From patchwork Tue Sep 24 09:00:50 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 2932541 Return-Path: X-Original-To: patchwork-linux-arm@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 6F975BFF05 for ; Tue, 24 Sep 2013 09:01:25 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 30A032025B for ; Tue, 24 Sep 2013 09:01:24 +0000 (UTC) Received: from casper.infradead.org (casper.infradead.org [85.118.1.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 531E92022F for ; Tue, 24 Sep 2013 09:01:21 +0000 (UTC) Received: from merlin.infradead.org ([2001:4978:20e::2]) by casper.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1VOOUd-0007j6-PF; Tue, 24 Sep 2013 09:01:15 +0000 Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.80.1 #2 (Red Hat Linux)) id 1VOOUY-00082J-Td; Tue, 24 Sep 2013 09:01:10 +0000 Received: from mail-pd0-f173.google.com ([209.85.192.173]) by merlin.infradead.org with esmtps (Exim 4.80.1 #2 (Red Hat Linux)) id 1VOOUV-00081B-PV for linux-arm-kernel@lists.infradead.org; Tue, 24 Sep 2013 09:01:08 +0000 Received: by mail-pd0-f173.google.com with SMTP id p10so4330163pdj.32 for ; Tue, 24 Sep 2013 02:00:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:content-type:content-transfer-encoding; bh=gWX6O1LLDxNAHUsLeug66zet7n8MoltlrX+lEyIZSXY=; b=c0SfwzkyTFBbdWdfZAgJACCKn6OZ4wdqjQi54yhK/1c7R2ZRKyUp8oFNlfMendprvQ J1YhFIG1EW+8mUEpGawXgvGRajvfMZ828hAg0HJCsjpKZr4/q9dNOMj4TEfOvn/7MnQl ZOOLyKTogkNw8NMAz1IwTp1Lybka/cmYU+gEyfthAwbV4Jq7HHEKB9R4SQs4jXgM5ToI tgzTPk0wPX3mKBvahO/WsZzYTav39KDEH/CKQU0/2SpwVVI4kgFZOhKiK4BuhdrFh3zT 6xCinupSs8Z7/xuFg3WFtLlW7FYTNeIRCq2Z8omrQtgEiIRwAgIVbJeuTncqF4PDjDd+ aEkQ== X-Gm-Message-State: ALoCoQlAU3G2ZtYzLTcHOd6bdJ4kg1zzLFmCW7hLyKg25uat+VO+Lg6xuVb3ezrO7z1O0kJG3PzH X-Received: by 10.66.142.193 with SMTP id ry1mr5181661pab.150.1380013245694; Tue, 24 Sep 2013 02:00:45 -0700 (PDT) Received: from [192.168.42.78] (KD182249091162.au-net.ne.jp. [182.249.91.162]) by mx.google.com with ESMTPSA id ia5sm39376826pbc.42.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 24 Sep 2013 02:00:44 -0700 (PDT) Message-ID: <524154C2.1080303@linaro.org> Date: Tue, 24 Sep 2013 18:00:50 +0900 From: AKASHI Takahiro User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8 MIME-Version: 1.0 To: Catalin Marinas Subject: [PATCH] arm64: avoid multiple evaluation of ptr in get_user/put_user() X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20130924_050107_894312_CCE6BBFB X-CRM114-Status: GOOD ( 10.19 ) X-Spam-Score: -1.9 (-) Cc: linaro-kernel@lists.linaro.org, linux-arm-kernel@lists.infradead.org X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org X-Spam-Status: No, score=-6.5 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP get_user() is defined as a function macro in arm64, and trace_get_user() calls it as followed: get_user(ch, ptr++); Since the second parameter occurs twice in the definition, 'ptr++' is unexpectedly evaluated twice and trace_get_user() will generate a bogus string from user-provided one. As a result, some ftrace sysfs operations, like "echo FUNCNAME > set_ftrace_filter," hit this case and eventually fail. This patch fixes the issue both in get_user() and put_user(). Signed-off-by: AKASHI Takahiro --- arch/arm64/include/asm/uaccess.h | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) ({ \ + __typeof__(*(ptr)) *optr = (ptr); \ + \ might_fault(); \ - access_ok(VERIFY_WRITE, (ptr), sizeof(*(ptr))) ? \ - __put_user((x), (ptr)) : \ + access_ok(VERIFY_WRITE, optr, sizeof(*optr)) ? \ + __put_user((x), optr) : \ -EFAULT; \ }) -- 1.7.9.5 diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index edb3d5c..bbeab83 100644 --- a/arch/arm64/include/asm/uaccess.h +++ b/arch/arm64/include/asm/uaccess.h @@ -166,9 +166,11 @@ do { \ #define get_user(x, ptr) \ ({ \ + __typeof__(*(ptr)) *optr = (ptr); \ + \ might_fault(); \ - access_ok(VERIFY_READ, (ptr), sizeof(*(ptr))) ? \ - __get_user((x), (ptr)) : \ + access_ok(VERIFY_READ, optr, sizeof(*optr)) ? \ + __get_user((x), optr) : \ ((x) = 0, -EFAULT); \ }) @@ -227,9 +229,11 @@ do { \ #define put_user(x, ptr) \