aboutsummaryrefslogtreecommitdiffstats
path: root/arch/blackfin
diff options
context:
space:
mode:
authorRobin Getz <robin.getz@analog.com>2009-06-03 20:32:59 -0400
committerMike Frysinger <vapier@gentoo.org>2009-06-12 06:12:02 -0400
commita8372b5ca618d4ea41b3c7ac3cef8dd6efa68bc6 (patch)
tree644ce05a655aef5082d614309afc4b6655a30a48 /arch/blackfin
parent685a694f0653b7db49f663b2cd6953695214fb30 (diff)
Blackfin: add missing access_ok() checks to user functions
The core string/clear user functions weren't checking the user pointers which caused kernel crashes with some bad programs and tests (like LTP). Signed-off-by: Robin Getz <robin.getz@analog.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Diffstat (limited to 'arch/blackfin')
-rw-r--r--arch/blackfin/include/asm/uaccess.h25
1 files changed, 20 insertions, 5 deletions
diff --git a/arch/blackfin/include/asm/uaccess.h b/arch/blackfin/include/asm/uaccess.h
index 3248033531e6..97729be98948 100644
--- a/arch/blackfin/include/asm/uaccess.h
+++ b/arch/blackfin/include/asm/uaccess.h
@@ -233,16 +233,29 @@ strncpy_from_user(char *dst, const char *src, long count)
233} 233}
234 234
235/* 235/*
236 * Return the size of a string (including the ending 0) 236 * Get the size of a string in user space.
237 * src: The string to measure
238 * n: The maximum valid length
237 * 239 *
238 * Return 0 on exception, a value greater than N if too long 240 * Get the size of a NUL-terminated string in user space.
241 *
242 * Returns the size of the string INCLUDING the terminating NUL.
243 * On exception, returns 0.
244 * If the string is too long, returns a value greater than n.
239 */ 245 */
240static inline long strnlen_user(const char *src, long n) 246static inline long __must_check strnlen_user(const char *src, long n)
241{ 247{
242 return (strlen(src) + 1); 248 if (!access_ok(VERIFY_READ, src, 1))
249 return 0;
250 return strnlen(src, n) + 1;
243} 251}
244 252
245#define strlen_user(str) strnlen_user(str, 32767) 253static inline long __must_check strlen_user(const char *src)
254{
255 if (!access_ok(VERIFY_READ, src, 1))
256 return 0;
257 return strlen(src) + 1;
258}
246 259
247/* 260/*
248 * Zero Userspace 261 * Zero Userspace
@@ -251,6 +264,8 @@ static inline long strnlen_user(const char *src, long n)
251static inline unsigned long __must_check 264static inline unsigned long __must_check
252__clear_user(void *to, unsigned long n) 265__clear_user(void *to, unsigned long n)
253{ 266{
267 if (!access_ok(VERIFY_WRITE, to, n))
268 return n;
254 memset(to, 0, n); 269 memset(to, 0, n);
255 return 0; 270 return 0;
256} 271}