#
8b1d7239 |
|
20-Jan-2024 |
Helge Deller <deller@gmx.de> |
parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different register than the specified register %r29 (defined in ASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another register, the fault handler will nevertheless store -EFAULT into %r29 and thus trash whatever this register is used for. Looking at the assembly I found that this happens sometimes in emulate_ldd(). To solve the issue, the easiest solution would be if it somehow is possible to tell the fault handler which register is used to hold the error code. Using %0 or %1 in the inline assembly is not posssible as it will show up as e.g. %r29 (with the "%r" prefix), which the GNU assembler can not convert to an integer. This patch takes another, better and more flexible approach: We extend the __ex_table (which is out of the execution path) by one 32-word. In this word we tell the compiler to insert the assembler instruction "or %r0,%r0,%reg", where %reg references the register which the compiler choosed for the error return code. In case of an access failure, the fault handler finds the __ex_table entry and can examine the opcode. The used register is encoded in the lowest 5 bits, and the fault handler can then store -EFAULT into this register. Since we extend the __ex_table to 3 words we can't use the BUILDTIME_TABLE_SORT config option any longer. Signed-off-by: Helge Deller <deller@gmx.de> Cc: <stable@vger.kernel.org> # v6.0+
|
#
a80aeb86 |
|
20-Nov-2023 |
Helge Deller <deller@gmx.de> |
parisc: Mark ex_table entries 32-bit aligned in uaccess.h Add an align statement to tell the linker that all ex_table entries and as such the whole ex_table section should be 32-bit aligned in vmlinux and modules. Signed-off-by: Helge Deller <deller@gmx.de> Cc: stable@vger.kernel.org # v6.0+
|
#
12700c17 |
|
15-Feb-2022 |
Arnd Bergmann <arnd@arndb.de> |
uaccess: generalize access_ok() There are many different ways that access_ok() is defined across architectures, but in the end, they all just compare against the user_addr_max() value or they accept anything. Provide one definition that works for most architectures, checking against TASK_SIZE_MAX for user processes or skipping the check inside of uaccess_kernel() sections. For architectures without CONFIG_SET_FS(), this should be the fastest check, as it comes down to a single comparison of a pointer against a compile-time constant, while the architecture specific versions tend to do something more complex for historic reasons or get something wrong. Type checking for __user annotations is handled inconsistently across architectures, but this is easily simplified as well by using an inline function that takes a 'const void __user *' argument. A handful of callers need an extra __user annotation for this. Some architectures had trick to use 33-bit or 65-bit arithmetic on the addresses to calculate the overflow, however this simpler version uses fewer registers, which means it can produce better object code in the end despite needing a second (statically predicted) branch. Reviewed-by: Christoph Hellwig <hch@lst.de> Acked-by: Mark Rutland <mark.rutland@arm.com> [arm64, asm-generic] Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Stafford Horne <shorne@gmail.com> Acked-by: Dinh Nguyen <dinguyen@kernel.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
#
34737e26 |
|
11-Feb-2022 |
Arnd Bergmann <arnd@arndb.de> |
uaccess: add generic __{get,put}_kernel_nofault Nine architectures are still missing __{get,put}_kernel_nofault: alpha, ia64, microblaze, nds32, nios2, openrisc, sh, sparc32, xtensa. Add a generic version that lets everything use the normal copy_{from,to}_kernel_nofault() code based on these, removing the last use of get_fs()/set_fs() from architecture-independent code. Reviewed-by: Christoph Hellwig <hch@lst.de> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
#
5613a930 |
|
16-Feb-2022 |
Helge Deller <deller@gmx.de> |
parisc: Use SR_USER and SR_KERNEL in get_user() and put_user() Instead of hardcoding the space registers as strings, use the SR_USER and SR_KERNEL constants to form the space register in the access functions. Signed-off-by: Helge Deller <deller@gmx.de>
|
#
dbd0b423 |
|
13-Feb-2022 |
Helge Deller <deller@gmx.de> |
parisc: Fix some apparent put_user() failures After commit 4b9d2a731c3d ("parisc: Switch user access functions to signal errors in r29 instead of r8") bash suddenly started to report those warnings after login: -bash: cannot set terminal process group (-1): Bad file descriptor -bash: no job control in this shell It turned out, that a function call inside a put_user(), e.g.: put_user(vt_do_kdgkbmode(console), (int __user *)arg); clobbered the error register (r29) and thus the put_user() call itself seem to have failed. Rearrange the C-code to pre-calculate the intermediate value and then do the put_user(). Additionally prefer the "+" constraint on pu_err and gu_err registers to tell the compiler that those operands are both read and written by the assembly instruction. Reported-by: John David Anglin <dave.anglin@bell.net> Signed-off-by: Helge Deller <deller@gmx.de> Fixes: 4b9d2a731c3d ("parisc: Switch user access functions to signal errors in r29 instead of r8") Signed-off-by: Helge Deller <deller@gmx.de>
|
#
4b9d2a73 |
|
23-Dec-2021 |
Helge Deller <deller@gmx.de> |
parisc: Switch user access functions to signal errors in r29 instead of r8 Use register r29 instead of register r8 to signal faults when accessing user memory. In case of faults, the fixup routine will store -EFAULT in this register. This change saves up to 752 bytes on a 32bit kernel, partly because the compiler doesn't need to save and restore the old r8 value on the stack. bloat-o-meter results for usage with r29 register: add/remove: 0/0 grow/shrink: 23/86 up/down: 228/-980 (-752) bloat-o-meter results for usage with r28 register: add/remove: 0/0 grow/shrink: 28/83 up/down: 296/-956 (-660) Signed-off-by: Helge Deller <deller@gmx.de>
|
#
67102872 |
|
08-Sep-2021 |
Helge Deller <deller@gmx.de> |
parisc: Implement __get/put_kernel_nofault() Remove CONFIG_SET_FS from parisc, so we need to add __get_kernel_nofault() and __put_kernel_nofault(), define HAVE_GET_KERNEL_NOFAULT and remove set_fs(), get_fs(), load_sr2(), thread_info->addr_limit, KERNEL_DS and USER_DS. The nice side-effect of this patch is that we now can directly access userspace via sr3 without the need to use a temporary sr2 which is either copied from sr3 or set to zero (for kernel space). Signed-off-by: Helge Deller <deller@gmx.de> Suggested-by: Arnd Bergmann <arnd@kernel.org>
|
#
1260dea6 |
|
04-Sep-2021 |
Helge Deller <deller@gmx.de> |
parisc: Drop strnlen_user() in favour of generic version As suggested by Arnd Bergmann, drop the parisc version of strnlen_user() and switch to the generic version. Suggested-by: Arnd Bergmann <arnd@kernel.org> Acked-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Helge Deller <deller@gmx.de>
|
#
a7a08b27 |
|
08-Sep-2021 |
Arnd Bergmann <arnd@arndb.de> |
arch: remove compat_alloc_user_space All users of compat_alloc_user_space() and copy_in_user() have been removed from the kernel, only a few functions in sparc remain that can be changed to calling arch_copy_in_user() instead. Link: https://lkml.kernel.org/r/20210727144859.4150043-7-arnd@kernel.org Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Christoph Hellwig <hch@lst.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Christoph Hellwig <hch@infradead.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Eric Biederman <ebiederm@xmission.com> Cc: Feng Tang <feng.tang@intel.com> Cc: Heiko Carstens <hca@linux.ibm.com> Cc: Helge Deller <deller@gmx.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Paul Mackerras <paulus@samba.org> Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vasily Gorbik <gor@linux.ibm.com> Cc: Will Deacon <will@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
428e2976 |
|
11-Aug-2020 |
Christoph Hellwig <hch@lst.de> |
uaccess: remove segment_eq segment_eq is only used to implement uaccess_kernel. Just open code uaccess_kernel in the arch uaccess headers and remove one layer of indirection. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Acked-by: Greentime Hu <green.hu@gmail.com> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Cc: Nick Hu <nickhu@andestech.com> Cc: Vincent Chen <deanbo422@gmail.com> Cc: Paul Walmsley <paul.walmsley@sifive.com> Cc: Palmer Dabbelt <palmer@dabbelt.com> Link: http://lkml.kernel.org/r/20200710135706.537715-5-hch@lst.de Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
736706be |
|
04-Mar-2019 |
Linus Torvalds <torvalds@linux-foundation.org> |
get rid of legacy 'get_ds()' function Every in-kernel use of this function defined it to KERNEL_DS (either as an actual define, or as an inline function). It's an entirely historical artifact, and long long long ago used to actually read the segment selector valueof '%ds' on x86. Which in the kernel is always KERNEL_DS. Inspired by a patch from Jann Horn that just did this for a very small subset of users (the ones in fs/), along with Al who suggested a script. I then just took it to the logical extreme and removed all the remaining gunk. Roughly scripted with git grep -l '(get_ds())' -- :^tools/ | xargs sed -i 's/(get_ds())/(KERNEL_DS)/' git grep -lw 'get_ds' -- :^tools/ | xargs sed -i '/^#define get_ds()/d' plus manual fixups to remove a few unusual usage patterns, the couple of inline function cases and to fix up a comment that had become stale. The 'get_ds()' function remains in an x86 kvm selftest, since in user space it actually does something relevant. Inspired-by: Jann Horn <jannh@google.com> Inspired-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
96d4f267 |
|
03-Jan-2019 |
Linus Torvalds <torvalds@linux-foundation.org> |
Remove 'type' argument from access_ok() function Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument of the user address range verification function since we got rid of the old racy i386-only code to walk page tables by hand. It existed because the original 80386 would not honor the write protect bit when in kernel mode, so you had to do COW by hand before doing any user access. But we haven't supported that in a long time, and these days the 'type' argument is a purely historical artifact. A discussion about extending 'user_access_begin()' to do the range checking resulted this patch, because there is no way we're going to move the old VERIFY_xyz interface to that model. And it's best done at the end of the merge window when I've done most of my merges, so let's just get this done once and for all. This patch was mostly done with a sed-script, with manual fix-ups for the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form. There were a couple of notable cases: - csky still had the old "verify_area()" name as an alias. - the iter_iov code had magical hardcoded knowledge of the actual values of VERIFY_{READ,WRITE} (not that they mattered, since nothing really used it) - microblaze used the type argument for a debug printout but other than those oddities this should be a total no-op patch. I tried to fix up all architectures, did fairly extensive grepping for access_ok() uses, and the changes are trivial, but I may have missed something. Any missed conversion should be trivially fixable, though. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
b2441318 |
|
01-Nov-2017 |
Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
License cleanup: add SPDX GPL-2.0 license identifier to files with no license Many source files in the tree are missing licensing information, which makes it harder for compliance tools to determine the correct license. By default all files without license information are under the default license of the kernel, which is GPL version 2. Update the files which contain no license information with the 'GPL-2.0' SPDX license identifier. The SPDX identifier is a legally binding shorthand, which can be used instead of the full boiler plate text. This patch is based on work done by Thomas Gleixner and Kate Stewart and Philippe Ombredanne. How this work was done: Patches were generated and checked against linux-4.14-rc6 for a subset of the use cases: - file had no licensing information it it. - file was a */uapi/* one with no licensing information in it, - file was a */uapi/* one with existing licensing information, Further patches will be generated in subsequent months to fix up cases where non-standard license headers were used, and references to license had to be inferred by heuristics based on keywords. The analysis to determine which SPDX License Identifier to be applied to a file was done in a spreadsheet of side by side results from of the output of two independent scanners (ScanCode & Windriver) producing SPDX tag:value files created by Philippe Ombredanne. Philippe prepared the base worksheet, and did an initial spot review of a few 1000 files. The 4.13 kernel was the starting point of the analysis with 60,537 files assessed. Kate Stewart did a file by file comparison of the scanner results in the spreadsheet to determine which SPDX license identifier(s) to be applied to the file. She confirmed any determination that was not immediately clear with lawyers working with the Linux Foundation. Criteria used to select files for SPDX license identifier tagging was: - Files considered eligible had to be source code files. - Make and config files were included as candidates if they contained >5 lines of source - File already had some variant of a license header in it (even if <5 lines). All documentation files were explicitly excluded. The following heuristics were used to determine which SPDX license identifiers to apply. - when both scanners couldn't find any license traces, file was considered to have no license information in it, and the top level COPYING file license applied. For non */uapi/* files that summary was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 11139 and resulted in the first patch in this series. If that file was a */uapi/* path one, it was "GPL-2.0 WITH Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was: SPDX license identifier # files ---------------------------------------------------|------- GPL-2.0 WITH Linux-syscall-note 930 and resulted in the second patch in this series. - if a file had some form of licensing information in it, and was one of the */uapi/* ones, it was denoted with the Linux-syscall-note if any GPL family license was found in the file or had no licensing in it (per prior point). Results summary: SPDX license identifier # files ---------------------------------------------------|------ GPL-2.0 WITH Linux-syscall-note 270 GPL-2.0+ WITH Linux-syscall-note 169 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21 ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17 LGPL-2.1+ WITH Linux-syscall-note 15 GPL-1.0+ WITH Linux-syscall-note 14 ((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5 LGPL-2.0+ WITH Linux-syscall-note 4 LGPL-2.1 WITH Linux-syscall-note 3 ((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3 ((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1 and that resulted in the third patch in this series. - when the two scanners agreed on the detected license(s), that became the concluded license(s). - when there was disagreement between the two scanners (one detected a license but the other didn't, or they both detected different licenses) a manual inspection of the file occurred. - In most cases a manual inspection of the information in the file resulted in a clear resolution of the license that should apply (and which scanner probably needed to revisit its heuristics). - When it was not immediately clear, the license identifier was confirmed with lawyers working with the Linux Foundation. - If there was any question as to the appropriate license identifier, the file was flagged for further research and to be revisited later in time. In total, over 70 hours of logged manual review was done on the spreadsheet to determine the SPDX license identifiers to apply to the source files by Kate, Philippe, Thomas and, in some cases, confirmation by lawyers working with the Linux Foundation. Kate also obtained a third independent scan of the 4.13 code base from FOSSology, and compared selected files where the other two scanners disagreed against that SPDX file, to see if there was new insights. The Windriver scanner is based on an older version of FOSSology in part, so they are related. Thomas did random spot checks in about 500 files from the spreadsheets for the uapi headers and agreed with SPDX license identifier in the files he inspected. For the non-uapi files Thomas did random spot checks in about 15000 files. In initial set of patches against 4.14-rc6, 3 files were found to have copy/paste license identifier errors, and have been fixed to reflect the correct identifier. Additionally Philippe spent 10 hours this week doing a detailed manual inspection and review of the 12,461 patched files from the initial patch version early this week with: - a full scancode scan run, collecting the matched texts, detected license ids and scores - reviewing anything where there was a license detected (about 500+ files) to ensure that the applied SPDX license was correct - reviewing anything where there was no detection but the patch license was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied SPDX license was correct This produced a worksheet with 20 files needing minor correction. This worksheet was then exported into 3 different .csv files for the different types of files to be modified. These .csv files were then reviewed by Greg. Thomas wrote a script to parse the csv files and add the proper SPDX tag to the file, in the format that the file expected. This script was further refined by Greg based on the output to detect more types of files automatically and to distinguish between header and source .c files (which need different comment types.) Finally Greg ran the script using the .csv files to generate the patches. Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
#
3170d8d2 |
|
02-May-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
kill {__,}{get,put}_user_unaligned() no users left Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
82985258 |
|
07-Apr-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
kill strlen_user() no callers, no consistent semantics, no sane way to use it... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
c3e5523f |
|
02-Apr-2017 |
Helge Deller <deller@gmx.de> |
parisc: Drop per_cpu uaccess related exception_data struct The last users have been migrated off by commits d19f5e41b344 ("parisc: Clean up fixup routines for get_user()/put_user()") and 554bfeceb8a2 ("parisc: Fix access fault handling in pa_memcpy()"). Signed-off-by: Helge Deller <deller@gmx.de>
|
#
3f795cef |
|
16-Apr-2017 |
Helge Deller <deller@gmx.de> |
parisc: Fix get_user() for 64-bit value on 32-bit kernel This fixes a bug in which the upper 32-bits of a 64-bit value which is read by get_user() was lost on a 32-bit kernel. While touching this code, split out pre-loading of %sr2 space register and clean up code indent. Cc: <stable@vger.kernel.org> # v4.9+ Signed-off-by: Helge Deller <deller@gmx.de>
|
#
f64fd180 |
|
24-Mar-2017 |
Al Viro <viro@zeniv.linux.org.uk> |
parisc: switch to RAW_COPY_USER ... and remove dead declarations, while we are at it Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
d19f5e41 |
|
25-Mar-2017 |
Helge Deller <deller@gmx.de> |
parisc: Clean up fixup routines for get_user()/put_user() Al Viro noticed that userspace accesses via get_user()/put_user() can be simplified a lot with regard to usage of the exception handling. This patch implements a fixup routine for get_user() and put_user() in such that the exception handler will automatically load -EFAULT into the register %r8 (the error value) in case on a fault on userspace. Additionally the fixup routine will zero the target register on fault in case of a get_user() call. The target register is extracted out of the faulting assembly instruction. This patch brings a few benefits over the old implementation: 1. Exception handling gets much cleaner, easier and smaller in size. 2. Helper functions like fixup_get_user_skip_1 (all of fixup.S) can be dropped. 3. No need to hardcode %r9 as target register for get_user() any longer. This helps the compiler register allocator and thus creates less assembler statements. 4. No dependency on the exception_data contents any longer. 5. Nested faults will be handled cleanly. Reported-by: Al Viro <viro@ZenIV.linux.org.uk> Cc: <stable@vger.kernel.org> # v4.9+ Signed-off-by: Helge Deller <deller@gmx.de>
|
#
186ecf14 |
|
15-Mar-2017 |
Helge Deller <deller@gmx.de> |
parisc: Avoid compiler warnings with access_ok() Commit 09b871ffd4d8 (parisc: Define access_ok() as macro) missed to mark uaddr as used, which then gives compiler warnings about unused variables. Fix it by comparing uaddr to uaddr which then gets optimized away by the compiler. Signed-off-by: Helge Deller <deller@gmx.de> Fixes: 09b871ffd4d8 ("parisc: Define access_ok() as macro")
|
#
af1d5b37 |
|
27-Dec-2016 |
Al Viro <viro@zeniv.linux.org.uk> |
uaccess: drop duplicate includes from asm/uaccess.h Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
5e6039d8 |
|
27-Dec-2016 |
Al Viro <viro@zeniv.linux.org.uk> |
uaccess: move VERIFY_{READ,WRITE} definitions to linux/uaccess.h Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
09b871ff |
|
29-Jan-2017 |
Helge Deller <deller@gmx.de> |
parisc: Define access_ok() as macro Define access_ok() as macro instead of static function. This fixes build warnings in code where the second parameter is given as unsigned long. Signed-off-by: Helge Deller <deller@gmx.de>
|
#
9e91db6b |
|
06-Oct-2016 |
Helge Deller <deller@gmx.de> |
parisc: Add hardened usercopy feature Add hardened usercopy checks to parisc architecture and clean up indenting. Signed-off-by: Helge Deller <deller@gmx.de>
|
#
aace880f |
|
20-Aug-2016 |
Al Viro <viro@zeniv.linux.org.uk> |
parisc: fix copy_from_user() Cc: stable@vger.kernel.org Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
#
0d025d27 |
|
30-Aug-2016 |
Josh Poimboeuf <jpoimboe@redhat.com> |
mm/usercopy: get rid of CONFIG_DEBUG_STRICT_USER_COPY_CHECKS There are three usercopy warnings which are currently being silenced for gcc 4.6 and newer: 1) "copy_from_user() buffer size is too small" compile warning/error This is a static warning which happens when object size and copy size are both const, and copy size > object size. I didn't see any false positives for this one. So the function warning attribute seems to be working fine here. Note this scenario is always a bug and so I think it should be changed to *always* be an error, regardless of CONFIG_DEBUG_STRICT_USER_COPY_CHECKS. 2) "copy_from_user() buffer size is not provably correct" compile warning This is another static warning which happens when I enable __compiletime_object_size() for new compilers (and CONFIG_DEBUG_STRICT_USER_COPY_CHECKS). It happens when object size is const, but copy size is *not*. In this case there's no way to compare the two at build time, so it gives the warning. (Note the warning is a byproduct of the fact that gcc has no way of knowing whether the overflow function will be called, so the call isn't dead code and the warning attribute is activated.) So this warning seems to only indicate "this is an unusual pattern, maybe you should check it out" rather than "this is a bug". I get 102(!) of these warnings with allyesconfig and the __compiletime_object_size() gcc check removed. I don't know if there are any real bugs hiding in there, but from looking at a small sample, I didn't see any. According to Kees, it does sometimes find real bugs. But the false positive rate seems high. 3) "Buffer overflow detected" runtime warning This is a runtime warning where object size is const, and copy size > object size. All three warnings (both static and runtime) were completely disabled for gcc 4.6 with the following commit: 2fb0815c9ee6 ("gcc4: disable __compiletime_object_size for GCC 4.6+") That commit mistakenly assumed that the false positives were caused by a gcc bug in __compiletime_object_size(). But in fact, __compiletime_object_size() seems to be working fine. The false positives were instead triggered by #2 above. (Though I don't have an explanation for why the warnings supposedly only started showing up in gcc 4.6.) So remove warning #2 to get rid of all the false positives, and re-enable warnings #1 and #3 by reverting the above commit. Furthermore, since #1 is a real bug which is detected at compile time, upgrade it to always be an error. Having done all that, CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is no longer needed. Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Kees Cook <keescook@chromium.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@kernel.org> Cc: "H . Peter Anvin" <hpa@zytor.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Brian Gerst <brgerst@gmail.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Frederic Weisbecker <fweisbec@gmail.com> Cc: Byungchul Park <byungchul.park@lge.com> Cc: Nilay Vaish <nilayvaish@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
#
d2ad824f |
|
09-Apr-2016 |
Helge Deller <deller@gmx.de> |
parisc: Add 64bit get_user() and put_user() for 32bit kernel Allow accessing 64-bit values in userspace from a 32-bit kernel. The access is not atomic. Signed-off-by: Helge Deller <deller@gmx.de>
|
#
06bff6b9 |
|
09-Apr-2016 |
Helge Deller <deller@gmx.de> |
parisc: Simplify and speed up get_user() and put_user() This patch simplifies the code for get_user() and put_user() a lot. Instead of accessing kernel memory (%sr0) and userspace memory (%sr3) hard-coded in the assembler instruction, we now preload %sr2 with either %sr0 (for accessing KERNEL_DS) or with sr3 (to access USER_DS) and use %sr2 in the load directly. The generated code avoids a branch and speeds up execution by generating less assembler instructions. Signed-off-by: Helge Deller <deller@gmx.de> Tested-by: Rolf Eike Beer <eike-kernel@sf-tec.de>
|
#
cb910c17 |
|
08-Apr-2016 |
Helge Deller <deller@gmx.de> |
parisc: Update comment regarding relative extable support Update the comment to reflect the changes of commit 0de7985 (parisc: Use generic extable search and sort routines). Signed-off-by: Helge Deller <deller@gmx.de>
|
#
2ef4dfd9 |
|
08-Apr-2016 |
Helge Deller <deller@gmx.de> |
parisc: Unbreak handling exceptions from kernel modules Handling exceptions from modules never worked on parisc. It was just masked by the fact that exceptions from modules don't happen during normal use. When a module triggers an exception in get_user() we need to load the main kernel dp value before accessing the exception_data structure, and afterwards restore the original dp value of the module on exit. Noticed-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Helge Deller <deller@gmx.de> Cc: stable@vger.kernel.org
|
#
0de79858 |
|
23-Mar-2016 |
Helge Deller <deller@gmx.de> |
parisc: Use generic extable search and sort routines Switch to the generic extable search and sort routines which were introduced with commit a272858 from Ard Biesheuvel. This saves quite some memory in the vmlinux binary with the 64bit kernel. Signed-off-by: Helge Deller <deller@gmx.de>
|
#
b9762e7b |
|
06-Jan-2015 |
Michael S. Tsirkin <mst@redhat.com> |
parisc: macro whitespace fixes While working on arch/parisc/include/asm/uaccess.h, I noticed that some macros within this header are made harder to read because they violate a coding style rule: space is missing after comma. Fix it up. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Helge Deller <deller@gmx.de>
|
#
876b2a00 |
|
06-Jan-2015 |
Michael S. Tsirkin <mst@redhat.com> |
parisc/uaccess: fix sparse errors virtio wants to read bitwise types from userspace using get_user. At the moment this triggers sparse errors, since the value is passed through an integer. Fix that up using __force. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Helge Deller <deller@gmx.de> Signed-off-by: Helge Deller <deller@gmx.de>
|
#
0e8a2eb0 |
|
06-Jan-2015 |
Michael S. Tsirkin <mst@redhat.com> |
parisc: macro whitespace fixes While working on arch/parisc/include/asm/uaccess.h, I noticed that some macros within this header are made harder to read because they violate a coding style rule: space is missing after comma. Fix it up. Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
#
079f0f26 |
|
11-Dec-2014 |
Michael S. Tsirkin <mst@redhat.com> |
parisc/uaccess: fix sparse errors virtio wants to read bitwise types from userspace using get_user. At the moment this triggers sparse errors, since the value is passed through an integer. Fix that up using __force. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Helge Deller <deller@gmx.de>
|
#
8dd95c68 |
|
21-Oct-2014 |
Helge Deller <deller@gmx.de> |
parisc: Use BUILD_BUG() instead of undefined functions Signed-off-by: Helge Deller <deller@gmx.de>
|
#
a0ffa8f0 |
|
19-Nov-2013 |
Helge Deller <deller@gmx.de> |
Revert "parisc: implement full version of access_ok()" This reverts commit 63379c135331c724d40a87b98eb62d2122981341. It broke userspace and adding more checking is not needed. Even checking if a syscall would access memory in page zero doesn't makes sense since it may lead to some syscalls returning -EFAULT where we would return other error codes on other platforms. In summary, just drop this change and return to always return 1. Signed-off-by: Helge Deller <deller@gmx.de>
|
#
63379c13 |
|
29-Jun-2013 |
Helge Deller <deller@gmx.de> |
parisc: implement full version of access_ok() Up to now PA-RISC could live with a trivial version of access_ok(). Our fault handlers can correctly handle fault cases. But testcases showed that we need a better access check else we won't always return correct errno failure codes to userspace. Problem showed up during 32bit userspace tests in which writev() used a 32bit memory area and length which would then wrap around on 64bit kernel. Signed-off-by: Helge Deller <deller@gmx.de>
|
#
61dbbaeb |
|
13-Oct-2013 |
Helge Deller <deller@gmx.de> |
parisc: provide macro to create exception table entries Provide a macro ASM_EXCEPTIONTABLE_ENTRY() to create exception table entries and convert all open-coded places to use that macro. This patch is a first step toward creating a exception table which only holds 32bit pointers even on a 64bit kernel. That way in my own kernel I was able to reduce the in-kernel exception table from 44kB to 22kB. Signed-off-by: Helge Deller <deller@gmx.de>
|
#
0f28b628 |
|
21-Apr-2013 |
Will Deacon <will@kernel.org> |
parisc: uaccess: fix compiler warnings caused by __put_user casting When targetting 32-bit processors, __put_user emits a pair of stw instructions for the 8-byte case. If the type of __val is a pointer, the marshalling code casts it to the wider integer type of u64, resulting in the following compiler warnings: kernel/signal.c: In function 'copy_siginfo_to_user': kernel/signal.c:2752:11: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] kernel/signal.c:2752:11: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] [...] This patch fixes the warnings by removing the marshalling code and using the correct output modifiers in the __put_{user,kernel}_asm64 macros so that GCC will allocate the right registers without the need to extract the two words explicitly. Cc: Helge Deller <deller@gmx.de> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Helge Deller <deller@gmx.de>
|
#
b1195c0e |
|
26-May-2012 |
James Bottomley <JBottomley@Parallels.com> |
[PARISC] update parisc to use generic strncpy_from_user() Signed-off-by: James Bottomley <JBottomley@Parallels.com>
|
#
527dcdcc |
|
28-Mar-2012 |
David Howells <dhowells@redhat.com> |
Disintegrate asm/system.h for PA-RISC Disintegrate asm/system.h for PA-RISC. Signed-off-by: David Howells <dhowells@redhat.com> cc: linux-parisc@vger.kernel.org
|
#
888c31fc |
|
01-Feb-2010 |
Helge Deller <deller@gmx.de> |
parisc: add strict copy size checks (v2) Add CONFIG_DEBUG_STRICT_USER_COPY_CHECKS, copied from the x86 implementation. Tested with 32 and 64bit kernel. Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Kyle McMartin <kyle@mcmartin.ca>
|
#
5b17e1cd |
|
13-May-2009 |
Arnd Bergmann <arnd@arndb.de> |
asm-generic: rename page.h and uaccess.h The current asm-generic/page.h only contains the get_order function, and asm-generic/uaccess.h only implements unaligned accesses. This renames the file to getorder.h and uaccess-unaligned.h to make room for new page.h and uaccess.h file that will be usable by all simple (e.g. nommu) architectures. Signed-off-by: Remis Lima Baima <remis.developer@googlemail.com> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
#
e448372c |
|
13-Jan-2009 |
Helge Deller <deller@gmx.de> |
parisc: fix `struct pt_regs' declared inside parameter list warning Fix those compile warnings: uaccess.h:244: warning: `struct pt_regs' declared inside parameter list uaccess.h:244: warning: its scope is only this definition or declaration, which is probably not what you want Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Kyle McMartin <kyle@mcmartin.ca>
|
#
c61c25eb |
|
19-Dec-2008 |
Kyle McMartin <kyle@mcmartin.ca> |
parisc: fix kernel crash (protection id trap) when compiling ruby1.9 On Wed, Dec 17, 2008 at 11:46:05PM +0100, Helge Deller wrote: > Honestly, I can't decide whether to apply this. It really should never happen in the kernel, since the kernel can guarantee it won't get the access rights failure (highest privilege level, and can set %sr and %protid to whatever it wants.) It really genuinely is a bug that probably should panic the kernel. The only precedent I can easily see is x86 fixing up a bad iret with a general protection fault, which is more or less analogous to code 27 here. On the other hand, taking the exception on a userspace access really isn't all that critical, and there's fundamentally little reason for the kernel not to SIGSEGV the process, and continue... Argh. (btw, I've instrumented my do_sys_poll with a pile of assertions that %cr8 << 1 == %sr3 == current->mm.context... let's see if where we're getting corrupted is deterministic, though, I would guess that it won't be.) Signed-off-by: Kyle McMartin <kyle@mcmartin.ca>
|
#
deae26bf |
|
28-Jul-2008 |
Kyle McMartin <kyle@mcmartin.ca> |
parisc: move include/asm-parisc to arch/parisc/include/asm
|