aboutsummaryrefslogtreecommitdiffstats
path: root/arch
diff options
context:
space:
mode:
authorRussell King <rmk+kernel@arm.linux.org.uk>2012-09-07 13:22:28 -0400
committerRussell King <rmk+kernel@arm.linux.org.uk>2012-09-09 12:28:47 -0400
commit8404663f81d212918ff85f493649a7991209fa04 (patch)
treeb695686fd2764914da245ef31649b1deb91ddafa /arch
parent2b2040af0b64cd93e5d4df2494c4486cf604090d (diff)
ARM: 7527/1: uaccess: explicitly check __user pointer when !CPU_USE_DOMAINS
The {get,put}_user macros don't perform range checking on the provided __user address when !CPU_HAS_DOMAINS. This patch reworks the out-of-line assembly accessors to check the user address against a specified limit, returning -EFAULT if is is out of range. [will: changed get_user register allocation to match put_user] [rmk: fixed building on older ARM architectures] Reported-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Will Deacon <will.deacon@arm.com> Cc: stable@vger.kernel.org Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Diffstat (limited to 'arch')
-rw-r--r--arch/arm/include/asm/assembler.h8
-rw-r--r--arch/arm/include/asm/uaccess.h40
-rw-r--r--arch/arm/lib/getuser.S23
-rw-r--r--arch/arm/lib/putuser.S6
4 files changed, 56 insertions, 21 deletions
diff --git a/arch/arm/include/asm/assembler.h b/arch/arm/include/asm/assembler.h
index 03fb93621d0d..5c8b3bf4d825 100644
--- a/arch/arm/include/asm/assembler.h
+++ b/arch/arm/include/asm/assembler.h
@@ -320,4 +320,12 @@
320 .size \name , . - \name 320 .size \name , . - \name
321 .endm 321 .endm
322 322
323 .macro check_uaccess, addr:req, size:req, limit:req, tmp:req, bad:req
324#ifndef CONFIG_CPU_USE_DOMAINS
325 adds \tmp, \addr, #\size - 1
326 sbcccs \tmp, \tmp, \limit
327 bcs \bad
328#endif
329 .endm
330
323#endif /* __ASM_ASSEMBLER_H__ */ 331#endif /* __ASM_ASSEMBLER_H__ */
diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
index 479a6352e0b5..6f83ad6e4d3d 100644
--- a/arch/arm/include/asm/uaccess.h
+++ b/arch/arm/include/asm/uaccess.h
@@ -101,28 +101,39 @@ extern int __get_user_1(void *);
101extern int __get_user_2(void *); 101extern int __get_user_2(void *);
102extern int __get_user_4(void *); 102extern int __get_user_4(void *);
103 103
104#define __get_user_x(__r2,__p,__e,__s,__i...) \ 104#define __GUP_CLOBBER_1 "lr", "cc"
105#ifdef CONFIG_CPU_USE_DOMAINS
106#define __GUP_CLOBBER_2 "ip", "lr", "cc"
107#else
108#define __GUP_CLOBBER_2 "lr", "cc"
109#endif
110#define __GUP_CLOBBER_4 "lr", "cc"
111
112#define __get_user_x(__r2,__p,__e,__l,__s) \
105 __asm__ __volatile__ ( \ 113 __asm__ __volatile__ ( \
106 __asmeq("%0", "r0") __asmeq("%1", "r2") \ 114 __asmeq("%0", "r0") __asmeq("%1", "r2") \
115 __asmeq("%3", "r1") \
107 "bl __get_user_" #__s \ 116 "bl __get_user_" #__s \
108 : "=&r" (__e), "=r" (__r2) \ 117 : "=&r" (__e), "=r" (__r2) \
109 : "0" (__p) \ 118 : "0" (__p), "r" (__l) \
110 : __i, "cc") 119 : __GUP_CLOBBER_##__s)
111 120
112#define get_user(x,p) \ 121#define get_user(x,p) \
113 ({ \ 122 ({ \
123 unsigned long __limit = current_thread_info()->addr_limit - 1; \
114 register const typeof(*(p)) __user *__p asm("r0") = (p);\ 124 register const typeof(*(p)) __user *__p asm("r0") = (p);\
115 register unsigned long __r2 asm("r2"); \ 125 register unsigned long __r2 asm("r2"); \
126 register unsigned long __l asm("r1") = __limit; \
116 register int __e asm("r0"); \ 127 register int __e asm("r0"); \
117 switch (sizeof(*(__p))) { \ 128 switch (sizeof(*(__p))) { \
118 case 1: \ 129 case 1: \
119 __get_user_x(__r2, __p, __e, 1, "lr"); \ 130 __get_user_x(__r2, __p, __e, __l, 1); \
120 break; \ 131 break; \
121 case 2: \ 132 case 2: \
122 __get_user_x(__r2, __p, __e, 2, "r3", "lr"); \ 133 __get_user_x(__r2, __p, __e, __l, 2); \
123 break; \ 134 break; \
124 case 4: \ 135 case 4: \
125 __get_user_x(__r2, __p, __e, 4, "lr"); \ 136 __get_user_x(__r2, __p, __e, __l, 4); \
126 break; \ 137 break; \
127 default: __e = __get_user_bad(); break; \ 138 default: __e = __get_user_bad(); break; \
128 } \ 139 } \
@@ -135,31 +146,34 @@ extern int __put_user_2(void *, unsigned int);
135extern int __put_user_4(void *, unsigned int); 146extern int __put_user_4(void *, unsigned int);
136extern int __put_user_8(void *, unsigned long long); 147extern int __put_user_8(void *, unsigned long long);
137 148
138#define __put_user_x(__r2,__p,__e,__s) \ 149#define __put_user_x(__r2,__p,__e,__l,__s) \
139 __asm__ __volatile__ ( \ 150 __asm__ __volatile__ ( \
140 __asmeq("%0", "r0") __asmeq("%2", "r2") \ 151 __asmeq("%0", "r0") __asmeq("%2", "r2") \
152 __asmeq("%3", "r1") \
141 "bl __put_user_" #__s \ 153 "bl __put_user_" #__s \
142 : "=&r" (__e) \ 154 : "=&r" (__e) \
143 : "0" (__p), "r" (__r2) \ 155 : "0" (__p), "r" (__r2), "r" (__l) \
144 : "ip", "lr", "cc") 156 : "ip", "lr", "cc")
145 157
146#define put_user(x,p) \ 158#define put_user(x,p) \
147 ({ \ 159 ({ \
160 unsigned long __limit = current_thread_info()->addr_limit - 1; \
148 register const typeof(*(p)) __r2 asm("r2") = (x); \ 161 register const typeof(*(p)) __r2 asm("r2") = (x); \
149 register const typeof(*(p)) __user *__p asm("r0") = (p);\ 162 register const typeof(*(p)) __user *__p asm("r0") = (p);\
163 register unsigned long __l asm("r1") = __limit; \
150 register int __e asm("r0"); \ 164 register int __e asm("r0"); \
151 switch (sizeof(*(__p))) { \ 165 switch (sizeof(*(__p))) { \
152 case 1: \ 166 case 1: \
153 __put_user_x(__r2, __p, __e, 1); \ 167 __put_user_x(__r2, __p, __e, __l, 1); \
154 break; \ 168 break; \
155 case 2: \ 169 case 2: \
156 __put_user_x(__r2, __p, __e, 2); \ 170 __put_user_x(__r2, __p, __e, __l, 2); \
157 break; \ 171 break; \
158 case 4: \ 172 case 4: \
159 __put_user_x(__r2, __p, __e, 4); \ 173 __put_user_x(__r2, __p, __e, __l, 4); \
160 break; \ 174 break; \
161 case 8: \ 175 case 8: \
162 __put_user_x(__r2, __p, __e, 8); \ 176 __put_user_x(__r2, __p, __e, __l, 8); \
163 break; \ 177 break; \
164 default: __e = __put_user_bad(); break; \ 178 default: __e = __put_user_bad(); break; \
165 } \ 179 } \
diff --git a/arch/arm/lib/getuser.S b/arch/arm/lib/getuser.S
index 11093a7c3e32..9b06bb41fca6 100644
--- a/arch/arm/lib/getuser.S
+++ b/arch/arm/lib/getuser.S
@@ -16,8 +16,9 @@
16 * __get_user_X 16 * __get_user_X
17 * 17 *
18 * Inputs: r0 contains the address 18 * Inputs: r0 contains the address
19 * r1 contains the address limit, which must be preserved
19 * Outputs: r0 is the error code 20 * Outputs: r0 is the error code
20 * r2, r3 contains the zero-extended value 21 * r2 contains the zero-extended value
21 * lr corrupted 22 * lr corrupted
22 * 23 *
23 * No other registers must be altered. (see <asm/uaccess.h> 24 * No other registers must be altered. (see <asm/uaccess.h>
@@ -27,33 +28,39 @@
27 * Note also that it is intended that __get_user_bad is not global. 28 * Note also that it is intended that __get_user_bad is not global.
28 */ 29 */
29#include <linux/linkage.h> 30#include <linux/linkage.h>
31#include <asm/assembler.h>
30#include <asm/errno.h> 32#include <asm/errno.h>
31#include <asm/domain.h> 33#include <asm/domain.h>
32 34
33ENTRY(__get_user_1) 35ENTRY(__get_user_1)
36 check_uaccess r0, 1, r1, r2, __get_user_bad
341: TUSER(ldrb) r2, [r0] 371: TUSER(ldrb) r2, [r0]
35 mov r0, #0 38 mov r0, #0
36 mov pc, lr 39 mov pc, lr
37ENDPROC(__get_user_1) 40ENDPROC(__get_user_1)
38 41
39ENTRY(__get_user_2) 42ENTRY(__get_user_2)
40#ifdef CONFIG_THUMB2_KERNEL 43 check_uaccess r0, 2, r1, r2, __get_user_bad
412: TUSER(ldrb) r2, [r0] 44#ifdef CONFIG_CPU_USE_DOMAINS
423: TUSER(ldrb) r3, [r0, #1] 45rb .req ip
462: ldrbt r2, [r0], #1
473: ldrbt rb, [r0], #0
43#else 48#else
442: TUSER(ldrb) r2, [r0], #1 49rb .req r0
453: TUSER(ldrb) r3, [r0] 502: ldrb r2, [r0]
513: ldrb rb, [r0, #1]
46#endif 52#endif
47#ifndef __ARMEB__ 53#ifndef __ARMEB__
48 orr r2, r2, r3, lsl #8 54 orr r2, r2, rb, lsl #8
49#else 55#else
50 orr r2, r3, r2, lsl #8 56 orr r2, rb, r2, lsl #8
51#endif 57#endif
52 mov r0, #0 58 mov r0, #0
53 mov pc, lr 59 mov pc, lr
54ENDPROC(__get_user_2) 60ENDPROC(__get_user_2)
55 61
56ENTRY(__get_user_4) 62ENTRY(__get_user_4)
63 check_uaccess r0, 4, r1, r2, __get_user_bad
574: TUSER(ldr) r2, [r0] 644: TUSER(ldr) r2, [r0]
58 mov r0, #0 65 mov r0, #0
59 mov pc, lr 66 mov pc, lr
diff --git a/arch/arm/lib/putuser.S b/arch/arm/lib/putuser.S
index 7db25990c589..3d73dcb959b0 100644
--- a/arch/arm/lib/putuser.S
+++ b/arch/arm/lib/putuser.S
@@ -16,6 +16,7 @@
16 * __put_user_X 16 * __put_user_X
17 * 17 *
18 * Inputs: r0 contains the address 18 * Inputs: r0 contains the address
19 * r1 contains the address limit, which must be preserved
19 * r2, r3 contains the value 20 * r2, r3 contains the value
20 * Outputs: r0 is the error code 21 * Outputs: r0 is the error code
21 * lr corrupted 22 * lr corrupted
@@ -27,16 +28,19 @@
27 * Note also that it is intended that __put_user_bad is not global. 28 * Note also that it is intended that __put_user_bad is not global.
28 */ 29 */
29#include <linux/linkage.h> 30#include <linux/linkage.h>
31#include <asm/assembler.h>
30#include <asm/errno.h> 32#include <asm/errno.h>
31#include <asm/domain.h> 33#include <asm/domain.h>
32 34
33ENTRY(__put_user_1) 35ENTRY(__put_user_1)
36 check_uaccess r0, 1, r1, ip, __put_user_bad
341: TUSER(strb) r2, [r0] 371: TUSER(strb) r2, [r0]
35 mov r0, #0 38 mov r0, #0
36 mov pc, lr 39 mov pc, lr
37ENDPROC(__put_user_1) 40ENDPROC(__put_user_1)
38 41
39ENTRY(__put_user_2) 42ENTRY(__put_user_2)
43 check_uaccess r0, 2, r1, ip, __put_user_bad
40 mov ip, r2, lsr #8 44 mov ip, r2, lsr #8
41#ifdef CONFIG_THUMB2_KERNEL 45#ifdef CONFIG_THUMB2_KERNEL
42#ifndef __ARMEB__ 46#ifndef __ARMEB__
@@ -60,12 +64,14 @@ ENTRY(__put_user_2)
60ENDPROC(__put_user_2) 64ENDPROC(__put_user_2)
61 65
62ENTRY(__put_user_4) 66ENTRY(__put_user_4)
67 check_uaccess r0, 4, r1, ip, __put_user_bad
634: TUSER(str) r2, [r0] 684: TUSER(str) r2, [r0]
64 mov r0, #0 69 mov r0, #0
65 mov pc, lr 70 mov pc, lr
66ENDPROC(__put_user_4) 71ENDPROC(__put_user_4)
67 72
68ENTRY(__put_user_8) 73ENTRY(__put_user_8)
74 check_uaccess r0, 8, r1, ip, __put_user_bad
69#ifdef CONFIG_THUMB2_KERNEL 75#ifdef CONFIG_THUMB2_KERNEL
705: TUSER(str) r2, [r0] 765: TUSER(str) r2, [r0]
716: TUSER(str) r3, [r0, #4] 776: TUSER(str) r3, [r0, #4]