diff options
| author | Heiko Carstens <heiko.carstens@de.ibm.com> | 2010-01-05 08:19:11 -0500 |
|---|---|---|
| committer | H. Peter Anvin <hpa@zytor.com> | 2010-01-05 16:45:06 -0500 |
| commit | 409d02ef6d74f5e91f5ea4c587b2ee1375f106fc (patch) | |
| tree | b0a306edba73fe23fde15568ff04dbb00e5536cc /arch | |
| parent | f4b825bde98938f160315d655597bc9731521cae (diff) | |
x86: copy_from_user() should not return -EFAULT
Callers of copy_from_user() expect it to return the number of bytes
it could not copy. In no case it is supposed to return -EFAULT.
In case of a detected buffer overflow just return the requested
length. In addition one could think of a memset that would clear
the size of the target object.
[ hpa: code is not in .32 so not needed for -stable ]
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Acked-by: Arjan van de Ven <arjan@linux.intel.com>
LKML-Reference: <20100105131911.GC5480@osiris.boeblingen.de.ibm.com>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/x86/include/asm/uaccess_32.h | 5 | ||||
| -rw-r--r-- | arch/x86/include/asm/uaccess_64.h | 5 |
2 files changed, 4 insertions, 6 deletions
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h index 0c9825e97f36..088d09fb1615 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h | |||
| @@ -205,14 +205,13 @@ static inline unsigned long __must_check copy_from_user(void *to, | |||
| 205 | unsigned long n) | 205 | unsigned long n) |
| 206 | { | 206 | { |
| 207 | int sz = __compiletime_object_size(to); | 207 | int sz = __compiletime_object_size(to); |
| 208 | int ret = -EFAULT; | ||
| 209 | 208 | ||
| 210 | if (likely(sz == -1 || sz >= n)) | 209 | if (likely(sz == -1 || sz >= n)) |
| 211 | ret = _copy_from_user(to, from, n); | 210 | n = _copy_from_user(to, from, n); |
| 212 | else | 211 | else |
| 213 | copy_from_user_overflow(); | 212 | copy_from_user_overflow(); |
| 214 | 213 | ||
| 215 | return ret; | 214 | return n; |
| 216 | } | 215 | } |
| 217 | 216 | ||
| 218 | long __must_check strncpy_from_user(char *dst, const char __user *src, | 217 | long __must_check strncpy_from_user(char *dst, const char __user *src, |
diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h index 46324c6a4f6e..535e421498f6 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h | |||
| @@ -30,16 +30,15 @@ static inline unsigned long __must_check copy_from_user(void *to, | |||
| 30 | unsigned long n) | 30 | unsigned long n) |
| 31 | { | 31 | { |
| 32 | int sz = __compiletime_object_size(to); | 32 | int sz = __compiletime_object_size(to); |
| 33 | int ret = -EFAULT; | ||
| 34 | 33 | ||
| 35 | might_fault(); | 34 | might_fault(); |
| 36 | if (likely(sz == -1 || sz >= n)) | 35 | if (likely(sz == -1 || sz >= n)) |
| 37 | ret = _copy_from_user(to, from, n); | 36 | n = _copy_from_user(to, from, n); |
| 38 | #ifdef CONFIG_DEBUG_VM | 37 | #ifdef CONFIG_DEBUG_VM |
| 39 | else | 38 | else |
| 40 | WARN(1, "Buffer overflow detected!\n"); | 39 | WARN(1, "Buffer overflow detected!\n"); |
| 41 | #endif | 40 | #endif |
| 42 | return ret; | 41 | return n; |
| 43 | } | 42 | } |
| 44 | 43 | ||
| 45 | static __always_inline __must_check | 44 | static __always_inline __must_check |