summaryrefslogtreecommitdiff
path: root/include/asm-generic/uaccess.h
AgeCommit message (Collapse)Author
2017-04-26CONFIG_ARCH_HAS_RAW_COPY_USER is unconditional nowAl Viro
all architectures converted Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2017-03-28generic ...copy_..._user primitivesAl Viro
provide raw_copy_..._user() and select ARCH_HAS_RAW_COPY_USER to use those. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2017-03-28asm-generic: zero in __get_user(), not __get_user_fn()Al Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2017-03-28asm-generic/uaccess.h: don't mess with __copy_{to,from}_userAl Viro
only h8300 actually used those; might as well define them there. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2017-03-27add asm-generic/extable.hAl Viro
... and make the users of generic uaccess.h use that. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2017-03-05uaccess: drop duplicate includes from asm/uaccess.hAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2017-03-05uaccess: move VERIFY_{READ,WRITE} definitions to linux/uaccess.hAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-27exceptions: detritus removalAl Viro
externs and defines for stuff that is never used Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-14Merge branch 'uaccess-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull uaccess fixes from Al Viro: "Fixes for broken uaccess primitives - mostly lack of proper zeroing in copy_from_user()/get_user()/__get_user(), but for several architectures there's more (broken clear_user() on frv and strncpy_from_user() on hexagon)" * 'uaccess-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (28 commits) avr32: fix copy_from_user() microblaze: fix __get_user() microblaze: fix copy_from_user() m32r: fix __get_user() blackfin: fix copy_from_user() sparc32: fix copy_from_user() sh: fix copy_from_user() sh64: failing __get_user() should zero score: fix copy_from_user() and friends score: fix __get_user/get_user s390: get_user() should zero on failure ppc32: fix copy_from_user() parisc: fix copy_from_user() openrisc: fix copy_from_user() nios2: fix __get_user() nios2: copy_from_user() should zero the tail of destination mn10300: copy_from_user() should zero on access_ok() failure... mn10300: failing __get_user() and get_user() should zero mips: copy_from_user() must zero the destination on access_ok() failure ARC: uaccess: get_user to zero out dest in cause of fault ...
2016-09-13asm-generic: make get_user() clear the destination on errorsAl Viro
both for access_ok() failures and for faults halfway through Cc: stable@vger.kernel.org Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-09-09asm-generic: make copy_from_user() zero the destination properlyAl Viro
... in all cases, including the failing access_ok() Note that some architectures using asm-generic/uaccess.h have __copy_from_user() not zeroing the tail on failure halfway through. This variant works either way. Cc: stable@vger.kernel.org Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2016-08-30mm/usercopy: get rid of CONFIG_DEBUG_STRICT_USER_COPY_CHECKSJosh Poimboeuf
There are three usercopy warnings which are currently being silenced for gcc 4.6 and newer: 1) "copy_from_user() buffer size is too small" compile warning/error This is a static warning which happens when object size and copy size are both const, and copy size > object size. I didn't see any false positives for this one. So the function warning attribute seems to be working fine here. Note this scenario is always a bug and so I think it should be changed to *always* be an error, regardless of CONFIG_DEBUG_STRICT_USER_COPY_CHECKS. 2) "copy_from_user() buffer size is not provably correct" compile warning This is another static warning which happens when I enable __compiletime_object_size() for new compilers (and CONFIG_DEBUG_STRICT_USER_COPY_CHECKS). It happens when object size is const, but copy size is *not*. In this case there's no way to compare the two at build time, so it gives the warning. (Note the warning is a byproduct of the fact that gcc has no way of knowing whether the overflow function will be called, so the call isn't dead code and the warning attribute is activated.) So this warning seems to only indicate "this is an unusual pattern, maybe you should check it out" rather than "this is a bug". I get 102(!) of these warnings with allyesconfig and the __compiletime_object_size() gcc check removed. I don't know if there are any real bugs hiding in there, but from looking at a small sample, I didn't see any. According to Kees, it does sometimes find real bugs. But the false positive rate seems high. 3) "Buffer overflow detected" runtime warning This is a runtime warning where object size is const, and copy size > object size. All three warnings (both static and runtime) were completely disabled for gcc 4.6 with the following commit: 2fb0815c9ee6 ("gcc4: disable __compiletime_object_size for GCC 4.6+") That commit mistakenly assumed that the false positives were caused by a gcc bug in __compiletime_object_size(). But in fact, __compiletime_object_size() seems to be working fine. The false positives were instead triggered by #2 above. (Though I don't have an explanation for why the warnings supposedly only started showing up in gcc 4.6.) So remove warning #2 to get rid of all the false positives, and re-enable warnings #1 and #3 by reverting the above commit. Furthermore, since #1 is a real bug which is detected at compile time, upgrade it to always be an error. Having done all that, CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is no longer needed. Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Kees Cook <keescook@chromium.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@kernel.org> Cc: "H . Peter Anvin" <hpa@zytor.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Brian Gerst <brgerst@gmail.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Frederic Weisbecker <fweisbec@gmail.com> Cc: Byungchul Park <byungchul.park@lge.com> Cc: Nilay Vaish <nilayvaish@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-11-08asm-generic: {get,put}_user ptr argument evaluate only 1 timeYoshinori Sato
Current implemantation ptr argument evaluate 2 times. It'll be an unexpected result. Changes v5: Remove unnecessary const. Changes v4: Temporary pointer type change to const void* Changes v3: Some build error fix. Changes v2: Argument x protect. Signed-off-by: Yoshinori Sato <ysato@users.sourceforge.jp>
2014-01-02asm-generic: uaccess: Spelling s/a ny/any/Geert Uytterhoeven
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-05-28asm-generic: uaccess s/might_sleep/might_fault/Michael S. Tsirkin
The only reason uaccess routines might sleep is if they fault. Make this explicit. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Peter Zijlstra <peterz@infradead.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Link: http://lkml.kernel.org/r/1369577426-26721-1-git-send-email-mst@redhat.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-02-11asm-generic: uaccess: Allow arches to over-ride __{get,put}_user_fn()Vineet Gupta
As of now these default to calling the arch provided __copy_{to,from}_user() routines which being general purpose (w.r.t buffer alignment and lengths) would lead to alignment checks in generated code (for arches which don't support unaligned load/stores). Given that in this case we already know that data involved is "unit" sized and aligned, using the vanilla copy backend is a bit wasteful. This change thus allows arches to over-ride the aforementioned routines. Signed-off-by: Vineet Gupta <vgupta@synopsys.com> Acked-by: Arnd Bergmann <arnd@arndb.de>
2013-02-11asm-generic headers: uaccess.h to conditionally define segment_eq()Vineet Gupta
This is because mm_segment_t is exported by arch code, while seqment_eq assumes it will have .seg element. Acked-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2011-10-06fix default __strnlen_user macroMark Salter
The existing __strnlen_user macro simply resolved to strnlen. However, the count returned by strnlen_user should include the NULL byte. This patch fixes the __strnlen_user macro to include the NULL byte in the count. Signed-off-by: Mark Salter <msalter@redhat.com> Acked-by: Arnd Bergmann <arnd@arndb.de>
2011-03-17asm-generic headers: add arch-specific __strnlen_user calling in uaccess.hGuanXuetao
This patch changes the implementation of strnlen_user in include/asm-generic/uaccess.h. Originally, it calls strlen() function directly, which may not correctly handle the access of user space in most mmu-enabled architectures. New __strnlen_user is added for using as an architecture specific function. Signed-off-by: Guan Xuetao <gxt@mprc.pku.edu.cn> Reviewed-by: Arnd Bergmann <arnd@arndb.de>
2009-06-19asm-generic: uaccess: fix up local access_ok() usageMike Frysinger
There's no reason that I can see to use the short __access_ok() form directly when the access_ok() is clearer in intent and for most people, expands to the same C code (i.e. always specify the first field -- access type). Not all no-mmu systems lack memory protection, so the read/write could feasibly be checked. Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2009-06-19asm-generic: uaccess: add missing access_ok() check to strnlen_user()Mike Frysinger
The strnlen_user() function was missing a access_ok() check on the pointer given. We've had cases on Blackfin systems where test programs caused kernel crashes here because userspace passed up a NULL/-1 pointer and the kernel gladly attempted to run strlen() on it. Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2009-06-11asm-generic: add a generic uaccess.hArnd Bergmann
Based on discussions with Michal Simek and code from m68knommu and h8300, this version of uaccess.h should be usable by most architectures, by overriding some parts of it. Simple NOMMU architectures can use it out of the box, but a minimal __access_ok() should be added there as well. Cc: Michal Simek <monstr@monstr.eu> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2009-06-11asm-generic: rename page.h and uaccess.hArnd Bergmann
The current asm-generic/page.h only contains the get_order function, and asm-generic/uaccess.h only implements unaligned accesses. This renames the file to getorder.h and uaccess-unaligned.h to make room for new page.h and uaccess.h file that will be usable by all simple (e.g. nommu) architectures. Signed-off-by: Remis Lima Baima <remis.developer@googlemail.com> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2005-04-16Linux-2.6.12-rc2Linus Torvalds
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!