2005-04-17 06:20:36 +08:00
|
|
|
#ifndef __PARISC_UACCESS_H
|
|
|
|
|
#define __PARISC_UACCESS_H
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* User space memory access functions
|
|
|
|
|
*/
|
|
|
|
|
#include <asm/page.h>
|
|
|
|
|
#include <asm/cache.h>
|
2010-02-02 03:56:33 +08:00
|
|
|
#include <asm/errno.h>
|
2009-05-14 06:56:30 +08:00
|
|
|
#include <asm-generic/uaccess-unaligned.h>
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2014-10-22 03:29:09 +08:00
|
|
|
#include <linux/bug.h>
|
2016-08-21 07:03:37 +08:00
|
|
|
#include <linux/string.h>
|
2016-10-06 15:07:30 +08:00
|
|
|
#include <linux/thread_info.h>
|
2014-10-22 03:29:09 +08:00
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
#define VERIFY_READ 0
|
|
|
|
|
#define VERIFY_WRITE 1
|
|
|
|
|
|
|
|
|
|
#define KERNEL_DS ((mm_segment_t){0})
|
|
|
|
|
#define USER_DS ((mm_segment_t){1})
|
|
|
|
|
|
2015-01-06 23:45:34 +08:00
|
|
|
#define segment_eq(a, b) ((a).seg == (b).seg)
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
#define get_ds() (KERNEL_DS)
|
|
|
|
|
#define get_fs() (current_thread_info()->addr_limit)
|
|
|
|
|
#define set_fs(x) (current_thread_info()->addr_limit = (x))
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Note that since kernel addresses are in a separate address space on
|
2005-05-01 23:59:08 +08:00
|
|
|
* parisc, we don't need to do anything for access_ok().
|
2005-04-17 06:20:36 +08:00
|
|
|
* We just let the page fault handler do the right thing. This also means
|
|
|
|
|
* that put_user is the same as __put_user, etc.
|
|
|
|
|
*/
|
|
|
|
|
|
2017-03-16 04:48:42 +08:00
|
|
|
#define access_ok(type, uaddr, size) \
|
|
|
|
|
( (uaddr) == (uaddr) )
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
#define put_user __put_user
|
|
|
|
|
#define get_user __get_user
|
|
|
|
|
|
2006-12-20 07:35:57 +08:00
|
|
|
#if !defined(CONFIG_64BIT)
|
2016-04-09 14:27:08 +08:00
|
|
|
#define LDD_USER(ptr) __get_user_asm64(ptr)
|
2015-01-06 23:45:34 +08:00
|
|
|
#define STD_USER(x, ptr) __put_user_asm64(x, ptr)
|
2005-04-17 06:20:36 +08:00
|
|
|
#else
|
2015-01-06 23:45:34 +08:00
|
|
|
#define LDD_USER(ptr) __get_user_asm("ldd", ptr)
|
|
|
|
|
#define STD_USER(x, ptr) __put_user_asm("std", x, ptr)
|
2005-04-17 06:20:36 +08:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/*
|
2016-04-09 03:36:06 +08:00
|
|
|
* The exception table contains two values: the first is the relative offset to
|
|
|
|
|
* the address of the instruction that is allowed to fault, and the second is
|
|
|
|
|
* the relative offset to the address of the fixup routine. Since relative
|
|
|
|
|
* addresses are used, 32bit values are sufficient even on 64bit kernel.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
|
|
|
|
|
2016-03-23 23:00:46 +08:00
|
|
|
#define ARCH_HAS_RELATIVE_EXTABLE
|
2005-04-17 06:20:36 +08:00
|
|
|
struct exception_table_entry {
|
2016-03-23 23:00:46 +08:00
|
|
|
int insn; /* relative address of insn that is allowed to fault. */
|
|
|
|
|
int fixup; /* relative address of fixup routine */
|
2005-04-17 06:20:36 +08:00
|
|
|
};
|
|
|
|
|
|
2007-01-28 21:52:57 +08:00
|
|
|
#define ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr )\
|
|
|
|
|
".section __ex_table,\"aw\"\n" \
|
2016-03-23 23:00:46 +08:00
|
|
|
".word (" #fault_addr " - .), (" #except_addr " - .)\n\t" \
|
2007-01-28 21:52:57 +08:00
|
|
|
".previous\n"
|
|
|
|
|
|
2017-03-25 18:59:15 +08:00
|
|
|
/*
|
|
|
|
|
* ASM_EXCEPTIONTABLE_ENTRY_EFAULT() creates a special exception table entry
|
|
|
|
|
* (with lowest bit set) for which the fault handler in fixup_exception() will
|
|
|
|
|
* load -EFAULT into %r8 for a read or write fault, and zeroes the target
|
|
|
|
|
* register in case of a read fault in get_user().
|
|
|
|
|
*/
|
|
|
|
|
#define ASM_EXCEPTIONTABLE_ENTRY_EFAULT( fault_addr, except_addr )\
|
|
|
|
|
ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr + 1)
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
|
* The page fault handler stores, in a per-cpu area, the following information
|
|
|
|
|
* if a fixup routine is available.
|
|
|
|
|
*/
|
|
|
|
|
struct exception_data {
|
|
|
|
|
unsigned long fault_ip;
|
2016-04-09 00:32:52 +08:00
|
|
|
unsigned long fault_gp;
|
2005-04-17 06:20:36 +08:00
|
|
|
unsigned long fault_space;
|
|
|
|
|
unsigned long fault_addr;
|
|
|
|
|
};
|
|
|
|
|
|
2016-04-09 14:26:14 +08:00
|
|
|
/*
|
|
|
|
|
* load_sr2() preloads the space register %%sr2 - based on the value of
|
|
|
|
|
* get_fs() - with either a value of 0 to access kernel space (KERNEL_DS which
|
|
|
|
|
* is 0), or with the current value of %%sr3 to access user space (USER_DS)
|
|
|
|
|
* memory. The following __get_user_asm() and __put_user_asm() functions have
|
|
|
|
|
* %%sr2 hard-coded to access the requested memory.
|
|
|
|
|
*/
|
|
|
|
|
#define load_sr2() \
|
|
|
|
|
__asm__(" or,= %0,%%r0,%%r0\n\t" \
|
|
|
|
|
" mfsp %%sr3,%0\n\t" \
|
|
|
|
|
" mtsp %0,%%sr2\n\t" \
|
|
|
|
|
: : "r"(get_fs()) : )
|
|
|
|
|
|
2015-01-06 23:45:34 +08:00
|
|
|
#define __get_user(x, ptr) \
|
|
|
|
|
({ \
|
|
|
|
|
register long __gu_err __asm__ ("r8") = 0; \
|
2017-03-25 18:59:15 +08:00
|
|
|
register long __gu_val; \
|
2015-01-06 23:45:34 +08:00
|
|
|
\
|
2016-04-09 14:26:14 +08:00
|
|
|
load_sr2(); \
|
|
|
|
|
switch (sizeof(*(ptr))) { \
|
2015-01-06 23:45:34 +08:00
|
|
|
case 1: __get_user_asm("ldb", ptr); break; \
|
|
|
|
|
case 2: __get_user_asm("ldh", ptr); break; \
|
|
|
|
|
case 4: __get_user_asm("ldw", ptr); break; \
|
|
|
|
|
case 8: LDD_USER(ptr); break; \
|
|
|
|
|
default: BUILD_BUG(); break; \
|
|
|
|
|
} \
|
|
|
|
|
\
|
|
|
|
|
(x) = (__force __typeof__(*(ptr))) __gu_val; \
|
|
|
|
|
__gu_err; \
|
2005-04-17 06:20:36 +08:00
|
|
|
})
|
|
|
|
|
|
2015-01-06 23:45:34 +08:00
|
|
|
#define __get_user_asm(ldx, ptr) \
|
2017-03-25 18:59:15 +08:00
|
|
|
__asm__("1: " ldx " 0(%%sr2,%2),%0\n" \
|
|
|
|
|
"9:\n" \
|
|
|
|
|
ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \
|
2005-04-17 06:20:36 +08:00
|
|
|
: "=r"(__gu_val), "=r"(__gu_err) \
|
2017-03-25 18:59:15 +08:00
|
|
|
: "r"(ptr), "1"(__gu_err));
|
2005-04-17 06:20:36 +08:00
|
|
|
|
2016-04-09 14:27:08 +08:00
|
|
|
#if !defined(CONFIG_64BIT)
|
|
|
|
|
|
|
|
|
|
#define __get_user_asm64(ptr) \
|
2017-03-25 18:59:15 +08:00
|
|
|
__asm__(" copy %%r0,%R0\n" \
|
|
|
|
|
"1: ldw 0(%%sr2,%2),%0\n" \
|
|
|
|
|
"2: ldw 4(%%sr2,%2),%R0\n" \
|
|
|
|
|
"9:\n" \
|
|
|
|
|
ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \
|
|
|
|
|
ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b) \
|
2016-04-09 14:27:08 +08:00
|
|
|
: "=r"(__gu_val), "=r"(__gu_err) \
|
2017-03-25 18:59:15 +08:00
|
|
|
: "r"(ptr), "1"(__gu_err));
|
2016-04-09 14:27:08 +08:00
|
|
|
|
|
|
|
|
#endif /* !defined(CONFIG_64BIT) */
|
|
|
|
|
|
|
|
|
|
|
2015-01-06 23:45:34 +08:00
|
|
|
#define __put_user(x, ptr) \
|
2005-04-17 06:20:36 +08:00
|
|
|
({ \
|
|
|
|
|
register long __pu_err __asm__ ("r8") = 0; \
|
|
|
|
|
__typeof__(*(ptr)) __x = (__typeof__(*(ptr)))(x); \
|
|
|
|
|
\
|
2016-04-09 14:26:14 +08:00
|
|
|
load_sr2(); \
|
|
|
|
|
switch (sizeof(*(ptr))) { \
|
2015-01-06 23:45:34 +08:00
|
|
|
case 1: __put_user_asm("stb", __x, ptr); break; \
|
|
|
|
|
case 2: __put_user_asm("sth", __x, ptr); break; \
|
|
|
|
|
case 4: __put_user_asm("stw", __x, ptr); break; \
|
|
|
|
|
case 8: STD_USER(__x, ptr); break; \
|
2014-10-22 03:29:09 +08:00
|
|
|
default: BUILD_BUG(); break; \
|
2005-04-17 06:20:36 +08:00
|
|
|
} \
|
|
|
|
|
\
|
|
|
|
|
__pu_err; \
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The "__put_user/kernel_asm()" macros tell gcc they read from memory
|
|
|
|
|
* instead of writing. This is because they do not write to any memory
|
2006-04-23 04:47:21 +08:00
|
|
|
* gcc knows about, so there are no aliasing issues. These macros must
|
2017-03-25 18:59:15 +08:00
|
|
|
* also be aware that fixups are executed in the context of the fault,
|
|
|
|
|
* and any registers used there must be listed as clobbers.
|
|
|
|
|
* r8 is already listed as err.
|
2005-04-17 06:20:36 +08:00
|
|
|
*/
|
|
|
|
|
|
2015-01-06 23:45:34 +08:00
|
|
|
#define __put_user_asm(stx, x, ptr) \
|
2005-04-17 06:20:36 +08:00
|
|
|
__asm__ __volatile__ ( \
|
2017-03-25 18:59:15 +08:00
|
|
|
"1: " stx " %2,0(%%sr2,%1)\n" \
|
|
|
|
|
"9:\n" \
|
|
|
|
|
ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \
|
2005-04-17 06:20:36 +08:00
|
|
|
: "=r"(__pu_err) \
|
2017-03-25 18:59:15 +08:00
|
|
|
: "r"(ptr), "r"(x), "0"(__pu_err))
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
|
2006-12-20 07:35:57 +08:00
|
|
|
#if !defined(CONFIG_64BIT)
|
2006-12-20 05:33:58 +08:00
|
|
|
|
2015-01-06 23:45:34 +08:00
|
|
|
#define __put_user_asm64(__val, ptr) do { \
|
2005-04-17 06:20:36 +08:00
|
|
|
__asm__ __volatile__ ( \
|
2017-03-25 18:59:15 +08:00
|
|
|
"1: stw %2,0(%%sr2,%1)\n" \
|
|
|
|
|
"2: stw %R2,4(%%sr2,%1)\n" \
|
|
|
|
|
"9:\n" \
|
|
|
|
|
ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \
|
|
|
|
|
ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b) \
|
2005-04-17 06:20:36 +08:00
|
|
|
: "=r"(__pu_err) \
|
2017-03-25 18:59:15 +08:00
|
|
|
: "r"(ptr), "r"(__val), "0"(__pu_err)); \
|
2005-04-17 06:20:36 +08:00
|
|
|
} while (0)
|
|
|
|
|
|
2006-12-20 07:35:57 +08:00
|
|
|
#endif /* !defined(CONFIG_64BIT) */
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Complex access routines -- external declarations
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
extern unsigned long lcopy_to_user(void __user *, const void *, unsigned long);
|
|
|
|
|
extern unsigned long lcopy_from_user(void *, const void __user *, unsigned long);
|
|
|
|
|
extern unsigned long lcopy_in_user(void __user *, const void __user *, unsigned long);
|
2012-05-26 16:48:19 +08:00
|
|
|
extern long strncpy_from_user(char *, const char __user *, long);
|
2015-01-06 23:45:34 +08:00
|
|
|
extern unsigned lclear_user(void __user *, unsigned long);
|
|
|
|
|
extern long lstrnlen_user(const char __user *, long);
|
2005-04-17 06:20:36 +08:00
|
|
|
/*
|
|
|
|
|
* Complex access routines -- macros
|
|
|
|
|
*/
|
2013-11-20 06:31:35 +08:00
|
|
|
#define user_addr_max() (~0UL)
|
2005-04-17 06:20:36 +08:00
|
|
|
|
|
|
|
|
#define strnlen_user lstrnlen_user
|
|
|
|
|
#define strlen_user(str) lstrnlen_user(str, 0x7fffffffL)
|
|
|
|
|
#define clear_user lclear_user
|
|
|
|
|
#define __clear_user lclear_user
|
|
|
|
|
|
2016-10-06 15:07:30 +08:00
|
|
|
unsigned long __must_check __copy_to_user(void __user *dst, const void *src,
|
|
|
|
|
unsigned long len);
|
|
|
|
|
unsigned long __must_check __copy_from_user(void *dst, const void __user *src,
|
|
|
|
|
unsigned long len);
|
|
|
|
|
unsigned long copy_in_user(void __user *dst, const void __user *src,
|
|
|
|
|
unsigned long len);
|
2005-04-17 06:20:36 +08:00
|
|
|
#define __copy_in_user copy_in_user
|
|
|
|
|
#define __copy_to_user_inatomic __copy_to_user
|
|
|
|
|
#define __copy_from_user_inatomic __copy_from_user
|
|
|
|
|
|
mm/usercopy: get rid of CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
There are three usercopy warnings which are currently being silenced for
gcc 4.6 and newer:
1) "copy_from_user() buffer size is too small" compile warning/error
This is a static warning which happens when object size and copy size
are both const, and copy size > object size. I didn't see any false
positives for this one. So the function warning attribute seems to
be working fine here.
Note this scenario is always a bug and so I think it should be
changed to *always* be an error, regardless of
CONFIG_DEBUG_STRICT_USER_COPY_CHECKS.
2) "copy_from_user() buffer size is not provably correct" compile warning
This is another static warning which happens when I enable
__compiletime_object_size() for new compilers (and
CONFIG_DEBUG_STRICT_USER_COPY_CHECKS). It happens when object size
is const, but copy size is *not*. In this case there's no way to
compare the two at build time, so it gives the warning. (Note the
warning is a byproduct of the fact that gcc has no way of knowing
whether the overflow function will be called, so the call isn't dead
code and the warning attribute is activated.)
So this warning seems to only indicate "this is an unusual pattern,
maybe you should check it out" rather than "this is a bug".
I get 102(!) of these warnings with allyesconfig and the
__compiletime_object_size() gcc check removed. I don't know if there
are any real bugs hiding in there, but from looking at a small
sample, I didn't see any. According to Kees, it does sometimes find
real bugs. But the false positive rate seems high.
3) "Buffer overflow detected" runtime warning
This is a runtime warning where object size is const, and copy size >
object size.
All three warnings (both static and runtime) were completely disabled
for gcc 4.6 with the following commit:
2fb0815c9ee6 ("gcc4: disable __compiletime_object_size for GCC 4.6+")
That commit mistakenly assumed that the false positives were caused by a
gcc bug in __compiletime_object_size(). But in fact,
__compiletime_object_size() seems to be working fine. The false
positives were instead triggered by #2 above. (Though I don't have an
explanation for why the warnings supposedly only started showing up in
gcc 4.6.)
So remove warning #2 to get rid of all the false positives, and re-enable
warnings #1 and #3 by reverting the above commit.
Furthermore, since #1 is a real bug which is detected at compile time,
upgrade it to always be an error.
Having done all that, CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is no longer
needed.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Byungchul Park <byungchul.park@lge.com>
Cc: Nilay Vaish <nilayvaish@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-08-30 21:04:16 +08:00
|
|
|
extern void __compiletime_error("usercopy buffer size is too small")
|
|
|
|
|
__bad_copy_user(void);
|
|
|
|
|
|
|
|
|
|
static inline void copy_user_overflow(int size, unsigned long count)
|
|
|
|
|
{
|
|
|
|
|
WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count);
|
|
|
|
|
}
|
2010-02-02 03:56:33 +08:00
|
|
|
|
2016-10-06 15:07:30 +08:00
|
|
|
static __always_inline unsigned long __must_check
|
|
|
|
|
copy_from_user(void *to, const void __user *from, unsigned long n)
|
2010-02-02 03:56:33 +08:00
|
|
|
{
|
2016-10-06 15:07:30 +08:00
|
|
|
int sz = __compiletime_object_size(to);
|
|
|
|
|
unsigned long ret = n;
|
2010-02-02 03:56:33 +08:00
|
|
|
|
2016-10-06 15:07:30 +08:00
|
|
|
if (likely(sz < 0 || sz >= n)) {
|
|
|
|
|
check_object_size(to, n, false);
|
|
|
|
|
ret = __copy_from_user(to, from, n);
|
|
|
|
|
} else if (!__builtin_constant_p(n))
|
mm/usercopy: get rid of CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
There are three usercopy warnings which are currently being silenced for
gcc 4.6 and newer:
1) "copy_from_user() buffer size is too small" compile warning/error
This is a static warning which happens when object size and copy size
are both const, and copy size > object size. I didn't see any false
positives for this one. So the function warning attribute seems to
be working fine here.
Note this scenario is always a bug and so I think it should be
changed to *always* be an error, regardless of
CONFIG_DEBUG_STRICT_USER_COPY_CHECKS.
2) "copy_from_user() buffer size is not provably correct" compile warning
This is another static warning which happens when I enable
__compiletime_object_size() for new compilers (and
CONFIG_DEBUG_STRICT_USER_COPY_CHECKS). It happens when object size
is const, but copy size is *not*. In this case there's no way to
compare the two at build time, so it gives the warning. (Note the
warning is a byproduct of the fact that gcc has no way of knowing
whether the overflow function will be called, so the call isn't dead
code and the warning attribute is activated.)
So this warning seems to only indicate "this is an unusual pattern,
maybe you should check it out" rather than "this is a bug".
I get 102(!) of these warnings with allyesconfig and the
__compiletime_object_size() gcc check removed. I don't know if there
are any real bugs hiding in there, but from looking at a small
sample, I didn't see any. According to Kees, it does sometimes find
real bugs. But the false positive rate seems high.
3) "Buffer overflow detected" runtime warning
This is a runtime warning where object size is const, and copy size >
object size.
All three warnings (both static and runtime) were completely disabled
for gcc 4.6 with the following commit:
2fb0815c9ee6 ("gcc4: disable __compiletime_object_size for GCC 4.6+")
That commit mistakenly assumed that the false positives were caused by a
gcc bug in __compiletime_object_size(). But in fact,
__compiletime_object_size() seems to be working fine. The false
positives were instead triggered by #2 above. (Though I don't have an
explanation for why the warnings supposedly only started showing up in
gcc 4.6.)
So remove warning #2 to get rid of all the false positives, and re-enable
warnings #1 and #3 by reverting the above commit.
Furthermore, since #1 is a real bug which is detected at compile time,
upgrade it to always be an error.
Having done all that, CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is no longer
needed.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: "H . Peter Anvin" <hpa@zytor.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Byungchul Park <byungchul.park@lge.com>
Cc: Nilay Vaish <nilayvaish@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-08-30 21:04:16 +08:00
|
|
|
copy_user_overflow(sz, n);
|
|
|
|
|
else
|
2016-10-06 15:07:30 +08:00
|
|
|
__bad_copy_user();
|
2010-02-02 03:56:33 +08:00
|
|
|
|
2016-08-21 07:03:37 +08:00
|
|
|
if (unlikely(ret))
|
|
|
|
|
memset(to + (n - ret), 0, ret);
|
2016-10-06 15:07:30 +08:00
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static __always_inline unsigned long __must_check
|
|
|
|
|
copy_to_user(void __user *to, const void *from, unsigned long n)
|
|
|
|
|
{
|
|
|
|
|
int sz = __compiletime_object_size(from);
|
|
|
|
|
|
|
|
|
|
if (likely(sz < 0 || sz >= n)) {
|
|
|
|
|
check_object_size(from, n, true);
|
|
|
|
|
n = __copy_to_user(to, from, n);
|
|
|
|
|
} else if (!__builtin_constant_p(n))
|
|
|
|
|
copy_user_overflow(sz, n);
|
|
|
|
|
else
|
|
|
|
|
__bad_copy_user();
|
|
|
|
|
|
|
|
|
|
return n;
|
2010-02-02 03:56:33 +08:00
|
|
|
}
|
|
|
|
|
|
2009-01-14 03:52:46 +08:00
|
|
|
struct pt_regs;
|
parisc: fix kernel crash (protection id trap) when compiling ruby1.9
On Wed, Dec 17, 2008 at 11:46:05PM +0100, Helge Deller wrote:
>
Honestly, I can't decide whether to apply this. It really should never
happen in the kernel, since the kernel can guarantee it won't get the
access rights failure (highest privilege level, and can set %sr and
%protid to whatever it wants.)
It really genuinely is a bug that probably should panic the kernel. The
only precedent I can easily see is x86 fixing up a bad iret with a
general protection fault, which is more or less analogous to code 27
here.
On the other hand, taking the exception on a userspace access really
isn't all that critical, and there's fundamentally little reason for the
kernel not to SIGSEGV the process, and continue...
Argh.
(btw, I've instrumented my do_sys_poll with a pile of assertions that
%cr8 << 1 == %sr3 == current->mm.context... let's see if where we're
getting corrupted is deterministic, though, I would guess that it won't
be.)
Signed-off-by: Kyle McMartin <kyle@mcmartin.ca>
2008-12-20 10:29:06 +08:00
|
|
|
int fixup_exception(struct pt_regs *regs);
|
|
|
|
|
|
2005-04-17 06:20:36 +08:00
|
|
|
#endif /* __PARISC_UACCESS_H */
|