alpha: get rid of tail-zeroing in __copy_user()

... and adjust copy_from_user() accordingly Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2016-09-10 16:21:34 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2016-09-15 19:51:54 -0400
commit: 085354f907969fb3ee33f236368f6e1dd4c74d62 (patch)
tree: 26f51f89198a993dff1c7ef7245ad3e8d0d8c327
parent: 8630c32275bac2de6ffb8aea9d9b11663e7ad28e (diff)
3 files changed, 7 insertions, 41 deletions
diff --git a/arch/alpha/include/asm/uaccess.h b/arch/alpha/include/asm/uaccess.h
index 466e42e96bfa..94f587535dee 100644
--- a/arch/alpha/include/asm/uaccess.h
+++ b/arch/alpha/include/asm/uaccess.h
@@ -396,11 +396,12 @@ copy_to_user(void __user *to, const void *from, long n)
 extern inline long
 copy_from_user(void *to, const void __user *from, long n)
 {
+        long res = n;
        if (likely(__access_ok((unsigned long)from, n, get_fs())))
-                n = __copy_tofrom_user_nocheck(to, (__force void *)from, n);
+                res = __copy_from_user_inatomic(to, from, n);
-        else
+        if (unlikely(res))
-                memset(to, 0, n);
+                memset(to + (n - res), 0, res);
-        return n;
+        return res;
 }
 extern void __do_clear_user(void);
diff --git a/arch/alpha/lib/copy_user.S b/arch/alpha/lib/copy_user.S
index 6f3fab9eb434..ac9c3766ba8c 100644
--- a/arch/alpha/lib/copy_user.S
+++ b/arch/alpha/lib/copy_user.S
@@ -124,22 +124,8 @@ $65:
        bis $31,$31,$0
 $41:
 $35:
-$exitout:
-        ret $31,($28),1
 $exitin:
-        /* A stupid byte-by-byte zeroing of the rest of the output
+$exitout:
-           buffer.  This cures security holes by never leaving 
-           random kernel data around to be copied elsewhere.  */
-        mov $0,$1
-$101:
-        EXO ( ldq_u $2,0($6) )
-        subq $1,1,$1
-        mskbl $2,$6,$2
-        EXO ( stq_u $2,0($6) )
-        addq $6,1,$6
-        bgt $1,$101
        ret $31,($28),1
        .end __copy_user
diff --git a/arch/alpha/lib/ev6-copy_user.S b/arch/alpha/lib/ev6-copy_user.S
index db42ffe9c350..c4d0689c3d26 100644
--- a/arch/alpha/lib/ev6-copy_user.S
+++ b/arch/alpha/lib/ev6-copy_user.S
@@ -227,33 +227,12 @@ $dirtyentry:
        bgt $0,$onebyteloop     # U  .. .. ..   : U L U L
 $zerolength:
+$exitin:
 $exitout:                       # Destination for exception recovery(?)
        nop                     # .. .. .. E
        nop                     # .. .. E  ..
        nop                     # .. E  .. ..
        ret $31,($28),1         # L0 .. .. ..   : L U L U
-$exitin:
-        /* A stupid byte-by-byte zeroing of the rest of the output
-           buffer.  This cures security holes by never leaving 
-           random kernel data around to be copied elsewhere.  */
-        nop
-        nop
-        nop
-        mov     $0,$1
-$101:
-        EXO ( stb $31,0($6) )   # L
-        subq $1,1,$1            # E
-        addq $6,1,$6            # E
-        bgt $1,$101             # U
-        nop
-        nop
-        nop
-        ret $31,($28),1         # L0
        .end __copy_user
author	Al Viro <viro@zeniv.linux.org.uk>	2016-09-10 16:21:34 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2016-09-15 19:51:54 -0400
commit	085354f907969fb3ee33f236368f6e1dd4c74d62 (patch)
tree	26f51f89198a993dff1c7ef7245ad3e8d0d8c327
parent	8630c32275bac2de6ffb8aea9d9b11663e7ad28e (diff)

diff --git a/arch/alpha/include/asm/uaccess.h b/arch/alpha/include/asm/uaccess.h index 466e42e96bfa..94f587535dee 100644 --- a/arch/alpha/include/asm/uaccess.h +++ b/arch/alpha/include/asm/uaccess.h
@@ -396,11 +396,12 @@ copy_to_user(void __user to, const void from, long n)
396	extern inline long	396	extern inline long
397	copy_from_user(void to, const void __user from, long n)	397	copy_from_user(void to, const void __user from, long n)
398	{	398	{
		399	long res = n;
399	if (likely(__access_ok((unsigned long)from, n, get_fs())))	400	if (likely(__access_ok((unsigned long)from, n, get_fs())))
400	n = __copy_tofrom_user_nocheck(to, (__force void *)from, n);	401	res = __copy_from_user_inatomic(to, from, n);
401	else	402	if (unlikely(res))
402	memset(to, 0, n);	403	memset(to + (n - res), 0, res);
403	return n;	404	return res;
404	}	405	}
405		406
406	extern void __do_clear_user(void);	407	extern void __do_clear_user(void);


diff --git a/arch/alpha/lib/copy_user.S b/arch/alpha/lib/copy_user.S index 6f3fab9eb434..ac9c3766ba8c 100644 --- a/arch/alpha/lib/copy_user.S +++ b/arch/alpha/lib/copy_user.S
@@ -124,22 +124,8 @@ $65:
124	bis $31,$31,$0	124	bis $31,$31,$0
125	$41:	125	$41:
126	$35:	126	$35:
127	$exitout:
128	ret $31,($28),1
129
130	$exitin:	127	$exitin:
131	/* A stupid byte-by-byte zeroing of the rest of the output	128	$exitout:
132	buffer. This cures security holes by never leaving
133	random kernel data around to be copied elsewhere. */
134
135	mov $0,$1
136	$101:
137	EXO ( ldq_u $2,0($6) )
138	subq $1,1,$1
139	mskbl $2,$6,$2
140	EXO ( stq_u $2,0($6) )
141	addq $6,1,$6
142	bgt $1,$101
143	ret $31,($28),1	129	ret $31,($28),1
144		130
145	.end __copy_user	131	.end __copy_user


diff --git a/arch/alpha/lib/ev6-copy_user.S b/arch/alpha/lib/ev6-copy_user.S index db42ffe9c350..c4d0689c3d26 100644 --- a/arch/alpha/lib/ev6-copy_user.S +++ b/arch/alpha/lib/ev6-copy_user.S
@@ -227,33 +227,12 @@ $dirtyentry:
227	bgt $0,$onebyteloop # U .. .. .. : U L U L	227	bgt $0,$onebyteloop # U .. .. .. : U L U L
228		228
229	$zerolength:	229	$zerolength:
		230	$exitin:
230	$exitout: # Destination for exception recovery(?)	231	$exitout: # Destination for exception recovery(?)
231	nop # .. .. .. E	232	nop # .. .. .. E
232	nop # .. .. E ..	233	nop # .. .. E ..
233	nop # .. E .. ..	234	nop # .. E .. ..
234	ret $31,($28),1 # L0 .. .. .. : L U L U	235	ret $31,($28),1 # L0 .. .. .. : L U L U
235		236
236	$exitin:
237
238	/* A stupid byte-by-byte zeroing of the rest of the output
239	buffer. This cures security holes by never leaving
240	random kernel data around to be copied elsewhere. */
241
242	nop
243	nop
244	nop
245	mov $0,$1
246
247	$101:
248	EXO ( stb $31,0($6) ) # L
249	subq $1,1,$1 # E
250	addq $6,1,$6 # E
251	bgt $1,$101 # U
252
253	nop
254	nop
255	nop
256	ret $31,($28),1 # L0
257
258	.end __copy_user	237	.end __copy_user
259		238