From cabca8c098f00c91aeb59170e86e5c5fa4f494c2 Mon Sep 17 00:00:00 2001 From: Paul Burton Date: Sat, 8 Oct 2016 22:47:14 +0100 Subject: [PATCH] MIPS: Enable hardened usercopy Enable CONFIG_HARDENED_USERCOPY checks for MIPS, calling check_object size in all of copy_{to,from}_user(), __copy_{to,from}_user() & __copy_{to,from}_user_inatomic(). Signed-off-by: Paul Burton Cc: Kees Cook Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14371/ Signed-off-by: Ralf Baechle --- arch/mips/Kconfig | 1 + arch/mips/include/asm/uaccess.h | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig index a7d9224..7f6da2c8 100644 --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig @@ -66,6 +66,7 @@ config MIPS select HANDLE_DOMAIN_IRQ select HAVE_EXIT_THREAD select HAVE_REGS_AND_STACK_ACCESS_API + select HAVE_ARCH_HARDENED_USERCOPY menu "Machine selection" diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h index 21a2aab..c65707d 100644 --- a/arch/mips/include/asm/uaccess.h +++ b/arch/mips/include/asm/uaccess.h @@ -858,7 +858,10 @@ extern size_t __copy_user(void *__to, const void *__from, size_t __n); __cu_to = (to); \ __cu_from = (from); \ __cu_len = (n); \ + \ + check_object_size(__cu_from, __cu_len, true); \ might_fault(); \ + \ if (eva_kernel_access()) \ __cu_len = __invoke_copy_to_kernel(__cu_to, __cu_from, \ __cu_len); \ @@ -879,6 +882,9 @@ extern size_t __copy_user_inatomic(void *__to, const void *__from, size_t __n); __cu_to = (to); \ __cu_from = (from); \ __cu_len = (n); \ + \ + check_object_size(__cu_from, __cu_len, true); \ + \ if (eva_kernel_access()) \ __cu_len = __invoke_copy_to_kernel(__cu_to, __cu_from, \ __cu_len); \ @@ -897,6 +903,9 @@ extern size_t __copy_user_inatomic(void *__to, const void *__from, size_t __n); __cu_to = (to); \ __cu_from = (from); \ __cu_len = (n); \ + \ + check_object_size(__cu_to, __cu_len, false); \ + \ if (eva_kernel_access()) \ __cu_len = __invoke_copy_from_kernel_inatomic(__cu_to, \ __cu_from,\ @@ -931,6 +940,9 @@ extern size_t __copy_user_inatomic(void *__to, const void *__from, size_t __n); __cu_to = (to); \ __cu_from = (from); \ __cu_len = (n); \ + \ + check_object_size(__cu_from, __cu_len, true); \ + \ if (eva_kernel_access()) { \ __cu_len = __invoke_copy_to_kernel(__cu_to, \ __cu_from, \ @@ -1123,6 +1135,9 @@ extern size_t __copy_in_user_eva(void *__to, const void *__from, size_t __n); __cu_to = (to); \ __cu_from = (from); \ __cu_len = (n); \ + \ + check_object_size(__cu_to, __cu_len, false); \ + \ if (eva_kernel_access()) { \ __cu_len = __invoke_copy_from_kernel(__cu_to, \ __cu_from, \ @@ -1161,6 +1176,9 @@ extern size_t __copy_in_user_eva(void *__to, const void *__from, size_t __n); __cu_to = (to); \ __cu_from = (from); \ __cu_len = (n); \ + \ + check_object_size(__cu_to, __cu_len, false); \ + \ if (eva_kernel_access()) { \ __cu_len = __invoke_copy_from_kernel(__cu_to, \ __cu_from, \ -- 2.7.4