From patchwork Sat Jun 29 12:03:14 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Helge Deller X-Patchwork-Id: 2803411 Return-Path: X-Original-To: patchwork-linux-parisc@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 3FE08BF4A1 for ; Sat, 29 Jun 2013 12:03:24 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 1179A200FA for ; Sat, 29 Jun 2013 12:03:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DFD70200F9 for ; Sat, 29 Jun 2013 12:03:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752331Ab3F2MDT (ORCPT ); Sat, 29 Jun 2013 08:03:19 -0400 Received: from mout.gmx.net ([212.227.17.22]:64842 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752154Ab3F2MDS (ORCPT ); Sat, 29 Jun 2013 08:03:18 -0400 Received: from mailout-de.gmx.net ([10.1.76.33]) by mrigmx.server.lan (mrigmx001) with ESMTP (Nemesis) id 0Ld2ys-1USOpB0J1M-00iFTF for ; Sat, 29 Jun 2013 14:03:17 +0200 Received: (qmail invoked by alias); 29 Jun 2013 12:03:16 -0000 Received: from p54AD0337.dip0.t-ipconnect.de (EHLO p100.box) [84.173.3.55] by mail.gmx.net (mp033) with SMTP; 29 Jun 2013 14:03:16 +0200 X-Authenticated: #1045983 X-Provags-ID: V01U2FsdGVkX1++K8ZJswu+dzK3HCT2KAoTonwQDfp/sBt4NC7NsW 7E0ZQ73eVs3mEH Date: Sat, 29 Jun 2013 14:03:14 +0200 From: Helge Deller To: linux-parisc@vger.kernel.org, James Bottomley Subject: [PATCH] parisc: implement full version of access_ok() Message-ID: <20130629120314.GA29350@p100.box> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-Y-GMX-Trusted: 0 Sender: linux-parisc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-parisc@vger.kernel.org X-Spam-Status: No, score=-8.2 required=5.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Up to now PA-RISC could live with a trivial version of access_ok(). Our fault handlers can correctly handle fault cases. But testcases showed that we need a better access check else we won't always return correct errno failure codes to userspace. Problem showed up during 32bit userspace tests in which writev() used a 32bit memory area and length which would then wrap around on 64bit kernel. Signed-off-by: Helge Deller --- To unsubscribe from this list: send the line "unsubscribe linux-parisc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h index e0a8235..37ca987 100644 --- a/arch/parisc/include/asm/uaccess.h +++ b/arch/parisc/include/asm/uaccess.h @@ -4,11 +4,14 @@ /* * User space memory access functions */ +#include #include #include #include #include +#include + #define VERIFY_READ 0 #define VERIFY_WRITE 1 @@ -33,12 +36,43 @@ extern int __get_user_bad(void); extern int __put_kernel_bad(void); extern int __put_user_bad(void); -static inline long access_ok(int type, const void __user * addr, - unsigned long size) + +/* + * Test whether a block of memory is a valid user space address. + * Returns 0 if the range is valid, nonzero otherwise. + */ +static inline int __range_not_ok(unsigned long addr, unsigned long size, + unsigned long limit) { - return 1; + unsigned long __newaddr = addr + size; + return (__newaddr < addr || __newaddr > limit || size > limit); } +/** + * access_ok: - Checks if a user space pointer is valid + * @type: Type of access: %VERIFY_READ or %VERIFY_WRITE. Note that + * %VERIFY_WRITE is a superset of %VERIFY_READ - if it is safe + * to write to a block, it is always safe to read from it. + * @addr: User space pointer to start of block to check + * @size: Size of block to check + * + * Context: User context only. This function may sleep. + * + * Checks if a pointer to a block of memory in user space is valid. + * + * Returns true (nonzero) if the memory block may be valid, false (zero) + * if it is definitely invalid. + * + * Note that, depending on architecture, this function probably just + * checks that the pointer is in the user space range - after calling + * this function, memory access functions may still return -EFAULT. + */ +#define access_ok(type, addr, size) \ +( __chk_user_ptr(addr), \ + !__range_not_ok((unsigned long) (__force void *) (addr), \ + size, user_addr_max()) \ +) + #define put_user __put_user #define get_user __get_user @@ -218,7 +252,11 @@ extern long lstrnlen_user(const char __user *,long); /* * Complex access routines -- macros */ -#define user_addr_max() (~0UL) +#ifdef CONFIG_COMPAT +#define user_addr_max() (TASK_SIZE) +#else +#define user_addr_max() (DEFAULT_TASK_SIZE) +#endif #define strnlen_user lstrnlen_user #define strlen_user(str) lstrnlen_user(str, 0x7fffffffL)