diff options
| author | Paul Burton <paul.burton@imgtec.com> | 2016-10-08 17:47:14 -0400 |
|---|---|---|
| committer | Ralf Baechle <ralf@linux-mips.org> | 2016-10-10 09:28:53 -0400 |
| commit | cabca8c098f00c91aeb59170e86e5c5fa4f494c2 (patch) | |
| tree | 01ccf96a4a2ec7ac3f6ad234ea49355756791e39 | |
| parent | 3f5f0a4475e13345326061f00c68f428232ba2bc (diff) | |
MIPS: Enable hardened usercopy
Enable CONFIG_HARDENED_USERCOPY checks for MIPS, calling check_object
size in all of copy_{to,from}_user(), __copy_{to,from}_user() &
__copy_{to,from}_user_inatomic().
Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/14371/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
| -rw-r--r-- | arch/mips/Kconfig | 1 | ||||
| -rw-r--r-- | arch/mips/include/asm/uaccess.h | 18 |
2 files changed, 19 insertions, 0 deletions
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig index a7d9224c2a50..7f6da2c8023d 100644 --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig | |||
| @@ -66,6 +66,7 @@ config MIPS | |||
| 66 | select HANDLE_DOMAIN_IRQ | 66 | select HANDLE_DOMAIN_IRQ |
| 67 | select HAVE_EXIT_THREAD | 67 | select HAVE_EXIT_THREAD |
| 68 | select HAVE_REGS_AND_STACK_ACCESS_API | 68 | select HAVE_REGS_AND_STACK_ACCESS_API |
| 69 | select HAVE_ARCH_HARDENED_USERCOPY | ||
| 69 | 70 | ||
| 70 | menu "Machine selection" | 71 | menu "Machine selection" |
| 71 | 72 | ||
diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h index 21a2aaba20d5..c65707df61f4 100644 --- a/arch/mips/include/asm/uaccess.h +++ b/arch/mips/include/asm/uaccess.h | |||
| @@ -858,7 +858,10 @@ extern size_t __copy_user(void *__to, const void *__from, size_t __n); | |||
| 858 | __cu_to = (to); \ | 858 | __cu_to = (to); \ |
| 859 | __cu_from = (from); \ | 859 | __cu_from = (from); \ |
| 860 | __cu_len = (n); \ | 860 | __cu_len = (n); \ |
| 861 | \ | ||
| 862 | check_object_size(__cu_from, __cu_len, true); \ | ||
| 861 | might_fault(); \ | 863 | might_fault(); \ |
| 864 | \ | ||
| 862 | if (eva_kernel_access()) \ | 865 | if (eva_kernel_access()) \ |
| 863 | __cu_len = __invoke_copy_to_kernel(__cu_to, __cu_from, \ | 866 | __cu_len = __invoke_copy_to_kernel(__cu_to, __cu_from, \ |
| 864 | __cu_len); \ | 867 | __cu_len); \ |
| @@ -879,6 +882,9 @@ extern size_t __copy_user_inatomic(void *__to, const void *__from, size_t __n); | |||
| 879 | __cu_to = (to); \ | 882 | __cu_to = (to); \ |
| 880 | __cu_from = (from); \ | 883 | __cu_from = (from); \ |
| 881 | __cu_len = (n); \ | 884 | __cu_len = (n); \ |
| 885 | \ | ||
| 886 | check_object_size(__cu_from, __cu_len, true); \ | ||
| 887 | \ | ||
| 882 | if (eva_kernel_access()) \ | 888 | if (eva_kernel_access()) \ |
| 883 | __cu_len = __invoke_copy_to_kernel(__cu_to, __cu_from, \ | 889 | __cu_len = __invoke_copy_to_kernel(__cu_to, __cu_from, \ |
| 884 | __cu_len); \ | 890 | __cu_len); \ |
| @@ -897,6 +903,9 @@ extern size_t __copy_user_inatomic(void *__to, const void *__from, size_t __n); | |||
| 897 | __cu_to = (to); \ | 903 | __cu_to = (to); \ |
| 898 | __cu_from = (from); \ | 904 | __cu_from = (from); \ |
| 899 | __cu_len = (n); \ | 905 | __cu_len = (n); \ |
| 906 | \ | ||
| 907 | check_object_size(__cu_to, __cu_len, false); \ | ||
| 908 | \ | ||
| 900 | if (eva_kernel_access()) \ | 909 | if (eva_kernel_access()) \ |
| 901 | __cu_len = __invoke_copy_from_kernel_inatomic(__cu_to, \ | 910 | __cu_len = __invoke_copy_from_kernel_inatomic(__cu_to, \ |
| 902 | __cu_from,\ | 911 | __cu_from,\ |
| @@ -931,6 +940,9 @@ extern size_t __copy_user_inatomic(void *__to, const void *__from, size_t __n); | |||
| 931 | __cu_to = (to); \ | 940 | __cu_to = (to); \ |
| 932 | __cu_from = (from); \ | 941 | __cu_from = (from); \ |
| 933 | __cu_len = (n); \ | 942 | __cu_len = (n); \ |
| 943 | \ | ||
| 944 | check_object_size(__cu_from, __cu_len, true); \ | ||
| 945 | \ | ||
| 934 | if (eva_kernel_access()) { \ | 946 | if (eva_kernel_access()) { \ |
| 935 | __cu_len = __invoke_copy_to_kernel(__cu_to, \ | 947 | __cu_len = __invoke_copy_to_kernel(__cu_to, \ |
| 936 | __cu_from, \ | 948 | __cu_from, \ |
| @@ -1123,6 +1135,9 @@ extern size_t __copy_in_user_eva(void *__to, const void *__from, size_t __n); | |||
| 1123 | __cu_to = (to); \ | 1135 | __cu_to = (to); \ |
| 1124 | __cu_from = (from); \ | 1136 | __cu_from = (from); \ |
| 1125 | __cu_len = (n); \ | 1137 | __cu_len = (n); \ |
| 1138 | \ | ||
| 1139 | check_object_size(__cu_to, __cu_len, false); \ | ||
| 1140 | \ | ||
| 1126 | if (eva_kernel_access()) { \ | 1141 | if (eva_kernel_access()) { \ |
| 1127 | __cu_len = __invoke_copy_from_kernel(__cu_to, \ | 1142 | __cu_len = __invoke_copy_from_kernel(__cu_to, \ |
| 1128 | __cu_from, \ | 1143 | __cu_from, \ |
| @@ -1161,6 +1176,9 @@ extern size_t __copy_in_user_eva(void *__to, const void *__from, size_t __n); | |||
| 1161 | __cu_to = (to); \ | 1176 | __cu_to = (to); \ |
| 1162 | __cu_from = (from); \ | 1177 | __cu_from = (from); \ |
| 1163 | __cu_len = (n); \ | 1178 | __cu_len = (n); \ |
| 1179 | \ | ||
| 1180 | check_object_size(__cu_to, __cu_len, false); \ | ||
| 1181 | \ | ||
| 1164 | if (eva_kernel_access()) { \ | 1182 | if (eva_kernel_access()) { \ |
| 1165 | __cu_len = __invoke_copy_from_kernel(__cu_to, \ | 1183 | __cu_len = __invoke_copy_from_kernel(__cu_to, \ |
| 1166 | __cu_from, \ | 1184 | __cu_from, \ |