[Xenomai-git] Philippe Gerum : cobalt/kernel: sanitize usage of internal copy_to/ from helpers
Module: xenomai-3
Branch: master
Commit: cc47a3104817cd5befb4218e2042debb122fc79f
URL:
http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=cc47a3104817cd5befb4218e2042debb122fc79f
Author: Philippe Gerum r...@xenomai.org
Date: Wed Feb 18 10:36:01 2015 +0100
cobalt/kernel: sanitize usage of internal copy_to/from helpers
Unless explicitly paired with access_w/rok() checks, all copy to/from
helpers should implement the safe form, testing for the basic sanity
of the address range.
cobalt_copy_to/from_user() implement the safe call form in replacement
of __xn_safe_copy_to/from_user(). __xn_copy_to/from_user() still
implement the unchecked variant, assuming the address range will be
checked separately.
Drivers should stick with the rtdm_copy_to/from_user() helpers.
---
include/cobalt/kernel/rtdm/driver.h| 10 +++-
kernel/cobalt/arch/arm/syscall.c |2 +-
kernel/cobalt/bufd.c |6 ++---
.../cobalt/include/asm-generic/xenomai/syscall.h | 12 +-
kernel/cobalt/posix/clock.c| 10
kernel/cobalt/posix/compat.c | 20
kernel/cobalt/posix/cond.c | 12 +-
kernel/cobalt/posix/event.c| 10
kernel/cobalt/posix/io.c | 24 ++--
kernel/cobalt/posix/monitor.c |4 ++--
kernel/cobalt/posix/mqueue.c | 20
kernel/cobalt/posix/mutex.c| 12 +-
kernel/cobalt/posix/nsem.c |2 +-
kernel/cobalt/posix/sched.c| 10
kernel/cobalt/posix/sem.c | 16 ++---
kernel/cobalt/posix/signal.c | 17 ++
kernel/cobalt/posix/syscall.c | 14 ++--
kernel/cobalt/posix/syscall32.c| 22 +-
kernel/cobalt/posix/thread.c | 18 +++
kernel/cobalt/posix/timer.c| 10
kernel/cobalt/posix/timerfd.c | 12 --
21 files changed, 127 insertions(+), 136 deletions(-)
diff --git a/include/cobalt/kernel/rtdm/driver.h
b/include/cobalt/kernel/rtdm/driver.h
index b2087f1..c14198b 100644
--- a/include/cobalt/kernel/rtdm/driver.h
+++ b/include/cobalt/kernel/rtdm/driver.h
@@ -1233,8 +1233,7 @@ static inline int rtdm_safe_copy_from_user(struct rtdm_fd
*fd,
void *dst, const void __user *src,
size_t size)
{
- return (!access_rok(src, size) ||
- __xn_copy_from_user(dst, src, size)) ? -EFAULT : 0;
+ return cobalt_copy_from_user(dst, src, size);
}
static inline int rtdm_copy_to_user(struct rtdm_fd *fd,
@@ -1248,17 +1247,14 @@ static inline int rtdm_safe_copy_to_user(struct rtdm_fd
*fd,
void __user *dst, const void *src,
size_t size)
{
- return (!access_wok(dst, size) ||
- __xn_copy_to_user(dst, src, size)) ? -EFAULT : 0;
+ return cobalt_copy_to_user(dst, src, size);
}
static inline int rtdm_strncpy_from_user(struct rtdm_fd *fd,
char *dst,
const char __user *src, size_t count)
{
- if (unlikely(!access_rok(src, 1)))
- return -EFAULT;
- return __xn_strncpy_from_user(dst, src, count);
+ return cobalt_strncpy_from_user(dst, src, count);
}
static inline int rtdm_rt_capable(struct rtdm_fd *fd)
diff --git a/kernel/cobalt/arch/arm/syscall.c b/kernel/cobalt/arch/arm/syscall.c
index 735208b..ee78243 100644
--- a/kernel/cobalt/arch/arm/syscall.c
+++ b/kernel/cobalt/arch/arm/syscall.c
@@ -49,5 +49,5 @@ int xnarch_local_syscall(unsigned long a1, unsigned long a2,
break;
}
- return __xn_safe_copy_to_user((void *)a2, info, sizeof(info));
+ return cobalt_copy_to_user((void *)a2, info, sizeof(info));
}
diff --git a/kernel/cobalt/bufd.c b/kernel/cobalt/bufd.c
index decd1bd..9b41b6a 100644
--- a/kernel/cobalt/bufd.c
+++ b/kernel/cobalt/bufd.c
@@ -328,7 +328,7 @@ ssize_t xnbufd_copy_to_kmem(void *to, struct xnbufd *bufd,
size_t len)
*/
if (current-mm == bufd-b_mm) {
preemptible_only();
- if (__xn_safe_copy_from_user(to, (void __user *)from, len))
+ if (cobalt_copy_from_user(to, (void __user *)from, len))
return -EFAULT;
goto advance_offset;
}
@@ -433,7 +433,7 @@ ssize_t xnbufd_copy_from_kmem(struct xnbufd *bufd, void
*from, size_t len)
*/
if (current-mm == bufd-b_mm) {
preemptible_only();
-
[Xenomai-git] Philippe Gerum : cobalt/kernel: sanitize usage of internal copy_to/ from helpers
Module: xenomai-3
Branch: next
Commit: cc47a3104817cd5befb4218e2042debb122fc79f
URL:
http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=cc47a3104817cd5befb4218e2042debb122fc79f
Author: Philippe Gerum r...@xenomai.org
Date: Wed Feb 18 10:36:01 2015 +0100
cobalt/kernel: sanitize usage of internal copy_to/from helpers
Unless explicitly paired with access_w/rok() checks, all copy to/from
helpers should implement the safe form, testing for the basic sanity
of the address range.
cobalt_copy_to/from_user() implement the safe call form in replacement
of __xn_safe_copy_to/from_user(). __xn_copy_to/from_user() still
implement the unchecked variant, assuming the address range will be
checked separately.
Drivers should stick with the rtdm_copy_to/from_user() helpers.
---
include/cobalt/kernel/rtdm/driver.h| 10 +++-
kernel/cobalt/arch/arm/syscall.c |2 +-
kernel/cobalt/bufd.c |6 ++---
.../cobalt/include/asm-generic/xenomai/syscall.h | 12 +-
kernel/cobalt/posix/clock.c| 10
kernel/cobalt/posix/compat.c | 20
kernel/cobalt/posix/cond.c | 12 +-
kernel/cobalt/posix/event.c| 10
kernel/cobalt/posix/io.c | 24 ++--
kernel/cobalt/posix/monitor.c |4 ++--
kernel/cobalt/posix/mqueue.c | 20
kernel/cobalt/posix/mutex.c| 12 +-
kernel/cobalt/posix/nsem.c |2 +-
kernel/cobalt/posix/sched.c| 10
kernel/cobalt/posix/sem.c | 16 ++---
kernel/cobalt/posix/signal.c | 17 ++
kernel/cobalt/posix/syscall.c | 14 ++--
kernel/cobalt/posix/syscall32.c| 22 +-
kernel/cobalt/posix/thread.c | 18 +++
kernel/cobalt/posix/timer.c| 10
kernel/cobalt/posix/timerfd.c | 12 --
21 files changed, 127 insertions(+), 136 deletions(-)
diff --git a/include/cobalt/kernel/rtdm/driver.h
b/include/cobalt/kernel/rtdm/driver.h
index b2087f1..c14198b 100644
--- a/include/cobalt/kernel/rtdm/driver.h
+++ b/include/cobalt/kernel/rtdm/driver.h
@@ -1233,8 +1233,7 @@ static inline int rtdm_safe_copy_from_user(struct rtdm_fd
*fd,
void *dst, const void __user *src,
size_t size)
{
- return (!access_rok(src, size) ||
- __xn_copy_from_user(dst, src, size)) ? -EFAULT : 0;
+ return cobalt_copy_from_user(dst, src, size);
}
static inline int rtdm_copy_to_user(struct rtdm_fd *fd,
@@ -1248,17 +1247,14 @@ static inline int rtdm_safe_copy_to_user(struct rtdm_fd
*fd,
void __user *dst, const void *src,
size_t size)
{
- return (!access_wok(dst, size) ||
- __xn_copy_to_user(dst, src, size)) ? -EFAULT : 0;
+ return cobalt_copy_to_user(dst, src, size);
}
static inline int rtdm_strncpy_from_user(struct rtdm_fd *fd,
char *dst,
const char __user *src, size_t count)
{
- if (unlikely(!access_rok(src, 1)))
- return -EFAULT;
- return __xn_strncpy_from_user(dst, src, count);
+ return cobalt_strncpy_from_user(dst, src, count);
}
static inline int rtdm_rt_capable(struct rtdm_fd *fd)
diff --git a/kernel/cobalt/arch/arm/syscall.c b/kernel/cobalt/arch/arm/syscall.c
index 735208b..ee78243 100644
--- a/kernel/cobalt/arch/arm/syscall.c
+++ b/kernel/cobalt/arch/arm/syscall.c
@@ -49,5 +49,5 @@ int xnarch_local_syscall(unsigned long a1, unsigned long a2,
break;
}
- return __xn_safe_copy_to_user((void *)a2, info, sizeof(info));
+ return cobalt_copy_to_user((void *)a2, info, sizeof(info));
}
diff --git a/kernel/cobalt/bufd.c b/kernel/cobalt/bufd.c
index decd1bd..9b41b6a 100644
--- a/kernel/cobalt/bufd.c
+++ b/kernel/cobalt/bufd.c
@@ -328,7 +328,7 @@ ssize_t xnbufd_copy_to_kmem(void *to, struct xnbufd *bufd,
size_t len)
*/
if (current-mm == bufd-b_mm) {
preemptible_only();
- if (__xn_safe_copy_from_user(to, (void __user *)from, len))
+ if (cobalt_copy_from_user(to, (void __user *)from, len))
return -EFAULT;
goto advance_offset;
}
@@ -433,7 +433,7 @@ ssize_t xnbufd_copy_from_kmem(struct xnbufd *bufd, void
*from, size_t len)
*/
if (current-mm == bufd-b_mm) {
preemptible_only();
- if
