From: Al Viro Date: Fri, 30 Jun 2017 01:39:54 +0000 (-0400) Subject: copy_{from,to}_user(): move kasan checks and might_fault() out-of-line X-Git-Tag: v4.14-rc1~538^2~4 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=9c5f6908de03a4f52ba7364b11fcd6116225480c;p=platform%2Fkernel%2Flinux-rpi.git copy_{from,to}_user(): move kasan checks and might_fault() out-of-line Signed-off-by: Al Viro --- diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 201418d..e573288 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -109,8 +109,11 @@ static inline unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n) { unsigned long res = n; - if (likely(access_ok(VERIFY_READ, from, n))) + might_fault(); + if (likely(access_ok(VERIFY_READ, from, n))) { + kasan_check_write(to, n); res = raw_copy_from_user(to, from, n); + } if (unlikely(res)) memset(to + (n - res), 0, res); return res; @@ -124,8 +127,11 @@ _copy_from_user(void *, const void __user *, unsigned long); static inline unsigned long _copy_to_user(void __user *to, const void *from, unsigned long n) { - if (access_ok(VERIFY_WRITE, to, n)) + might_fault(); + if (access_ok(VERIFY_WRITE, to, n)) { + kasan_check_read(from, n); n = raw_copy_to_user(to, from, n); + } return n; } #else @@ -146,9 +152,6 @@ copy_from_user(void *to, const void __user *from, unsigned long n) { int sz = __compiletime_object_size(to); - might_fault(); - kasan_check_write(to, n); - if (likely(sz < 0 || sz >= n)) { check_object_size(to, n, false); n = _copy_from_user(to, from, n); @@ -165,9 +168,6 @@ copy_to_user(void __user *to, const void *from, unsigned long n) { int sz = __compiletime_object_size(from); - kasan_check_read(from, n); - might_fault(); - if (likely(sz < 0 || sz >= n)) { check_object_size(from, n, true); n = _copy_to_user(to, from, n); diff --git a/lib/usercopy.c b/lib/usercopy.c index 1b6010a..f5d9f08 100644 --- a/lib/usercopy.c +++ b/lib/usercopy.c @@ -6,8 +6,11 @@ unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n) { unsigned long res = n; - if (likely(access_ok(VERIFY_READ, from, n))) + might_fault(); + if (likely(access_ok(VERIFY_READ, from, n))) { + kasan_check_write(to, n); res = raw_copy_from_user(to, from, n); + } if (unlikely(res)) memset(to + (n - res), 0, res); return res; @@ -18,8 +21,11 @@ EXPORT_SYMBOL(_copy_from_user); #ifndef INLINE_COPY_TO_USER unsigned long _copy_to_user(void *to, const void __user *from, unsigned long n) { - if (likely(access_ok(VERIFY_WRITE, to, n))) + might_fault(); + if (likely(access_ok(VERIFY_WRITE, to, n))) { + kasan_check_read(from, n); n = raw_copy_to_user(to, from, n); + } return n; } EXPORT_SYMBOL(_copy_to_user);