diff options
author | Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> | 2005-11-13 19:07:13 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-11-13 21:14:15 -0500 |
commit | 7a590611c0f1e1302c58fdfdc958f2d6bdddd78a (patch) | |
tree | ad57f5bda5245af1d03ba10e15308487b1aae9c7 | |
parent | 55c033c1f6cdedc350c79c3198b542e3ab496899 (diff) |
[PATCH] uml: fix access_ok
The access_ok_tt() macro is bogus, in that a read access is unconditionally
considered valid.
I couldn't find in SCM logs the introduction of this check, but I went back to
2.4.20-1um and the definition was the same.
Possibly this was done to avoid problems with missing set_fs() calls, but
there can't be any I think because they would fail with SKAS mode.
TT-specific code is still to check.
Also, this patch joins common code together, and makes the "address range
wrapping" check happen for all cases, rather than for only some.
This may, possibly, be reoptimized at some time, but the current code doesn't
seem clever, just confused.
* Important: I've also had to change references to access_ok_{tt,skas} back to
access_ok - the kernel wasn't that happy otherwise.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Acked-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | arch/um/include/um_uaccess.h | 19 | ||||
-rw-r--r-- | arch/um/kernel/skas/include/uaccess-skas.h | 10 | ||||
-rw-r--r-- | arch/um/kernel/skas/uaccess.c | 8 | ||||
-rw-r--r-- | arch/um/kernel/tt/include/uaccess-tt.h | 8 | ||||
-rw-r--r-- | arch/um/kernel/tt/uaccess.c | 8 |
5 files changed, 29 insertions, 24 deletions
diff --git a/arch/um/include/um_uaccess.h b/arch/um/include/um_uaccess.h index 84c0868cd561..f8760a3f43b0 100644 --- a/arch/um/include/um_uaccess.h +++ b/arch/um/include/um_uaccess.h | |||
@@ -17,8 +17,25 @@ | |||
17 | #include "uaccess-skas.h" | 17 | #include "uaccess-skas.h" |
18 | #endif | 18 | #endif |
19 | 19 | ||
20 | #define __under_task_size(addr, size) \ | ||
21 | (((unsigned long) (addr) < TASK_SIZE) && \ | ||
22 | (((unsigned long) (addr) + (size)) < TASK_SIZE)) | ||
23 | |||
24 | #define __access_ok_vsyscall(type, addr, size) \ | ||
25 | ((type == VERIFY_READ) && \ | ||
26 | ((unsigned long) (addr) >= FIXADDR_USER_START) && \ | ||
27 | ((unsigned long) (addr) + (size) <= FIXADDR_USER_END) && \ | ||
28 | ((unsigned long) (addr) + (size) >= (unsigned long)(addr))) | ||
29 | |||
30 | #define __addr_range_nowrap(addr, size) \ | ||
31 | ((unsigned long) (addr) <= ((unsigned long) (addr) + (size))) | ||
32 | |||
20 | #define access_ok(type, addr, size) \ | 33 | #define access_ok(type, addr, size) \ |
21 | CHOOSE_MODE_PROC(access_ok_tt, access_ok_skas, type, addr, size) | 34 | (__addr_range_nowrap(addr, size) && \ |
35 | (__under_task_size(addr, size) || \ | ||
36 | __access_ok_vsyscall(type, addr, size) || \ | ||
37 | segment_eq(get_fs(), KERNEL_DS) || \ | ||
38 | CHOOSE_MODE_PROC(access_ok_tt, access_ok_skas, type, addr, size))) | ||
22 | 39 | ||
23 | static inline int copy_from_user(void *to, const void __user *from, int n) | 40 | static inline int copy_from_user(void *to, const void __user *from, int n) |
24 | { | 41 | { |
diff --git a/arch/um/kernel/skas/include/uaccess-skas.h b/arch/um/kernel/skas/include/uaccess-skas.h index 7da0c2def0ef..f611f83ad4ff 100644 --- a/arch/um/kernel/skas/include/uaccess-skas.h +++ b/arch/um/kernel/skas/include/uaccess-skas.h | |||
@@ -9,14 +9,8 @@ | |||
9 | #include "asm/errno.h" | 9 | #include "asm/errno.h" |
10 | #include "asm/fixmap.h" | 10 | #include "asm/fixmap.h" |
11 | 11 | ||
12 | #define access_ok_skas(type, addr, size) \ | 12 | /* No SKAS-specific checking. */ |
13 | ((segment_eq(get_fs(), KERNEL_DS)) || \ | 13 | #define access_ok_skas(type, addr, size) 0 |
14 | (((unsigned long) (addr) < TASK_SIZE) && \ | ||
15 | ((unsigned long) (addr) + (size) <= TASK_SIZE)) || \ | ||
16 | ((type == VERIFY_READ ) && \ | ||
17 | ((unsigned long) (addr) >= FIXADDR_USER_START) && \ | ||
18 | ((unsigned long) (addr) + (size) <= FIXADDR_USER_END) && \ | ||
19 | ((unsigned long) (addr) + (size) >= (unsigned long)(addr)))) | ||
20 | 14 | ||
21 | extern int copy_from_user_skas(void *to, const void __user *from, int n); | 15 | extern int copy_from_user_skas(void *to, const void __user *from, int n); |
22 | extern int copy_to_user_skas(void __user *to, const void *from, int n); | 16 | extern int copy_to_user_skas(void __user *to, const void *from, int n); |
diff --git a/arch/um/kernel/skas/uaccess.c b/arch/um/kernel/skas/uaccess.c index 75195281081e..a5a47528dec7 100644 --- a/arch/um/kernel/skas/uaccess.c +++ b/arch/um/kernel/skas/uaccess.c | |||
@@ -143,7 +143,7 @@ int copy_from_user_skas(void *to, const void __user *from, int n) | |||
143 | return(0); | 143 | return(0); |
144 | } | 144 | } |
145 | 145 | ||
146 | return(access_ok_skas(VERIFY_READ, from, n) ? | 146 | return(access_ok(VERIFY_READ, from, n) ? |
147 | buffer_op((unsigned long) from, n, 0, copy_chunk_from_user, &to): | 147 | buffer_op((unsigned long) from, n, 0, copy_chunk_from_user, &to): |
148 | n); | 148 | n); |
149 | } | 149 | } |
@@ -164,7 +164,7 @@ int copy_to_user_skas(void __user *to, const void *from, int n) | |||
164 | return(0); | 164 | return(0); |
165 | } | 165 | } |
166 | 166 | ||
167 | return(access_ok_skas(VERIFY_WRITE, to, n) ? | 167 | return(access_ok(VERIFY_WRITE, to, n) ? |
168 | buffer_op((unsigned long) to, n, 1, copy_chunk_to_user, &from) : | 168 | buffer_op((unsigned long) to, n, 1, copy_chunk_to_user, &from) : |
169 | n); | 169 | n); |
170 | } | 170 | } |
@@ -193,7 +193,7 @@ int strncpy_from_user_skas(char *dst, const char __user *src, int count) | |||
193 | return(strnlen(dst, count)); | 193 | return(strnlen(dst, count)); |
194 | } | 194 | } |
195 | 195 | ||
196 | if(!access_ok_skas(VERIFY_READ, src, 1)) | 196 | if(!access_ok(VERIFY_READ, src, 1)) |
197 | return(-EFAULT); | 197 | return(-EFAULT); |
198 | 198 | ||
199 | n = buffer_op((unsigned long) src, count, 0, strncpy_chunk_from_user, | 199 | n = buffer_op((unsigned long) src, count, 0, strncpy_chunk_from_user, |
@@ -221,7 +221,7 @@ int clear_user_skas(void __user *mem, int len) | |||
221 | return(0); | 221 | return(0); |
222 | } | 222 | } |
223 | 223 | ||
224 | return(access_ok_skas(VERIFY_WRITE, mem, len) ? | 224 | return(access_ok(VERIFY_WRITE, mem, len) ? |
225 | buffer_op((unsigned long) mem, len, 1, clear_chunk, NULL) : len); | 225 | buffer_op((unsigned long) mem, len, 1, clear_chunk, NULL) : len); |
226 | } | 226 | } |
227 | 227 | ||
diff --git a/arch/um/kernel/tt/include/uaccess-tt.h b/arch/um/kernel/tt/include/uaccess-tt.h index dc2ebfa8c54f..b9bfe9c481c4 100644 --- a/arch/um/kernel/tt/include/uaccess-tt.h +++ b/arch/um/kernel/tt/include/uaccess-tt.h | |||
@@ -19,19 +19,13 @@ | |||
19 | extern unsigned long end_vm; | 19 | extern unsigned long end_vm; |
20 | extern unsigned long uml_physmem; | 20 | extern unsigned long uml_physmem; |
21 | 21 | ||
22 | #define under_task_size(addr, size) \ | ||
23 | (((unsigned long) (addr) < TASK_SIZE) && \ | ||
24 | (((unsigned long) (addr) + (size)) < TASK_SIZE)) | ||
25 | |||
26 | #define is_stack(addr, size) \ | 22 | #define is_stack(addr, size) \ |
27 | (((unsigned long) (addr) < STACK_TOP) && \ | 23 | (((unsigned long) (addr) < STACK_TOP) && \ |
28 | ((unsigned long) (addr) >= STACK_TOP - ABOVE_KMEM) && \ | 24 | ((unsigned long) (addr) >= STACK_TOP - ABOVE_KMEM) && \ |
29 | (((unsigned long) (addr) + (size)) <= STACK_TOP)) | 25 | (((unsigned long) (addr) + (size)) <= STACK_TOP)) |
30 | 26 | ||
31 | #define access_ok_tt(type, addr, size) \ | 27 | #define access_ok_tt(type, addr, size) \ |
32 | ((type == VERIFY_READ) || (segment_eq(get_fs(), KERNEL_DS)) || \ | 28 | (is_stack(addr, size)) |
33 | (((unsigned long) (addr) <= ((unsigned long) (addr) + (size))) && \ | ||
34 | (under_task_size(addr, size) || is_stack(addr, size)))) | ||
35 | 29 | ||
36 | extern unsigned long get_fault_addr(void); | 30 | extern unsigned long get_fault_addr(void); |
37 | 31 | ||
diff --git a/arch/um/kernel/tt/uaccess.c b/arch/um/kernel/tt/uaccess.c index a72aa632972f..1cb60726567e 100644 --- a/arch/um/kernel/tt/uaccess.c +++ b/arch/um/kernel/tt/uaccess.c | |||
@@ -8,7 +8,7 @@ | |||
8 | 8 | ||
9 | int copy_from_user_tt(void *to, const void __user *from, int n) | 9 | int copy_from_user_tt(void *to, const void __user *from, int n) |
10 | { | 10 | { |
11 | if(!access_ok_tt(VERIFY_READ, from, n)) | 11 | if(!access_ok(VERIFY_READ, from, n)) |
12 | return(n); | 12 | return(n); |
13 | 13 | ||
14 | return(__do_copy_from_user(to, from, n, ¤t->thread.fault_addr, | 14 | return(__do_copy_from_user(to, from, n, ¤t->thread.fault_addr, |
@@ -17,7 +17,7 @@ int copy_from_user_tt(void *to, const void __user *from, int n) | |||
17 | 17 | ||
18 | int copy_to_user_tt(void __user *to, const void *from, int n) | 18 | int copy_to_user_tt(void __user *to, const void *from, int n) |
19 | { | 19 | { |
20 | if(!access_ok_tt(VERIFY_WRITE, to, n)) | 20 | if(!access_ok(VERIFY_WRITE, to, n)) |
21 | return(n); | 21 | return(n); |
22 | 22 | ||
23 | return(__do_copy_to_user(to, from, n, ¤t->thread.fault_addr, | 23 | return(__do_copy_to_user(to, from, n, ¤t->thread.fault_addr, |
@@ -28,7 +28,7 @@ int strncpy_from_user_tt(char *dst, const char __user *src, int count) | |||
28 | { | 28 | { |
29 | int n; | 29 | int n; |
30 | 30 | ||
31 | if(!access_ok_tt(VERIFY_READ, src, 1)) | 31 | if(!access_ok(VERIFY_READ, src, 1)) |
32 | return(-EFAULT); | 32 | return(-EFAULT); |
33 | 33 | ||
34 | n = __do_strncpy_from_user(dst, src, count, | 34 | n = __do_strncpy_from_user(dst, src, count, |
@@ -47,7 +47,7 @@ int __clear_user_tt(void __user *mem, int len) | |||
47 | 47 | ||
48 | int clear_user_tt(void __user *mem, int len) | 48 | int clear_user_tt(void __user *mem, int len) |
49 | { | 49 | { |
50 | if(!access_ok_tt(VERIFY_WRITE, mem, len)) | 50 | if(!access_ok(VERIFY_WRITE, mem, len)) |
51 | return(len); | 51 | return(len); |
52 | 52 | ||
53 | return(__do_clear_user(mem, len, ¤t->thread.fault_addr, | 53 | return(__do_clear_user(mem, len, ¤t->thread.fault_addr, |