < start || flags)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, start, end - start))
|
if (!access_ok(start, end - start))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
return __do_cache_op(start, end);
|
return __do_cache_op(start, end);
|
||||||
|
@ -88,7 +88,7 @@ static struct frame_tail* user_backtrace(struct frame_tail *tail)
|
|||||||
struct frame_tail buftail[2];
|
struct frame_tail buftail[2];
|
||||||
|
|
||||||
/* Also check accessibility of one struct frame_tail beyond */
|
/* Also check accessibility of one struct frame_tail beyond */
|
||||||
if (!access_ok(VERIFY_READ, tail, sizeof(buftail)))
|
if (!access_ok(tail, sizeof(buftail)))
|
||||||
return NULL;
|
return NULL;
|
||||||
if (__copy_from_user_inatomic(buftail, tail, sizeof(buftail)))
|
if (__copy_from_user_inatomic(buftail, tail, sizeof(buftail)))
|
||||||
return NULL;
|
return NULL;
|
||||||
|
@ -96,7 +96,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *_uaddr,
|
|||||||
u32 val, tmp;
|
u32 val, tmp;
|
||||||
u32 __user *uaddr;
|
u32 __user *uaddr;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, _uaddr, sizeof(u32)))
|
if (!access_ok(_uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
uaddr = __uaccess_mask_ptr(_uaddr);
|
uaddr = __uaccess_mask_ptr(_uaddr);
|
||||||
|
@ -95,7 +95,7 @@ static inline unsigned long __range_ok(const void __user *addr, unsigned long si
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
#define access_ok(type, addr, size) __range_ok(addr, size)
|
#define access_ok(addr, size) __range_ok(addr, size)
|
||||||
#define user_addr_max get_fs
|
#define user_addr_max get_fs
|
||||||
|
|
||||||
#define _ASM_EXTABLE(from, to) \
|
#define _ASM_EXTABLE(from, to) \
|
||||||
@ -301,7 +301,7 @@ do { \
|
|||||||
({ \
|
({ \
|
||||||
__typeof__(*(ptr)) __user *__p = (ptr); \
|
__typeof__(*(ptr)) __user *__p = (ptr); \
|
||||||
might_fault(); \
|
might_fault(); \
|
||||||
if (access_ok(VERIFY_READ, __p, sizeof(*__p))) { \
|
if (access_ok(__p, sizeof(*__p))) { \
|
||||||
__p = uaccess_mask_ptr(__p); \
|
__p = uaccess_mask_ptr(__p); \
|
||||||
__get_user_err((x), __p, (err)); \
|
__get_user_err((x), __p, (err)); \
|
||||||
} else { \
|
} else { \
|
||||||
@ -370,7 +370,7 @@ do { \
|
|||||||
({ \
|
({ \
|
||||||
__typeof__(*(ptr)) __user *__p = (ptr); \
|
__typeof__(*(ptr)) __user *__p = (ptr); \
|
||||||
might_fault(); \
|
might_fault(); \
|
||||||
if (access_ok(VERIFY_WRITE, __p, sizeof(*__p))) { \
|
if (access_ok(__p, sizeof(*__p))) { \
|
||||||
__p = uaccess_mask_ptr(__p); \
|
__p = uaccess_mask_ptr(__p); \
|
||||||
__put_user_err((x), __p, (err)); \
|
__put_user_err((x), __p, (err)); \
|
||||||
} else { \
|
} else { \
|
||||||
@ -418,7 +418,7 @@ extern unsigned long __must_check __arch_copy_in_user(void __user *to, const voi
|
|||||||
extern unsigned long __must_check __arch_clear_user(void __user *to, unsigned long n);
|
extern unsigned long __must_check __arch_clear_user(void __user *to, unsigned long n);
|
||||||
static inline unsigned long __must_check __clear_user(void __user *to, unsigned long n)
|
static inline unsigned long __must_check __clear_user(void __user *to, unsigned long n)
|
||||||
{
|
{
|
||||||
if (access_ok(VERIFY_WRITE, to, n))
|
if (access_ok(to, n))
|
||||||
n = __arch_clear_user(__uaccess_mask_ptr(to), n);
|
n = __arch_clear_user(__uaccess_mask_ptr(to), n);
|
||||||
return n;
|
return n;
|
||||||
}
|
}
|
||||||
|
@ -402,7 +402,7 @@ static int swp_handler(struct pt_regs *regs, u32 instr)
|
|||||||
|
|
||||||
/* Check access in reasonable access range for both SWP and SWPB */
|
/* Check access in reasonable access range for both SWP and SWPB */
|
||||||
user_ptr = (const void __user *)(unsigned long)(address & ~3);
|
user_ptr = (const void __user *)(unsigned long)(address & ~3);
|
||||||
if (!access_ok(VERIFY_WRITE, user_ptr, 4)) {
|
if (!access_ok(user_ptr, 4)) {
|
||||||
pr_debug("SWP{B} emulation: access to 0x%08x not allowed!\n",
|
pr_debug("SWP{B} emulation: access to 0x%08x not allowed!\n",
|
||||||
address);
|
address);
|
||||||
goto fault;
|
goto fault;
|
||||||
|
@ -39,7 +39,7 @@ user_backtrace(struct frame_tail __user *tail,
|
|||||||
unsigned long lr;
|
unsigned long lr;
|
||||||
|
|
||||||
/* Also check accessibility of one struct frame_tail beyond */
|
/* Also check accessibility of one struct frame_tail beyond */
|
||||||
if (!access_ok(VERIFY_READ, tail, sizeof(buftail)))
|
if (!access_ok(tail, sizeof(buftail)))
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
pagefault_disable();
|
pagefault_disable();
|
||||||
@ -86,7 +86,7 @@ compat_user_backtrace(struct compat_frame_tail __user *tail,
|
|||||||
unsigned long err;
|
unsigned long err;
|
||||||
|
|
||||||
/* Also check accessibility of one struct frame_tail beyond */
|
/* Also check accessibility of one struct frame_tail beyond */
|
||||||
if (!access_ok(VERIFY_READ, tail, sizeof(buftail)))
|
if (!access_ok(tail, sizeof(buftail)))
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
pagefault_disable();
|
pagefault_disable();
|
||||||
|
@ -470,7 +470,7 @@ static int parse_user_sigframe(struct user_ctxs *user,
|
|||||||
offset = 0;
|
offset = 0;
|
||||||
limit = extra_size;
|
limit = extra_size;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, base, limit))
|
if (!access_ok(base, limit))
|
||||||
goto invalid;
|
goto invalid;
|
||||||
|
|
||||||
continue;
|
continue;
|
||||||
@ -556,7 +556,7 @@ SYSCALL_DEFINE0(rt_sigreturn)
|
|||||||
|
|
||||||
frame = (struct rt_sigframe __user *)regs->sp;
|
frame = (struct rt_sigframe __user *)regs->sp;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof (*frame)))
|
if (!access_ok(frame, sizeof (*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (restore_sigframe(regs, frame))
|
if (restore_sigframe(regs, frame))
|
||||||
@ -730,7 +730,7 @@ static int get_sigframe(struct rt_sigframe_user_layout *user,
|
|||||||
/*
|
/*
|
||||||
* Check that we can actually write to the signal frame.
|
* Check that we can actually write to the signal frame.
|
||||||
*/
|
*/
|
||||||
if (!access_ok(VERIFY_WRITE, user->sigframe, sp_top - sp))
|
if (!access_ok(user->sigframe, sp_top - sp))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -303,7 +303,7 @@ COMPAT_SYSCALL_DEFINE0(sigreturn)
|
|||||||
|
|
||||||
frame = (struct compat_sigframe __user *)regs->compat_sp;
|
frame = (struct compat_sigframe __user *)regs->compat_sp;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof (*frame)))
|
if (!access_ok(frame, sizeof (*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (compat_restore_sigframe(regs, frame))
|
if (compat_restore_sigframe(regs, frame))
|
||||||
@ -334,7 +334,7 @@ COMPAT_SYSCALL_DEFINE0(rt_sigreturn)
|
|||||||
|
|
||||||
frame = (struct compat_rt_sigframe __user *)regs->compat_sp;
|
frame = (struct compat_rt_sigframe __user *)regs->compat_sp;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof (*frame)))
|
if (!access_ok(frame, sizeof (*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (compat_restore_sigframe(regs, &frame->sig))
|
if (compat_restore_sigframe(regs, &frame->sig))
|
||||||
@ -365,7 +365,7 @@ static void __user *compat_get_sigframe(struct ksignal *ksig,
|
|||||||
/*
|
/*
|
||||||
* Check that we can actually write to the signal frame.
|
* Check that we can actually write to the signal frame.
|
||||||
*/
|
*/
|
||||||
if (!access_ok(VERIFY_WRITE, frame, framesize))
|
if (!access_ok(frame, framesize))
|
||||||
frame = NULL;
|
frame = NULL;
|
||||||
|
|
||||||
return frame;
|
return frame;
|
||||||
|
@ -58,7 +58,7 @@ do_compat_cache_op(unsigned long start, unsigned long end, int flags)
|
|||||||
if (end < start || flags)
|
if (end < start || flags)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, (const void __user *)start, end - start))
|
if (!access_ok((const void __user *)start, end - start))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
return __do_compat_cache_op(start, end);
|
return __do_compat_cache_op(start, end);
|
||||||
|
@ -80,7 +80,7 @@ asmlinkage int do_rt_sigreturn(struct pt_regs *regs)
|
|||||||
|
|
||||||
frame = (struct rt_sigframe __user *) ((unsigned long) regs->sp + 8);
|
frame = (struct rt_sigframe __user *) ((unsigned long) regs->sp + 8);
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
@ -149,7 +149,7 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set,
|
|||||||
|
|
||||||
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
err |= __put_user(&frame->info, &frame->pinfo);
|
err |= __put_user(&frame->info, &frame->pinfo);
|
||||||
|
@ -32,7 +32,7 @@ static int ldb_asm(uint32_t addr, uint32_t *valp)
|
|||||||
uint32_t val;
|
uint32_t val;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, (void *)addr, 1))
|
if (!access_ok((void *)addr, 1))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
asm volatile (
|
asm volatile (
|
||||||
@ -67,7 +67,7 @@ static int stb_asm(uint32_t addr, uint32_t val)
|
|||||||
{
|
{
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, (void *)addr, 1))
|
if (!access_ok((void *)addr, 1))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
asm volatile (
|
asm volatile (
|
||||||
|
@ -16,10 +16,7 @@
|
|||||||
#include <linux/version.h>
|
#include <linux/version.h>
|
||||||
#include <asm/segment.h>
|
#include <asm/segment.h>
|
||||||
|
|
||||||
#define VERIFY_READ 0
|
static inline int access_ok(const void *addr, unsigned long size)
|
||||||
#define VERIFY_WRITE 1
|
|
||||||
|
|
||||||
static inline int access_ok(int type, const void *addr, unsigned long size)
|
|
||||||
{
|
{
|
||||||
unsigned long limit = current_thread_info()->addr_limit.seg;
|
unsigned long limit = current_thread_info()->addr_limit.seg;
|
||||||
|
|
||||||
@ -27,12 +24,7 @@ static inline int access_ok(int type, const void *addr, unsigned long size)
|
|||||||
((unsigned long)(addr + size) < limit));
|
((unsigned long)(addr + size) < limit));
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int verify_area(int type, const void *addr, unsigned long size)
|
#define __addr_ok(addr) (access_ok(addr, 0))
|
||||||
{
|
|
||||||
return access_ok(type, addr, size) ? 0 : -EFAULT;
|
|
||||||
}
|
|
||||||
|
|
||||||
#define __addr_ok(addr) (access_ok(VERIFY_READ, addr, 0))
|
|
||||||
|
|
||||||
extern int __put_user_bad(void);
|
extern int __put_user_bad(void);
|
||||||
|
|
||||||
@ -91,7 +83,7 @@ extern int __put_user_bad(void);
|
|||||||
long __pu_err = -EFAULT; \
|
long __pu_err = -EFAULT; \
|
||||||
typeof(*(ptr)) *__pu_addr = (ptr); \
|
typeof(*(ptr)) *__pu_addr = (ptr); \
|
||||||
typeof(*(ptr)) __pu_val = (typeof(*(ptr)))(x); \
|
typeof(*(ptr)) __pu_val = (typeof(*(ptr)))(x); \
|
||||||
if (access_ok(VERIFY_WRITE, __pu_addr, size) && __pu_addr) \
|
if (access_ok(__pu_addr, size) && __pu_addr) \
|
||||||
__put_user_size(__pu_val, __pu_addr, (size), __pu_err); \
|
__put_user_size(__pu_val, __pu_addr, (size), __pu_err); \
|
||||||
__pu_err; \
|
__pu_err; \
|
||||||
})
|
})
|
||||||
@ -217,7 +209,7 @@ do { \
|
|||||||
({ \
|
({ \
|
||||||
int __gu_err = -EFAULT; \
|
int __gu_err = -EFAULT; \
|
||||||
const __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \
|
const __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \
|
||||||
if (access_ok(VERIFY_READ, __gu_ptr, size) && __gu_ptr) \
|
if (access_ok(__gu_ptr, size) && __gu_ptr) \
|
||||||
__get_user_size(x, __gu_ptr, size, __gu_err); \
|
__get_user_size(x, __gu_ptr, size, __gu_err); \
|
||||||
__gu_err; \
|
__gu_err; \
|
||||||
})
|
})
|
||||||
|
@ -88,7 +88,7 @@ do_rt_sigreturn(void)
|
|||||||
struct pt_regs *regs = current_pt_regs();
|
struct pt_regs *regs = current_pt_regs();
|
||||||
struct rt_sigframe *frame = (struct rt_sigframe *)(regs->usp);
|
struct rt_sigframe *frame = (struct rt_sigframe *)(regs->usp);
|
||||||
|
|
||||||
if (verify_area(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
unsigned long raw_copy_from_user(void *to, const void *from,
|
unsigned long raw_copy_from_user(void *to, const void *from,
|
||||||
unsigned long n)
|
unsigned long n)
|
||||||
{
|
{
|
||||||
if (access_ok(VERIFY_READ, from, n))
|
if (access_ok(from, n))
|
||||||
__copy_user_zeroing(to, from, n);
|
__copy_user_zeroing(to, from, n);
|
||||||
else
|
else
|
||||||
memset(to, 0, n);
|
memset(to, 0, n);
|
||||||
@ -18,7 +18,7 @@ EXPORT_SYMBOL(raw_copy_from_user);
|
|||||||
unsigned long raw_copy_to_user(void *to, const void *from,
|
unsigned long raw_copy_to_user(void *to, const void *from,
|
||||||
unsigned long n)
|
unsigned long n)
|
||||||
{
|
{
|
||||||
if (access_ok(VERIFY_WRITE, to, n))
|
if (access_ok(to, n))
|
||||||
__copy_user(to, from, n);
|
__copy_user(to, from, n);
|
||||||
return n;
|
return n;
|
||||||
}
|
}
|
||||||
@ -113,7 +113,7 @@ long strncpy_from_user(char *dst, const char *src, long count)
|
|||||||
{
|
{
|
||||||
long res = -EFAULT;
|
long res = -EFAULT;
|
||||||
|
|
||||||
if (access_ok(VERIFY_READ, src, 1))
|
if (access_ok(src, 1))
|
||||||
__do_strncpy_from_user(dst, src, count, res);
|
__do_strncpy_from_user(dst, src, count, res);
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
@ -236,7 +236,7 @@ do { \
|
|||||||
unsigned long
|
unsigned long
|
||||||
clear_user(void __user *to, unsigned long n)
|
clear_user(void __user *to, unsigned long n)
|
||||||
{
|
{
|
||||||
if (access_ok(VERIFY_WRITE, to, n))
|
if (access_ok(to, n))
|
||||||
__do_clear_user(to, n);
|
__do_clear_user(to, n);
|
||||||
return n;
|
return n;
|
||||||
}
|
}
|
||||||
|
@ -110,7 +110,7 @@ asmlinkage int sys_rt_sigreturn(void)
|
|||||||
sigset_t set;
|
sigset_t set;
|
||||||
int er0;
|
int er0;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
@ -165,7 +165,7 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set,
|
|||||||
|
|
||||||
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
if (ksig->ka.sa.sa_flags & SA_SIGINFO)
|
if (ksig->ka.sa.sa_flags & SA_SIGINFO)
|
||||||
|
@ -77,7 +77,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, u32 oldval,
|
|||||||
int prev;
|
int prev;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
|
if (!access_ok(uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
__asm__ __volatile__ (
|
__asm__ __volatile__ (
|
||||||
|
@ -29,9 +29,6 @@
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* access_ok: - Checks if a user space pointer is valid
|
* access_ok: - Checks if a user space pointer is valid
|
||||||
* @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that
|
|
||||||
* %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe
|
|
||||||
* to write to a block, it is always safe to read from it.
|
|
||||||
* @addr: User space pointer to start of block to check
|
* @addr: User space pointer to start of block to check
|
||||||
* @size: Size of block to check
|
* @size: Size of block to check
|
||||||
*
|
*
|
||||||
|
@ -115,7 +115,7 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set,
|
|||||||
|
|
||||||
frame = get_sigframe(ksig, regs, sizeof(struct rt_sigframe));
|
frame = get_sigframe(ksig, regs, sizeof(struct rt_sigframe));
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof(struct rt_sigframe)))
|
if (!access_ok(frame, sizeof(struct rt_sigframe)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
if (copy_siginfo_to_user(&frame->info, &ksig->info))
|
if (copy_siginfo_to_user(&frame->info, &ksig->info))
|
||||||
@ -244,7 +244,7 @@ asmlinkage int sys_rt_sigreturn(void)
|
|||||||
current->restart_block.fn = do_no_restart_syscall;
|
current->restart_block.fn = do_no_restart_syscall;
|
||||||
|
|
||||||
frame = (struct rt_sigframe __user *)pt_psp(regs);
|
frame = (struct rt_sigframe __user *)pt_psp(regs);
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
if (__copy_from_user(&blocked, &frame->uc.uc_sigmask, sizeof(blocked)))
|
if (__copy_from_user(&blocked, &frame->uc.uc_sigmask, sizeof(blocked)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
@ -51,7 +51,7 @@ __kernel_size_t __clear_user_hexagon(void __user *dest, unsigned long count)
|
|||||||
|
|
||||||
unsigned long clear_user_hexagon(void __user *dest, unsigned long count)
|
unsigned long clear_user_hexagon(void __user *dest, unsigned long count)
|
||||||
{
|
{
|
||||||
if (!access_ok(VERIFY_WRITE, dest, count))
|
if (!access_ok(dest, count))
|
||||||
return count;
|
return count;
|
||||||
else
|
else
|
||||||
return __clear_user_hexagon(dest, count);
|
return __clear_user_hexagon(dest, count);
|
||||||
|
@ -86,7 +86,7 @@ static inline int
|
|||||||
futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
|
futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
|
||||||
u32 oldval, u32 newval)
|
u32 oldval, u32 newval)
|
||||||
{
|
{
|
||||||
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
|
if (!access_ok(uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -67,7 +67,7 @@ static inline int __access_ok(const void __user *p, unsigned long size)
|
|||||||
return likely(addr <= seg) &&
|
return likely(addr <= seg) &&
|
||||||
(seg == KERNEL_DS.seg || likely(REGION_OFFSET(addr) < RGN_MAP_LIMIT));
|
(seg == KERNEL_DS.seg || likely(REGION_OFFSET(addr) < RGN_MAP_LIMIT));
|
||||||
}
|
}
|
||||||
#define access_ok(type, addr, size) __access_ok((addr), (size))
|
#define access_ok(addr, size) __access_ok((addr), (size))
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* These are the main single-value transfer routines. They automatically
|
* These are the main single-value transfer routines. They automatically
|
||||||
|
@ -836,7 +836,7 @@ ptrace_getregs (struct task_struct *child, struct pt_all_user_regs __user *ppr)
|
|||||||
char nat = 0;
|
char nat = 0;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, ppr, sizeof(struct pt_all_user_regs)))
|
if (!access_ok(ppr, sizeof(struct pt_all_user_regs)))
|
||||||
return -EIO;
|
return -EIO;
|
||||||
|
|
||||||
pt = task_pt_regs(child);
|
pt = task_pt_regs(child);
|
||||||
@ -981,7 +981,7 @@ ptrace_setregs (struct task_struct *child, struct pt_all_user_regs __user *ppr)
|
|||||||
|
|
||||||
memset(&fpval, 0, sizeof(fpval));
|
memset(&fpval, 0, sizeof(fpval));
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, ppr, sizeof(struct pt_all_user_regs)))
|
if (!access_ok(ppr, sizeof(struct pt_all_user_regs)))
|
||||||
return -EIO;
|
return -EIO;
|
||||||
|
|
||||||
pt = task_pt_regs(child);
|
pt = task_pt_regs(child);
|
||||||
|
@ -132,7 +132,7 @@ ia64_rt_sigreturn (struct sigscratch *scr)
|
|||||||
*/
|
*/
|
||||||
retval = (long) &ia64_strace_leave_kernel;
|
retval = (long) &ia64_strace_leave_kernel;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, sc, sizeof(*sc)))
|
if (!access_ok(sc, sizeof(*sc)))
|
||||||
goto give_sigsegv;
|
goto give_sigsegv;
|
||||||
|
|
||||||
if (GET_SIGSET(&set, &sc->sc_mask))
|
if (GET_SIGSET(&set, &sc->sc_mask))
|
||||||
@ -264,7 +264,7 @@ setup_frame(struct ksignal *ksig, sigset_t *set, struct sigscratch *scr)
|
|||||||
}
|
}
|
||||||
frame = (void __user *) ((new_sp - sizeof(*frame)) & -STACK_ALIGN);
|
frame = (void __user *) ((new_sp - sizeof(*frame)) & -STACK_ALIGN);
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame))) {
|
if (!access_ok(frame, sizeof(*frame))) {
|
||||||
force_sigsegv(ksig->sig, current);
|
force_sigsegv(ksig->sig, current);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
@ -10,7 +10,7 @@
|
|||||||
#include <asm/segment.h>
|
#include <asm/segment.h>
|
||||||
|
|
||||||
/* We let the MMU do all checking */
|
/* We let the MMU do all checking */
|
||||||
static inline int access_ok(int type, const void __user *addr,
|
static inline int access_ok(const void __user *addr,
|
||||||
unsigned long size)
|
unsigned long size)
|
||||||
{
|
{
|
||||||
return 1;
|
return 1;
|
||||||
|
@ -10,7 +10,7 @@
|
|||||||
|
|
||||||
#include <asm/segment.h>
|
#include <asm/segment.h>
|
||||||
|
|
||||||
#define access_ok(type,addr,size) _access_ok((unsigned long)(addr),(size))
|
#define access_ok(addr,size) _access_ok((unsigned long)(addr),(size))
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* It is not enough to just have access_ok check for a real RAM address.
|
* It is not enough to just have access_ok check for a real RAM address.
|
||||||
|
@ -787,7 +787,7 @@ asmlinkage int do_sigreturn(struct pt_regs *regs, struct switch_stack *sw)
|
|||||||
struct sigframe __user *frame = (struct sigframe __user *)(usp - 4);
|
struct sigframe __user *frame = (struct sigframe __user *)(usp - 4);
|
||||||
sigset_t set;
|
sigset_t set;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
if (__get_user(set.sig[0], &frame->sc.sc_mask) ||
|
if (__get_user(set.sig[0], &frame->sc.sc_mask) ||
|
||||||
(_NSIG_WORDS > 1 &&
|
(_NSIG_WORDS > 1 &&
|
||||||
@ -812,7 +812,7 @@ asmlinkage int do_rt_sigreturn(struct pt_regs *regs, struct switch_stack *sw)
|
|||||||
struct rt_sigframe __user *frame = (struct rt_sigframe __user *)(usp - 4);
|
struct rt_sigframe __user *frame = (struct rt_sigframe __user *)(usp - 4);
|
||||||
sigset_t set;
|
sigset_t set;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
@ -71,7 +71,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
|
|||||||
int ret = 0, cmp;
|
int ret = 0, cmp;
|
||||||
u32 prev;
|
u32 prev;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
|
if (!access_ok(uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
__asm__ __volatile__ ("1: lwx %1, %3, r0; \
|
__asm__ __volatile__ ("1: lwx %1, %3, r0; \
|
||||||
|
@ -60,26 +60,25 @@ static inline int ___range_ok(unsigned long addr, unsigned long size)
|
|||||||
#define __range_ok(addr, size) \
|
#define __range_ok(addr, size) \
|
||||||
___range_ok((unsigned long)(addr), (unsigned long)(size))
|
___range_ok((unsigned long)(addr), (unsigned long)(size))
|
||||||
|
|
||||||
#define access_ok(type, addr, size) (__range_ok((addr), (size)) == 0)
|
#define access_ok(addr, size) (__range_ok((addr), (size)) == 0)
|
||||||
|
|
||||||
#else
|
#else
|
||||||
|
|
||||||
static inline int access_ok(int type, const void __user *addr,
|
static inline int access_ok(const void __user *addr, unsigned long size)
|
||||||
unsigned long size)
|
|
||||||
{
|
{
|
||||||
if (!size)
|
if (!size)
|
||||||
goto ok;
|
goto ok;
|
||||||
|
|
||||||
if ((get_fs().seg < ((unsigned long)addr)) ||
|
if ((get_fs().seg < ((unsigned long)addr)) ||
|
||||||
(get_fs().seg < ((unsigned long)addr + size - 1))) {
|
(get_fs().seg < ((unsigned long)addr + size - 1))) {
|
||||||
pr_devel("ACCESS fail: %s at 0x%08x (size 0x%x), seg 0x%08x\n",
|
pr_devel("ACCESS fail at 0x%08x (size 0x%x), seg 0x%08x\n",
|
||||||
type ? "WRITE" : "READ ", (__force u32)addr, (u32)size,
|
(__force u32)addr, (u32)size,
|
||||||
(u32)get_fs().seg);
|
(u32)get_fs().seg);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
ok:
|
ok:
|
||||||
pr_devel("ACCESS OK: %s at 0x%08x (size 0x%x), seg 0x%08x\n",
|
pr_devel("ACCESS OK at 0x%08x (size 0x%x), seg 0x%08x\n",
|
||||||
type ? "WRITE" : "READ ", (__force u32)addr, (u32)size,
|
(__force u32)addr, (u32)size,
|
||||||
(u32)get_fs().seg);
|
(u32)get_fs().seg);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@ -120,7 +119,7 @@ static inline unsigned long __must_check clear_user(void __user *to,
|
|||||||
unsigned long n)
|
unsigned long n)
|
||||||
{
|
{
|
||||||
might_fault();
|
might_fault();
|
||||||
if (unlikely(!access_ok(VERIFY_WRITE, to, n)))
|
if (unlikely(!access_ok(to, n)))
|
||||||
return n;
|
return n;
|
||||||
|
|
||||||
return __clear_user(to, n);
|
return __clear_user(to, n);
|
||||||
@ -174,7 +173,7 @@ extern long __user_bad(void);
|
|||||||
const typeof(*(ptr)) __user *__gu_addr = (ptr); \
|
const typeof(*(ptr)) __user *__gu_addr = (ptr); \
|
||||||
int __gu_err = 0; \
|
int __gu_err = 0; \
|
||||||
\
|
\
|
||||||
if (access_ok(VERIFY_READ, __gu_addr, size)) { \
|
if (access_ok(__gu_addr, size)) { \
|
||||||
switch (size) { \
|
switch (size) { \
|
||||||
case 1: \
|
case 1: \
|
||||||
__get_user_asm("lbu", __gu_addr, __gu_val, \
|
__get_user_asm("lbu", __gu_addr, __gu_val, \
|
||||||
@ -286,7 +285,7 @@ extern long __user_bad(void);
|
|||||||
typeof(*(ptr)) __user *__pu_addr = (ptr); \
|
typeof(*(ptr)) __user *__pu_addr = (ptr); \
|
||||||
int __pu_err = 0; \
|
int __pu_err = 0; \
|
||||||
\
|
\
|
||||||
if (access_ok(VERIFY_WRITE, __pu_addr, size)) { \
|
if (access_ok(__pu_addr, size)) { \
|
||||||
switch (size) { \
|
switch (size) { \
|
||||||
case 1: \
|
case 1: \
|
||||||
__put_user_asm("sb", __pu_addr, __pu_val, \
|
__put_user_asm("sb", __pu_addr, __pu_val, \
|
||||||
@ -358,7 +357,7 @@ extern int __strncpy_user(char *to, const char __user *from, int len);
|
|||||||
static inline long
|
static inline long
|
||||||
strncpy_from_user(char *dst, const char __user *src, long count)
|
strncpy_from_user(char *dst, const char __user *src, long count)
|
||||||
{
|
{
|
||||||
if (!access_ok(VERIFY_READ, src, 1))
|
if (!access_ok(src, 1))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
return __strncpy_user(dst, src, count);
|
return __strncpy_user(dst, src, count);
|
||||||
}
|
}
|
||||||
@ -372,7 +371,7 @@ extern int __strnlen_user(const char __user *sstr, int len);
|
|||||||
|
|
||||||
static inline long strnlen_user(const char __user *src, long n)
|
static inline long strnlen_user(const char __user *src, long n)
|
||||||
{
|
{
|
||||||
if (!access_ok(VERIFY_READ, src, 1))
|
if (!access_ok(src, 1))
|
||||||
return 0;
|
return 0;
|
||||||
return __strnlen_user(src, n);
|
return __strnlen_user(src, n);
|
||||||
}
|
}
|
||||||
|
@ -91,7 +91,7 @@ asmlinkage long sys_rt_sigreturn(struct pt_regs *regs)
|
|||||||
/* Always make any pending restarted system calls return -EINTR */
|
/* Always make any pending restarted system calls return -EINTR */
|
||||||
current->restart_block.fn = do_no_restart_syscall;
|
current->restart_block.fn = do_no_restart_syscall;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
||||||
@ -166,7 +166,7 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set,
|
|||||||
|
|
||||||
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
if (ksig->ka.sa.sa_flags & SA_SIGINFO)
|
if (ksig->ka.sa.sa_flags & SA_SIGINFO)
|
||||||
|
@ -63,7 +63,7 @@ static inline
|
|||||||
__wsum csum_and_copy_from_user(const void __user *src, void *dst,
|
__wsum csum_and_copy_from_user(const void __user *src, void *dst,
|
||||||
int len, __wsum sum, int *err_ptr)
|
int len, __wsum sum, int *err_ptr)
|
||||||
{
|
{
|
||||||
if (access_ok(VERIFY_READ, src, len))
|
if (access_ok(src, len))
|
||||||
return csum_partial_copy_from_user(src, dst, len, sum,
|
return csum_partial_copy_from_user(src, dst, len, sum,
|
||||||
err_ptr);
|
err_ptr);
|
||||||
if (len)
|
if (len)
|
||||||
@ -81,7 +81,7 @@ __wsum csum_and_copy_to_user(const void *src, void __user *dst, int len,
|
|||||||
__wsum sum, int *err_ptr)
|
__wsum sum, int *err_ptr)
|
||||||
{
|
{
|
||||||
might_fault();
|
might_fault();
|
||||||
if (access_ok(VERIFY_WRITE, dst, len)) {
|
if (access_ok(dst, len)) {
|
||||||
if (uaccess_kernel())
|
if (uaccess_kernel())
|
||||||
return __csum_partial_copy_kernel(src,
|
return __csum_partial_copy_kernel(src,
|
||||||
(__force void *)dst,
|
(__force void *)dst,
|
||||||
|
@ -129,7 +129,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
u32 val;
|
u32 val;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
|
if (!access_ok(uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
if (cpu_has_llsc && R10000_LLSC_WAR) {
|
if (cpu_has_llsc && R10000_LLSC_WAR) {
|
||||||
|
@ -32,7 +32,7 @@ static inline int user_termio_to_kernel_termios(struct ktermios *termios,
|
|||||||
unsigned short iflag, oflag, cflag, lflag;
|
unsigned short iflag, oflag, cflag, lflag;
|
||||||
unsigned int err;
|
unsigned int err;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, termio, sizeof(struct termio)))
|
if (!access_ok(termio, sizeof(struct termio)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
err = __get_user(iflag, &termio->c_iflag);
|
err = __get_user(iflag, &termio->c_iflag);
|
||||||
@ -61,7 +61,7 @@ static inline int kernel_termios_to_user_termio(struct termio __user *termio,
|
|||||||
{
|
{
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, termio, sizeof(struct termio)))
|
if (!access_ok(termio, sizeof(struct termio)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
err = __put_user(termios->c_iflag, &termio->c_iflag);
|
err = __put_user(termios->c_iflag, &termio->c_iflag);
|
||||||
|
@ -109,9 +109,6 @@ static inline bool eva_kernel_access(void)
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* access_ok: - Checks if a user space pointer is valid
|
* access_ok: - Checks if a user space pointer is valid
|
||||||
* @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that
|
|
||||||
* %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe
|
|
||||||
* to write to a block, it is always safe to read from it.
|
|
||||||
* @addr: User space pointer to start of block to check
|
* @addr: User space pointer to start of block to check
|
||||||
* @size: Size of block to check
|
* @size: Size of block to check
|
||||||
*
|
*
|
||||||
@ -134,7 +131,7 @@ static inline int __access_ok(const void __user *p, unsigned long size)
|
|||||||
return (get_fs().seg & (addr | (addr + size) | __ua_size(size))) == 0;
|
return (get_fs().seg & (addr | (addr + size) | __ua_size(size))) == 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#define access_ok(type, addr, size) \
|
#define access_ok(addr, size) \
|
||||||
likely(__access_ok((addr), (size)))
|
likely(__access_ok((addr), (size)))
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -304,7 +301,7 @@ do { \
|
|||||||
const __typeof__(*(ptr)) __user * __gu_ptr = (ptr); \
|
const __typeof__(*(ptr)) __user * __gu_ptr = (ptr); \
|
||||||
\
|
\
|
||||||
might_fault(); \
|
might_fault(); \
|
||||||
if (likely(access_ok(VERIFY_READ, __gu_ptr, size))) { \
|
if (likely(access_ok( __gu_ptr, size))) { \
|
||||||
if (eva_kernel_access()) \
|
if (eva_kernel_access()) \
|
||||||
__get_kernel_common((x), size, __gu_ptr); \
|
__get_kernel_common((x), size, __gu_ptr); \
|
||||||
else \
|
else \
|
||||||
@ -446,7 +443,7 @@ do { \
|
|||||||
int __pu_err = -EFAULT; \
|
int __pu_err = -EFAULT; \
|
||||||
\
|
\
|
||||||
might_fault(); \
|
might_fault(); \
|
||||||
if (likely(access_ok(VERIFY_WRITE, __pu_addr, size))) { \
|
if (likely(access_ok( __pu_addr, size))) { \
|
||||||
if (eva_kernel_access()) \
|
if (eva_kernel_access()) \
|
||||||
__put_kernel_common(__pu_addr, size); \
|
__put_kernel_common(__pu_addr, size); \
|
||||||
else \
|
else \
|
||||||
@ -691,8 +688,7 @@ __clear_user(void __user *addr, __kernel_size_t size)
|
|||||||
({ \
|
({ \
|
||||||
void __user * __cl_addr = (addr); \
|
void __user * __cl_addr = (addr); \
|
||||||
unsigned long __cl_size = (n); \
|
unsigned long __cl_size = (n); \
|
||||||
if (__cl_size && access_ok(VERIFY_WRITE, \
|
if (__cl_size && access_ok(__cl_addr, __cl_size)) \
|
||||||
__cl_addr, __cl_size)) \
|
|
||||||
__cl_size = __clear_user(__cl_addr, __cl_size); \
|
__cl_size = __clear_user(__cl_addr, __cl_size); \
|
||||||
__cl_size; \
|
__cl_size; \
|
||||||
})
|
})
|
||||||
|
@ -1205,7 +1205,7 @@ fpu_emul:
|
|||||||
case lwl_op:
|
case lwl_op:
|
||||||
rt = regs->regs[MIPSInst_RT(inst)];
|
rt = regs->regs[MIPSInst_RT(inst)];
|
||||||
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
||||||
if (!access_ok(VERIFY_READ, (void __user *)vaddr, 4)) {
|
if (!access_ok((void __user *)vaddr, 4)) {
|
||||||
current->thread.cp0_baduaddr = vaddr;
|
current->thread.cp0_baduaddr = vaddr;
|
||||||
err = SIGSEGV;
|
err = SIGSEGV;
|
||||||
break;
|
break;
|
||||||
@ -1278,7 +1278,7 @@ fpu_emul:
|
|||||||
case lwr_op:
|
case lwr_op:
|
||||||
rt = regs->regs[MIPSInst_RT(inst)];
|
rt = regs->regs[MIPSInst_RT(inst)];
|
||||||
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
||||||
if (!access_ok(VERIFY_READ, (void __user *)vaddr, 4)) {
|
if (!access_ok((void __user *)vaddr, 4)) {
|
||||||
current->thread.cp0_baduaddr = vaddr;
|
current->thread.cp0_baduaddr = vaddr;
|
||||||
err = SIGSEGV;
|
err = SIGSEGV;
|
||||||
break;
|
break;
|
||||||
@ -1352,7 +1352,7 @@ fpu_emul:
|
|||||||
case swl_op:
|
case swl_op:
|
||||||
rt = regs->regs[MIPSInst_RT(inst)];
|
rt = regs->regs[MIPSInst_RT(inst)];
|
||||||
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
||||||
if (!access_ok(VERIFY_WRITE, (void __user *)vaddr, 4)) {
|
if (!access_ok((void __user *)vaddr, 4)) {
|
||||||
current->thread.cp0_baduaddr = vaddr;
|
current->thread.cp0_baduaddr = vaddr;
|
||||||
err = SIGSEGV;
|
err = SIGSEGV;
|
||||||
break;
|
break;
|
||||||
@ -1422,7 +1422,7 @@ fpu_emul:
|
|||||||
case swr_op:
|
case swr_op:
|
||||||
rt = regs->regs[MIPSInst_RT(inst)];
|
rt = regs->regs[MIPSInst_RT(inst)];
|
||||||
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
||||||
if (!access_ok(VERIFY_WRITE, (void __user *)vaddr, 4)) {
|
if (!access_ok((void __user *)vaddr, 4)) {
|
||||||
current->thread.cp0_baduaddr = vaddr;
|
current->thread.cp0_baduaddr = vaddr;
|
||||||
err = SIGSEGV;
|
err = SIGSEGV;
|
||||||
break;
|
break;
|
||||||
@ -1497,7 +1497,7 @@ fpu_emul:
|
|||||||
|
|
||||||
rt = regs->regs[MIPSInst_RT(inst)];
|
rt = regs->regs[MIPSInst_RT(inst)];
|
||||||
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
||||||
if (!access_ok(VERIFY_READ, (void __user *)vaddr, 8)) {
|
if (!access_ok((void __user *)vaddr, 8)) {
|
||||||
current->thread.cp0_baduaddr = vaddr;
|
current->thread.cp0_baduaddr = vaddr;
|
||||||
err = SIGSEGV;
|
err = SIGSEGV;
|
||||||
break;
|
break;
|
||||||
@ -1616,7 +1616,7 @@ fpu_emul:
|
|||||||
|
|
||||||
rt = regs->regs[MIPSInst_RT(inst)];
|
rt = regs->regs[MIPSInst_RT(inst)];
|
||||||
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
||||||
if (!access_ok(VERIFY_READ, (void __user *)vaddr, 8)) {
|
if (!access_ok((void __user *)vaddr, 8)) {
|
||||||
current->thread.cp0_baduaddr = vaddr;
|
current->thread.cp0_baduaddr = vaddr;
|
||||||
err = SIGSEGV;
|
err = SIGSEGV;
|
||||||
break;
|
break;
|
||||||
@ -1735,7 +1735,7 @@ fpu_emul:
|
|||||||
|
|
||||||
rt = regs->regs[MIPSInst_RT(inst)];
|
rt = regs->regs[MIPSInst_RT(inst)];
|
||||||
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
||||||
if (!access_ok(VERIFY_WRITE, (void __user *)vaddr, 8)) {
|
if (!access_ok((void __user *)vaddr, 8)) {
|
||||||
current->thread.cp0_baduaddr = vaddr;
|
current->thread.cp0_baduaddr = vaddr;
|
||||||
err = SIGSEGV;
|
err = SIGSEGV;
|
||||||
break;
|
break;
|
||||||
@ -1853,7 +1853,7 @@ fpu_emul:
|
|||||||
|
|
||||||
rt = regs->regs[MIPSInst_RT(inst)];
|
rt = regs->regs[MIPSInst_RT(inst)];
|
||||||
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
vaddr = regs->regs[MIPSInst_RS(inst)] + MIPSInst_SIMM(inst);
|
||||||
if (!access_ok(VERIFY_WRITE, (void __user *)vaddr, 8)) {
|
if (!access_ok((void __user *)vaddr, 8)) {
|
||||||
current->thread.cp0_baduaddr = vaddr;
|
current->thread.cp0_baduaddr = vaddr;
|
||||||
err = SIGSEGV;
|
err = SIGSEGV;
|
||||||
break;
|
break;
|
||||||
@ -1970,7 +1970,7 @@ fpu_emul:
|
|||||||
err = SIGBUS;
|
err = SIGBUS;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (!access_ok(VERIFY_READ, (void __user *)vaddr, 4)) {
|
if (!access_ok((void __user *)vaddr, 4)) {
|
||||||
current->thread.cp0_baduaddr = vaddr;
|
current->thread.cp0_baduaddr = vaddr;
|
||||||
err = SIGBUS;
|
err = SIGBUS;
|
||||||
break;
|
break;
|
||||||
@ -2026,7 +2026,7 @@ fpu_emul:
|
|||||||
err = SIGBUS;
|
err = SIGBUS;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (!access_ok(VERIFY_WRITE, (void __user *)vaddr, 4)) {
|
if (!access_ok((void __user *)vaddr, 4)) {
|
||||||
current->thread.cp0_baduaddr = vaddr;
|
current->thread.cp0_baduaddr = vaddr;
|
||||||
err = SIGBUS;
|
err = SIGBUS;
|
||||||
break;
|
break;
|
||||||
@ -2089,7 +2089,7 @@ fpu_emul:
|
|||||||
err = SIGBUS;
|
err = SIGBUS;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (!access_ok(VERIFY_READ, (void __user *)vaddr, 8)) {
|
if (!access_ok((void __user *)vaddr, 8)) {
|
||||||
current->thread.cp0_baduaddr = vaddr;
|
current->thread.cp0_baduaddr = vaddr;
|
||||||
err = SIGBUS;
|
err = SIGBUS;
|
||||||
break;
|
break;
|
||||||
@ -2150,7 +2150,7 @@ fpu_emul:
|
|||||||
err = SIGBUS;
|
err = SIGBUS;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
if (!access_ok(VERIFY_WRITE, (void __user *)vaddr, 8)) {
|
if (!access_ok((void __user *)vaddr, 8)) {
|
||||||
current->thread.cp0_baduaddr = vaddr;
|
current->thread.cp0_baduaddr = vaddr;
|
||||||
err = SIGBUS;
|
err = SIGBUS;
|
||||||
break;
|
break;
|
||||||
|
@ -71,7 +71,7 @@ int ptrace_getregs(struct task_struct *child, struct user_pt_regs __user *data)
|
|||||||
struct pt_regs *regs;
|
struct pt_regs *regs;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, data, 38 * 8))
|
if (!access_ok(data, 38 * 8))
|
||||||
return -EIO;
|
return -EIO;
|
||||||
|
|
||||||
regs = task_pt_regs(child);
|
regs = task_pt_regs(child);
|
||||||
@ -98,7 +98,7 @@ int ptrace_setregs(struct task_struct *child, struct user_pt_regs __user *data)
|
|||||||
struct pt_regs *regs;
|
struct pt_regs *regs;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, data, 38 * 8))
|
if (!access_ok(data, 38 * 8))
|
||||||
return -EIO;
|
return -EIO;
|
||||||
|
|
||||||
regs = task_pt_regs(child);
|
regs = task_pt_regs(child);
|
||||||
@ -125,7 +125,7 @@ int ptrace_get_watch_regs(struct task_struct *child,
|
|||||||
|
|
||||||
if (!cpu_has_watch || boot_cpu_data.watch_reg_use_cnt == 0)
|
if (!cpu_has_watch || boot_cpu_data.watch_reg_use_cnt == 0)
|
||||||
return -EIO;
|
return -EIO;
|
||||||
if (!access_ok(VERIFY_WRITE, addr, sizeof(struct pt_watch_regs)))
|
if (!access_ok(addr, sizeof(struct pt_watch_regs)))
|
||||||
return -EIO;
|
return -EIO;
|
||||||
|
|
||||||
#ifdef CONFIG_32BIT
|
#ifdef CONFIG_32BIT
|
||||||
@ -167,7 +167,7 @@ int ptrace_set_watch_regs(struct task_struct *child,
|
|||||||
|
|
||||||
if (!cpu_has_watch || boot_cpu_data.watch_reg_use_cnt == 0)
|
if (!cpu_has_watch || boot_cpu_data.watch_reg_use_cnt == 0)
|
||||||
return -EIO;
|
return -EIO;
|
||||||
if (!access_ok(VERIFY_READ, addr, sizeof(struct pt_watch_regs)))
|
if (!access_ok(addr, sizeof(struct pt_watch_regs)))
|
||||||
return -EIO;
|
return -EIO;
|
||||||
/* Check the values. */
|
/* Check the values. */
|
||||||
for (i = 0; i < boot_cpu_data.watch_reg_use_cnt; i++) {
|
for (i = 0; i < boot_cpu_data.watch_reg_use_cnt; i++) {
|
||||||
@ -359,7 +359,7 @@ int ptrace_getfpregs(struct task_struct *child, __u32 __user *data)
|
|||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, data, 33 * 8))
|
if (!access_ok(data, 33 * 8))
|
||||||
return -EIO;
|
return -EIO;
|
||||||
|
|
||||||
if (tsk_used_math(child)) {
|
if (tsk_used_math(child)) {
|
||||||
@ -385,7 +385,7 @@ int ptrace_setfpregs(struct task_struct *child, __u32 __user *data)
|
|||||||
u32 value;
|
u32 value;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, data, 33 * 8))
|
if (!access_ok(data, 33 * 8))
|
||||||
return -EIO;
|
return -EIO;
|
||||||
|
|
||||||
init_fp_ctx(child);
|
init_fp_ctx(child);
|
||||||
|
@ -590,7 +590,7 @@ SYSCALL_DEFINE3(sigaction, int, sig, const struct sigaction __user *, act,
|
|||||||
if (act) {
|
if (act) {
|
||||||
old_sigset_t mask;
|
old_sigset_t mask;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, act, sizeof(*act)))
|
if (!access_ok(act, sizeof(*act)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
err |= __get_user(new_ka.sa.sa_handler, &act->sa_handler);
|
err |= __get_user(new_ka.sa.sa_handler, &act->sa_handler);
|
||||||
err |= __get_user(new_ka.sa.sa_flags, &act->sa_flags);
|
err |= __get_user(new_ka.sa.sa_flags, &act->sa_flags);
|
||||||
@ -604,7 +604,7 @@ SYSCALL_DEFINE3(sigaction, int, sig, const struct sigaction __user *, act,
|
|||||||
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
|
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
|
||||||
|
|
||||||
if (!ret && oact) {
|
if (!ret && oact) {
|
||||||
if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)))
|
if (!access_ok(oact, sizeof(*oact)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
err |= __put_user(old_ka.sa.sa_flags, &oact->sa_flags);
|
err |= __put_user(old_ka.sa.sa_flags, &oact->sa_flags);
|
||||||
err |= __put_user(old_ka.sa.sa_handler, &oact->sa_handler);
|
err |= __put_user(old_ka.sa.sa_handler, &oact->sa_handler);
|
||||||
@ -630,7 +630,7 @@ asmlinkage void sys_sigreturn(void)
|
|||||||
|
|
||||||
regs = current_pt_regs();
|
regs = current_pt_regs();
|
||||||
frame = (struct sigframe __user *)regs->regs[29];
|
frame = (struct sigframe __user *)regs->regs[29];
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
if (__copy_from_user(&blocked, &frame->sf_mask, sizeof(blocked)))
|
if (__copy_from_user(&blocked, &frame->sf_mask, sizeof(blocked)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
@ -667,7 +667,7 @@ asmlinkage void sys_rt_sigreturn(void)
|
|||||||
|
|
||||||
regs = current_pt_regs();
|
regs = current_pt_regs();
|
||||||
frame = (struct rt_sigframe __user *)regs->regs[29];
|
frame = (struct rt_sigframe __user *)regs->regs[29];
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
if (__copy_from_user(&set, &frame->rs_uc.uc_sigmask, sizeof(set)))
|
if (__copy_from_user(&set, &frame->rs_uc.uc_sigmask, sizeof(set)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
@ -705,7 +705,7 @@ static int setup_frame(void *sig_return, struct ksignal *ksig,
|
|||||||
int err = 0;
|
int err = 0;
|
||||||
|
|
||||||
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
|
if (!access_ok(frame, sizeof (*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
err |= setup_sigcontext(regs, &frame->sf_sc);
|
err |= setup_sigcontext(regs, &frame->sf_sc);
|
||||||
@ -744,7 +744,7 @@ static int setup_rt_frame(void *sig_return, struct ksignal *ksig,
|
|||||||
int err = 0;
|
int err = 0;
|
||||||
|
|
||||||
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
|
if (!access_ok(frame, sizeof (*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
/* Create siginfo. */
|
/* Create siginfo. */
|
||||||
|
@ -46,7 +46,7 @@ SYSCALL_DEFINE3(32_sigaction, long, sig, const struct compat_sigaction __user *,
|
|||||||
old_sigset_t mask;
|
old_sigset_t mask;
|
||||||
s32 handler;
|
s32 handler;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, act, sizeof(*act)))
|
if (!access_ok(act, sizeof(*act)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
err |= __get_user(handler, &act->sa_handler);
|
err |= __get_user(handler, &act->sa_handler);
|
||||||
new_ka.sa.sa_handler = (void __user *)(s64)handler;
|
new_ka.sa.sa_handler = (void __user *)(s64)handler;
|
||||||
@ -61,7 +61,7 @@ SYSCALL_DEFINE3(32_sigaction, long, sig, const struct compat_sigaction __user *,
|
|||||||
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
|
ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
|
||||||
|
|
||||||
if (!ret && oact) {
|
if (!ret && oact) {
|
||||||
if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)))
|
if (!access_ok(oact, sizeof(*oact)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
err |= __put_user(old_ka.sa.sa_flags, &oact->sa_flags);
|
err |= __put_user(old_ka.sa.sa_flags, &oact->sa_flags);
|
||||||
err |= __put_user((u32)(u64)old_ka.sa.sa_handler,
|
err |= __put_user((u32)(u64)old_ka.sa.sa_handler,
|
||||||
|
@ -73,7 +73,7 @@ asmlinkage void sysn32_rt_sigreturn(void)
|
|||||||
|
|
||||||
regs = current_pt_regs();
|
regs = current_pt_regs();
|
||||||
frame = (struct rt_sigframe_n32 __user *)regs->regs[29];
|
frame = (struct rt_sigframe_n32 __user *)regs->regs[29];
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
if (__copy_conv_sigset_from_user(&set, &frame->rs_uc.uc_sigmask))
|
if (__copy_conv_sigset_from_user(&set, &frame->rs_uc.uc_sigmask))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
@ -110,7 +110,7 @@ static int setup_rt_frame_n32(void *sig_return, struct ksignal *ksig,
|
|||||||
int err = 0;
|
int err = 0;
|
||||||
|
|
||||||
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
|
if (!access_ok(frame, sizeof (*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
/* Create siginfo. */
|
/* Create siginfo. */
|
||||||
|
@ -118,7 +118,7 @@ static int setup_frame_32(void *sig_return, struct ksignal *ksig,
|
|||||||
int err = 0;
|
int err = 0;
|
||||||
|
|
||||||
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
|
if (!access_ok(frame, sizeof (*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
err |= setup_sigcontext32(regs, &frame->sf_sc);
|
err |= setup_sigcontext32(regs, &frame->sf_sc);
|
||||||
@ -160,7 +160,7 @@ asmlinkage void sys32_rt_sigreturn(void)
|
|||||||
|
|
||||||
regs = current_pt_regs();
|
regs = current_pt_regs();
|
||||||
frame = (struct rt_sigframe32 __user *)regs->regs[29];
|
frame = (struct rt_sigframe32 __user *)regs->regs[29];
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
if (__copy_conv_sigset_from_user(&set, &frame->rs_uc.uc_sigmask))
|
if (__copy_conv_sigset_from_user(&set, &frame->rs_uc.uc_sigmask))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
@ -197,7 +197,7 @@ static int setup_rt_frame_32(void *sig_return, struct ksignal *ksig,
|
|||||||
int err = 0;
|
int err = 0;
|
||||||
|
|
||||||
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
|
if (!access_ok(frame, sizeof (*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
/* Convert (siginfo_t -> compat_siginfo_t) and copy to user. */
|
/* Convert (siginfo_t -> compat_siginfo_t) and copy to user. */
|
||||||
@ -262,7 +262,7 @@ asmlinkage void sys32_sigreturn(void)
|
|||||||
|
|
||||||
regs = current_pt_regs();
|
regs = current_pt_regs();
|
||||||
frame = (struct sigframe32 __user *)regs->regs[29];
|
frame = (struct sigframe32 __user *)regs->regs[29];
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
if (__copy_conv_sigset_from_user(&blocked, &frame->sf_mask))
|
if (__copy_conv_sigset_from_user(&blocked, &frame->sf_mask))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
@ -101,7 +101,7 @@ static inline int mips_atomic_set(unsigned long addr, unsigned long new)
|
|||||||
if (unlikely(addr & 3))
|
if (unlikely(addr & 3))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (unlikely(!access_ok(VERIFY_WRITE, (const void __user *)addr, 4)))
|
if (unlikely(!access_ok((const void __user *)addr, 4)))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (cpu_has_llsc && R10000_LLSC_WAR) {
|
if (cpu_has_llsc && R10000_LLSC_WAR) {
|
||||||
|
@ -936,7 +936,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
if (insn.dsp_format.func == lx_op) {
|
if (insn.dsp_format.func == lx_op) {
|
||||||
switch (insn.dsp_format.op) {
|
switch (insn.dsp_format.op) {
|
||||||
case lwx_op:
|
case lwx_op:
|
||||||
if (!access_ok(VERIFY_READ, addr, 4))
|
if (!access_ok(addr, 4))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
LoadW(addr, value, res);
|
LoadW(addr, value, res);
|
||||||
if (res)
|
if (res)
|
||||||
@ -945,7 +945,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
regs->regs[insn.dsp_format.rd] = value;
|
regs->regs[insn.dsp_format.rd] = value;
|
||||||
break;
|
break;
|
||||||
case lhx_op:
|
case lhx_op:
|
||||||
if (!access_ok(VERIFY_READ, addr, 2))
|
if (!access_ok(addr, 2))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
LoadHW(addr, value, res);
|
LoadHW(addr, value, res);
|
||||||
if (res)
|
if (res)
|
||||||
@ -968,7 +968,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
set_fs(USER_DS);
|
set_fs(USER_DS);
|
||||||
switch (insn.spec3_format.func) {
|
switch (insn.spec3_format.func) {
|
||||||
case lhe_op:
|
case lhe_op:
|
||||||
if (!access_ok(VERIFY_READ, addr, 2)) {
|
if (!access_ok(addr, 2)) {
|
||||||
set_fs(seg);
|
set_fs(seg);
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
}
|
}
|
||||||
@ -981,7 +981,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
regs->regs[insn.spec3_format.rt] = value;
|
regs->regs[insn.spec3_format.rt] = value;
|
||||||
break;
|
break;
|
||||||
case lwe_op:
|
case lwe_op:
|
||||||
if (!access_ok(VERIFY_READ, addr, 4)) {
|
if (!access_ok(addr, 4)) {
|
||||||
set_fs(seg);
|
set_fs(seg);
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
}
|
}
|
||||||
@ -994,7 +994,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
regs->regs[insn.spec3_format.rt] = value;
|
regs->regs[insn.spec3_format.rt] = value;
|
||||||
break;
|
break;
|
||||||
case lhue_op:
|
case lhue_op:
|
||||||
if (!access_ok(VERIFY_READ, addr, 2)) {
|
if (!access_ok(addr, 2)) {
|
||||||
set_fs(seg);
|
set_fs(seg);
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
}
|
}
|
||||||
@ -1007,7 +1007,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
regs->regs[insn.spec3_format.rt] = value;
|
regs->regs[insn.spec3_format.rt] = value;
|
||||||
break;
|
break;
|
||||||
case she_op:
|
case she_op:
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 2)) {
|
if (!access_ok(addr, 2)) {
|
||||||
set_fs(seg);
|
set_fs(seg);
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
}
|
}
|
||||||
@ -1020,7 +1020,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case swe_op:
|
case swe_op:
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 4)) {
|
if (!access_ok(addr, 4)) {
|
||||||
set_fs(seg);
|
set_fs(seg);
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
}
|
}
|
||||||
@ -1041,7 +1041,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
#endif
|
#endif
|
||||||
break;
|
break;
|
||||||
case lh_op:
|
case lh_op:
|
||||||
if (!access_ok(VERIFY_READ, addr, 2))
|
if (!access_ok(addr, 2))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
if (IS_ENABLED(CONFIG_EVA)) {
|
if (IS_ENABLED(CONFIG_EVA)) {
|
||||||
@ -1060,7 +1060,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case lw_op:
|
case lw_op:
|
||||||
if (!access_ok(VERIFY_READ, addr, 4))
|
if (!access_ok(addr, 4))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
if (IS_ENABLED(CONFIG_EVA)) {
|
if (IS_ENABLED(CONFIG_EVA)) {
|
||||||
@ -1079,7 +1079,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case lhu_op:
|
case lhu_op:
|
||||||
if (!access_ok(VERIFY_READ, addr, 2))
|
if (!access_ok(addr, 2))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
if (IS_ENABLED(CONFIG_EVA)) {
|
if (IS_ENABLED(CONFIG_EVA)) {
|
||||||
@ -1106,7 +1106,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
* would blow up, so for now we don't handle unaligned 64-bit
|
* would blow up, so for now we don't handle unaligned 64-bit
|
||||||
* instructions on 32-bit kernels.
|
* instructions on 32-bit kernels.
|
||||||
*/
|
*/
|
||||||
if (!access_ok(VERIFY_READ, addr, 4))
|
if (!access_ok(addr, 4))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
LoadWU(addr, value, res);
|
LoadWU(addr, value, res);
|
||||||
@ -1129,7 +1129,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
* would blow up, so for now we don't handle unaligned 64-bit
|
* would blow up, so for now we don't handle unaligned 64-bit
|
||||||
* instructions on 32-bit kernels.
|
* instructions on 32-bit kernels.
|
||||||
*/
|
*/
|
||||||
if (!access_ok(VERIFY_READ, addr, 8))
|
if (!access_ok(addr, 8))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
LoadDW(addr, value, res);
|
LoadDW(addr, value, res);
|
||||||
@ -1144,7 +1144,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
goto sigill;
|
goto sigill;
|
||||||
|
|
||||||
case sh_op:
|
case sh_op:
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 2))
|
if (!access_ok(addr, 2))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
compute_return_epc(regs);
|
compute_return_epc(regs);
|
||||||
@ -1164,7 +1164,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case sw_op:
|
case sw_op:
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 4))
|
if (!access_ok(addr, 4))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
compute_return_epc(regs);
|
compute_return_epc(regs);
|
||||||
@ -1192,7 +1192,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
* would blow up, so for now we don't handle unaligned 64-bit
|
* would blow up, so for now we don't handle unaligned 64-bit
|
||||||
* instructions on 32-bit kernels.
|
* instructions on 32-bit kernels.
|
||||||
*/
|
*/
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 8))
|
if (!access_ok(addr, 8))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
compute_return_epc(regs);
|
compute_return_epc(regs);
|
||||||
@ -1254,7 +1254,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
|
|
||||||
switch (insn.msa_mi10_format.func) {
|
switch (insn.msa_mi10_format.func) {
|
||||||
case msa_ld_op:
|
case msa_ld_op:
|
||||||
if (!access_ok(VERIFY_READ, addr, sizeof(*fpr)))
|
if (!access_ok(addr, sizeof(*fpr)))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
do {
|
do {
|
||||||
@ -1290,7 +1290,7 @@ static void emulate_load_store_insn(struct pt_regs *regs,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case msa_st_op:
|
case msa_st_op:
|
||||||
if (!access_ok(VERIFY_WRITE, addr, sizeof(*fpr)))
|
if (!access_ok(addr, sizeof(*fpr)))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -1463,7 +1463,7 @@ static void emulate_load_store_microMIPS(struct pt_regs *regs,
|
|||||||
if (reg == 31)
|
if (reg == 31)
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, addr, 8))
|
if (!access_ok(addr, 8))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
LoadW(addr, value, res);
|
LoadW(addr, value, res);
|
||||||
@ -1482,7 +1482,7 @@ static void emulate_load_store_microMIPS(struct pt_regs *regs,
|
|||||||
if (reg == 31)
|
if (reg == 31)
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 8))
|
if (!access_ok(addr, 8))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
value = regs->regs[reg];
|
value = regs->regs[reg];
|
||||||
@ -1502,7 +1502,7 @@ static void emulate_load_store_microMIPS(struct pt_regs *regs,
|
|||||||
if (reg == 31)
|
if (reg == 31)
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, addr, 16))
|
if (!access_ok(addr, 16))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
LoadDW(addr, value, res);
|
LoadDW(addr, value, res);
|
||||||
@ -1525,7 +1525,7 @@ static void emulate_load_store_microMIPS(struct pt_regs *regs,
|
|||||||
if (reg == 31)
|
if (reg == 31)
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 16))
|
if (!access_ok(addr, 16))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
value = regs->regs[reg];
|
value = regs->regs[reg];
|
||||||
@ -1548,11 +1548,10 @@ static void emulate_load_store_microMIPS(struct pt_regs *regs,
|
|||||||
if ((rvar > 9) || !reg)
|
if ((rvar > 9) || !reg)
|
||||||
goto sigill;
|
goto sigill;
|
||||||
if (reg & 0x10) {
|
if (reg & 0x10) {
|
||||||
if (!access_ok
|
if (!access_ok(addr, 4 * (rvar + 1)))
|
||||||
(VERIFY_READ, addr, 4 * (rvar + 1)))
|
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
} else {
|
} else {
|
||||||
if (!access_ok(VERIFY_READ, addr, 4 * rvar))
|
if (!access_ok(addr, 4 * rvar))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
}
|
}
|
||||||
if (rvar == 9)
|
if (rvar == 9)
|
||||||
@ -1585,11 +1584,10 @@ static void emulate_load_store_microMIPS(struct pt_regs *regs,
|
|||||||
if ((rvar > 9) || !reg)
|
if ((rvar > 9) || !reg)
|
||||||
goto sigill;
|
goto sigill;
|
||||||
if (reg & 0x10) {
|
if (reg & 0x10) {
|
||||||
if (!access_ok
|
if (!access_ok(addr, 4 * (rvar + 1)))
|
||||||
(VERIFY_WRITE, addr, 4 * (rvar + 1)))
|
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
} else {
|
} else {
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 4 * rvar))
|
if (!access_ok(addr, 4 * rvar))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
}
|
}
|
||||||
if (rvar == 9)
|
if (rvar == 9)
|
||||||
@ -1623,11 +1621,10 @@ static void emulate_load_store_microMIPS(struct pt_regs *regs,
|
|||||||
if ((rvar > 9) || !reg)
|
if ((rvar > 9) || !reg)
|
||||||
goto sigill;
|
goto sigill;
|
||||||
if (reg & 0x10) {
|
if (reg & 0x10) {
|
||||||
if (!access_ok
|
if (!access_ok(addr, 8 * (rvar + 1)))
|
||||||
(VERIFY_READ, addr, 8 * (rvar + 1)))
|
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
} else {
|
} else {
|
||||||
if (!access_ok(VERIFY_READ, addr, 8 * rvar))
|
if (!access_ok(addr, 8 * rvar))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
}
|
}
|
||||||
if (rvar == 9)
|
if (rvar == 9)
|
||||||
@ -1665,11 +1662,10 @@ static void emulate_load_store_microMIPS(struct pt_regs *regs,
|
|||||||
if ((rvar > 9) || !reg)
|
if ((rvar > 9) || !reg)
|
||||||
goto sigill;
|
goto sigill;
|
||||||
if (reg & 0x10) {
|
if (reg & 0x10) {
|
||||||
if (!access_ok
|
if (!access_ok(addr, 8 * (rvar + 1)))
|
||||||
(VERIFY_WRITE, addr, 8 * (rvar + 1)))
|
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
} else {
|
} else {
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 8 * rvar))
|
if (!access_ok(addr, 8 * rvar))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
}
|
}
|
||||||
if (rvar == 9)
|
if (rvar == 9)
|
||||||
@ -1788,7 +1784,7 @@ fpu_emul:
|
|||||||
case mm_lwm16_op:
|
case mm_lwm16_op:
|
||||||
reg = insn.mm16_m_format.rlist;
|
reg = insn.mm16_m_format.rlist;
|
||||||
rvar = reg + 1;
|
rvar = reg + 1;
|
||||||
if (!access_ok(VERIFY_READ, addr, 4 * rvar))
|
if (!access_ok(addr, 4 * rvar))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
for (i = 16; rvar; rvar--, i++) {
|
for (i = 16; rvar; rvar--, i++) {
|
||||||
@ -1808,7 +1804,7 @@ fpu_emul:
|
|||||||
case mm_swm16_op:
|
case mm_swm16_op:
|
||||||
reg = insn.mm16_m_format.rlist;
|
reg = insn.mm16_m_format.rlist;
|
||||||
rvar = reg + 1;
|
rvar = reg + 1;
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 4 * rvar))
|
if (!access_ok(addr, 4 * rvar))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
for (i = 16; rvar; rvar--, i++) {
|
for (i = 16; rvar; rvar--, i++) {
|
||||||
@ -1862,7 +1858,7 @@ fpu_emul:
|
|||||||
}
|
}
|
||||||
|
|
||||||
loadHW:
|
loadHW:
|
||||||
if (!access_ok(VERIFY_READ, addr, 2))
|
if (!access_ok(addr, 2))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
LoadHW(addr, value, res);
|
LoadHW(addr, value, res);
|
||||||
@ -1872,7 +1868,7 @@ loadHW:
|
|||||||
goto success;
|
goto success;
|
||||||
|
|
||||||
loadHWU:
|
loadHWU:
|
||||||
if (!access_ok(VERIFY_READ, addr, 2))
|
if (!access_ok(addr, 2))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
LoadHWU(addr, value, res);
|
LoadHWU(addr, value, res);
|
||||||
@ -1882,7 +1878,7 @@ loadHWU:
|
|||||||
goto success;
|
goto success;
|
||||||
|
|
||||||
loadW:
|
loadW:
|
||||||
if (!access_ok(VERIFY_READ, addr, 4))
|
if (!access_ok(addr, 4))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
LoadW(addr, value, res);
|
LoadW(addr, value, res);
|
||||||
@ -1900,7 +1896,7 @@ loadWU:
|
|||||||
* would blow up, so for now we don't handle unaligned 64-bit
|
* would blow up, so for now we don't handle unaligned 64-bit
|
||||||
* instructions on 32-bit kernels.
|
* instructions on 32-bit kernels.
|
||||||
*/
|
*/
|
||||||
if (!access_ok(VERIFY_READ, addr, 4))
|
if (!access_ok(addr, 4))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
LoadWU(addr, value, res);
|
LoadWU(addr, value, res);
|
||||||
@ -1922,7 +1918,7 @@ loadDW:
|
|||||||
* would blow up, so for now we don't handle unaligned 64-bit
|
* would blow up, so for now we don't handle unaligned 64-bit
|
||||||
* instructions on 32-bit kernels.
|
* instructions on 32-bit kernels.
|
||||||
*/
|
*/
|
||||||
if (!access_ok(VERIFY_READ, addr, 8))
|
if (!access_ok(addr, 8))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
LoadDW(addr, value, res);
|
LoadDW(addr, value, res);
|
||||||
@ -1936,7 +1932,7 @@ loadDW:
|
|||||||
goto sigill;
|
goto sigill;
|
||||||
|
|
||||||
storeHW:
|
storeHW:
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 2))
|
if (!access_ok(addr, 2))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
value = regs->regs[reg];
|
value = regs->regs[reg];
|
||||||
@ -1946,7 +1942,7 @@ storeHW:
|
|||||||
goto success;
|
goto success;
|
||||||
|
|
||||||
storeW:
|
storeW:
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 4))
|
if (!access_ok(addr, 4))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
value = regs->regs[reg];
|
value = regs->regs[reg];
|
||||||
@ -1964,7 +1960,7 @@ storeDW:
|
|||||||
* would blow up, so for now we don't handle unaligned 64-bit
|
* would blow up, so for now we don't handle unaligned 64-bit
|
||||||
* instructions on 32-bit kernels.
|
* instructions on 32-bit kernels.
|
||||||
*/
|
*/
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 8))
|
if (!access_ok(addr, 8))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
value = regs->regs[reg];
|
value = regs->regs[reg];
|
||||||
@ -2122,7 +2118,7 @@ static void emulate_load_store_MIPS16e(struct pt_regs *regs, void __user * addr)
|
|||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
case MIPS16e_lh_op:
|
case MIPS16e_lh_op:
|
||||||
if (!access_ok(VERIFY_READ, addr, 2))
|
if (!access_ok(addr, 2))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
LoadHW(addr, value, res);
|
LoadHW(addr, value, res);
|
||||||
@ -2133,7 +2129,7 @@ static void emulate_load_store_MIPS16e(struct pt_regs *regs, void __user * addr)
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case MIPS16e_lhu_op:
|
case MIPS16e_lhu_op:
|
||||||
if (!access_ok(VERIFY_READ, addr, 2))
|
if (!access_ok(addr, 2))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
LoadHWU(addr, value, res);
|
LoadHWU(addr, value, res);
|
||||||
@ -2146,7 +2142,7 @@ static void emulate_load_store_MIPS16e(struct pt_regs *regs, void __user * addr)
|
|||||||
case MIPS16e_lw_op:
|
case MIPS16e_lw_op:
|
||||||
case MIPS16e_lwpc_op:
|
case MIPS16e_lwpc_op:
|
||||||
case MIPS16e_lwsp_op:
|
case MIPS16e_lwsp_op:
|
||||||
if (!access_ok(VERIFY_READ, addr, 4))
|
if (!access_ok(addr, 4))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
LoadW(addr, value, res);
|
LoadW(addr, value, res);
|
||||||
@ -2165,7 +2161,7 @@ static void emulate_load_store_MIPS16e(struct pt_regs *regs, void __user * addr)
|
|||||||
* would blow up, so for now we don't handle unaligned 64-bit
|
* would blow up, so for now we don't handle unaligned 64-bit
|
||||||
* instructions on 32-bit kernels.
|
* instructions on 32-bit kernels.
|
||||||
*/
|
*/
|
||||||
if (!access_ok(VERIFY_READ, addr, 4))
|
if (!access_ok(addr, 4))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
LoadWU(addr, value, res);
|
LoadWU(addr, value, res);
|
||||||
@ -2189,7 +2185,7 @@ loadDW:
|
|||||||
* would blow up, so for now we don't handle unaligned 64-bit
|
* would blow up, so for now we don't handle unaligned 64-bit
|
||||||
* instructions on 32-bit kernels.
|
* instructions on 32-bit kernels.
|
||||||
*/
|
*/
|
||||||
if (!access_ok(VERIFY_READ, addr, 8))
|
if (!access_ok(addr, 8))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
LoadDW(addr, value, res);
|
LoadDW(addr, value, res);
|
||||||
@ -2204,7 +2200,7 @@ loadDW:
|
|||||||
goto sigill;
|
goto sigill;
|
||||||
|
|
||||||
case MIPS16e_sh_op:
|
case MIPS16e_sh_op:
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 2))
|
if (!access_ok(addr, 2))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
MIPS16e_compute_return_epc(regs, &oldinst);
|
MIPS16e_compute_return_epc(regs, &oldinst);
|
||||||
@ -2217,7 +2213,7 @@ loadDW:
|
|||||||
case MIPS16e_sw_op:
|
case MIPS16e_sw_op:
|
||||||
case MIPS16e_swsp_op:
|
case MIPS16e_swsp_op:
|
||||||
case MIPS16e_i8_op: /* actually - MIPS16e_swrasp_func */
|
case MIPS16e_i8_op: /* actually - MIPS16e_swrasp_func */
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 4))
|
if (!access_ok(addr, 4))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
MIPS16e_compute_return_epc(regs, &oldinst);
|
MIPS16e_compute_return_epc(regs, &oldinst);
|
||||||
@ -2237,7 +2233,7 @@ writeDW:
|
|||||||
* would blow up, so for now we don't handle unaligned 64-bit
|
* would blow up, so for now we don't handle unaligned 64-bit
|
||||||
* instructions on 32-bit kernels.
|
* instructions on 32-bit kernels.
|
||||||
*/
|
*/
|
||||||
if (!access_ok(VERIFY_WRITE, addr, 8))
|
if (!access_ok(addr, 8))
|
||||||
goto sigbus;
|
goto sigbus;
|
||||||
|
|
||||||
MIPS16e_compute_return_epc(regs, &oldinst);
|
MIPS16e_compute_return_epc(regs, &oldinst);
|
||||||
|
@ -1063,7 +1063,7 @@ emul:
|
|||||||
MIPSInst_SIMM(ir));
|
MIPSInst_SIMM(ir));
|
||||||
MIPS_FPU_EMU_INC_STATS(loads);
|
MIPS_FPU_EMU_INC_STATS(loads);
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, dva, sizeof(u64))) {
|
if (!access_ok(dva, sizeof(u64))) {
|
||||||
MIPS_FPU_EMU_INC_STATS(errors);
|
MIPS_FPU_EMU_INC_STATS(errors);
|
||||||
*fault_addr = dva;
|
*fault_addr = dva;
|
||||||
return SIGBUS;
|
return SIGBUS;
|
||||||
@ -1081,7 +1081,7 @@ emul:
|
|||||||
MIPSInst_SIMM(ir));
|
MIPSInst_SIMM(ir));
|
||||||
MIPS_FPU_EMU_INC_STATS(stores);
|
MIPS_FPU_EMU_INC_STATS(stores);
|
||||||
DIFROMREG(dval, MIPSInst_RT(ir));
|
DIFROMREG(dval, MIPSInst_RT(ir));
|
||||||
if (!access_ok(VERIFY_WRITE, dva, sizeof(u64))) {
|
if (!access_ok(dva, sizeof(u64))) {
|
||||||
MIPS_FPU_EMU_INC_STATS(errors);
|
MIPS_FPU_EMU_INC_STATS(errors);
|
||||||
*fault_addr = dva;
|
*fault_addr = dva;
|
||||||
return SIGBUS;
|
return SIGBUS;
|
||||||
@ -1097,7 +1097,7 @@ emul:
|
|||||||
wva = (u32 __user *) (xcp->regs[MIPSInst_RS(ir)] +
|
wva = (u32 __user *) (xcp->regs[MIPSInst_RS(ir)] +
|
||||||
MIPSInst_SIMM(ir));
|
MIPSInst_SIMM(ir));
|
||||||
MIPS_FPU_EMU_INC_STATS(loads);
|
MIPS_FPU_EMU_INC_STATS(loads);
|
||||||
if (!access_ok(VERIFY_READ, wva, sizeof(u32))) {
|
if (!access_ok(wva, sizeof(u32))) {
|
||||||
MIPS_FPU_EMU_INC_STATS(errors);
|
MIPS_FPU_EMU_INC_STATS(errors);
|
||||||
*fault_addr = wva;
|
*fault_addr = wva;
|
||||||
return SIGBUS;
|
return SIGBUS;
|
||||||
@ -1115,7 +1115,7 @@ emul:
|
|||||||
MIPSInst_SIMM(ir));
|
MIPSInst_SIMM(ir));
|
||||||
MIPS_FPU_EMU_INC_STATS(stores);
|
MIPS_FPU_EMU_INC_STATS(stores);
|
||||||
SIFROMREG(wval, MIPSInst_RT(ir));
|
SIFROMREG(wval, MIPSInst_RT(ir));
|
||||||
if (!access_ok(VERIFY_WRITE, wva, sizeof(u32))) {
|
if (!access_ok(wva, sizeof(u32))) {
|
||||||
MIPS_FPU_EMU_INC_STATS(errors);
|
MIPS_FPU_EMU_INC_STATS(errors);
|
||||||
*fault_addr = wva;
|
*fault_addr = wva;
|
||||||
return SIGBUS;
|
return SIGBUS;
|
||||||
@ -1493,7 +1493,7 @@ static int fpux_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx,
|
|||||||
xcp->regs[MIPSInst_FT(ir)]);
|
xcp->regs[MIPSInst_FT(ir)]);
|
||||||
|
|
||||||
MIPS_FPU_EMU_INC_STATS(loads);
|
MIPS_FPU_EMU_INC_STATS(loads);
|
||||||
if (!access_ok(VERIFY_READ, va, sizeof(u32))) {
|
if (!access_ok(va, sizeof(u32))) {
|
||||||
MIPS_FPU_EMU_INC_STATS(errors);
|
MIPS_FPU_EMU_INC_STATS(errors);
|
||||||
*fault_addr = va;
|
*fault_addr = va;
|
||||||
return SIGBUS;
|
return SIGBUS;
|
||||||
@ -1513,7 +1513,7 @@ static int fpux_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx,
|
|||||||
MIPS_FPU_EMU_INC_STATS(stores);
|
MIPS_FPU_EMU_INC_STATS(stores);
|
||||||
|
|
||||||
SIFROMREG(val, MIPSInst_FS(ir));
|
SIFROMREG(val, MIPSInst_FS(ir));
|
||||||
if (!access_ok(VERIFY_WRITE, va, sizeof(u32))) {
|
if (!access_ok(va, sizeof(u32))) {
|
||||||
MIPS_FPU_EMU_INC_STATS(errors);
|
MIPS_FPU_EMU_INC_STATS(errors);
|
||||||
*fault_addr = va;
|
*fault_addr = va;
|
||||||
return SIGBUS;
|
return SIGBUS;
|
||||||
@ -1590,7 +1590,7 @@ static int fpux_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx,
|
|||||||
xcp->regs[MIPSInst_FT(ir)]);
|
xcp->regs[MIPSInst_FT(ir)]);
|
||||||
|
|
||||||
MIPS_FPU_EMU_INC_STATS(loads);
|
MIPS_FPU_EMU_INC_STATS(loads);
|
||||||
if (!access_ok(VERIFY_READ, va, sizeof(u64))) {
|
if (!access_ok(va, sizeof(u64))) {
|
||||||
MIPS_FPU_EMU_INC_STATS(errors);
|
MIPS_FPU_EMU_INC_STATS(errors);
|
||||||
*fault_addr = va;
|
*fault_addr = va;
|
||||||
return SIGBUS;
|
return SIGBUS;
|
||||||
@ -1609,7 +1609,7 @@ static int fpux_emu(struct pt_regs *xcp, struct mips_fpu_struct *ctx,
|
|||||||
|
|
||||||
MIPS_FPU_EMU_INC_STATS(stores);
|
MIPS_FPU_EMU_INC_STATS(stores);
|
||||||
DIFROMREG(val, MIPSInst_FS(ir));
|
DIFROMREG(val, MIPSInst_FS(ir));
|
||||||
if (!access_ok(VERIFY_WRITE, va, sizeof(u64))) {
|
if (!access_ok(va, sizeof(u64))) {
|
||||||
MIPS_FPU_EMU_INC_STATS(errors);
|
MIPS_FPU_EMU_INC_STATS(errors);
|
||||||
*fault_addr = va;
|
*fault_addr = va;
|
||||||
return SIGBUS;
|
return SIGBUS;
|
||||||
|
@ -76,7 +76,7 @@ SYSCALL_DEFINE3(cacheflush, unsigned long, addr, unsigned long, bytes,
|
|||||||
{
|
{
|
||||||
if (bytes == 0)
|
if (bytes == 0)
|
||||||
return 0;
|
return 0;
|
||||||
if (!access_ok(VERIFY_WRITE, (void __user *) addr, bytes))
|
if (!access_ok((void __user *) addr, bytes))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
__flush_icache_user_range(addr, addr + bytes);
|
__flush_icache_user_range(addr, addr + bytes);
|
||||||
|
@ -195,8 +195,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
|
|||||||
addr = start;
|
addr = start;
|
||||||
len = (unsigned long) nr_pages << PAGE_SHIFT;
|
len = (unsigned long) nr_pages << PAGE_SHIFT;
|
||||||
end = start + len;
|
end = start + len;
|
||||||
if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
|
if (unlikely(!access_ok((void __user *)start, len)))
|
||||||
(void __user *)start, len)))
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -19,7 +19,7 @@ struct stackframe {
|
|||||||
static inline int get_mem(unsigned long addr, unsigned long *result)
|
static inline int get_mem(unsigned long addr, unsigned long *result)
|
||||||
{
|
{
|
||||||
unsigned long *address = (unsigned long *) addr;
|
unsigned long *address = (unsigned long *) addr;
|
||||||
if (!access_ok(VERIFY_READ, address, sizeof(unsigned long)))
|
if (!access_ok(address, sizeof(unsigned long)))
|
||||||
return -1;
|
return -1;
|
||||||
if (__copy_from_user_inatomic(result, address, sizeof(unsigned long)))
|
if (__copy_from_user_inatomic(result, address, sizeof(unsigned long)))
|
||||||
return -3;
|
return -3;
|
||||||
|
@ -458,7 +458,7 @@ static ssize_t sbprof_tb_read(struct file *filp, char *buf,
|
|||||||
char *dest = buf;
|
char *dest = buf;
|
||||||
long cur_off = *offp;
|
long cur_off = *offp;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, buf, size))
|
if (!access_ok(buf, size))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
mutex_lock(&sbp.lock);
|
mutex_lock(&sbp.lock);
|
||||||
|
@ -40,7 +40,7 @@ futex_atomic_cmpxchg_inatomic(u32 * uval, u32 __user * uaddr,
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
u32 val, tmp, flags;
|
u32 val, tmp, flags;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
|
if (!access_ok(uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
smp_mb();
|
smp_mb();
|
||||||
|
@ -13,9 +13,6 @@
|
|||||||
#include <asm/types.h>
|
#include <asm/types.h>
|
||||||
#include <linux/mm.h>
|
#include <linux/mm.h>
|
||||||
|
|
||||||
#define VERIFY_READ 0
|
|
||||||
#define VERIFY_WRITE 1
|
|
||||||
|
|
||||||
#define __asmeq(x, y) ".ifnc " x "," y " ; .err ; .endif\n\t"
|
#define __asmeq(x, y) ".ifnc " x "," y " ; .err ; .endif\n\t"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -53,7 +50,7 @@ static inline void set_fs(mm_segment_t fs)
|
|||||||
|
|
||||||
#define __range_ok(addr, size) (size <= get_fs() && addr <= (get_fs() -size))
|
#define __range_ok(addr, size) (size <= get_fs() && addr <= (get_fs() -size))
|
||||||
|
|
||||||
#define access_ok(type, addr, size) \
|
#define access_ok(addr, size) \
|
||||||
__range_ok((unsigned long)addr, (unsigned long)size)
|
__range_ok((unsigned long)addr, (unsigned long)size)
|
||||||
/*
|
/*
|
||||||
* Single-value transfer routines. They automatically use the right
|
* Single-value transfer routines. They automatically use the right
|
||||||
@ -94,7 +91,7 @@ static inline void set_fs(mm_segment_t fs)
|
|||||||
({ \
|
({ \
|
||||||
const __typeof__(*(ptr)) __user *__p = (ptr); \
|
const __typeof__(*(ptr)) __user *__p = (ptr); \
|
||||||
might_fault(); \
|
might_fault(); \
|
||||||
if (access_ok(VERIFY_READ, __p, sizeof(*__p))) { \
|
if (access_ok(__p, sizeof(*__p))) { \
|
||||||
__get_user_err((x), __p, (err)); \
|
__get_user_err((x), __p, (err)); \
|
||||||
} else { \
|
} else { \
|
||||||
(x) = 0; (err) = -EFAULT; \
|
(x) = 0; (err) = -EFAULT; \
|
||||||
@ -189,7 +186,7 @@ do { \
|
|||||||
({ \
|
({ \
|
||||||
__typeof__(*(ptr)) __user *__p = (ptr); \
|
__typeof__(*(ptr)) __user *__p = (ptr); \
|
||||||
might_fault(); \
|
might_fault(); \
|
||||||
if (access_ok(VERIFY_WRITE, __p, sizeof(*__p))) { \
|
if (access_ok(__p, sizeof(*__p))) { \
|
||||||
__put_user_err((x), __p, (err)); \
|
__put_user_err((x), __p, (err)); \
|
||||||
} else { \
|
} else { \
|
||||||
(err) = -EFAULT; \
|
(err) = -EFAULT; \
|
||||||
@ -279,7 +276,7 @@ extern unsigned long __arch_copy_to_user(void __user * to, const void *from,
|
|||||||
#define INLINE_COPY_TO_USER
|
#define INLINE_COPY_TO_USER
|
||||||
static inline unsigned long clear_user(void __user * to, unsigned long n)
|
static inline unsigned long clear_user(void __user * to, unsigned long n)
|
||||||
{
|
{
|
||||||
if (access_ok(VERIFY_WRITE, to, n))
|
if (access_ok(to, n))
|
||||||
n = __arch_clear_user(to, n);
|
n = __arch_clear_user(to, n);
|
||||||
return n;
|
return n;
|
||||||
}
|
}
|
||||||
|
@ -1306,7 +1306,7 @@ user_backtrace(struct perf_callchain_entry_ctx *entry, unsigned long fp)
|
|||||||
(unsigned long *)(fp - (unsigned long)sizeof(buftail));
|
(unsigned long *)(fp - (unsigned long)sizeof(buftail));
|
||||||
|
|
||||||
/* Check accessibility of one struct frame_tail beyond */
|
/* Check accessibility of one struct frame_tail beyond */
|
||||||
if (!access_ok(VERIFY_READ, user_frame_tail, sizeof(buftail)))
|
if (!access_ok(user_frame_tail, sizeof(buftail)))
|
||||||
return 0;
|
return 0;
|
||||||
if (__copy_from_user_inatomic
|
if (__copy_from_user_inatomic
|
||||||
(&buftail, user_frame_tail, sizeof(buftail)))
|
(&buftail, user_frame_tail, sizeof(buftail)))
|
||||||
@ -1332,7 +1332,7 @@ user_backtrace_opt_size(struct perf_callchain_entry_ctx *entry,
|
|||||||
(unsigned long *)(fp - (unsigned long)sizeof(buftail));
|
(unsigned long *)(fp - (unsigned long)sizeof(buftail));
|
||||||
|
|
||||||
/* Check accessibility of one struct frame_tail beyond */
|
/* Check accessibility of one struct frame_tail beyond */
|
||||||
if (!access_ok(VERIFY_READ, user_frame_tail, sizeof(buftail)))
|
if (!access_ok(user_frame_tail, sizeof(buftail)))
|
||||||
return 0;
|
return 0;
|
||||||
if (__copy_from_user_inatomic
|
if (__copy_from_user_inatomic
|
||||||
(&buftail, user_frame_tail, sizeof(buftail)))
|
(&buftail, user_frame_tail, sizeof(buftail)))
|
||||||
@ -1386,7 +1386,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry,
|
|||||||
user_frame_tail =
|
user_frame_tail =
|
||||||
(unsigned long *)(fp - (unsigned long)sizeof(fp));
|
(unsigned long *)(fp - (unsigned long)sizeof(fp));
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, user_frame_tail, sizeof(fp)))
|
if (!access_ok(user_frame_tail, sizeof(fp)))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if (__copy_from_user_inatomic
|
if (__copy_from_user_inatomic
|
||||||
@ -1406,8 +1406,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry,
|
|||||||
(unsigned long *)(fp -
|
(unsigned long *)(fp -
|
||||||
(unsigned long)sizeof(buftail));
|
(unsigned long)sizeof(buftail));
|
||||||
|
|
||||||
if (!access_ok
|
if (!access_ok(user_frame_tail, sizeof(buftail)))
|
||||||
(VERIFY_READ, user_frame_tail, sizeof(buftail)))
|
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if (__copy_from_user_inatomic
|
if (__copy_from_user_inatomic
|
||||||
@ -1424,7 +1423,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry,
|
|||||||
(unsigned long *)(fp - (unsigned long)
|
(unsigned long *)(fp - (unsigned long)
|
||||||
sizeof(buftail_opt_size));
|
sizeof(buftail_opt_size));
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, user_frame_tail,
|
if (!access_ok(user_frame_tail,
|
||||||
sizeof(buftail_opt_size)))
|
sizeof(buftail_opt_size)))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
@ -151,7 +151,7 @@ asmlinkage long sys_rt_sigreturn(struct pt_regs *regs)
|
|||||||
|
|
||||||
frame = (struct rt_sigframe __user *)regs->sp;
|
frame = (struct rt_sigframe __user *)regs->sp;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (restore_sigframe(regs, frame))
|
if (restore_sigframe(regs, frame))
|
||||||
@ -275,7 +275,7 @@ setup_rt_frame(struct ksignal *ksig, sigset_t * set, struct pt_regs *regs)
|
|||||||
get_sigframe(ksig, regs, sizeof(*frame));
|
get_sigframe(ksig, regs, sizeof(*frame));
|
||||||
int err = 0;
|
int err = 0;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
__put_user_error(0, &frame->uc.uc_flags, err);
|
__put_user_error(0, &frame->uc.uc_flags, err);
|
||||||
|
@ -289,13 +289,13 @@ static inline int do_16(unsigned long inst, struct pt_regs *regs)
|
|||||||
unaligned_addr += shift;
|
unaligned_addr += shift;
|
||||||
|
|
||||||
if (load) {
|
if (load) {
|
||||||
if (!access_ok(VERIFY_READ, (void *)unaligned_addr, len))
|
if (!access_ok((void *)unaligned_addr, len))
|
||||||
return -EACCES;
|
return -EACCES;
|
||||||
|
|
||||||
get_data(unaligned_addr, &target_val, len);
|
get_data(unaligned_addr, &target_val, len);
|
||||||
*idx_to_addr(regs, target_idx) = target_val;
|
*idx_to_addr(regs, target_idx) = target_val;
|
||||||
} else {
|
} else {
|
||||||
if (!access_ok(VERIFY_WRITE, (void *)unaligned_addr, len))
|
if (!access_ok((void *)unaligned_addr, len))
|
||||||
return -EACCES;
|
return -EACCES;
|
||||||
target_val = *idx_to_addr(regs, target_idx);
|
target_val = *idx_to_addr(regs, target_idx);
|
||||||
set_data((void *)unaligned_addr, target_val, len);
|
set_data((void *)unaligned_addr, target_val, len);
|
||||||
@ -479,7 +479,7 @@ static inline int do_32(unsigned long inst, struct pt_regs *regs)
|
|||||||
|
|
||||||
if (load) {
|
if (load) {
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, (void *)unaligned_addr, len))
|
if (!access_ok((void *)unaligned_addr, len))
|
||||||
return -EACCES;
|
return -EACCES;
|
||||||
|
|
||||||
get_data(unaligned_addr, &target_val, len);
|
get_data(unaligned_addr, &target_val, len);
|
||||||
@ -491,7 +491,7 @@ static inline int do_32(unsigned long inst, struct pt_regs *regs)
|
|||||||
*idx_to_addr(regs, RT(inst)) = target_val;
|
*idx_to_addr(regs, RT(inst)) = target_val;
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, (void *)unaligned_addr, len))
|
if (!access_ok((void *)unaligned_addr, len))
|
||||||
return -EACCES;
|
return -EACCES;
|
||||||
|
|
||||||
target_val = *idx_to_addr(regs, RT(inst));
|
target_val = *idx_to_addr(regs, RT(inst));
|
||||||
|
@ -37,7 +37,7 @@
|
|||||||
(((signed long)(((long)get_fs().seg) & \
|
(((signed long)(((long)get_fs().seg) & \
|
||||||
((long)(addr) | (((long)(addr)) + (len)) | (len)))) == 0)
|
((long)(addr) | (((long)(addr)) + (len)) | (len)))) == 0)
|
||||||
|
|
||||||
#define access_ok(type, addr, len) \
|
#define access_ok(addr, len) \
|
||||||
likely(__access_ok((unsigned long)(addr), (unsigned long)(len)))
|
likely(__access_ok((unsigned long)(addr), (unsigned long)(len)))
|
||||||
|
|
||||||
# define __EX_TABLE_SECTION ".section __ex_table,\"a\"\n"
|
# define __EX_TABLE_SECTION ".section __ex_table,\"a\"\n"
|
||||||
@ -70,7 +70,7 @@ static inline unsigned long __must_check __clear_user(void __user *to,
|
|||||||
static inline unsigned long __must_check clear_user(void __user *to,
|
static inline unsigned long __must_check clear_user(void __user *to,
|
||||||
unsigned long n)
|
unsigned long n)
|
||||||
{
|
{
|
||||||
if (!access_ok(VERIFY_WRITE, to, n))
|
if (!access_ok(to, n))
|
||||||
return n;
|
return n;
|
||||||
return __clear_user(to, n);
|
return __clear_user(to, n);
|
||||||
}
|
}
|
||||||
@ -142,7 +142,7 @@ do { \
|
|||||||
long __gu_err = -EFAULT; \
|
long __gu_err = -EFAULT; \
|
||||||
const __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \
|
const __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \
|
||||||
unsigned long __gu_val = 0; \
|
unsigned long __gu_val = 0; \
|
||||||
if (access_ok(VERIFY_READ, __gu_ptr, sizeof(*__gu_ptr))) \
|
if (access_ok( __gu_ptr, sizeof(*__gu_ptr))) \
|
||||||
__get_user_common(__gu_val, sizeof(*__gu_ptr), \
|
__get_user_common(__gu_val, sizeof(*__gu_ptr), \
|
||||||
__gu_ptr, __gu_err); \
|
__gu_ptr, __gu_err); \
|
||||||
(x) = (__force __typeof__(x))__gu_val; \
|
(x) = (__force __typeof__(x))__gu_val; \
|
||||||
@ -168,7 +168,7 @@ do { \
|
|||||||
long __pu_err = -EFAULT; \
|
long __pu_err = -EFAULT; \
|
||||||
__typeof__(*(ptr)) __user *__pu_ptr = (ptr); \
|
__typeof__(*(ptr)) __user *__pu_ptr = (ptr); \
|
||||||
__typeof__(*(ptr)) __pu_val = (__typeof(*ptr))(x); \
|
__typeof__(*(ptr)) __pu_val = (__typeof(*ptr))(x); \
|
||||||
if (access_ok(VERIFY_WRITE, __pu_ptr, sizeof(*__pu_ptr))) { \
|
if (access_ok(__pu_ptr, sizeof(*__pu_ptr))) { \
|
||||||
switch (sizeof(*__pu_ptr)) { \
|
switch (sizeof(*__pu_ptr)) { \
|
||||||
case 1: \
|
case 1: \
|
||||||
__put_user_asm(__pu_val, "stb", __pu_ptr, __pu_err); \
|
__put_user_asm(__pu_val, "stb", __pu_ptr, __pu_err); \
|
||||||
|
@ -106,7 +106,7 @@ asmlinkage int do_rt_sigreturn(struct switch_stack *sw)
|
|||||||
sigset_t set;
|
sigset_t set;
|
||||||
int rval;
|
int rval;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
||||||
|
@ -72,7 +72,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
u32 prev;
|
u32 prev;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
|
if (!access_ok(uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
__asm__ __volatile__ ( \
|
__asm__ __volatile__ ( \
|
||||||
|
@ -58,7 +58,7 @@
|
|||||||
/* Ensure that addr is below task's addr_limit */
|
/* Ensure that addr is below task's addr_limit */
|
||||||
#define __addr_ok(addr) ((unsigned long) addr < get_fs())
|
#define __addr_ok(addr) ((unsigned long) addr < get_fs())
|
||||||
|
|
||||||
#define access_ok(type, addr, size) \
|
#define access_ok(addr, size) \
|
||||||
__range_ok((unsigned long)addr, (unsigned long)size)
|
__range_ok((unsigned long)addr, (unsigned long)size)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -102,7 +102,7 @@ extern long __put_user_bad(void);
|
|||||||
({ \
|
({ \
|
||||||
long __pu_err = -EFAULT; \
|
long __pu_err = -EFAULT; \
|
||||||
__typeof__(*(ptr)) *__pu_addr = (ptr); \
|
__typeof__(*(ptr)) *__pu_addr = (ptr); \
|
||||||
if (access_ok(VERIFY_WRITE, __pu_addr, size)) \
|
if (access_ok(__pu_addr, size)) \
|
||||||
__put_user_size((x), __pu_addr, (size), __pu_err); \
|
__put_user_size((x), __pu_addr, (size), __pu_err); \
|
||||||
__pu_err; \
|
__pu_err; \
|
||||||
})
|
})
|
||||||
@ -175,7 +175,7 @@ struct __large_struct {
|
|||||||
({ \
|
({ \
|
||||||
long __gu_err = -EFAULT, __gu_val = 0; \
|
long __gu_err = -EFAULT, __gu_val = 0; \
|
||||||
const __typeof__(*(ptr)) * __gu_addr = (ptr); \
|
const __typeof__(*(ptr)) * __gu_addr = (ptr); \
|
||||||
if (access_ok(VERIFY_READ, __gu_addr, size)) \
|
if (access_ok(__gu_addr, size)) \
|
||||||
__get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
|
__get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
|
||||||
(x) = (__force __typeof__(*(ptr)))__gu_val; \
|
(x) = (__force __typeof__(*(ptr)))__gu_val; \
|
||||||
__gu_err; \
|
__gu_err; \
|
||||||
@ -254,7 +254,7 @@ extern unsigned long __clear_user(void *addr, unsigned long size);
|
|||||||
static inline __must_check unsigned long
|
static inline __must_check unsigned long
|
||||||
clear_user(void *addr, unsigned long size)
|
clear_user(void *addr, unsigned long size)
|
||||||
{
|
{
|
||||||
if (likely(access_ok(VERIFY_WRITE, addr, size)))
|
if (likely(access_ok(addr, size)))
|
||||||
size = __clear_user(addr, size);
|
size = __clear_user(addr, size);
|
||||||
return size;
|
return size;
|
||||||
}
|
}
|
||||||
|
@ -50,7 +50,7 @@ static int restore_sigcontext(struct pt_regs *regs,
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Restore the regs from &sc->regs.
|
* Restore the regs from &sc->regs.
|
||||||
* (sc is already checked for VERIFY_READ since the sigframe was
|
* (sc is already checked since the sigframe was
|
||||||
* checked in sys_sigreturn previously)
|
* checked in sys_sigreturn previously)
|
||||||
*/
|
*/
|
||||||
err |= __copy_from_user(regs, sc->regs.gpr, 32 * sizeof(unsigned long));
|
err |= __copy_from_user(regs, sc->regs.gpr, 32 * sizeof(unsigned long));
|
||||||
@ -83,7 +83,7 @@ asmlinkage long _sys_rt_sigreturn(struct pt_regs *regs)
|
|||||||
if (((long)frame) & 3)
|
if (((long)frame) & 3)
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
@ -161,7 +161,7 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set,
|
|||||||
|
|
||||||
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
/* Create siginfo. */
|
/* Create siginfo. */
|
||||||
|
@ -95,7 +95,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
|
|||||||
if (uaccess_kernel() && !uaddr)
|
if (uaccess_kernel() && !uaddr)
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
|
if (!access_ok(uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
/* HPPA has no cmpxchg in hardware and therefore the
|
/* HPPA has no cmpxchg in hardware and therefore the
|
||||||
|
@ -27,7 +27,7 @@
|
|||||||
* that put_user is the same as __put_user, etc.
|
* that put_user is the same as __put_user, etc.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#define access_ok(type, uaddr, size) \
|
#define access_ok(uaddr, size) \
|
||||||
( (uaddr) == (uaddr) )
|
( (uaddr) == (uaddr) )
|
||||||
|
|
||||||
#define put_user __put_user
|
#define put_user __put_user
|
||||||
|
@ -72,7 +72,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
u32 prev;
|
u32 prev;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
|
if (!access_ok(uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
__asm__ __volatile__ (
|
__asm__ __volatile__ (
|
||||||
|
@ -62,7 +62,7 @@ static inline int __access_ok(unsigned long addr, unsigned long size,
|
|||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define access_ok(type, addr, size) \
|
#define access_ok(addr, size) \
|
||||||
(__chk_user_ptr(addr), (void)(type), \
|
(__chk_user_ptr(addr), (void)(type), \
|
||||||
__access_ok((__force unsigned long)(addr), (size), get_fs()))
|
__access_ok((__force unsigned long)(addr), (size), get_fs()))
|
||||||
|
|
||||||
@ -166,7 +166,7 @@ do { \
|
|||||||
long __pu_err = -EFAULT; \
|
long __pu_err = -EFAULT; \
|
||||||
__typeof__(*(ptr)) __user *__pu_addr = (ptr); \
|
__typeof__(*(ptr)) __user *__pu_addr = (ptr); \
|
||||||
might_fault(); \
|
might_fault(); \
|
||||||
if (access_ok(VERIFY_WRITE, __pu_addr, size)) \
|
if (access_ok(__pu_addr, size)) \
|
||||||
__put_user_size((x), __pu_addr, (size), __pu_err); \
|
__put_user_size((x), __pu_addr, (size), __pu_err); \
|
||||||
__pu_err; \
|
__pu_err; \
|
||||||
})
|
})
|
||||||
@ -276,7 +276,7 @@ do { \
|
|||||||
__long_type(*(ptr)) __gu_val = 0; \
|
__long_type(*(ptr)) __gu_val = 0; \
|
||||||
__typeof__(*(ptr)) __user *__gu_addr = (ptr); \
|
__typeof__(*(ptr)) __user *__gu_addr = (ptr); \
|
||||||
might_fault(); \
|
might_fault(); \
|
||||||
if (access_ok(VERIFY_READ, __gu_addr, (size))) { \
|
if (access_ok(__gu_addr, (size))) { \
|
||||||
barrier_nospec(); \
|
barrier_nospec(); \
|
||||||
__get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
|
__get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
|
||||||
} \
|
} \
|
||||||
@ -374,7 +374,7 @@ extern unsigned long __clear_user(void __user *addr, unsigned long size);
|
|||||||
static inline unsigned long clear_user(void __user *addr, unsigned long size)
|
static inline unsigned long clear_user(void __user *addr, unsigned long size)
|
||||||
{
|
{
|
||||||
might_fault();
|
might_fault();
|
||||||
if (likely(access_ok(VERIFY_WRITE, addr, size)))
|
if (likely(access_ok(addr, size)))
|
||||||
return __clear_user(addr, size);
|
return __clear_user(addr, size);
|
||||||
return size;
|
return size;
|
||||||
}
|
}
|
||||||
|
@ -131,8 +131,7 @@ static int emulate_spe(struct pt_regs *regs, unsigned int reg,
|
|||||||
|
|
||||||
/* Verify the address of the operand */
|
/* Verify the address of the operand */
|
||||||
if (unlikely(user_mode(regs) &&
|
if (unlikely(user_mode(regs) &&
|
||||||
!access_ok((flags & ST ? VERIFY_WRITE : VERIFY_READ),
|
!access_ok(addr, nb)))
|
||||||
addr, nb)))
|
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
/* userland only */
|
/* userland only */
|
||||||
|
@ -523,7 +523,7 @@ static ssize_t validate_flash_write(struct file *file, const char __user *buf,
|
|||||||
args_buf->status = VALIDATE_INCOMPLETE;
|
args_buf->status = VALIDATE_INCOMPLETE;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, buf, count)) {
|
if (!access_ok(buf, count)) {
|
||||||
rc = -EFAULT;
|
rc = -EFAULT;
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
@ -335,7 +335,7 @@ static ssize_t rtas_log_read(struct file * file, char __user * buf,
|
|||||||
|
|
||||||
count = rtas_error_log_buffer_max;
|
count = rtas_error_log_buffer_max;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, buf, count))
|
if (!access_ok(buf, count))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
tmp = kmalloc(count, GFP_KERNEL);
|
tmp = kmalloc(count, GFP_KERNEL);
|
||||||
|
@ -44,7 +44,7 @@ void __user *get_sigframe(struct ksignal *ksig, unsigned long sp,
|
|||||||
newsp = (oldsp - frame_size) & ~0xFUL;
|
newsp = (oldsp - frame_size) & ~0xFUL;
|
||||||
|
|
||||||
/* Check access */
|
/* Check access */
|
||||||
if (!access_ok(VERIFY_WRITE, (void __user *)newsp, oldsp - newsp))
|
if (!access_ok((void __user *)newsp, oldsp - newsp))
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
return (void __user *)newsp;
|
return (void __user *)newsp;
|
||||||
|
@ -1017,7 +1017,7 @@ static int do_setcontext(struct ucontext __user *ucp, struct pt_regs *regs, int
|
|||||||
#else
|
#else
|
||||||
if (__get_user(mcp, &ucp->uc_regs))
|
if (__get_user(mcp, &ucp->uc_regs))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
if (!access_ok(VERIFY_READ, mcp, sizeof(*mcp)))
|
if (!access_ok(mcp, sizeof(*mcp)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
#endif
|
#endif
|
||||||
set_current_blocked(&set);
|
set_current_blocked(&set);
|
||||||
@ -1120,7 +1120,7 @@ SYSCALL_DEFINE3(swapcontext, struct ucontext __user *, old_ctx,
|
|||||||
*/
|
*/
|
||||||
mctx = (struct mcontext __user *)
|
mctx = (struct mcontext __user *)
|
||||||
((unsigned long) &old_ctx->uc_mcontext & ~0xfUL);
|
((unsigned long) &old_ctx->uc_mcontext & ~0xfUL);
|
||||||
if (!access_ok(VERIFY_WRITE, old_ctx, ctx_size)
|
if (!access_ok(old_ctx, ctx_size)
|
||||||
|| save_user_regs(regs, mctx, NULL, 0, ctx_has_vsx_region)
|
|| save_user_regs(regs, mctx, NULL, 0, ctx_has_vsx_region)
|
||||||
|| put_sigset_t(&old_ctx->uc_sigmask, ¤t->blocked)
|
|| put_sigset_t(&old_ctx->uc_sigmask, ¤t->blocked)
|
||||||
|| __put_user(to_user_ptr(mctx), &old_ctx->uc_regs))
|
|| __put_user(to_user_ptr(mctx), &old_ctx->uc_regs))
|
||||||
@ -1128,7 +1128,7 @@ SYSCALL_DEFINE3(swapcontext, struct ucontext __user *, old_ctx,
|
|||||||
}
|
}
|
||||||
if (new_ctx == NULL)
|
if (new_ctx == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
if (!access_ok(VERIFY_READ, new_ctx, ctx_size) ||
|
if (!access_ok(new_ctx, ctx_size) ||
|
||||||
fault_in_pages_readable((u8 __user *)new_ctx, ctx_size))
|
fault_in_pages_readable((u8 __user *)new_ctx, ctx_size))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
@ -1169,7 +1169,7 @@ SYSCALL_DEFINE0(rt_sigreturn)
|
|||||||
|
|
||||||
rt_sf = (struct rt_sigframe __user *)
|
rt_sf = (struct rt_sigframe __user *)
|
||||||
(regs->gpr[1] + __SIGNAL_FRAMESIZE + 16);
|
(regs->gpr[1] + __SIGNAL_FRAMESIZE + 16);
|
||||||
if (!access_ok(VERIFY_READ, rt_sf, sizeof(*rt_sf)))
|
if (!access_ok(rt_sf, sizeof(*rt_sf)))
|
||||||
goto bad;
|
goto bad;
|
||||||
|
|
||||||
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
|
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
|
||||||
@ -1315,7 +1315,7 @@ SYSCALL_DEFINE3(debug_setcontext, struct ucontext __user *, ctx,
|
|||||||
current->thread.debug.dbcr0 = new_dbcr0;
|
current->thread.debug.dbcr0 = new_dbcr0;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, ctx, sizeof(*ctx)) ||
|
if (!access_ok(ctx, sizeof(*ctx)) ||
|
||||||
fault_in_pages_readable((u8 __user *)ctx, sizeof(*ctx)))
|
fault_in_pages_readable((u8 __user *)ctx, sizeof(*ctx)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
@ -1500,7 +1500,7 @@ SYSCALL_DEFINE0(sigreturn)
|
|||||||
{
|
{
|
||||||
sr = (struct mcontext __user *)from_user_ptr(sigctx.regs);
|
sr = (struct mcontext __user *)from_user_ptr(sigctx.regs);
|
||||||
addr = sr;
|
addr = sr;
|
||||||
if (!access_ok(VERIFY_READ, sr, sizeof(*sr))
|
if (!access_ok(sr, sizeof(*sr))
|
||||||
|| restore_user_regs(regs, sr, 1))
|
|| restore_user_regs(regs, sr, 1))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
}
|
}
|
||||||
|
@ -383,7 +383,7 @@ static long restore_sigcontext(struct task_struct *tsk, sigset_t *set, int sig,
|
|||||||
err |= __get_user(v_regs, &sc->v_regs);
|
err |= __get_user(v_regs, &sc->v_regs);
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
if (v_regs && !access_ok(VERIFY_READ, v_regs, 34 * sizeof(vector128)))
|
if (v_regs && !access_ok(v_regs, 34 * sizeof(vector128)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
/* Copy 33 vec registers (vr0..31 and vscr) from the stack */
|
/* Copy 33 vec registers (vr0..31 and vscr) from the stack */
|
||||||
if (v_regs != NULL && (msr & MSR_VEC) != 0) {
|
if (v_regs != NULL && (msr & MSR_VEC) != 0) {
|
||||||
@ -502,10 +502,9 @@ static long restore_tm_sigcontexts(struct task_struct *tsk,
|
|||||||
err |= __get_user(tm_v_regs, &tm_sc->v_regs);
|
err |= __get_user(tm_v_regs, &tm_sc->v_regs);
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
if (v_regs && !access_ok(VERIFY_READ, v_regs, 34 * sizeof(vector128)))
|
if (v_regs && !access_ok(v_regs, 34 * sizeof(vector128)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
if (tm_v_regs && !access_ok(VERIFY_READ,
|
if (tm_v_regs && !access_ok(tm_v_regs, 34 * sizeof(vector128)))
|
||||||
tm_v_regs, 34 * sizeof(vector128)))
|
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
/* Copy 33 vec registers (vr0..31 and vscr) from the stack */
|
/* Copy 33 vec registers (vr0..31 and vscr) from the stack */
|
||||||
if (v_regs != NULL && tm_v_regs != NULL && (msr & MSR_VEC) != 0) {
|
if (v_regs != NULL && tm_v_regs != NULL && (msr & MSR_VEC) != 0) {
|
||||||
@ -671,7 +670,7 @@ SYSCALL_DEFINE3(swapcontext, struct ucontext __user *, old_ctx,
|
|||||||
ctx_has_vsx_region = 1;
|
ctx_has_vsx_region = 1;
|
||||||
|
|
||||||
if (old_ctx != NULL) {
|
if (old_ctx != NULL) {
|
||||||
if (!access_ok(VERIFY_WRITE, old_ctx, ctx_size)
|
if (!access_ok(old_ctx, ctx_size)
|
||||||
|| setup_sigcontext(&old_ctx->uc_mcontext, current, 0, NULL, 0,
|
|| setup_sigcontext(&old_ctx->uc_mcontext, current, 0, NULL, 0,
|
||||||
ctx_has_vsx_region)
|
ctx_has_vsx_region)
|
||||||
|| __copy_to_user(&old_ctx->uc_sigmask,
|
|| __copy_to_user(&old_ctx->uc_sigmask,
|
||||||
@ -680,7 +679,7 @@ SYSCALL_DEFINE3(swapcontext, struct ucontext __user *, old_ctx,
|
|||||||
}
|
}
|
||||||
if (new_ctx == NULL)
|
if (new_ctx == NULL)
|
||||||
return 0;
|
return 0;
|
||||||
if (!access_ok(VERIFY_READ, new_ctx, ctx_size)
|
if (!access_ok(new_ctx, ctx_size)
|
||||||
|| __get_user(tmp, (u8 __user *) new_ctx)
|
|| __get_user(tmp, (u8 __user *) new_ctx)
|
||||||
|| __get_user(tmp, (u8 __user *) new_ctx + ctx_size - 1))
|
|| __get_user(tmp, (u8 __user *) new_ctx + ctx_size - 1))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
@ -725,7 +724,7 @@ SYSCALL_DEFINE0(rt_sigreturn)
|
|||||||
/* Always make any pending restarted system calls return -EINTR */
|
/* Always make any pending restarted system calls return -EINTR */
|
||||||
current->restart_block.fn = do_no_restart_syscall;
|
current->restart_block.fn = do_no_restart_syscall;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, uc, sizeof(*uc)))
|
if (!access_ok(uc, sizeof(*uc)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (__copy_from_user(&set, &uc->uc_sigmask, sizeof(set)))
|
if (__copy_from_user(&set, &uc->uc_sigmask, sizeof(set)))
|
||||||
|
@ -89,7 +89,7 @@ ppc_select(int n, fd_set __user *inp, fd_set __user *outp, fd_set __user *exp, s
|
|||||||
if ( (unsigned long)n >= 4096 )
|
if ( (unsigned long)n >= 4096 )
|
||||||
{
|
{
|
||||||
unsigned long __user *buffer = (unsigned long __user *)n;
|
unsigned long __user *buffer = (unsigned long __user *)n;
|
||||||
if (!access_ok(VERIFY_READ, buffer, 5*sizeof(unsigned long))
|
if (!access_ok(buffer, 5*sizeof(unsigned long))
|
||||||
|| __get_user(n, buffer)
|
|| __get_user(n, buffer)
|
||||||
|| __get_user(inp, ((fd_set __user * __user *)(buffer+1)))
|
|| __get_user(inp, ((fd_set __user * __user *)(buffer+1)))
|
||||||
|| __get_user(outp, ((fd_set __user * __user *)(buffer+2)))
|
|| __get_user(outp, ((fd_set __user * __user *)(buffer+2)))
|
||||||
|
@ -837,7 +837,7 @@ static void p9_hmi_special_emu(struct pt_regs *regs)
|
|||||||
addr = (__force const void __user *)ea;
|
addr = (__force const void __user *)ea;
|
||||||
|
|
||||||
/* Check it */
|
/* Check it */
|
||||||
if (!access_ok(VERIFY_READ, addr, 16)) {
|
if (!access_ok(addr, 16)) {
|
||||||
pr_devel("HMI vec emu: bad access %i:%s[%d] nip=%016lx"
|
pr_devel("HMI vec emu: bad access %i:%s[%d] nip=%016lx"
|
||||||
" instr=%08x addr=%016lx\n",
|
" instr=%08x addr=%016lx\n",
|
||||||
smp_processor_id(), current->comm, current->pid,
|
smp_processor_id(), current->comm, current->pid,
|
||||||
|
@ -1744,7 +1744,7 @@ static ssize_t kvm_htab_read(struct file *file, char __user *buf,
|
|||||||
int first_pass;
|
int first_pass;
|
||||||
unsigned long hpte[2];
|
unsigned long hpte[2];
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, buf, count))
|
if (!access_ok(buf, count))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
if (kvm_is_radix(kvm))
|
if (kvm_is_radix(kvm))
|
||||||
return 0;
|
return 0;
|
||||||
@ -1844,7 +1844,7 @@ static ssize_t kvm_htab_write(struct file *file, const char __user *buf,
|
|||||||
int mmu_ready;
|
int mmu_ready;
|
||||||
int pshift;
|
int pshift;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, buf, count))
|
if (!access_ok(buf, count))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
if (kvm_is_radix(kvm))
|
if (kvm_is_radix(kvm))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
@ -37,7 +37,7 @@ __wsum csum_and_copy_from_user(const void __user *src, void *dst,
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (unlikely((len < 0) || !access_ok(VERIFY_READ, src, len))) {
|
if (unlikely((len < 0) || !access_ok(src, len))) {
|
||||||
*err_ptr = -EFAULT;
|
*err_ptr = -EFAULT;
|
||||||
csum = (__force unsigned int)sum;
|
csum = (__force unsigned int)sum;
|
||||||
goto out;
|
goto out;
|
||||||
@ -78,7 +78,7 @@ __wsum csum_and_copy_to_user(const void *src, void __user *dst, int len,
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (unlikely((len < 0) || !access_ok(VERIFY_WRITE, dst, len))) {
|
if (unlikely((len < 0) || !access_ok(dst, len))) {
|
||||||
*err_ptr = -EFAULT;
|
*err_ptr = -EFAULT;
|
||||||
csum = -1; /* invalid checksum */
|
csum = -1; /* invalid checksum */
|
||||||
goto out;
|
goto out;
|
||||||
|
@ -274,7 +274,7 @@ static bool bad_stack_expansion(struct pt_regs *regs, unsigned long address,
|
|||||||
return false;
|
return false;
|
||||||
|
|
||||||
if ((flags & FAULT_FLAG_WRITE) && (flags & FAULT_FLAG_USER) &&
|
if ((flags & FAULT_FLAG_WRITE) && (flags & FAULT_FLAG_USER) &&
|
||||||
access_ok(VERIFY_READ, nip, sizeof(*nip))) {
|
access_ok(nip, sizeof(*nip))) {
|
||||||
unsigned int inst;
|
unsigned int inst;
|
||||||
int res;
|
int res;
|
||||||
|
|
||||||
|
@ -214,7 +214,7 @@ SYSCALL_DEFINE3(subpage_prot, unsigned long, addr,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, map, (len >> PAGE_SHIFT) * sizeof(u32)))
|
if (!access_ok(map, (len >> PAGE_SHIFT) * sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
down_write(&mm->mmap_sem);
|
down_write(&mm->mmap_sem);
|
||||||
|
@ -31,7 +31,7 @@ static unsigned int user_getsp32(unsigned int sp, int is_first)
|
|||||||
unsigned int stack_frame[2];
|
unsigned int stack_frame[2];
|
||||||
void __user *p = compat_ptr(sp);
|
void __user *p = compat_ptr(sp);
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, p, sizeof(stack_frame)))
|
if (!access_ok(p, sizeof(stack_frame)))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -57,7 +57,7 @@ static unsigned long user_getsp64(unsigned long sp, int is_first)
|
|||||||
{
|
{
|
||||||
unsigned long stack_frame[3];
|
unsigned long stack_frame[3];
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, (void __user *)sp, sizeof(stack_frame)))
|
if (!access_ok((void __user *)sp, sizeof(stack_frame)))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (__copy_from_user_inatomic(stack_frame, (void __user *)sp,
|
if (__copy_from_user_inatomic(stack_frame, (void __user *)sp,
|
||||||
|
@ -609,7 +609,7 @@ static ssize_t spufs_mbox_read(struct file *file, char __user *buf,
|
|||||||
if (len < 4)
|
if (len < 4)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, buf, len))
|
if (!access_ok(buf, len))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
udata = (void __user *)buf;
|
udata = (void __user *)buf;
|
||||||
@ -717,7 +717,7 @@ static ssize_t spufs_ibox_read(struct file *file, char __user *buf,
|
|||||||
if (len < 4)
|
if (len < 4)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, buf, len))
|
if (!access_ok(buf, len))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
udata = (void __user *)buf;
|
udata = (void __user *)buf;
|
||||||
@ -856,7 +856,7 @@ static ssize_t spufs_wbox_write(struct file *file, const char __user *buf,
|
|||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
udata = (void __user *)buf;
|
udata = (void __user *)buf;
|
||||||
if (!access_ok(VERIFY_READ, buf, len))
|
if (!access_ok(buf, len))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
if (__get_user(wbox_data, udata))
|
if (__get_user(wbox_data, udata))
|
||||||
@ -1994,7 +1994,7 @@ static ssize_t spufs_mbox_info_read(struct file *file, char __user *buf,
|
|||||||
int ret;
|
int ret;
|
||||||
struct spu_context *ctx = file->private_data;
|
struct spu_context *ctx = file->private_data;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, buf, len))
|
if (!access_ok(buf, len))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
ret = spu_acquire_saved(ctx);
|
ret = spu_acquire_saved(ctx);
|
||||||
@ -2034,7 +2034,7 @@ static ssize_t spufs_ibox_info_read(struct file *file, char __user *buf,
|
|||||||
struct spu_context *ctx = file->private_data;
|
struct spu_context *ctx = file->private_data;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, buf, len))
|
if (!access_ok(buf, len))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
ret = spu_acquire_saved(ctx);
|
ret = spu_acquire_saved(ctx);
|
||||||
@ -2077,7 +2077,7 @@ static ssize_t spufs_wbox_info_read(struct file *file, char __user *buf,
|
|||||||
struct spu_context *ctx = file->private_data;
|
struct spu_context *ctx = file->private_data;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, buf, len))
|
if (!access_ok(buf, len))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
ret = spu_acquire_saved(ctx);
|
ret = spu_acquire_saved(ctx);
|
||||||
@ -2129,7 +2129,7 @@ static ssize_t spufs_dma_info_read(struct file *file, char __user *buf,
|
|||||||
struct spu_context *ctx = file->private_data;
|
struct spu_context *ctx = file->private_data;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, buf, len))
|
if (!access_ok(buf, len))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
ret = spu_acquire_saved(ctx);
|
ret = spu_acquire_saved(ctx);
|
||||||
@ -2160,7 +2160,7 @@ static ssize_t __spufs_proxydma_info_read(struct spu_context *ctx,
|
|||||||
if (len < ret)
|
if (len < ret)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, buf, len))
|
if (!access_ok(buf, len))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
info.proxydma_info_type = ctx->csa.prob.dma_querytype_RW;
|
info.proxydma_info_type = ctx->csa.prob.dma_querytype_RW;
|
||||||
|
@ -192,7 +192,7 @@ static ssize_t lpc_debug_read(struct file *filp, char __user *ubuf,
|
|||||||
u32 data, pos, len, todo;
|
u32 data, pos, len, todo;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, ubuf, count))
|
if (!access_ok(ubuf, count))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
todo = count;
|
todo = count;
|
||||||
@ -283,7 +283,7 @@ static ssize_t lpc_debug_write(struct file *filp, const char __user *ubuf,
|
|||||||
u32 data, pos, len, todo;
|
u32 data, pos, len, todo;
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, ubuf, count))
|
if (!access_ok(ubuf, count))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
todo = count;
|
todo = count;
|
||||||
|
@ -63,7 +63,7 @@ static ssize_t scanlog_read(struct file *file, char __user *buf,
|
|||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, buf, count))
|
if (!access_ok(buf, count))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
for (;;) {
|
for (;;) {
|
||||||
|
@ -95,7 +95,7 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
|
|||||||
u32 val;
|
u32 val;
|
||||||
uintptr_t tmp;
|
uintptr_t tmp;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
|
if (!access_ok(uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
__enable_user_access();
|
__enable_user_access();
|
||||||
|
@ -54,14 +54,8 @@ static inline void set_fs(mm_segment_t fs)
|
|||||||
#define user_addr_max() (get_fs())
|
#define user_addr_max() (get_fs())
|
||||||
|
|
||||||
|
|
||||||
#define VERIFY_READ 0
|
|
||||||
#define VERIFY_WRITE 1
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* access_ok: - Checks if a user space pointer is valid
|
* access_ok: - Checks if a user space pointer is valid
|
||||||
* @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that
|
|
||||||
* %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe
|
|
||||||
* to write to a block, it is always safe to read from it.
|
|
||||||
* @addr: User space pointer to start of block to check
|
* @addr: User space pointer to start of block to check
|
||||||
* @size: Size of block to check
|
* @size: Size of block to check
|
||||||
*
|
*
|
||||||
@ -76,7 +70,7 @@ static inline void set_fs(mm_segment_t fs)
|
|||||||
* checks that the pointer is in the user space range - after calling
|
* checks that the pointer is in the user space range - after calling
|
||||||
* this function, memory access functions may still return -EFAULT.
|
* this function, memory access functions may still return -EFAULT.
|
||||||
*/
|
*/
|
||||||
#define access_ok(type, addr, size) ({ \
|
#define access_ok(addr, size) ({ \
|
||||||
__chk_user_ptr(addr); \
|
__chk_user_ptr(addr); \
|
||||||
likely(__access_ok((unsigned long __force)(addr), (size))); \
|
likely(__access_ok((unsigned long __force)(addr), (size))); \
|
||||||
})
|
})
|
||||||
@ -258,7 +252,7 @@ do { \
|
|||||||
({ \
|
({ \
|
||||||
const __typeof__(*(ptr)) __user *__p = (ptr); \
|
const __typeof__(*(ptr)) __user *__p = (ptr); \
|
||||||
might_fault(); \
|
might_fault(); \
|
||||||
access_ok(VERIFY_READ, __p, sizeof(*__p)) ? \
|
access_ok(__p, sizeof(*__p)) ? \
|
||||||
__get_user((x), __p) : \
|
__get_user((x), __p) : \
|
||||||
((x) = 0, -EFAULT); \
|
((x) = 0, -EFAULT); \
|
||||||
})
|
})
|
||||||
@ -386,7 +380,7 @@ do { \
|
|||||||
({ \
|
({ \
|
||||||
__typeof__(*(ptr)) __user *__p = (ptr); \
|
__typeof__(*(ptr)) __user *__p = (ptr); \
|
||||||
might_fault(); \
|
might_fault(); \
|
||||||
access_ok(VERIFY_WRITE, __p, sizeof(*__p)) ? \
|
access_ok(__p, sizeof(*__p)) ? \
|
||||||
__put_user((x), __p) : \
|
__put_user((x), __p) : \
|
||||||
-EFAULT; \
|
-EFAULT; \
|
||||||
})
|
})
|
||||||
@ -421,7 +415,7 @@ static inline
|
|||||||
unsigned long __must_check clear_user(void __user *to, unsigned long n)
|
unsigned long __must_check clear_user(void __user *to, unsigned long n)
|
||||||
{
|
{
|
||||||
might_fault();
|
might_fault();
|
||||||
return access_ok(VERIFY_WRITE, to, n) ?
|
return access_ok(to, n) ?
|
||||||
__clear_user(to, n) : n;
|
__clear_user(to, n) : n;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -115,7 +115,7 @@ SYSCALL_DEFINE0(rt_sigreturn)
|
|||||||
|
|
||||||
frame = (struct rt_sigframe __user *)regs->sp;
|
frame = (struct rt_sigframe __user *)regs->sp;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
||||||
@ -187,7 +187,7 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set,
|
|||||||
long err = 0;
|
long err = 0;
|
||||||
|
|
||||||
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
frame = get_sigframe(ksig, regs, sizeof(*frame));
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
err |= copy_siginfo_to_user(&frame->info, &ksig->info);
|
err |= copy_siginfo_to_user(&frame->info, &ksig->info);
|
||||||
|
@ -48,7 +48,7 @@ static inline int __range_ok(unsigned long addr, unsigned long size)
|
|||||||
__range_ok((unsigned long)(addr), (size)); \
|
__range_ok((unsigned long)(addr), (size)); \
|
||||||
})
|
})
|
||||||
|
|
||||||
#define access_ok(type, addr, size) __access_ok(addr, size)
|
#define access_ok(addr, size) __access_ok(addr, size)
|
||||||
|
|
||||||
unsigned long __must_check
|
unsigned long __must_check
|
||||||
raw_copy_from_user(void *to, const void __user *from, unsigned long n);
|
raw_copy_from_user(void *to, const void __user *from, unsigned long n);
|
||||||
|
@ -197,7 +197,7 @@ static inline __wsum csum_and_copy_to_user(const void *src,
|
|||||||
int len, __wsum sum,
|
int len, __wsum sum,
|
||||||
int *err_ptr)
|
int *err_ptr)
|
||||||
{
|
{
|
||||||
if (access_ok(VERIFY_WRITE, dst, len))
|
if (access_ok(dst, len))
|
||||||
return csum_partial_copy_generic((__force const void *)src,
|
return csum_partial_copy_generic((__force const void *)src,
|
||||||
dst, len, sum, NULL, err_ptr);
|
dst, len, sum, NULL, err_ptr);
|
||||||
|
|
||||||
|
@ -22,7 +22,7 @@ static inline int
|
|||||||
futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
|
futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
|
||||||
u32 oldval, u32 newval)
|
u32 oldval, u32 newval)
|
||||||
{
|
{
|
||||||
if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
|
if (!access_ok(uaddr, sizeof(u32)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
return atomic_futex_op_cmpxchg_inatomic(uval, uaddr, oldval, newval);
|
return atomic_futex_op_cmpxchg_inatomic(uval, uaddr, oldval, newval);
|
||||||
|
@ -18,7 +18,7 @@
|
|||||||
*/
|
*/
|
||||||
#define __access_ok(addr, size) \
|
#define __access_ok(addr, size) \
|
||||||
(__addr_ok((addr) + (size)))
|
(__addr_ok((addr) + (size)))
|
||||||
#define access_ok(type, addr, size) \
|
#define access_ok(addr, size) \
|
||||||
(__chk_user_ptr(addr), \
|
(__chk_user_ptr(addr), \
|
||||||
__access_ok((unsigned long __force)(addr), (size)))
|
__access_ok((unsigned long __force)(addr), (size)))
|
||||||
|
|
||||||
@ -66,7 +66,7 @@ struct __large_struct { unsigned long buf[100]; };
|
|||||||
long __gu_err = -EFAULT; \
|
long __gu_err = -EFAULT; \
|
||||||
unsigned long __gu_val = 0; \
|
unsigned long __gu_val = 0; \
|
||||||
const __typeof__(*(ptr)) *__gu_addr = (ptr); \
|
const __typeof__(*(ptr)) *__gu_addr = (ptr); \
|
||||||
if (likely(access_ok(VERIFY_READ, __gu_addr, (size)))) \
|
if (likely(access_ok(__gu_addr, (size)))) \
|
||||||
__get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
|
__get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
|
||||||
(x) = (__force __typeof__(*(ptr)))__gu_val; \
|
(x) = (__force __typeof__(*(ptr)))__gu_val; \
|
||||||
__gu_err; \
|
__gu_err; \
|
||||||
@ -87,7 +87,7 @@ struct __large_struct { unsigned long buf[100]; };
|
|||||||
long __pu_err = -EFAULT; \
|
long __pu_err = -EFAULT; \
|
||||||
__typeof__(*(ptr)) __user *__pu_addr = (ptr); \
|
__typeof__(*(ptr)) __user *__pu_addr = (ptr); \
|
||||||
__typeof__(*(ptr)) __pu_val = x; \
|
__typeof__(*(ptr)) __pu_val = x; \
|
||||||
if (likely(access_ok(VERIFY_WRITE, __pu_addr, size))) \
|
if (likely(access_ok(__pu_addr, size))) \
|
||||||
__put_user_size(__pu_val, __pu_addr, (size), \
|
__put_user_size(__pu_val, __pu_addr, (size), \
|
||||||
__pu_err); \
|
__pu_err); \
|
||||||
__pu_err; \
|
__pu_err; \
|
||||||
@ -132,8 +132,7 @@ __kernel_size_t __clear_user(void *addr, __kernel_size_t size);
|
|||||||
void __user * __cl_addr = (addr); \
|
void __user * __cl_addr = (addr); \
|
||||||
unsigned long __cl_size = (n); \
|
unsigned long __cl_size = (n); \
|
||||||
\
|
\
|
||||||
if (__cl_size && access_ok(VERIFY_WRITE, \
|
if (__cl_size && access_ok(__cl_addr, __cl_size)) \
|
||||||
((unsigned long)(__cl_addr)), __cl_size)) \
|
|
||||||
__cl_size = __clear_user(__cl_addr, __cl_size); \
|
__cl_size = __clear_user(__cl_addr, __cl_size); \
|
||||||
\
|
\
|
||||||
__cl_size; \
|
__cl_size; \
|
||||||
|
@ -160,7 +160,7 @@ asmlinkage int sys_sigreturn(void)
|
|||||||
/* Always make any pending restarted system calls return -EINTR */
|
/* Always make any pending restarted system calls return -EINTR */
|
||||||
current->restart_block.fn = do_no_restart_syscall;
|
current->restart_block.fn = do_no_restart_syscall;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (__get_user(set.sig[0], &frame->sc.oldmask)
|
if (__get_user(set.sig[0], &frame->sc.oldmask)
|
||||||
@ -190,7 +190,7 @@ asmlinkage int sys_rt_sigreturn(void)
|
|||||||
/* Always make any pending restarted system calls return -EINTR */
|
/* Always make any pending restarted system calls return -EINTR */
|
||||||
current->restart_block.fn = do_no_restart_syscall;
|
current->restart_block.fn = do_no_restart_syscall;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
||||||
@ -272,7 +272,7 @@ static int setup_frame(struct ksignal *ksig, sigset_t *set,
|
|||||||
|
|
||||||
frame = get_sigframe(&ksig->ka, regs->regs[15], sizeof(*frame));
|
frame = get_sigframe(&ksig->ka, regs->regs[15], sizeof(*frame));
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
err |= setup_sigcontext(&frame->sc, regs, set->sig[0]);
|
err |= setup_sigcontext(&frame->sc, regs, set->sig[0]);
|
||||||
@ -338,7 +338,7 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set,
|
|||||||
|
|
||||||
frame = get_sigframe(&ksig->ka, regs->regs[15], sizeof(*frame));
|
frame = get_sigframe(&ksig->ka, regs->regs[15], sizeof(*frame));
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
err |= copy_siginfo_to_user(&frame->info, &ksig->info);
|
err |= copy_siginfo_to_user(&frame->info, &ksig->info);
|
||||||
|
@ -259,7 +259,7 @@ asmlinkage int sys_sigreturn(unsigned long r2, unsigned long r3,
|
|||||||
/* Always make any pending restarted system calls return -EINTR */
|
/* Always make any pending restarted system calls return -EINTR */
|
||||||
current->restart_block.fn = do_no_restart_syscall;
|
current->restart_block.fn = do_no_restart_syscall;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (__get_user(set.sig[0], &frame->sc.oldmask)
|
if (__get_user(set.sig[0], &frame->sc.oldmask)
|
||||||
@ -293,7 +293,7 @@ asmlinkage int sys_rt_sigreturn(unsigned long r2, unsigned long r3,
|
|||||||
/* Always make any pending restarted system calls return -EINTR */
|
/* Always make any pending restarted system calls return -EINTR */
|
||||||
current->restart_block.fn = do_no_restart_syscall;
|
current->restart_block.fn = do_no_restart_syscall;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
goto badframe;
|
goto badframe;
|
||||||
|
|
||||||
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
if (__copy_from_user(&set, &frame->uc.uc_sigmask, sizeof(set)))
|
||||||
@ -379,7 +379,7 @@ static int setup_frame(struct ksignal *ksig, sigset_t *set, struct pt_regs *regs
|
|||||||
|
|
||||||
frame = get_sigframe(&ksig->ka, regs->regs[REG_SP], sizeof(*frame));
|
frame = get_sigframe(&ksig->ka, regs->regs[REG_SP], sizeof(*frame));
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
err |= setup_sigcontext(&frame->sc, regs, set->sig[0]);
|
err |= setup_sigcontext(&frame->sc, regs, set->sig[0]);
|
||||||
@ -465,7 +465,7 @@ static int setup_rt_frame(struct ksignal *kig, sigset_t *set,
|
|||||||
|
|
||||||
frame = get_sigframe(&ksig->ka, regs->regs[REG_SP], sizeof(*frame));
|
frame = get_sigframe(&ksig->ka, regs->regs[REG_SP], sizeof(*frame));
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
|
if (!access_ok(frame, sizeof(*frame)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
err |= __put_user(&frame->info, &frame->pinfo);
|
err |= __put_user(&frame->info, &frame->pinfo);
|
||||||
|
@ -40,7 +40,7 @@ static int read_opcode(reg_size_t pc, insn_size_t *result_opcode, int from_user_
|
|||||||
/* SHmedia */
|
/* SHmedia */
|
||||||
aligned_pc = pc & ~3;
|
aligned_pc = pc & ~3;
|
||||||
if (from_user_mode) {
|
if (from_user_mode) {
|
||||||
if (!access_ok(VERIFY_READ, aligned_pc, sizeof(insn_size_t))) {
|
if (!access_ok(aligned_pc, sizeof(insn_size_t))) {
|
||||||
get_user_error = -EFAULT;
|
get_user_error = -EFAULT;
|
||||||
} else {
|
} else {
|
||||||
get_user_error = __get_user(opcode, (insn_size_t *)aligned_pc);
|
get_user_error = __get_user(opcode, (insn_size_t *)aligned_pc);
|
||||||
@ -180,7 +180,7 @@ static int misaligned_load(struct pt_regs *regs,
|
|||||||
if (user_mode(regs)) {
|
if (user_mode(regs)) {
|
||||||
__u64 buffer;
|
__u64 buffer;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, (unsigned long) address, 1UL<<width_shift)) {
|
if (!access_ok((unsigned long) address, 1UL<<width_shift)) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -254,7 +254,7 @@ static int misaligned_store(struct pt_regs *regs,
|
|||||||
if (user_mode(regs)) {
|
if (user_mode(regs)) {
|
||||||
__u64 buffer;
|
__u64 buffer;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, (unsigned long) address, 1UL<<width_shift)) {
|
if (!access_ok((unsigned long) address, 1UL<<width_shift)) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -327,7 +327,7 @@ static int misaligned_fpu_load(struct pt_regs *regs,
|
|||||||
__u64 buffer;
|
__u64 buffer;
|
||||||
__u32 buflo, bufhi;
|
__u32 buflo, bufhi;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_READ, (unsigned long) address, 1UL<<width_shift)) {
|
if (!access_ok((unsigned long) address, 1UL<<width_shift)) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -400,7 +400,7 @@ static int misaligned_fpu_store(struct pt_regs *regs,
|
|||||||
/* Initialise these to NaNs. */
|
/* Initialise these to NaNs. */
|
||||||
__u32 buflo=0xffffffffUL, bufhi=0xffffffffUL;
|
__u32 buflo=0xffffffffUL, bufhi=0xffffffffUL;
|
||||||
|
|
||||||
if (!access_ok(VERIFY_WRITE, (unsigned long) address, 1UL<<width_shift)) {
|
if (!access_ok((unsigned long) address, 1UL<<width_shift)) {
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -663,7 +663,7 @@ void do_reserved_inst(unsigned long error_code, struct pt_regs *regs)
|
|||||||
/* SHmedia : check for defect. This requires executable vmas
|
/* SHmedia : check for defect. This requires executable vmas
|
||||||
to be readable too. */
|
to be readable too. */
|
||||||
aligned_pc = pc & ~3;
|
aligned_pc = pc & ~3;
|
||||||
if (!access_ok(VERIFY_READ, aligned_pc, sizeof(insn_size_t)))
|
if (!access_ok(aligned_pc, sizeof(insn_size_t)))
|
||||||
get_user_error = -EFAULT;
|
get_user_error = -EFAULT;
|
||||||
else
|
else
|
||||||
get_user_error = __get_user(opcode, (insn_size_t *)aligned_pc);
|
get_user_error = __get_user(opcode, (insn_size_t *)aligned_pc);
|
||||||
|
@ -177,8 +177,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
|
|||||||
addr = start;
|
addr = start;
|
||||||
len = (unsigned long) nr_pages << PAGE_SHIFT;
|
len = (unsigned long) nr_pages << PAGE_SHIFT;
|
||||||
end = start + len;
|
end = start + len;
|
||||||
if (unlikely(!access_ok(write ? VERIFY_WRITE : VERIFY_READ,
|
if (unlikely(!access_ok((void __user *)start, len)))
|
||||||
(void __user *)start, len)))
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user