diff options
author | Kees Cook <keescook@chromium.org> | 2016-06-23 15:04:01 -0700 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2016-07-26 14:41:48 -0700 |
commit | 5b710f34e194c6b7710f69fdb5d798fdf35b98c1 (patch) | |
tree | ed1e71a6c526cf24861803af7e48b81ce68e82b6 /arch/x86/include/asm/uaccess.h | |
parent | f5509cc18daa7f82bcc553be70df2117c8eedc16 (diff) | |
download | blackbird-op-linux-5b710f34e194c6b7710f69fdb5d798fdf35b98c1.tar.gz blackbird-op-linux-5b710f34e194c6b7710f69fdb5d798fdf35b98c1.zip |
x86/uaccess: Enable hardened usercopy
Enables CONFIG_HARDENED_USERCOPY checks on x86. This is done both in
copy_*_user() and __copy_*_user() because copy_*_user() actually calls
down to _copy_*_user() and not __copy_*_user().
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Diffstat (limited to 'arch/x86/include/asm/uaccess.h')
-rw-r--r-- | arch/x86/include/asm/uaccess.h | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h index 2982387ba817..d3312f0fcdfc 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -742,9 +742,10 @@ copy_from_user(void *to, const void __user *from, unsigned long n) * case, and do only runtime checking for non-constant sizes. */ - if (likely(sz < 0 || sz >= n)) + if (likely(sz < 0 || sz >= n)) { + check_object_size(to, n, false); n = _copy_from_user(to, from, n); - else if(__builtin_constant_p(n)) + } else if (__builtin_constant_p(n)) copy_from_user_overflow(); else __copy_from_user_overflow(sz, n); @@ -762,9 +763,10 @@ copy_to_user(void __user *to, const void *from, unsigned long n) might_fault(); /* See the comment in copy_from_user() above. */ - if (likely(sz < 0 || sz >= n)) + if (likely(sz < 0 || sz >= n)) { + check_object_size(from, n, true); n = _copy_to_user(to, from, n); - else if(__builtin_constant_p(n)) + } else if (__builtin_constant_p(n)) copy_to_user_overflow(); else __copy_to_user_overflow(sz, n); |