[PATCH 4.7 167/184] score: fix copy_from_user() and friends

From: Greg Kroah-Hartman
Date: Thu Sep 22 2016 - 13:49:49 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.7 169/184] sh: cmpxchg: fix a bit shift bug in big_endian os"
Previous message: Greg Kroah-Hartman: "[PATCH 4.7 165/184] cris: buggered copy_from_user/copy_to_user/clear_user"
In reply to: Greg Kroah-Hartman: "[PATCH 4.7 165/184] cris: buggered copy_from_user/copy_to_user/clear_user"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.7 169/184] sh: cmpxchg: fix a bit shift bug in big_endian os"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.7-stable review patch. If anyone has any objections, please let me know.

------------------

From: Al Viro <viro@xxxxxxxxxxxxxxxxxx>

commit b615e3c74621e06cd97f86373ca90d43d6d998aa upstream.

Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
arch/score/include/asm/uaccess.h | 41 +++++++++++++++++++--------------------
1 file changed, 20 insertions(+), 21 deletions(-)

--- a/arch/score/include/asm/uaccess.h
+++ b/arch/score/include/asm/uaccess.h
@@ -301,35 +301,34 @@ extern int __copy_tofrom_user(void *to,
static inline unsigned long
copy_from_user(void *to, const void *from, unsigned long len)
{
- unsigned long over;
+ unsigned long res = len;

- if (access_ok(VERIFY_READ, from, len))
- return __copy_tofrom_user(to, from, len);
+ if (likely(access_ok(VERIFY_READ, from, len)))
+ res = __copy_tofrom_user(to, from, len);

- if ((unsigned long)from < TASK_SIZE) {
- over = (unsigned long)from + len - TASK_SIZE;
- return __copy_tofrom_user(to, from, len - over) + over;
- }
- return len;
+ if (unlikely(res))
+ memset(to + (len - res), 0, res);
+
+ return res;
}

static inline unsigned long
copy_to_user(void *to, const void *from, unsigned long len)
{
- unsigned long over;
-
- if (access_ok(VERIFY_WRITE, to, len))
- return __copy_tofrom_user(to, from, len);
+ if (likely(access_ok(VERIFY_WRITE, to, len)))
+ len = __copy_tofrom_user(to, from, len);

- if ((unsigned long)to < TASK_SIZE) {
- over = (unsigned long)to + len - TASK_SIZE;
- return __copy_tofrom_user(to, from, len - over) + over;
- }
return len;
}

-#define __copy_from_user(to, from, len) \
- __copy_tofrom_user((to), (from), (len))
+static inline unsigned long
+__copy_from_user(void *to, const void *from, unsigned long len)
+{
+ unsigned long left = __copy_tofrom_user(to, from, len);
+ if (unlikely(left))
+ memset(to + (len - left), 0, left);
+ return left;
+}

#define __copy_to_user(to, from, len) \
__copy_tofrom_user((to), (from), (len))
@@ -343,17 +342,17 @@ __copy_to_user_inatomic(void *to, const
static inline unsigned long
__copy_from_user_inatomic(void *to, const void *from, unsigned long len)
{
- return __copy_from_user(to, from, len);
+ return __copy_tofrom_user(to, from, len);
}

-#define __copy_in_user(to, from, len) __copy_from_user(to, from, len)
+#define __copy_in_user(to, from, len) __copy_tofrom_user(to, from, len)

static inline unsigned long
copy_in_user(void *to, const void *from, unsigned long len)
{
if (access_ok(VERIFY_READ, from, len) &&
access_ok(VERFITY_WRITE, to, len))
- return copy_from_user(to, from, len);
+ return __copy_tofrom_user(to, from, len);
}

/*

Next message: Greg Kroah-Hartman: "[PATCH 4.7 169/184] sh: cmpxchg: fix a bit shift bug in big_endian os"
Previous message: Greg Kroah-Hartman: "[PATCH 4.7 165/184] cris: buggered copy_from_user/copy_to_user/clear_user"
In reply to: Greg Kroah-Hartman: "[PATCH 4.7 165/184] cris: buggered copy_from_user/copy_to_user/clear_user"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.7 169/184] sh: cmpxchg: fix a bit shift bug in big_endian os"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]