Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a8372b5c authored by Robin Getz's avatar Robin Getz Committed by Mike Frysinger
Browse files

Blackfin: add missing access_ok() checks to user functions 



The core string/clear user functions weren't checking the user pointers
which caused kernel crashes with some bad programs and tests (like LTP).

Signed-off-by: default avatarRobin Getz <robin.getz@analog.com>
Signed-off-by: default avatarMike Frysinger <vapier@gentoo.org>
parent 685a694f

arch/blackfin/include/asm/uaccess.h

+20 −5
Original line number Diff line number Diff line
@@ -233,16 +233,29 @@ strncpy_from_user(char *dst, const char *src, long count) 
}



/*

 * Return the size of a string (including the ending 0)

 * Get the size of a string in user space.

 *   src: The string to measure

 *     n: The maximum valid length

 *

 * Return 0 on exception, a value greater than N if too long

 * Get the size of a NUL-terminated string in user space.

 *

 * Returns the size of the string INCLUDING the terminating NUL.

 * On exception, returns 0.

 * If the string is too long, returns a value greater than n.

 */

static inline long strnlen_user(const char *src, long n)

static inline long __must_check strnlen_user(const char *src, long n)

{

	return (strlen(src) + 1);

	if (!access_ok(VERIFY_READ, src, 1))

		return 0;

	return strnlen(src, n) + 1;

}



#define strlen_user(str) strnlen_user(str, 32767)

static inline long __must_check strlen_user(const char *src)

{

	if (!access_ok(VERIFY_READ, src, 1))

		return 0;

	return strlen(src) + 1;

}



/*

 * Zero Userspace
@@ -251,6 +264,8 @@ static inline long strnlen_user(const char *src, long n) 
static inline unsigned long __must_check

__clear_user(void *to, unsigned long n)

{

	if (!access_ok(VERIFY_WRITE, to, n))

		return n;

	memset(to, 0, n);

	return 0;

}