Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f45655f6 authored by Heiko Carstens's avatar Heiko Carstens Committed by Martin Schwidefsky
Browse files

s390/uaccess: fix strncpy_from_user/strnlen_user zero maxlen case 



If the maximum length specified for the to be accessed string for
strncpy_from_user() and strnlen_user() is zero the following incorrect
values would be returned or incorrect memory accesses would happen:

strnlen_user_std() and strnlen_user_pt() incorrectly return "1"
strncpy_from_user_pt() would incorrectly access "dst[maxlen - 1]"
strncpy_from_user_mvcos() would incorrectly return "-EFAULT"

Fix all these oddities by adding early checks.

Reviewed-by: default avatarGerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: default avatarHeiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
parent d7b788cd

arch/s390/lib/uaccess_mvcos.c

+2 −0
Original line number Original line Diff line number Diff line
@@ -184,6 +184,8 @@ static size_t strncpy_from_user_mvcos(size_t count, const char __user *src, 
{

{

	size_t done, len, offset, len_str;

	size_t done, len, offset, len_str;





	if (unlikely(!count))

		return 0;

	done = 0;

	done = 0;

	do {

	do {

		offset = (size_t)src & ~PAGE_MASK;

		offset = (size_t)src & ~PAGE_MASK;

arch/s390/lib/uaccess_pt.c

+4 −0
Original line number Original line Diff line number Diff line
@@ -172,6 +172,8 @@ static size_t strnlen_user_pt(size_t count, const char __user *src) 
	unsigned long offset, done, len, kaddr;

	unsigned long offset, done, len, kaddr;

	size_t len_str;

	size_t len_str;





	if (unlikely(!count))

		return 0;

	if (segment_eq(get_fs(), KERNEL_DS))

	if (segment_eq(get_fs(), KERNEL_DS))

		return strnlen((const char __kernel __force *) src, count) + 1;

		return strnlen((const char __kernel __force *) src, count) + 1;

	done = 0;

	done = 0;
@@ -202,6 +204,8 @@ static size_t strncpy_from_user_pt(size_t count, const char __user *src, 
{

{

	size_t n = strnlen_user_pt(count, src);

	size_t n = strnlen_user_pt(count, src);





	if (unlikely(!count))

		return 0;

	if (!n)

	if (!n)

		return -EFAULT;

		return -EFAULT;

	if (n > count)

	if (n > count)

arch/s390/lib/uaccess_std.c

+2 −0
Original line number Original line Diff line number Diff line
@@ -188,6 +188,8 @@ size_t strnlen_user_std(size_t size, const char __user *src) 
	register unsigned long reg0 asm("0") = 0UL;

	register unsigned long reg0 asm("0") = 0UL;

	unsigned long tmp1, tmp2;

	unsigned long tmp1, tmp2;





	if (unlikely(!size))

		return 0;

	asm volatile(

	asm volatile(

		"   la    %2,0(%1)\n"

		"   la    %2,0(%1)\n"

		"   la    %3,0(%0,%1)\n"

		"   la    %3,0(%0,%1)\n"