uaccess: reimplement probe_kernel_address() using probe_kernel_read()
probe_kernel_address() is basically the same as the (later added) probe_kernel_read(). The return value on EFAULT is a bit different: probe_kernel_address() returns number-of-bytes-not-copied whereas probe_kernel_read() returns -EFAULT. All callers have been checked, none cared. probe_kernel_read() can be overridden by the architecture whereas probe_kernel_address() cannot. parisc, blackfin and um do this, to insert additional checking. Hence this patch possibly fixes obscure bugs, although there are only two probe_kernel_address() callsites outside arch/. My first attempt involved removing probe_kernel_address() entirely and converting all callsites to use probe_kernel_read() directly, but that got tiresome. This patch shrinks mm/slab_common.o by 218 bytes. For a single probe_kernel_address() callsite. Cc: Steven Miao <realmz6@gmail.com> Cc: Jeff Dike <jdike@addtoit.com> Cc: Richard Weinberger <richard@nod.at> Cc: "James E.J. Bottomley" <jejb@parisc-linux.org> Cc: Helge Deller <deller@gmx.de> Cc: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
86d2adccfb
commit
0ab32b6f1b
|
@ -803,7 +803,7 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
fault = probe_kernel_address(instrptr, instr);
|
fault = probe_kernel_address((void *)instrptr, instr);
|
||||||
instr = __mem_to_opcode_arm(instr);
|
instr = __mem_to_opcode_arm(instr);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -999,7 +999,7 @@ int fsl_pci_mcheck_exception(struct pt_regs *regs)
|
||||||
ret = get_user(regs->nip, &inst);
|
ret = get_user(regs->nip, &inst);
|
||||||
pagefault_enable();
|
pagefault_enable();
|
||||||
} else {
|
} else {
|
||||||
ret = probe_kernel_address(regs->nip, inst);
|
ret = probe_kernel_address((void *)regs->nip, inst);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (mcheck_handle_load(regs, inst)) {
|
if (mcheck_handle_load(regs, inst)) {
|
||||||
|
|
|
@ -75,36 +75,6 @@ static inline unsigned long __copy_from_user_nocache(void *to,
|
||||||
|
|
||||||
#endif /* ARCH_HAS_NOCACHE_UACCESS */
|
#endif /* ARCH_HAS_NOCACHE_UACCESS */
|
||||||
|
|
||||||
/**
|
|
||||||
* probe_kernel_address(): safely attempt to read from a location
|
|
||||||
* @addr: address to read from - its type is type typeof(retval)*
|
|
||||||
* @retval: read into this variable
|
|
||||||
*
|
|
||||||
* Safely read from address @addr into variable @revtal. If a kernel fault
|
|
||||||
* happens, handle that and return -EFAULT.
|
|
||||||
* We ensure that the __get_user() is executed in atomic context so that
|
|
||||||
* do_page_fault() doesn't attempt to take mmap_sem. This makes
|
|
||||||
* probe_kernel_address() suitable for use within regions where the caller
|
|
||||||
* already holds mmap_sem, or other locks which nest inside mmap_sem.
|
|
||||||
* This must be a macro because __get_user() needs to know the types of the
|
|
||||||
* args.
|
|
||||||
*
|
|
||||||
* We don't include enough header files to be able to do the set_fs(). We
|
|
||||||
* require that the probe_kernel_address() caller will do that.
|
|
||||||
*/
|
|
||||||
#define probe_kernel_address(addr, retval) \
|
|
||||||
({ \
|
|
||||||
long ret; \
|
|
||||||
mm_segment_t old_fs = get_fs(); \
|
|
||||||
\
|
|
||||||
set_fs(KERNEL_DS); \
|
|
||||||
pagefault_disable(); \
|
|
||||||
ret = __copy_from_user_inatomic(&(retval), (__force typeof(retval) __user *)(addr), sizeof(retval)); \
|
|
||||||
pagefault_enable(); \
|
|
||||||
set_fs(old_fs); \
|
|
||||||
ret; \
|
|
||||||
})
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* probe_kernel_read(): safely attempt to read from a location
|
* probe_kernel_read(): safely attempt to read from a location
|
||||||
* @dst: pointer to the buffer that shall take the data
|
* @dst: pointer to the buffer that shall take the data
|
||||||
|
@ -131,4 +101,14 @@ extern long notrace __probe_kernel_write(void *dst, const void *src, size_t size
|
||||||
|
|
||||||
extern long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count);
|
extern long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* probe_kernel_address(): safely attempt to read from a location
|
||||||
|
* @addr: address to read from
|
||||||
|
* @retval: read into this variable
|
||||||
|
*
|
||||||
|
* Returns 0 on success, or -EFAULT.
|
||||||
|
*/
|
||||||
|
#define probe_kernel_address(addr, retval) \
|
||||||
|
probe_kernel_read(&retval, addr, sizeof(retval))
|
||||||
|
|
||||||
#endif /* __LINUX_UACCESS_H__ */
|
#endif /* __LINUX_UACCESS_H__ */
|
||||||
|
|
|
@ -13,6 +13,11 @@
|
||||||
*
|
*
|
||||||
* Safely read from address @src to the buffer at @dst. If a kernel fault
|
* Safely read from address @src to the buffer at @dst. If a kernel fault
|
||||||
* happens, handle that and return -EFAULT.
|
* happens, handle that and return -EFAULT.
|
||||||
|
*
|
||||||
|
* We ensure that the copy_from_user is executed in atomic context so that
|
||||||
|
* do_page_fault() doesn't attempt to take mmap_sem. This makes
|
||||||
|
* probe_kernel_read() suitable for use within regions where the caller
|
||||||
|
* already holds mmap_sem, or other locks which nest inside mmap_sem.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
long __weak probe_kernel_read(void *dst, const void *src, size_t size)
|
long __weak probe_kernel_read(void *dst, const void *src, size_t size)
|
||||||
|
|
Loading…
Reference in New Issue