maccess: return -ERANGE when probe_kernel_read() fails
Allow the callers to distinguish a real unmapped address vs a range that can't be probed. Suggested-by: Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Link: http://lkml.kernel.org/r/20200521152301.2587579-24-hch@lst.de Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>alistair/sunxi64-5.8
parent
fa94111d94
commit
2a71e81d32
16
mm/maccess.c
16
mm/maccess.c
|
@ -24,7 +24,7 @@ bool __weak probe_kernel_read_allowed(const void *unsafe_src, size_t size)
|
||||||
long probe_kernel_read(void *dst, const void *src, size_t size)
|
long probe_kernel_read(void *dst, const void *src, size_t size)
|
||||||
{
|
{
|
||||||
if (!probe_kernel_read_allowed(src, size))
|
if (!probe_kernel_read_allowed(src, size))
|
||||||
return -EFAULT;
|
return -ERANGE;
|
||||||
|
|
||||||
pagefault_disable();
|
pagefault_disable();
|
||||||
probe_kernel_read_loop(dst, src, size, u64, Efault);
|
probe_kernel_read_loop(dst, src, size, u64, Efault);
|
||||||
|
@ -68,7 +68,7 @@ long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count)
|
||||||
if (unlikely(count <= 0))
|
if (unlikely(count <= 0))
|
||||||
return 0;
|
return 0;
|
||||||
if (!probe_kernel_read_allowed(unsafe_addr, count))
|
if (!probe_kernel_read_allowed(unsafe_addr, count))
|
||||||
return -EFAULT;
|
return -ERANGE;
|
||||||
|
|
||||||
pagefault_disable();
|
pagefault_disable();
|
||||||
do {
|
do {
|
||||||
|
@ -93,7 +93,8 @@ Efault:
|
||||||
* @size: size of the data chunk
|
* @size: size of the data chunk
|
||||||
*
|
*
|
||||||
* Safely read from kernel address @src to the buffer at @dst. If a kernel
|
* Safely read from kernel address @src to the buffer at @dst. If a kernel
|
||||||
* fault happens, handle that and return -EFAULT.
|
* fault happens, handle that and return -EFAULT. If @src is not a valid kernel
|
||||||
|
* address, return -ERANGE.
|
||||||
*
|
*
|
||||||
* We ensure that the copy_from_user is executed in atomic context so that
|
* We ensure that the copy_from_user is executed in atomic context so that
|
||||||
* do_page_fault() doesn't attempt to take mmap_lock. This makes
|
* do_page_fault() doesn't attempt to take mmap_lock. This makes
|
||||||
|
@ -106,7 +107,7 @@ long probe_kernel_read(void *dst, const void *src, size_t size)
|
||||||
mm_segment_t old_fs = get_fs();
|
mm_segment_t old_fs = get_fs();
|
||||||
|
|
||||||
if (!probe_kernel_read_allowed(src, size))
|
if (!probe_kernel_read_allowed(src, size))
|
||||||
return -EFAULT;
|
return -ERANGE;
|
||||||
|
|
||||||
set_fs(KERNEL_DS);
|
set_fs(KERNEL_DS);
|
||||||
pagefault_disable();
|
pagefault_disable();
|
||||||
|
@ -158,8 +159,9 @@ long probe_kernel_write(void *dst, const void *src, size_t size)
|
||||||
*
|
*
|
||||||
* On success, returns the length of the string INCLUDING the trailing NUL.
|
* On success, returns the length of the string INCLUDING the trailing NUL.
|
||||||
*
|
*
|
||||||
* If access fails, returns -EFAULT (some data may have been copied
|
* If access fails, returns -EFAULT (some data may have been copied and the
|
||||||
* and the trailing NUL added).
|
* trailing NUL added). If @unsafe_addr is not a valid kernel address, return
|
||||||
|
* -ERANGE.
|
||||||
*
|
*
|
||||||
* If @count is smaller than the length of the string, copies @count-1 bytes,
|
* If @count is smaller than the length of the string, copies @count-1 bytes,
|
||||||
* sets the last byte of @dst buffer to NUL and returns @count.
|
* sets the last byte of @dst buffer to NUL and returns @count.
|
||||||
|
@ -173,7 +175,7 @@ long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count)
|
||||||
if (unlikely(count <= 0))
|
if (unlikely(count <= 0))
|
||||||
return 0;
|
return 0;
|
||||||
if (!probe_kernel_read_allowed(unsafe_addr, count))
|
if (!probe_kernel_read_allowed(unsafe_addr, count))
|
||||||
return -EFAULT;
|
return -ERANGE;
|
||||||
|
|
||||||
set_fs(KERNEL_DS);
|
set_fs(KERNEL_DS);
|
||||||
pagefault_disable();
|
pagefault_disable();
|
||||||
|
|
Loading…
Reference in New Issue