[Xenomai-git] Philippe Gerum : cobalt/kernel: sanitize usage of internal copy_to/ from helpers
Module: xenomai-3 Branch: master Commit: cc47a3104817cd5befb4218e2042debb122fc79f URL: http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=cc47a3104817cd5befb4218e2042debb122fc79f Author: Philippe Gerum r...@xenomai.org Date: Wed Feb 18 10:36:01 2015 +0100 cobalt/kernel: sanitize usage of internal copy_to/from helpers Unless explicitly paired with access_w/rok() checks, all copy to/from helpers should implement the safe form, testing for the basic sanity of the address range. cobalt_copy_to/from_user() implement the safe call form in replacement of __xn_safe_copy_to/from_user(). __xn_copy_to/from_user() still implement the unchecked variant, assuming the address range will be checked separately. Drivers should stick with the rtdm_copy_to/from_user() helpers. --- include/cobalt/kernel/rtdm/driver.h| 10 +++- kernel/cobalt/arch/arm/syscall.c |2 +- kernel/cobalt/bufd.c |6 ++--- .../cobalt/include/asm-generic/xenomai/syscall.h | 12 +- kernel/cobalt/posix/clock.c| 10 kernel/cobalt/posix/compat.c | 20 kernel/cobalt/posix/cond.c | 12 +- kernel/cobalt/posix/event.c| 10 kernel/cobalt/posix/io.c | 24 ++-- kernel/cobalt/posix/monitor.c |4 ++-- kernel/cobalt/posix/mqueue.c | 20 kernel/cobalt/posix/mutex.c| 12 +- kernel/cobalt/posix/nsem.c |2 +- kernel/cobalt/posix/sched.c| 10 kernel/cobalt/posix/sem.c | 16 ++--- kernel/cobalt/posix/signal.c | 17 ++ kernel/cobalt/posix/syscall.c | 14 ++-- kernel/cobalt/posix/syscall32.c| 22 +- kernel/cobalt/posix/thread.c | 18 +++ kernel/cobalt/posix/timer.c| 10 kernel/cobalt/posix/timerfd.c | 12 -- 21 files changed, 127 insertions(+), 136 deletions(-) diff --git a/include/cobalt/kernel/rtdm/driver.h b/include/cobalt/kernel/rtdm/driver.h index b2087f1..c14198b 100644 --- a/include/cobalt/kernel/rtdm/driver.h +++ b/include/cobalt/kernel/rtdm/driver.h @@ -1233,8 +1233,7 @@ static inline int rtdm_safe_copy_from_user(struct rtdm_fd *fd, void *dst, const void __user *src, size_t size) { - return (!access_rok(src, size) || - __xn_copy_from_user(dst, src, size)) ? -EFAULT : 0; + return cobalt_copy_from_user(dst, src, size); } static inline int rtdm_copy_to_user(struct rtdm_fd *fd, @@ -1248,17 +1247,14 @@ static inline int rtdm_safe_copy_to_user(struct rtdm_fd *fd, void __user *dst, const void *src, size_t size) { - return (!access_wok(dst, size) || - __xn_copy_to_user(dst, src, size)) ? -EFAULT : 0; + return cobalt_copy_to_user(dst, src, size); } static inline int rtdm_strncpy_from_user(struct rtdm_fd *fd, char *dst, const char __user *src, size_t count) { - if (unlikely(!access_rok(src, 1))) - return -EFAULT; - return __xn_strncpy_from_user(dst, src, count); + return cobalt_strncpy_from_user(dst, src, count); } static inline int rtdm_rt_capable(struct rtdm_fd *fd) diff --git a/kernel/cobalt/arch/arm/syscall.c b/kernel/cobalt/arch/arm/syscall.c index 735208b..ee78243 100644 --- a/kernel/cobalt/arch/arm/syscall.c +++ b/kernel/cobalt/arch/arm/syscall.c @@ -49,5 +49,5 @@ int xnarch_local_syscall(unsigned long a1, unsigned long a2, break; } - return __xn_safe_copy_to_user((void *)a2, info, sizeof(info)); + return cobalt_copy_to_user((void *)a2, info, sizeof(info)); } diff --git a/kernel/cobalt/bufd.c b/kernel/cobalt/bufd.c index decd1bd..9b41b6a 100644 --- a/kernel/cobalt/bufd.c +++ b/kernel/cobalt/bufd.c @@ -328,7 +328,7 @@ ssize_t xnbufd_copy_to_kmem(void *to, struct xnbufd *bufd, size_t len) */ if (current-mm == bufd-b_mm) { preemptible_only(); - if (__xn_safe_copy_from_user(to, (void __user *)from, len)) + if (cobalt_copy_from_user(to, (void __user *)from, len)) return -EFAULT; goto advance_offset; } @@ -433,7 +433,7 @@ ssize_t xnbufd_copy_from_kmem(struct xnbufd *bufd, void *from, size_t len) */ if (current-mm == bufd-b_mm) { preemptible_only(); -
[Xenomai-git] Philippe Gerum : cobalt/kernel: sanitize usage of internal copy_to/ from helpers
Module: xenomai-3 Branch: next Commit: cc47a3104817cd5befb4218e2042debb122fc79f URL: http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=cc47a3104817cd5befb4218e2042debb122fc79f Author: Philippe Gerum r...@xenomai.org Date: Wed Feb 18 10:36:01 2015 +0100 cobalt/kernel: sanitize usage of internal copy_to/from helpers Unless explicitly paired with access_w/rok() checks, all copy to/from helpers should implement the safe form, testing for the basic sanity of the address range. cobalt_copy_to/from_user() implement the safe call form in replacement of __xn_safe_copy_to/from_user(). __xn_copy_to/from_user() still implement the unchecked variant, assuming the address range will be checked separately. Drivers should stick with the rtdm_copy_to/from_user() helpers. --- include/cobalt/kernel/rtdm/driver.h| 10 +++- kernel/cobalt/arch/arm/syscall.c |2 +- kernel/cobalt/bufd.c |6 ++--- .../cobalt/include/asm-generic/xenomai/syscall.h | 12 +- kernel/cobalt/posix/clock.c| 10 kernel/cobalt/posix/compat.c | 20 kernel/cobalt/posix/cond.c | 12 +- kernel/cobalt/posix/event.c| 10 kernel/cobalt/posix/io.c | 24 ++-- kernel/cobalt/posix/monitor.c |4 ++-- kernel/cobalt/posix/mqueue.c | 20 kernel/cobalt/posix/mutex.c| 12 +- kernel/cobalt/posix/nsem.c |2 +- kernel/cobalt/posix/sched.c| 10 kernel/cobalt/posix/sem.c | 16 ++--- kernel/cobalt/posix/signal.c | 17 ++ kernel/cobalt/posix/syscall.c | 14 ++-- kernel/cobalt/posix/syscall32.c| 22 +- kernel/cobalt/posix/thread.c | 18 +++ kernel/cobalt/posix/timer.c| 10 kernel/cobalt/posix/timerfd.c | 12 -- 21 files changed, 127 insertions(+), 136 deletions(-) diff --git a/include/cobalt/kernel/rtdm/driver.h b/include/cobalt/kernel/rtdm/driver.h index b2087f1..c14198b 100644 --- a/include/cobalt/kernel/rtdm/driver.h +++ b/include/cobalt/kernel/rtdm/driver.h @@ -1233,8 +1233,7 @@ static inline int rtdm_safe_copy_from_user(struct rtdm_fd *fd, void *dst, const void __user *src, size_t size) { - return (!access_rok(src, size) || - __xn_copy_from_user(dst, src, size)) ? -EFAULT : 0; + return cobalt_copy_from_user(dst, src, size); } static inline int rtdm_copy_to_user(struct rtdm_fd *fd, @@ -1248,17 +1247,14 @@ static inline int rtdm_safe_copy_to_user(struct rtdm_fd *fd, void __user *dst, const void *src, size_t size) { - return (!access_wok(dst, size) || - __xn_copy_to_user(dst, src, size)) ? -EFAULT : 0; + return cobalt_copy_to_user(dst, src, size); } static inline int rtdm_strncpy_from_user(struct rtdm_fd *fd, char *dst, const char __user *src, size_t count) { - if (unlikely(!access_rok(src, 1))) - return -EFAULT; - return __xn_strncpy_from_user(dst, src, count); + return cobalt_strncpy_from_user(dst, src, count); } static inline int rtdm_rt_capable(struct rtdm_fd *fd) diff --git a/kernel/cobalt/arch/arm/syscall.c b/kernel/cobalt/arch/arm/syscall.c index 735208b..ee78243 100644 --- a/kernel/cobalt/arch/arm/syscall.c +++ b/kernel/cobalt/arch/arm/syscall.c @@ -49,5 +49,5 @@ int xnarch_local_syscall(unsigned long a1, unsigned long a2, break; } - return __xn_safe_copy_to_user((void *)a2, info, sizeof(info)); + return cobalt_copy_to_user((void *)a2, info, sizeof(info)); } diff --git a/kernel/cobalt/bufd.c b/kernel/cobalt/bufd.c index decd1bd..9b41b6a 100644 --- a/kernel/cobalt/bufd.c +++ b/kernel/cobalt/bufd.c @@ -328,7 +328,7 @@ ssize_t xnbufd_copy_to_kmem(void *to, struct xnbufd *bufd, size_t len) */ if (current-mm == bufd-b_mm) { preemptible_only(); - if (__xn_safe_copy_from_user(to, (void __user *)from, len)) + if (cobalt_copy_from_user(to, (void __user *)from, len)) return -EFAULT; goto advance_offset; } @@ -433,7 +433,7 @@ ssize_t xnbufd_copy_from_kmem(struct xnbufd *bufd, void *from, size_t len) */ if (current-mm == bufd-b_mm) { preemptible_only(); - if