aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2019-01-03 21:57:57 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2019-01-03 21:57:57 -0500
commit96d4f267e40f9509e8a66e2b39e8b95655617693 (patch)
treedf03d142d405652392707b1b80c284d68d6ea6ab /kernel
parent135143b2cac43d2a1ec73b53033b9473fbbcce6d (diff)
Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument of the user address range verification function since we got rid of the old racy i386-only code to walk page tables by hand. It existed because the original 80386 would not honor the write protect bit when in kernel mode, so you had to do COW by hand before doing any user access. But we haven't supported that in a long time, and these days the 'type' argument is a purely historical artifact. A discussion about extending 'user_access_begin()' to do the range checking resulted this patch, because there is no way we're going to move the old VERIFY_xyz interface to that model. And it's best done at the end of the merge window when I've done most of my merges, so let's just get this done once and for all. This patch was mostly done with a sed-script, with manual fix-ups for the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form. There were a couple of notable cases: - csky still had the old "verify_area()" name as an alias. - the iter_iov code had magical hardcoded knowledge of the actual values of VERIFY_{READ,WRITE} (not that they mattered, since nothing really used it) - microblaze used the type argument for a debug printout but other than those oddities this should be a total no-op patch. I tried to fix up all architectures, did fairly extensive grepping for access_ok() uses, and the changes are trivial, but I may have missed something. Any missed conversion should be trivially fixable, though. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/bpf/syscall.c2
-rw-r--r--kernel/compat.c16
-rw-r--r--kernel/events/core.c2
-rw-r--r--kernel/exit.c4
-rw-r--r--kernel/futex.c35
-rw-r--r--kernel/printk/printk.c4
-rw-r--r--kernel/ptrace.c4
-rw-r--r--kernel/rseq.c6
-rw-r--r--kernel/sched/core.c4
-rw-r--r--kernel/signal.c8
-rw-r--r--kernel/sys.c2
-rw-r--r--kernel/trace/bpf_trace.c2
12 files changed, 47 insertions, 42 deletions
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 0607db304def..b155cd17c1bd 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -79,7 +79,7 @@ int bpf_check_uarg_tail_zero(void __user *uaddr,
79 if (unlikely(actual_size > PAGE_SIZE)) /* silly large */ 79 if (unlikely(actual_size > PAGE_SIZE)) /* silly large */
80 return -E2BIG; 80 return -E2BIG;
81 81
82 if (unlikely(!access_ok(VERIFY_READ, uaddr, actual_size))) 82 if (unlikely(!access_ok(uaddr, actual_size)))
83 return -EFAULT; 83 return -EFAULT;
84 84
85 if (actual_size <= expected_size) 85 if (actual_size <= expected_size)
diff --git a/kernel/compat.c b/kernel/compat.c
index 089d00d0da9c..705d4ae6c018 100644
--- a/kernel/compat.c
+++ b/kernel/compat.c
@@ -95,28 +95,28 @@ int compat_put_timex(struct compat_timex __user *utp, const struct timex *txc)
95 95
96static int __compat_get_timeval(struct timeval *tv, const struct old_timeval32 __user *ctv) 96static int __compat_get_timeval(struct timeval *tv, const struct old_timeval32 __user *ctv)
97{ 97{
98 return (!access_ok(VERIFY_READ, ctv, sizeof(*ctv)) || 98 return (!access_ok(ctv, sizeof(*ctv)) ||
99 __get_user(tv->tv_sec, &ctv->tv_sec) || 99 __get_user(tv->tv_sec, &ctv->tv_sec) ||
100 __get_user(tv->tv_usec, &ctv->tv_usec)) ? -EFAULT : 0; 100 __get_user(tv->tv_usec, &ctv->tv_usec)) ? -EFAULT : 0;
101} 101}
102 102
103static int __compat_put_timeval(const struct timeval *tv, struct old_timeval32 __user *ctv) 103static int __compat_put_timeval(const struct timeval *tv, struct old_timeval32 __user *ctv)
104{ 104{
105 return (!access_ok(VERIFY_WRITE, ctv, sizeof(*ctv)) || 105 return (!access_ok(ctv, sizeof(*ctv)) ||
106 __put_user(tv->tv_sec, &ctv->tv_sec) || 106 __put_user(tv->tv_sec, &ctv->tv_sec) ||
107 __put_user(tv->tv_usec, &ctv->tv_usec)) ? -EFAULT : 0; 107 __put_user(tv->tv_usec, &ctv->tv_usec)) ? -EFAULT : 0;
108} 108}
109 109
110static int __compat_get_timespec(struct timespec *ts, const struct old_timespec32 __user *cts) 110static int __compat_get_timespec(struct timespec *ts, const struct old_timespec32 __user *cts)
111{ 111{
112 return (!access_ok(VERIFY_READ, cts, sizeof(*cts)) || 112 return (!access_ok(cts, sizeof(*cts)) ||
113 __get_user(ts->tv_sec, &cts->tv_sec) || 113 __get_user(ts->tv_sec, &cts->tv_sec) ||
114 __get_user(ts->tv_nsec, &cts->tv_nsec)) ? -EFAULT : 0; 114 __get_user(ts->tv_nsec, &cts->tv_nsec)) ? -EFAULT : 0;
115} 115}
116 116
117static int __compat_put_timespec(const struct timespec *ts, struct old_timespec32 __user *cts) 117static int __compat_put_timespec(const struct timespec *ts, struct old_timespec32 __user *cts)
118{ 118{
119 return (!access_ok(VERIFY_WRITE, cts, sizeof(*cts)) || 119 return (!access_ok(cts, sizeof(*cts)) ||
120 __put_user(ts->tv_sec, &cts->tv_sec) || 120 __put_user(ts->tv_sec, &cts->tv_sec) ||
121 __put_user(ts->tv_nsec, &cts->tv_nsec)) ? -EFAULT : 0; 121 __put_user(ts->tv_nsec, &cts->tv_nsec)) ? -EFAULT : 0;
122} 122}
@@ -335,7 +335,7 @@ int get_compat_sigevent(struct sigevent *event,
335 const struct compat_sigevent __user *u_event) 335 const struct compat_sigevent __user *u_event)
336{ 336{
337 memset(event, 0, sizeof(*event)); 337 memset(event, 0, sizeof(*event));
338 return (!access_ok(VERIFY_READ, u_event, sizeof(*u_event)) || 338 return (!access_ok(u_event, sizeof(*u_event)) ||
339 __get_user(event->sigev_value.sival_int, 339 __get_user(event->sigev_value.sival_int,
340 &u_event->sigev_value.sival_int) || 340 &u_event->sigev_value.sival_int) ||
341 __get_user(event->sigev_signo, &u_event->sigev_signo) || 341 __get_user(event->sigev_signo, &u_event->sigev_signo) ||
@@ -354,7 +354,7 @@ long compat_get_bitmap(unsigned long *mask, const compat_ulong_t __user *umask,
354 bitmap_size = ALIGN(bitmap_size, BITS_PER_COMPAT_LONG); 354 bitmap_size = ALIGN(bitmap_size, BITS_PER_COMPAT_LONG);
355 nr_compat_longs = BITS_TO_COMPAT_LONGS(bitmap_size); 355 nr_compat_longs = BITS_TO_COMPAT_LONGS(bitmap_size);
356 356
357 if (!access_ok(VERIFY_READ, umask, bitmap_size / 8)) 357 if (!access_ok(umask, bitmap_size / 8))
358 return -EFAULT; 358 return -EFAULT;
359 359
360 user_access_begin(); 360 user_access_begin();
@@ -384,7 +384,7 @@ long compat_put_bitmap(compat_ulong_t __user *umask, unsigned long *mask,
384 bitmap_size = ALIGN(bitmap_size, BITS_PER_COMPAT_LONG); 384 bitmap_size = ALIGN(bitmap_size, BITS_PER_COMPAT_LONG);
385 nr_compat_longs = BITS_TO_COMPAT_LONGS(bitmap_size); 385 nr_compat_longs = BITS_TO_COMPAT_LONGS(bitmap_size);
386 386
387 if (!access_ok(VERIFY_WRITE, umask, bitmap_size / 8)) 387 if (!access_ok(umask, bitmap_size / 8))
388 return -EFAULT; 388 return -EFAULT;
389 389
390 user_access_begin(); 390 user_access_begin();
@@ -438,7 +438,7 @@ void __user *compat_alloc_user_space(unsigned long len)
438 438
439 ptr = arch_compat_alloc_user_space(len); 439 ptr = arch_compat_alloc_user_space(len);
440 440
441 if (unlikely(!access_ok(VERIFY_WRITE, ptr, len))) 441 if (unlikely(!access_ok(ptr, len)))
442 return NULL; 442 return NULL;
443 443
444 return ptr; 444 return ptr;
diff --git a/kernel/events/core.c b/kernel/events/core.c
index 67ecac337374..3cd13a30f732 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -10135,7 +10135,7 @@ static int perf_copy_attr(struct perf_event_attr __user *uattr,
10135 u32 size; 10135 u32 size;
10136 int ret; 10136 int ret;
10137 10137
10138 if (!access_ok(VERIFY_WRITE, uattr, PERF_ATTR_SIZE_VER0)) 10138 if (!access_ok(uattr, PERF_ATTR_SIZE_VER0))
10139 return -EFAULT; 10139 return -EFAULT;
10140 10140
10141 /* 10141 /*
diff --git a/kernel/exit.c b/kernel/exit.c
index 0e21e6d21f35..8a01b671dc1f 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1604,7 +1604,7 @@ SYSCALL_DEFINE5(waitid, int, which, pid_t, upid, struct siginfo __user *,
1604 if (!infop) 1604 if (!infop)
1605 return err; 1605 return err;
1606 1606
1607 if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop))) 1607 if (!access_ok(infop, sizeof(*infop)))
1608 return -EFAULT; 1608 return -EFAULT;
1609 1609
1610 user_access_begin(); 1610 user_access_begin();
@@ -1732,7 +1732,7 @@ COMPAT_SYSCALL_DEFINE5(waitid,
1732 if (!infop) 1732 if (!infop)
1733 return err; 1733 return err;
1734 1734
1735 if (!access_ok(VERIFY_WRITE, infop, sizeof(*infop))) 1735 if (!access_ok(infop, sizeof(*infop)))
1736 return -EFAULT; 1736 return -EFAULT;
1737 1737
1738 user_access_begin(); 1738 user_access_begin();
diff --git a/kernel/futex.c b/kernel/futex.c
index 054105854e0e..be3bff2315ff 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -481,13 +481,18 @@ static void drop_futex_key_refs(union futex_key *key)
481 } 481 }
482} 482}
483 483
484enum futex_access {
485 FUTEX_READ,
486 FUTEX_WRITE
487};
488
484/** 489/**
485 * get_futex_key() - Get parameters which are the keys for a futex 490 * get_futex_key() - Get parameters which are the keys for a futex
486 * @uaddr: virtual address of the futex 491 * @uaddr: virtual address of the futex
487 * @fshared: 0 for a PROCESS_PRIVATE futex, 1 for PROCESS_SHARED 492 * @fshared: 0 for a PROCESS_PRIVATE futex, 1 for PROCESS_SHARED
488 * @key: address where result is stored. 493 * @key: address where result is stored.
489 * @rw: mapping needs to be read/write (values: VERIFY_READ, 494 * @rw: mapping needs to be read/write (values: FUTEX_READ,
490 * VERIFY_WRITE) 495 * FUTEX_WRITE)
491 * 496 *
492 * Return: a negative error code or 0 497 * Return: a negative error code or 0
493 * 498 *
@@ -500,7 +505,7 @@ static void drop_futex_key_refs(union futex_key *key)
500 * lock_page() might sleep, the caller should not hold a spinlock. 505 * lock_page() might sleep, the caller should not hold a spinlock.
501 */ 506 */
502static int 507static int
503get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) 508get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, enum futex_access rw)
504{ 509{
505 unsigned long address = (unsigned long)uaddr; 510 unsigned long address = (unsigned long)uaddr;
506 struct mm_struct *mm = current->mm; 511 struct mm_struct *mm = current->mm;
@@ -516,7 +521,7 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw)
516 return -EINVAL; 521 return -EINVAL;
517 address -= key->both.offset; 522 address -= key->both.offset;
518 523
519 if (unlikely(!access_ok(rw, uaddr, sizeof(u32)))) 524 if (unlikely(!access_ok(uaddr, sizeof(u32))))
520 return -EFAULT; 525 return -EFAULT;
521 526
522 if (unlikely(should_fail_futex(fshared))) 527 if (unlikely(should_fail_futex(fshared)))
@@ -546,7 +551,7 @@ again:
546 * If write access is not required (eg. FUTEX_WAIT), try 551 * If write access is not required (eg. FUTEX_WAIT), try
547 * and get read-only access. 552 * and get read-only access.
548 */ 553 */
549 if (err == -EFAULT && rw == VERIFY_READ) { 554 if (err == -EFAULT && rw == FUTEX_READ) {
550 err = get_user_pages_fast(address, 1, 0, &page); 555 err = get_user_pages_fast(address, 1, 0, &page);
551 ro = 1; 556 ro = 1;
552 } 557 }
@@ -1583,7 +1588,7 @@ futex_wake(u32 __user *uaddr, unsigned int flags, int nr_wake, u32 bitset)
1583 if (!bitset) 1588 if (!bitset)
1584 return -EINVAL; 1589 return -EINVAL;
1585 1590
1586 ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &key, VERIFY_READ); 1591 ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &key, FUTEX_READ);
1587 if (unlikely(ret != 0)) 1592 if (unlikely(ret != 0))
1588 goto out; 1593 goto out;
1589 1594
@@ -1642,7 +1647,7 @@ static int futex_atomic_op_inuser(unsigned int encoded_op, u32 __user *uaddr)
1642 oparg = 1 << oparg; 1647 oparg = 1 << oparg;
1643 } 1648 }
1644 1649
1645 if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) 1650 if (!access_ok(uaddr, sizeof(u32)))
1646 return -EFAULT; 1651 return -EFAULT;
1647 1652
1648 ret = arch_futex_atomic_op_inuser(op, oparg, &oldval, uaddr); 1653 ret = arch_futex_atomic_op_inuser(op, oparg, &oldval, uaddr);
@@ -1682,10 +1687,10 @@ futex_wake_op(u32 __user *uaddr1, unsigned int flags, u32 __user *uaddr2,
1682 DEFINE_WAKE_Q(wake_q); 1687 DEFINE_WAKE_Q(wake_q);
1683 1688
1684retry: 1689retry:
1685 ret = get_futex_key(uaddr1, flags & FLAGS_SHARED, &key1, VERIFY_READ); 1690 ret = get_futex_key(uaddr1, flags & FLAGS_SHARED, &key1, FUTEX_READ);
1686 if (unlikely(ret != 0)) 1691 if (unlikely(ret != 0))
1687 goto out; 1692 goto out;
1688 ret = get_futex_key(uaddr2, flags & FLAGS_SHARED, &key2, VERIFY_WRITE); 1693 ret = get_futex_key(uaddr2, flags & FLAGS_SHARED, &key2, FUTEX_WRITE);
1689 if (unlikely(ret != 0)) 1694 if (unlikely(ret != 0))
1690 goto out_put_key1; 1695 goto out_put_key1;
1691 1696
@@ -1961,11 +1966,11 @@ static int futex_requeue(u32 __user *uaddr1, unsigned int flags,
1961 } 1966 }
1962 1967
1963retry: 1968retry:
1964 ret = get_futex_key(uaddr1, flags & FLAGS_SHARED, &key1, VERIFY_READ); 1969 ret = get_futex_key(uaddr1, flags & FLAGS_SHARED, &key1, FUTEX_READ);
1965 if (unlikely(ret != 0)) 1970 if (unlikely(ret != 0))
1966 goto out; 1971 goto out;
1967 ret = get_futex_key(uaddr2, flags & FLAGS_SHARED, &key2, 1972 ret = get_futex_key(uaddr2, flags & FLAGS_SHARED, &key2,
1968 requeue_pi ? VERIFY_WRITE : VERIFY_READ); 1973 requeue_pi ? FUTEX_WRITE : FUTEX_READ);
1969 if (unlikely(ret != 0)) 1974 if (unlikely(ret != 0))
1970 goto out_put_key1; 1975 goto out_put_key1;
1971 1976
@@ -2634,7 +2639,7 @@ static int futex_wait_setup(u32 __user *uaddr, u32 val, unsigned int flags,
2634 * while the syscall executes. 2639 * while the syscall executes.
2635 */ 2640 */
2636retry: 2641retry:
2637 ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &q->key, VERIFY_READ); 2642 ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &q->key, FUTEX_READ);
2638 if (unlikely(ret != 0)) 2643 if (unlikely(ret != 0))
2639 return ret; 2644 return ret;
2640 2645
@@ -2793,7 +2798,7 @@ static int futex_lock_pi(u32 __user *uaddr, unsigned int flags,
2793 } 2798 }
2794 2799
2795retry: 2800retry:
2796 ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &q.key, VERIFY_WRITE); 2801 ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &q.key, FUTEX_WRITE);
2797 if (unlikely(ret != 0)) 2802 if (unlikely(ret != 0))
2798 goto out; 2803 goto out;
2799 2804
@@ -2972,7 +2977,7 @@ retry:
2972 if ((uval & FUTEX_TID_MASK) != vpid) 2977 if ((uval & FUTEX_TID_MASK) != vpid)
2973 return -EPERM; 2978 return -EPERM;
2974 2979
2975 ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &key, VERIFY_WRITE); 2980 ret = get_futex_key(uaddr, flags & FLAGS_SHARED, &key, FUTEX_WRITE);
2976 if (ret) 2981 if (ret)
2977 return ret; 2982 return ret;
2978 2983
@@ -3199,7 +3204,7 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags,
3199 */ 3204 */
3200 rt_mutex_init_waiter(&rt_waiter); 3205 rt_mutex_init_waiter(&rt_waiter);
3201 3206
3202 ret = get_futex_key(uaddr2, flags & FLAGS_SHARED, &key2, VERIFY_WRITE); 3207 ret = get_futex_key(uaddr2, flags & FLAGS_SHARED, &key2, FUTEX_WRITE);
3203 if (unlikely(ret != 0)) 3208 if (unlikely(ret != 0))
3204 goto out; 3209 goto out;
3205 3210
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index 1306fe0c1dc6..d3d170374ceb 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -1466,7 +1466,7 @@ int do_syslog(int type, char __user *buf, int len, int source)
1466 return -EINVAL; 1466 return -EINVAL;
1467 if (!len) 1467 if (!len)
1468 return 0; 1468 return 0;
1469 if (!access_ok(VERIFY_WRITE, buf, len)) 1469 if (!access_ok(buf, len))
1470 return -EFAULT; 1470 return -EFAULT;
1471 error = wait_event_interruptible(log_wait, 1471 error = wait_event_interruptible(log_wait,
1472 syslog_seq != log_next_seq); 1472 syslog_seq != log_next_seq);
@@ -1484,7 +1484,7 @@ int do_syslog(int type, char __user *buf, int len, int source)
1484 return -EINVAL; 1484 return -EINVAL;
1485 if (!len) 1485 if (!len)
1486 return 0; 1486 return 0;
1487 if (!access_ok(VERIFY_WRITE, buf, len)) 1487 if (!access_ok(buf, len))
1488 return -EFAULT; 1488 return -EFAULT;
1489 error = syslog_print_all(buf, len, clear); 1489 error = syslog_print_all(buf, len, clear);
1490 break; 1490 break;
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index c2cee9db5204..771e93f9c43f 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -1073,7 +1073,7 @@ int ptrace_request(struct task_struct *child, long request,
1073 struct iovec kiov; 1073 struct iovec kiov;
1074 struct iovec __user *uiov = datavp; 1074 struct iovec __user *uiov = datavp;
1075 1075
1076 if (!access_ok(VERIFY_WRITE, uiov, sizeof(*uiov))) 1076 if (!access_ok(uiov, sizeof(*uiov)))
1077 return -EFAULT; 1077 return -EFAULT;
1078 1078
1079 if (__get_user(kiov.iov_base, &uiov->iov_base) || 1079 if (__get_user(kiov.iov_base, &uiov->iov_base) ||
@@ -1229,7 +1229,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
1229 compat_uptr_t ptr; 1229 compat_uptr_t ptr;
1230 compat_size_t len; 1230 compat_size_t len;
1231 1231
1232 if (!access_ok(VERIFY_WRITE, uiov, sizeof(*uiov))) 1232 if (!access_ok(uiov, sizeof(*uiov)))
1233 return -EFAULT; 1233 return -EFAULT;
1234 1234
1235 if (__get_user(ptr, &uiov->iov_base) || 1235 if (__get_user(ptr, &uiov->iov_base) ||
diff --git a/kernel/rseq.c b/kernel/rseq.c
index c6242d8594dc..25e9a7b60eba 100644
--- a/kernel/rseq.c
+++ b/kernel/rseq.c
@@ -267,7 +267,7 @@ void __rseq_handle_notify_resume(struct ksignal *ksig, struct pt_regs *regs)
267 267
268 if (unlikely(t->flags & PF_EXITING)) 268 if (unlikely(t->flags & PF_EXITING))
269 return; 269 return;
270 if (unlikely(!access_ok(VERIFY_WRITE, t->rseq, sizeof(*t->rseq)))) 270 if (unlikely(!access_ok(t->rseq, sizeof(*t->rseq))))
271 goto error; 271 goto error;
272 ret = rseq_ip_fixup(regs); 272 ret = rseq_ip_fixup(regs);
273 if (unlikely(ret < 0)) 273 if (unlikely(ret < 0))
@@ -295,7 +295,7 @@ void rseq_syscall(struct pt_regs *regs)
295 295
296 if (!t->rseq) 296 if (!t->rseq)
297 return; 297 return;
298 if (!access_ok(VERIFY_READ, t->rseq, sizeof(*t->rseq)) || 298 if (!access_ok(t->rseq, sizeof(*t->rseq)) ||
299 rseq_get_rseq_cs(t, &rseq_cs) || in_rseq_cs(ip, &rseq_cs)) 299 rseq_get_rseq_cs(t, &rseq_cs) || in_rseq_cs(ip, &rseq_cs))
300 force_sig(SIGSEGV, t); 300 force_sig(SIGSEGV, t);
301} 301}
@@ -351,7 +351,7 @@ SYSCALL_DEFINE4(rseq, struct rseq __user *, rseq, u32, rseq_len,
351 if (!IS_ALIGNED((unsigned long)rseq, __alignof__(*rseq)) || 351 if (!IS_ALIGNED((unsigned long)rseq, __alignof__(*rseq)) ||
352 rseq_len != sizeof(*rseq)) 352 rseq_len != sizeof(*rseq))
353 return -EINVAL; 353 return -EINVAL;
354 if (!access_ok(VERIFY_WRITE, rseq, rseq_len)) 354 if (!access_ok(rseq, rseq_len))
355 return -EFAULT; 355 return -EFAULT;
356 current->rseq = rseq; 356 current->rseq = rseq;
357 current->rseq_len = rseq_len; 357 current->rseq_len = rseq_len;
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index f66920173370..1f3e19fd6dc6 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -4450,7 +4450,7 @@ static int sched_copy_attr(struct sched_attr __user *uattr, struct sched_attr *a
4450 u32 size; 4450 u32 size;
4451 int ret; 4451 int ret;
4452 4452
4453 if (!access_ok(VERIFY_WRITE, uattr, SCHED_ATTR_SIZE_VER0)) 4453 if (!access_ok(uattr, SCHED_ATTR_SIZE_VER0))
4454 return -EFAULT; 4454 return -EFAULT;
4455 4455
4456 /* Zero the full structure, so that a short copy will be nice: */ 4456 /* Zero the full structure, so that a short copy will be nice: */
@@ -4650,7 +4650,7 @@ static int sched_read_attr(struct sched_attr __user *uattr,
4650{ 4650{
4651 int ret; 4651 int ret;
4652 4652
4653 if (!access_ok(VERIFY_WRITE, uattr, usize)) 4653 if (!access_ok(uattr, usize))
4654 return -EFAULT; 4654 return -EFAULT;
4655 4655
4656 /* 4656 /*
diff --git a/kernel/signal.c b/kernel/signal.c
index 53e07d97ffe0..e1d7ad8e6ab1 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -3997,7 +3997,7 @@ SYSCALL_DEFINE3(sigaction, int, sig,
3997 3997
3998 if (act) { 3998 if (act) {
3999 old_sigset_t mask; 3999 old_sigset_t mask;
4000 if (!access_ok(VERIFY_READ, act, sizeof(*act)) || 4000 if (!access_ok(act, sizeof(*act)) ||
4001 __get_user(new_ka.sa.sa_handler, &act->sa_handler) || 4001 __get_user(new_ka.sa.sa_handler, &act->sa_handler) ||
4002 __get_user(new_ka.sa.sa_restorer, &act->sa_restorer) || 4002 __get_user(new_ka.sa.sa_restorer, &act->sa_restorer) ||
4003 __get_user(new_ka.sa.sa_flags, &act->sa_flags) || 4003 __get_user(new_ka.sa.sa_flags, &act->sa_flags) ||
@@ -4012,7 +4012,7 @@ SYSCALL_DEFINE3(sigaction, int, sig,
4012 ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL); 4012 ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
4013 4013
4014 if (!ret && oact) { 4014 if (!ret && oact) {
4015 if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) || 4015 if (!access_ok(oact, sizeof(*oact)) ||
4016 __put_user(old_ka.sa.sa_handler, &oact->sa_handler) || 4016 __put_user(old_ka.sa.sa_handler, &oact->sa_handler) ||
4017 __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer) || 4017 __put_user(old_ka.sa.sa_restorer, &oact->sa_restorer) ||
4018 __put_user(old_ka.sa.sa_flags, &oact->sa_flags) || 4018 __put_user(old_ka.sa.sa_flags, &oact->sa_flags) ||
@@ -4034,7 +4034,7 @@ COMPAT_SYSCALL_DEFINE3(sigaction, int, sig,
4034 compat_uptr_t handler, restorer; 4034 compat_uptr_t handler, restorer;
4035 4035
4036 if (act) { 4036 if (act) {
4037 if (!access_ok(VERIFY_READ, act, sizeof(*act)) || 4037 if (!access_ok(act, sizeof(*act)) ||
4038 __get_user(handler, &act->sa_handler) || 4038 __get_user(handler, &act->sa_handler) ||
4039 __get_user(restorer, &act->sa_restorer) || 4039 __get_user(restorer, &act->sa_restorer) ||
4040 __get_user(new_ka.sa.sa_flags, &act->sa_flags) || 4040 __get_user(new_ka.sa.sa_flags, &act->sa_flags) ||
@@ -4052,7 +4052,7 @@ COMPAT_SYSCALL_DEFINE3(sigaction, int, sig,
4052 ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL); 4052 ret = do_sigaction(sig, act ? &new_ka : NULL, oact ? &old_ka : NULL);
4053 4053
4054 if (!ret && oact) { 4054 if (!ret && oact) {
4055 if (!access_ok(VERIFY_WRITE, oact, sizeof(*oact)) || 4055 if (!access_ok(oact, sizeof(*oact)) ||
4056 __put_user(ptr_to_compat(old_ka.sa.sa_handler), 4056 __put_user(ptr_to_compat(old_ka.sa.sa_handler),
4057 &oact->sa_handler) || 4057 &oact->sa_handler) ||
4058 __put_user(ptr_to_compat(old_ka.sa.sa_restorer), 4058 __put_user(ptr_to_compat(old_ka.sa.sa_restorer),
diff --git a/kernel/sys.c b/kernel/sys.c
index 64b5a230f38d..a48cbf1414b8 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2627,7 +2627,7 @@ COMPAT_SYSCALL_DEFINE1(sysinfo, struct compat_sysinfo __user *, info)
2627 s.freehigh >>= bitcount; 2627 s.freehigh >>= bitcount;
2628 } 2628 }
2629 2629
2630 if (!access_ok(VERIFY_WRITE, info, sizeof(struct compat_sysinfo)) || 2630 if (!access_ok(info, sizeof(struct compat_sysinfo)) ||
2631 __put_user(s.uptime, &info->uptime) || 2631 __put_user(s.uptime, &info->uptime) ||
2632 __put_user(s.loads[0], &info->loads[0]) || 2632 __put_user(s.loads[0], &info->loads[0]) ||
2633 __put_user(s.loads[1], &info->loads[1]) || 2633 __put_user(s.loads[1], &info->loads[1]) ||
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 9ddb6fddb4e0..8b068adb9da1 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -170,7 +170,7 @@ BPF_CALL_3(bpf_probe_write_user, void *, unsafe_ptr, const void *, src,
170 return -EPERM; 170 return -EPERM;
171 if (unlikely(uaccess_kernel())) 171 if (unlikely(uaccess_kernel()))
172 return -EPERM; 172 return -EPERM;
173 if (!access_ok(VERIFY_WRITE, unsafe_ptr, size)) 173 if (!access_ok(unsafe_ptr, size))
174 return -EPERM; 174 return -EPERM;
175 175
176 return probe_kernel_write(unsafe_ptr, src, size); 176 return probe_kernel_write(unsafe_ptr, src, size);
generated by cgit v1.2.2 (git 2.25.0) at 2026-05-30 10:21:16 -0400