#
12700c17 |
|
15-Feb-2022 |
Arnd Bergmann <arnd@arndb.de> |
uaccess: generalize access_ok() There are many different ways that access_ok() is defined across architectures, but in the end, they all just compare against the user_addr_max() value or they accept anything. Provide one definition that works for most architectures, checking against TASK_SIZE_MAX for user processes or skipping the check inside of uaccess_kernel() sections. For architectures without CONFIG_SET_FS(), this should be the fastest check, as it comes down to a single comparison of a pointer against a compile-time constant, while the architecture specific versions tend to do something more complex for historic reasons or get something wrong. Type checking for __user annotations is handled inconsistently across architectures, but this is easily simplified as well by using an inline function that takes a 'const void __user *' argument. A handful of callers need an extra __user annotation for this. Some architectures had trick to use 33-bit or 65-bit arithmetic on the addresses to calculate the overflow, however this simpler version uses fewer registers, which means it can produce better object code in the end despite needing a second (statically predicted) branch. Reviewed-by: Christoph Hellwig <hch@lst.de> Acked-by: Mark Rutland <mark.rutland@arm.com> [arm64, asm-generic] Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Stafford Horne <shorne@gmail.com> Acked-by: Dinh Nguyen <dinguyen@kernel.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
#
15f3d81a |
|
14-Feb-2022 |
Arnd Bergmann <arnd@arndb.de> |
MIPS: use simpler access_ok() Before unifying the mips version of __access_ok() with the generic code, this converts it to the same algorithm. This is a change in behavior on mips64, as now address in the user segment, the lower 2^62 bytes, is taken to be valid, relying on a page fault for addresses that are within that segment but not valid on that CPU. The new version should be the most effecient way to do this, but it gets rid of the special handling for size=0 that most other architectures ignore as well. Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
#
34737e26 |
|
11-Feb-2022 |
Arnd Bergmann <arnd@arndb.de> |
uaccess: add generic __{get,put}_kernel_nofault Nine architectures are still missing __{get,put}_kernel_nofault: alpha, ia64, microblaze, nds32, nios2, openrisc, sh, sparc32, xtensa. Add a generic version that lets everything use the normal copy_{from,to}_kernel_nofault() code based on these, removing the last use of get_fs()/set_fs() from architecture-independent code. Reviewed-by: Christoph Hellwig <hch@lst.de> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
#
a7a08b27 |
|
08-Sep-2021 |
Arnd Bergmann <arnd@arndb.de> |
arch: remove compat_alloc_user_space All users of compat_alloc_user_space() and copy_in_user() have been removed from the kernel, only a few functions in sparc remain that can be changed to calling arch_copy_in_user() instead. Link: https://lkml.kernel.org/r/20210727144859.4150043-7-arnd@kernel.org Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Christoph Hellwig <hch@infradead.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Biederman <ebiederm@xmission.com> Cc: Feng Tang <feng.tang@intel.com> Cc: Heiko Carstens <hca@linux.ibm.com> Cc: Helge Deller <deller@gmx.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Paul Mackerras <paulus@samba.org> Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vasily Gorbik <gor@linux.ibm.com> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
2c92ef8f |
|
15-Apr-2021 |
Thomas Bogendoerfer <tsbogend@alpha.franken.de> |
MIPS: Fix strnlen_user access check Commit 04324f44cb69 ("MIPS: Remove get_fs/set_fs") changed the access_ok for strnlen_user to check the whole range, which broke some callers of strndup_user(). Restore the old behaviour and just check the first byte. Fixes: 04324f44cb69 ("MIPS: Remove get_fs/set_fs") Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
|
#
168b84d5 |
|
09-Feb-2019 |
Paul Burton <paulburton@kernel.org> |
MIPS: Fix access_ok() for the last byte of user space The MIPS implementation of access_ok() incorrectly reports that access to the final byte of user memory is not OK, much as the alpha & SH versions did prior to commit 94bd8a05cd4d ("Fix 'acccess_ok()' on alpha and SH"). For example on a MIPS64 system with __UA_LIMIT == 0xffff000000000000 we incorrectly fail in the following cases: access_ok(0xffffffffffff, 0x1) = 0 access_ok(0xfffffffffffe, 0x2) = 0 Fix MIPS in the same way as alpha & SH, by subtracting one from the addr + size condition when size is non-zero. With this the access_ok() calls above return 1 indicating that the access may be valid. The cost of the improved check is pretty minimal - we gain 2410 bytes, or 0.03%, in kernel code size for a 64r6el_defconfig kernel built using GCC 8.1.0. Signed-off-by: Paul Burton <paul.burton@mips.com> Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
|
#
ddb002d6 |
|
08-Apr-2021 |
Thomas Bogendoerfer <tsbogend@alpha.franken.de> |
MIPS: uaccess: Reduce number of nested macros Clean up macros even further after removal get_fs/set_fs. Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Reviewed-by: Christoph Hellwig <hch@lst.de>
|
#
04324f44 |
|
01-Apr-2021 |
Thomas Bogendoerfer <tsbogend@alpha.franken.de> |
MIPS: Remove get_fs/set_fs All get_fs/set_fs calls in MIPS code are gone, so remove implementation of it. With the clear separation of user/kernel space access we no longer need the EVA special handling, so get rid of that, too. Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Reviewed-by: Christoph Hellwig <hch@lst.de>
|
#
08ee3a00 |
|
01-Apr-2021 |
Thomas Bogendoerfer <tsbogend@alpha.franken.de> |
MIPS: uaccess: Added __get/__put_kernel_nofault Added __get/__put_kernel_nofault as preparation for removing get/set_fs. Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Reviewed-by: Christoph Hellwig <hch@lst.de>
|
#
a1515ec7 |
|
01-Mar-2021 |
Thomas Bogendoerfer <tsbogend@alpha.franken.de> |
MIPS: Remove KVM_GUEST support KVM_GUEST is broken and unmaintained, so let's remove it. Reviewed-by: Huacai Chen <chenhuacai@kernel.org> Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
|
#
428e2976 |
|
11-Aug-2020 |
Christoph Hellwig <hch@lst.de> |
uaccess: remove segment_eq segment_eq is only used to implement uaccess_kernel. Just open code uaccess_kernel in the arch uaccess headers and remove one layer of indirection. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Acked-by: Greentime Hu <green.hu@gmail.com> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Cc: Nick Hu <nickhu@andestech.com> Cc: Vincent Chen <deanbo422@gmail.com> Cc: Paul Walmsley <paul.walmsley@sifive.com> Cc: Palmer Dabbelt <palmer@dabbelt.com> Link: http://lkml.kernel.org/r/20200710135706.537715-5-hch@lst.de Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
736706be |
|
04-Mar-2019 |
Linus Torvalds <torvalds@linux-foundation.org> |
get rid of legacy 'get_ds()' function Every in-kernel use of this function defined it to KERNEL_DS (either as an actual define, or as an inline function). It's an entirely historical artifact, and long long long ago used to actually read the segment selector valueof '%ds' on x86. Which in the kernel is always KERNEL_DS. Inspired by a patch from Jann Horn that just did this for a very small subset of users (the ones in fs/), along with Al who suggested a script. I then just took it to the logical extreme and removed all the remaining gunk. Roughly scripted with git grep -l '(get_ds())' -- :^tools/ | xargs sed -i 's/(get_ds())/(KERNEL_DS)/' git grep -lw 'get_ds' -- :^tools/ | xargs sed -i '/^#define get_ds()/d' plus manual fixups to remove a few unusual usage patterns, the couple of inline function cases and to fix up a comment that had become stale. The 'get_ds()' function remains in an x86 kvm selftest, since in user space it actually does something relevant. Inspired-by: Jann Horn <jannh@google.com> Inspired-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
96d4f267 |
|
03-Jan-2019 |
Linus Torvalds <torvalds@linux-foundation.org> |
Remove 'type' argument from access_ok() function Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument of the user address range verification function since we got rid of the old racy i386-only code to walk page tables by hand. It existed because the original 80386 would not honor the write protect bit when in kernel mode, so you had to do COW by hand before doing any user access. But we haven't supported that in a long time, and these days the 'type' argument is a purely historical artifact. A discussion about extending 'user_access_begin()' to do the range checking resulted this patch, because there is no way we're going to move the old VERIFY_xyz interface to that model. And it's best done at the end of the merge window when I've done most of my merges, so let's just get this done once and for all. This patch was mostly done with a sed-script, with manual fix-ups for the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form. There were a couple of notable cases: - csky still had the old "verify_area()" name as an alias. - the iter_iov code had magical hardcoded knowledge of the actual values of VERIFY_{READ,WRITE} (not that they mattered, since nothing really used it) - microblaze used the type argument for a debug printout but other than those oddities this should be a total no-op patch. I tried to fix up all architectures, did fairly extensive grepping for access_ok() uses, and the changes are trivial, but I may have missed something. Any missed conversion should be trivially fixable, though. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
b3d7e55c |
|
17-Apr-2018 |
Matt Redfearn <matt.redfearn@mips.com> |
MIPS: uaccess: Add micromips clobbers to bzero invocation The micromips implementation of bzero additionally clobbers registers t7 & t8. Specify this in the clobbers list when invoking bzero. Fixes: 26c5e07d1478 ("MIPS: microMIPS: Optimise 'memset' core library function.") Reported-by: James Hogan <jhogan@kernel.org> Signed-off-by: Matt Redfearn <matt.redfearn@mips.com> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: linux-mips@linux-mips.org Cc: <stable@vger.kernel.org> # 3.10+ Patchwork: https://patchwork.linux-mips.org/patch/19110/ Signed-off-by: James Hogan <jhogan@kernel.org>
|
#
3170d8d2 |
|
02-May-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
kill {__,}{get,put}_user_unaligned() no users left Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
8f3ba02d |
|
07-Apr-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
mips: get rid of unused __strnlen_user() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
10503bf9 |
|
07-Apr-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
get rid of unused __strncpy_from_user() instances Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
82985258 |
|
07-Apr-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
kill strlen_user() no callers, no consistent semantics, no sane way to use it... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
2260ea86 |
|
28-Mar-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
mips: switch to RAW_COPY_USER Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
1a4fded6 |
|
19-Mar-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
mips: get rid of tail-zeroing in primitives Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
ab0aca27 |
|
20-Mar-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
mips: make copy_from_user() zero tail explicitly Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
b0bb945c |
|
20-Mar-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
mips: clean and reorder the forest of macros... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
c12a1d7a |
|
20-Mar-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
mips: consolidate __invoke_... wrappers Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
f0a955f4 |
|
27-Dec-2016 |
Al Viro <viro@zeniv.linux.org.uk> |
mips: sanitize __access_ok() for one thing, the last argument is always __access_mask and had been such since 2.4.0-test3pre8; for another, it can bloody well be a static inline - -O2 or -Os, __builtin_constant_p() propagates through static inline calls. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
db68ce10 |
|
20-Mar-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
new helper: uaccess_kernel() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
af1d5b37 |
|
27-Dec-2016 |
Al Viro <viro@zeniv.linux.org.uk> |
uaccess: drop duplicate includes from asm/uaccess.h Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
5e6039d8 |
|
27-Dec-2016 |
Al Viro <viro@zeniv.linux.org.uk> |
uaccess: move VERIFY_{READ,WRITE} definitions to linux/uaccess.h Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
b668970e |
|
17-Jan-2017 |
Arnd Bergmann <arnd@arndb.de> |
MIPS: Fix modversions kernelci.org reports tons of build warnings for linux-next: 35 WARNING: "memcpy" [fs/fat/msdos.ko] has no CRC! 35 WARNING: "__copy_user" [fs/fat/fat.ko] has no CRC! 32 WARNING: EXPORT symbol "memset" [vmlinux] version generation failed, symbol will not be versioned. 32 WARNING: EXPORT symbol "copy_page" [vmlinux] version generation failed, symbol will not be versioned. 32 WARNING: EXPORT symbol "clear_page" [vmlinux] version generation failed, symbol will not be versioned. 32 WARNING: EXPORT symbol "__strncpy_from_user_nocheck_asm" [vmlinux] version generation failed, symbol will not be versioned. The problem here is mainly the missing asm/asm-prototypes.h header file that is supposed to include the prototypes for each symbol that is exported from an assembler file. A second problem is that the asm/uaccess.h header contains some but not all the necessary declarations for the user access helpers. Finally, the vdso build is broken once we add asm/asm-prototypes.h, so we have to fix this at the same time by changing the vdso header. My approach here is to just not look for exported symbols in the VDSO assembler files, as the symbols cannot be exported anyway. Fixes: 576a2f0c5c6d ("MIPS: Export memcpy & memset functions alongside their definitions") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: James Hogan <james.hogan@imgtec.com> Cc: Maciej W. Rozycki <macro@imgtec.com> Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/15038/ Patchwork: https://patchwork.linux-mips.org/patch/15069/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
cabca8c0 |
|
08-Oct-2016 |
Paul Burton <paulburton@kernel.org> |
MIPS: Enable hardened usercopy Enable CONFIG_HARDENED_USERCOPY checks for MIPS, calling check_object size in all of copy_{to,from}_user(), __copy_{to,from}_user() & __copy_{to,from}_user_inatomic(). Signed-off-by: Paul Burton <paul.burton@imgtec.com> Cc: Kees Cook <keescook@chromium.org> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/14371/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
29abfbd9 |
|
05-Sep-2016 |
Al Viro <viro@zeniv.linux.org.uk> |
mips: separate extable.h, switch module.h to it more victims of indirect include chains - au1200fb lasat/picvue_proc and watchdog/ath79_wdt ... as well as tb0219, spotted by Sudip Mukherjee Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
e69d7005 |
|
20-Aug-2016 |
Al Viro <viro@zeniv.linux.org.uk> |
mips: copy_from_user() must zero the destination on access_ok() failure Cc: stable@vger.kernel.org Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
97f2645f |
|
03-Aug-2016 |
Masahiro Yamada <yamada.masahiro@socionext.com> |
tree-wide: replace config_enabled() with IS_ENABLED() The use of config_enabled() against config options is ambiguous. In practical terms, config_enabled() is equivalent to IS_BUILTIN(), but the author might have used it for the meaning of IS_ENABLED(). Using IS_ENABLED(), IS_BUILTIN(), IS_MODULE() etc. makes the intention clearer. This commit replaces config_enabled() with IS_ENABLED() where possible. This commit is only touching bool config options. I noticed two cases where config_enabled() is used against a tristate option: - config_enabled(CONFIG_HWMON) [ drivers/net/wireless/ath/ath10k/thermal.c ] - config_enabled(CONFIG_BACKLIGHT_CLASS_DEVICE) [ drivers/gpu/drm/gma500/opregion.c ] I did not touch them because they should be converted to IS_BUILTIN() in order to keep the logic, but I was not sure it was the authors' intention. Link: http://lkml.kernel.org/r/1465215656-20569-1-git-send-email-yamada.masahiro@socionext.com Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: Stas Sergeev <stsp@list.ru> Cc: Matt Redfearn <matt.redfearn@imgtec.com> Cc: Joshua Kinard <kumba@gentoo.org> Cc: Jiri Slaby <jslaby@suse.com> Cc: Bjorn Helgaas <bhelgaas@google.com> Cc: Borislav Petkov <bp@suse.de> Cc: Markos Chandras <markos.chandras@imgtec.com> Cc: "Dmitry V. Levin" <ldv@altlinux.org> Cc: yu-cheng yu <yu-cheng.yu@intel.com> Cc: James Hogan <james.hogan@imgtec.com> Cc: Brian Gerst <brgerst@gmail.com> Cc: Johannes Berg <johannes@sipsolutions.net> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Will Drewry <wad@chromium.org> Cc: Nikolay Martynov <mar.kolya@gmail.com> Cc: Huacai Chen <chenhc@lemote.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: Leonid Yegoshin <Leonid.Yegoshin@imgtec.com> Cc: Rafal Milecki <zajec5@gmail.com> Cc: James Cowgill <James.Cowgill@imgtec.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Alex Smith <alex.smith@imgtec.com> Cc: Adam Buchbinder <adam.buchbinder@gmail.com> Cc: Qais Yousef <qais.yousef@imgtec.com> Cc: Jiang Liu <jiang.liu@linux.intel.com> Cc: Mikko Rapeli <mikko.rapeli@iki.fi> Cc: Paul Gortmaker <paul.gortmaker@windriver.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: Brian Norris <computersforpeace@gmail.com> Cc: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com> Cc: "Luis R. Rodriguez" <mcgrof@do-not-panic.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Ingo Molnar <mingo@redhat.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> Cc: Roland McGrath <roland@hack.frob.com> Cc: Paul Burton <paul.burton@imgtec.com> Cc: Kalle Valo <kvalo@qca.qualcomm.com> Cc: Viresh Kumar <viresh.kumar@linaro.org> Cc: Tony Wu <tung7970@gmail.com> Cc: Huaitong Han <huaitong.han@intel.com> Cc: Sumit Semwal <sumit.semwal@linaro.org> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Juergen Gross <jgross@suse.com> Cc: Jason Cooper <jason@lakedaemon.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Andrea Gelmini <andrea.gelmini@gelma.net> Cc: David Woodhouse <dwmw2@infradead.org> Cc: Marc Zyngier <marc.zyngier@arm.com> Cc: Rabin Vincent <rabin@rab.in> Cc: "Maciej W. Rozycki" <macro@imgtec.com> Cc: David Daney <david.daney@cavium.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
92a76f6d |
|
25-Feb-2016 |
Adam Buchbinder <adam.buchbinder@gmail.com> |
MIPS: Fix misspellings in comments. Signed-off-by: Adam Buchbinder <adam.buchbinder@gmail.com> Cc: linux-mips@linux-mips.org Cc: trivial@kernel.org Patchwork: https://patchwork.linux-mips.org/patch/12617/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
930c0f70 |
|
24-Dec-2015 |
Al Viro <viro@zeniv.linux.org.uk> |
MIPS: Fix bitrot in __get_user_unaligned() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
d6a428fb |
|
05-Aug-2015 |
James Hogan <jhogan@kernel.org> |
MIPS: uaccess: Take EVA into account in [__]clear_user __clear_user() (and clear_user() which uses it), always access the user mode address space, which results in EVA store instructions when EVA is enabled even if the current user address limit is KERNEL_DS. Fix this by adding a new symbol __bzero_kernel for the normal kernel address space bzero in EVA mode, and call that from __clear_user() if eva_kernel_access(). Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Markos Chandras <markos.chandras@imgtec.com> Cc: Paul Burton <paul.burton@imgtec.com> Cc: Leonid Yegoshin <leonid.yegoshin@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/10844/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
6f06a2c4 |
|
05-Aug-2015 |
James Hogan <jhogan@kernel.org> |
MIPS: uaccess: Take EVA into account in __copy_from_user() When EVA is in use, __copy_from_user() was unconditionally using the EVA instructions to read the user address space, however this can also be used for kernel access. If the address isn't a valid user address it will cause an address error or TLB exception, and if it is then user memory may be read instead of kernel memory. For example in the following stack trace from Linux v3.10 (changes since then will prevent this particular one still happening) kernel_sendmsg() set the user address limit to KERNEL_DS, and tcp_sendmsg() goes on to use __copy_from_user() with a kernel address in KSeg0. [<8002d434>] __copy_fromuser_common+0x10c/0x254 [<805710e0>] tcp_sendmsg+0x5f4/0xf00 [<804e8e3c>] sock_sendmsg+0x78/0xa0 [<804e8f28>] kernel_sendmsg+0x24/0x38 [<804ee0f8>] sock_no_sendpage+0x70/0x7c [<8017c820>] pipe_to_sendpage+0x80/0x98 [<8017c6b0>] splice_from_pipe_feed+0xa8/0x198 [<8017cc54>] __splice_from_pipe+0x4c/0x8c [<8017e844>] splice_from_pipe+0x58/0x78 [<8017e884>] generic_splice_sendpage+0x20/0x2c [<8017d690>] do_splice_from+0xb4/0x110 [<8017d710>] direct_splice_actor+0x24/0x30 [<8017d394>] splice_direct_to_actor+0xd8/0x208 [<8017d51c>] do_splice_direct+0x58/0x7c [<8014eaf4>] do_sendfile+0x1dc/0x39c [<8014f82c>] SyS_sendfile+0x90/0xf8 Add the eva_kernel_access() check in __copy_from_user() like the one in copy_from_user(). Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Markos Chandras <markos.chandras@imgtec.com> Cc: Paul Burton <paul.burton@imgtec.com> Cc: Leonid Yegoshin <leonid.yegoshin@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/10843/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
5dc62fdd |
|
05-Aug-2015 |
James Hogan <jhogan@kernel.org> |
MIPS: uaccess: Fix strlen_user with EVA The strlen_user() function calls __strlen_kernel_asm in both branches of the eva_kernel_access() conditional. For EVA it should be calling __strlen_user_eva for user accesses, otherwise it will load from the kernel address space instead of the user address space, and the access checking will likely be ineffective at preventing it due to EVA's overlapping user and kernel address spaces. This was found after extending the test_user_copy module to cover user string access functions, which gave the following error with EVA: test_user_copy: illegal strlen_user passed Fortunately the use of strlen_user() has been all but eradicated from the mainline kernel, so only out of tree modules could be affected. Fixes: e3a9b07a9caf ("MIPS: asm: uaccess: Add EVA support for str*_user operations") Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Markos Chandras <markos.chandras@imgtec.com> Cc: Paul Burton <paul.burton@imgtec.com> Cc: Leonid Yegoshin <leonid.yegoshin@imgtec.com> Cc: linux-mips@linux-mips.org Cc: <stable@vger.kernel.org> # 3.15.x- Patchwork: https://patchwork.linux-mips.org/patch/10842/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
12060666 |
|
24-May-2015 |
Paul Burton <paulburton@kernel.org> |
MIPS: Optimise non-EVA kernel user memory accesses Commits ac1d8590d3ae (MIPS: asm: uaccess: Use EVA instructions wrappers), 05c6516005c4 (MIPS: asm: uaccess: Add EVA support to copy_{in, to,from}_user) & e3a9b07a9caf (MIPS: asm: uaccess: Add EVA support for str*_user operations) added checks to various user memory access functions & macros in order to determine whether to perform standard memory accesses or their EVA userspace equivalents. In kernels built without support for EVA these checks are entirely redundant. Avoid emitting them & allow the compiler to optimise out the EVA userspace code in such kernels by checking config_enabled(CONFIG_EVA). This reduces the size of a malta_defconfig kernel built using GCC 4.9.2 by approximately 33KB (from 5995072 to 5962304 bytes). Signed-off-by: Paul Burton <paul.burton@imgtec.com> Cc: Markos Chandras <markos.chandras@imgtec.com> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: linux-kernel@vger.kernel.org Cc: linux-mips@linux-mips.org Patchwork: http://patchwork.linux-mips.org/patch/10165/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
b3c395ef |
|
11-May-2015 |
David Hildenbrand <dahi@linux.vnet.ibm.com> |
mm/uaccess, mm/fault: Clarify that uaccess may only sleep if pagefaults are enabled In general, non-atomic variants of user access functions must not sleep if pagefaults are disabled. Let's update all relevant comments in uaccess code. This also reflects the might_sleep() checks in might_fault(). Reviewed-and-tested-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: David.Laight@ACULAB.COM Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: airlied@linux.ie Cc: akpm@linux-foundation.org Cc: benh@kernel.crashing.org Cc: bigeasy@linutronix.de Cc: borntraeger@de.ibm.com Cc: daniel.vetter@intel.com Cc: heiko.carstens@de.ibm.com Cc: herbert@gondor.apana.org.au Cc: hocko@suse.cz Cc: hughd@google.com Cc: mst@redhat.com Cc: paulus@samba.org Cc: ralf@linux-mips.org Cc: schwidefsky@de.ibm.com Cc: yang.shi@windriver.com Link: http://lkml.kernel.org/r/1431359540-32227-4-git-send-email-dahi@linux.vnet.ibm.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
|
#
80219c6c |
|
03-Nov-2014 |
Ralf Baechle <ralf@linux-mips.org> |
MIPS: uaccess.h: Fix strnlen_user comment. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
4ff3fccd |
|
03-Nov-2014 |
Ralf Baechle <ralf@linux-mips.org> |
MIPS: Remove __strlen_user(). Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
14aa1361 |
|
03-Nov-2014 |
Ralf Baechle <ralf@linux-mips.org> |
MIPS: uaccess.h: Fix strnlen_user comment. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
640465bd |
|
18-Nov-2014 |
Ralf Baechle <ralf@linux-mips.org> |
MIPS: Zero variable read by get_user / __get_user in case of an error. This wasn't happening in all cases. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
58563817 |
|
17-Nov-2014 |
Markos Chandras <markos.chandras@imgtec.com> |
MIPS: asm: uaccess: Add v1 register to clobber list on EVA When EVA is turned on and prefetching is being used in memcpy.S, the v1 register is being used as a helper register to the PREFE instruction. However, v1 ($3) was not in the clobber list, which means that the compiler did not preserve it across function calls, and that could corrupt the value of the register leading to all sorts of userland crashes. We fix this problem by using the DADDI_SCRATCH macro to define the clobbered register when CONFIG_EVA && CONFIG_CPU_HAS_PREFETCH are enabled. Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> Cc: <stable@vger.kernel.org> # v3.15+ Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8510/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
e3a9b07a |
|
03-Jan-2014 |
Markos Chandras <markos.chandras@imgtec.com> |
MIPS: asm: uaccess: Add EVA support for str*_user operations The str*_user functions are used to securely access NULL terminated strings from userland. Therefore, it's necessary to use the appropriate EVA function. However, if the string is in kernel space, then the normal instructions are being used to access it. The __str*_kernel_asm and __str*_user_asm symbols are the same for non-EVA mode so there is no functional change for the non-EVA kernels. Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
|
#
05c65160 |
|
11-Dec-2013 |
Markos Chandras <markos.chandras@imgtec.com> |
MIPS: asm: uaccess: Add EVA support to copy_{in, to,from}_user Use the EVA specific functions from memcpy.S to perform userspace operations. When get_fs() == get_ds() the usual load/store instructions are used because the destination address is located in the kernel address space region. Otherwise, the EVA specifc load/store instructions are used which will go through th TLB to perform the virtual to physical translation for the userspace address. Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
|
#
0081ad24 |
|
05-Jan-2014 |
Markos Chandras <markos.chandras@imgtec.com> |
MIPS: asm: uaccess: Rename {get,put}_user_asm macros The {get,put}_user_asm functions can be used to load data from kernel or the user address space so rename them to avoid confusion. Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
|
#
ac1d8590 |
|
11-Dec-2013 |
Markos Chandras <markos.chandras@imgtec.com> |
MIPS: asm: uaccess: Use EVA instructions wrappers Use the EVA instruction wrappers from asm.h to perform read/write operations from userland. Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
|
#
18e90018 |
|
17-Dec-2013 |
Leonid Yegoshin <Leonid.Yegoshin@imgtec.com> |
MIPS: asm: uaccess: Disable unaligned access macros for EVA ulb, ulh, ulw are macros which emulate unaligned access for MIPS. However, no such macros exist for EVA mode, so the only way to do EVA unaligned accesses is in the ADE exception handler. As a result of which, disable these macros for EVA. Signed-off-by: Leonid Yegoshin <Leonid.Yegoshin@imgtec.com> Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
|
#
ec56b1d4 |
|
17-Dec-2013 |
Markos Chandras <markos.chandras@imgtec.com> |
MIPS: asm: uaccess: Move duplicated code to common function Similar to __get_user_* functions, move common code to __put_user_*_common so it can be shared among similar users. Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
|
#
d84869a1 |
|
17-Dec-2013 |
Markos Chandras <markos.chandras@imgtec.com> |
MIPS: asm: uaccess: Add instruction argument to __{put,get}_user_asm In preparation for EVA support, an instruction argument is needed for the __get_user_asm{,_ll32} functions to allow instruction overrides in EVA mode. Even though EVA only works for MIPS 32-bit, both codepaths are changed (32-bit and 64-bit) for consistency reasons. Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
|
#
1658f914 |
|
25-Mar-2013 |
Steven J. Hill <Steven.Hill@imgtec.com> |
MIPS: microMIPS: Disable LL/SC and fix linker bug. Partially revert commit e0c14a260d66ba35935600d6435940a566fe806b and turn off LL/SC when building a pure microMIPS kernel. This is a temporary fix until the cmpxchg assembly macro functions are re-written to not use the HI/LO registers in address calculations. Also add .insn in selected user access functions which would otherwise produce ISA mode jump incompatibilities. This is also a temporary fix. Signed-off-by: Steven J. Hill <Steven.Hill@imgtec.com>
|
#
9843b030 |
|
21-Nov-2012 |
Sanjay Lal <sanjayl@kymasys.com> |
KVM/MIPS32: KVM Guest kernel support. Both Guest kernel and Guest Userspace execute in UM. The memory map is as follows: Guest User address space: 0x00000000 -> 0x40000000 Guest Kernel Unmapped: 0x40000000 -> 0x60000000 Guest Kernel Mapped: 0x60000000 -> 0x80000000 - Guest Usermode virtual memory is limited to 1GB. Signed-off-by: Sanjay Lal <sanjayl@kymasys.com> Cc: kvm@vger.kernel.org Cc: linux-mips@linux-mips.org Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
70342287 |
|
21-Jan-2013 |
Ralf Baechle <ralf@linux-mips.org> |
MIPS: Whitespace cleanup. Having received another series of whitespace patches I decided to do this once and for all rather than dealing with this kind of patches trickling in forever. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
bb0757eb |
|
06-Jun-2012 |
David Daney <david.daney@cavium.com> |
MIPS: Unify memcpy.S and memcpy-inatomic.S We can save the 451 lines of code that comprise memcpy-inatomic.S at the expense of a single instruction in the memcpy prolog. We also use an additional register (t6), so this may cause increased register pressure in some places as well. But I think the reduced maintenance burden, of not having two nearly identical implementations, makes it worth it. Signed-off-by: David Daney <david.daney@cavium.com> Cc: linux-mips@linux-mips.org Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
949e51be |
|
14-Oct-2010 |
David Daney <ddaney@caviumnetworks.com> |
MIPS: Make TASK_SIZE reflect proper size for both 32 and 64 bit processes. The TASK_SIZE macro should reflect the size of a user process virtual address space. Previously for 64-bit kernels, this was not the case. The immediate cause of pain was in hugetlbfs/inode.c:hugetlb_get_unmapped_area() where 32-bit processes trying to mmap a huge page would be served a page with an address outside of the 32-bit address range. But there are other uses of TASK_SIZE in the kernel as well that would like an accurate value. The new definition is nice because it now makes TASK_SIZE and TASK_SIZE_OF() yield the same value for any given process. For 32-bit kernels there should be no change, although I did factor out some code in asm/processor.h that became identical for the 32-bit and 64-bit cases. __UA_LIMIT is now set to ~((1 << SEGBITS) - 1) for 64-bit kernels. This should eliminate the possibility of getting a AddressErrorException in the kernel for addresses that pass the access_ok() test. With the patch applied, I can still run o32, n32 and n64 processes, and have an o32 shell fork/exec both n32 and n64 processes. Signed-off-by: David Daney <ddaney@caviumnetworks.com> To: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/1701/
|
#
63d38923 |
|
20-May-2009 |
Wu Zhangjin <wuzhangjin@gmail.com> |
MIPS: Fix sparse warning in incompatiable argument type of clear_user. The type of the second argument of access_ok should be (void __user *). The unnecessary conversion of the clear_user address argument was causing sparse to emit warnings on the __chk_user_ptr check. Signed-off-by: Wu Zhangjin <wuzhangjin@gmail.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
ef41f460 |
|
28-Apr-2009 |
Ralf Baechle <ralf@linux-mips.org> |
MIPS: uaccess: Switch lock annotations to might_fault(). Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
ed01b3d2 |
|
27-Apr-2009 |
Ralf Baechle <ralf@linux-mips.org> |
MIPS: Make uaccess.h slightly more sparse friendly. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
d0aab922 |
|
27-Apr-2009 |
Ralf Baechle <ralf@linux-mips.org> |
MIPS: Make access_ok() sideeffect proof. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
71ec6ccf |
|
30-Oct-2006 |
Ralf Baechle <ralf@linux-mips.org> |
MIPS: Replace use of <asm-generic/uaccess.h> with native implementations. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
#
384740dc |
|
16-Sep-2008 |
Ralf Baechle <ralf@linux-mips.org> |
MIPS: Move headfiles to new location below arch/mips/include Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|