MIPS: Fix access_ok() for the last byte of user space

The MIPS implementation of access_ok() incorrectly reports that access
to the final byte of user memory is not OK, much as the alpha & SH
versions did prior to commit 94bd8a05cd4d ("Fix 'acccess_ok()' on alpha
and SH").

For example on a MIPS64 system with __UA_LIMIT == 0xffff000000000000 we
incorrectly fail in the following cases:

  access_ok(0xffffffffffff, 0x1) = 0
  access_ok(0xfffffffffffe, 0x2) = 0

Fix MIPS in the same way as alpha & SH, by subtracting one from the addr
+ size condition when size is non-zero. With this the access_ok() calls
above return 1 indicating that the access may be valid.

The cost of the improved check is pretty minimal - we gain 2410 bytes,
or 0.03%, in kernel code size for a 64r6el_defconfig kernel built using
GCC 8.1.0.

Signed-off-by: Paul Burton <paul.burton@mips.com>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>

diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h
index 9e9e3aa..ab47e59 100644 (file)
--- a/arch/mips/include/asm/uaccess.h
+++ b/arch/mips/include/asm/uaccess.h
@@ -79,7 +79,9 @@ extern u64 __ua_limit;
 static inline int __access_ok(const void __user *p, unsigned long size)
 {
        unsigned long addr = (unsigned long)p;
-       return (__UA_LIMIT & (addr | (addr + size) | __ua_size(size))) == 0;
+       unsigned long end = addr + size - !!size;
+
+       return (__UA_LIMIT & (addr | end | __ua_size(size))) == 0;
 }
 
 #define access_ok(addr, size)                                  \