projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2ea659a)
copy_{from,to}_user(): move kasan checks and might_fault() out-of-line
authorAl Viro <viro@zeniv.linux.org.uk>
Fri, 30 Jun 2017 01:39:54 +0000 (21:39 -0400)
committerAl Viro <viro@zeniv.linux.org.uk>
Fri, 30 Jun 2017 02:21:20 +0000 (22:21 -0400)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
include/linux/uaccess.h patch | blob | blame | history
lib/usercopy.c patch | blob | blame | history

diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
index 201418d5e15c2b92dc7d7bc73b54f469eb488a35..e57328896a16ae43bfd5882b1a4e3f272e675dd1 100644 (file)
--- a/include/linux/uaccess.h
+++ b/include/linux/uaccess.h
@@ -109,8 +109,11 @@ static inline unsigned long
 _copy_from_user(void *to, const void __user *from, unsigned long n)
 {
        unsigned long res = n;
-       if (likely(access_ok(VERIFY_READ, from, n)))
+       might_fault();
+       if (likely(access_ok(VERIFY_READ, from, n))) {
+               kasan_check_write(to, n);
                res = raw_copy_from_user(to, from, n);
+       }
        if (unlikely(res))
                memset(to + (n - res), 0, res);
        return res;
@@ -124,8 +127,11 @@ _copy_from_user(void *, const void __user *, unsigned long);
 static inline unsigned long
 _copy_to_user(void __user *to, const void *from, unsigned long n)
 {
-       if (access_ok(VERIFY_WRITE, to, n))
+       might_fault();
+       if (access_ok(VERIFY_WRITE, to, n)) {
+               kasan_check_read(from, n);
                n = raw_copy_to_user(to, from, n);
+       }
        return n;
 }
 #else
@@ -146,9 +152,6 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
 {
        int sz = __compiletime_object_size(to);
 
-       might_fault();
-       kasan_check_write(to, n);
-
        if (likely(sz < 0 || sz >= n)) {
                check_object_size(to, n, false);
                n = _copy_from_user(to, from, n);
@@ -165,9 +168,6 @@ copy_to_user(void __user *to, const void *from, unsigned long n)
 {
        int sz = __compiletime_object_size(from);
 
-       kasan_check_read(from, n);
-       might_fault();
-
        if (likely(sz < 0 || sz >= n)) {
                check_object_size(from, n, true);
                n = _copy_to_user(to, from, n);
diff --git a/lib/usercopy.c b/lib/usercopy.c
index 1b6010a3beb8528a71676e2fdf0cf19924fd889a..f5d9f08ee032f36a19cafa8a2d83f648d326fd97 100644 (file)
--- a/lib/usercopy.c
+++ b/lib/usercopy.c
@@ -6,8 +6,11 @@
 unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n)
 {
        unsigned long res = n;
-       if (likely(access_ok(VERIFY_READ, from, n)))
+       might_fault();
+       if (likely(access_ok(VERIFY_READ, from, n))) {
+               kasan_check_write(to, n);
                res = raw_copy_from_user(to, from, n);
+       }
        if (unlikely(res))
                memset(to + (n - res), 0, res);
        return res;
@@ -18,8 +21,11 @@ EXPORT_SYMBOL(_copy_from_user);
 #ifndef INLINE_COPY_TO_USER
 unsigned long _copy_to_user(void *to, const void __user *from, unsigned long n)
 {
-       if (likely(access_ok(VERIFY_WRITE, to, n)))
+       might_fault();
+       if (likely(access_ok(VERIFY_WRITE, to, n))) {
+               kasan_check_read(from, n);
                n = raw_copy_to_user(to, from, n);
+       }
        return n;
 }
 EXPORT_SYMBOL(_copy_to_user);