Module: xenomai-3
Branch: next
Commit: cc47a3104817cd5befb4218e2042debb122fc79f
URL:    
http://git.xenomai.org/?p=xenomai-3.git;a=commit;h=cc47a3104817cd5befb4218e2042debb122fc79f

Author: Philippe Gerum <r...@xenomai.org>
Date:   Wed Feb 18 10:36:01 2015 +0100

cobalt/kernel: sanitize usage of internal copy_to/from helpers

Unless explicitly paired with access_w/rok() checks, all copy to/from
helpers should implement the safe form, testing for the basic sanity
of the address range.

cobalt_copy_to/from_user() implement the safe call form in replacement
of __xn_safe_copy_to/from_user(). __xn_copy_to/from_user() still
implement the unchecked variant, assuming the address range will be
checked separately.

Drivers should stick with the rtdm_copy_to/from_user() helpers.

---

 include/cobalt/kernel/rtdm/driver.h                |   10 +++-----
 kernel/cobalt/arch/arm/syscall.c                   |    2 +-
 kernel/cobalt/bufd.c                               |    6 ++---
 .../cobalt/include/asm-generic/xenomai/syscall.h   |   12 +++++-----
 kernel/cobalt/posix/clock.c                        |   10 ++++----
 kernel/cobalt/posix/compat.c                       |   20 ++++++++--------
 kernel/cobalt/posix/cond.c                         |   12 +++++-----
 kernel/cobalt/posix/event.c                        |   10 ++++----
 kernel/cobalt/posix/io.c                           |   24 ++++++++++----------
 kernel/cobalt/posix/monitor.c                      |    4 ++--
 kernel/cobalt/posix/mqueue.c                       |   20 ++++++++--------
 kernel/cobalt/posix/mutex.c                        |   12 +++++-----
 kernel/cobalt/posix/nsem.c                         |    2 +-
 kernel/cobalt/posix/sched.c                        |   10 ++++----
 kernel/cobalt/posix/sem.c                          |   16 ++++++-------
 kernel/cobalt/posix/signal.c                       |   17 ++++++--------
 kernel/cobalt/posix/syscall.c                      |   14 ++++++------
 kernel/cobalt/posix/syscall32.c                    |   22 +++++++++---------
 kernel/cobalt/posix/thread.c                       |   18 +++++++--------
 kernel/cobalt/posix/timer.c                        |   10 ++++----
 kernel/cobalt/posix/timerfd.c                      |   12 ++++------
 21 files changed, 127 insertions(+), 136 deletions(-)

diff --git a/include/cobalt/kernel/rtdm/driver.h 
b/include/cobalt/kernel/rtdm/driver.h
index b2087f1..c14198b 100644
--- a/include/cobalt/kernel/rtdm/driver.h
+++ b/include/cobalt/kernel/rtdm/driver.h
@@ -1233,8 +1233,7 @@ static inline int rtdm_safe_copy_from_user(struct rtdm_fd 
*fd,
                                           void *dst, const void __user *src,
                                           size_t size)
 {
-       return (!access_rok(src, size) ||
-               __xn_copy_from_user(dst, src, size)) ? -EFAULT : 0;
+       return cobalt_copy_from_user(dst, src, size);
 }
 
 static inline int rtdm_copy_to_user(struct rtdm_fd *fd,
@@ -1248,17 +1247,14 @@ static inline int rtdm_safe_copy_to_user(struct rtdm_fd 
*fd,
                                         void __user *dst, const void *src,
                                         size_t size)
 {
-       return (!access_wok(dst, size) ||
-               __xn_copy_to_user(dst, src, size)) ? -EFAULT : 0;
+       return cobalt_copy_to_user(dst, src, size);
 }
 
 static inline int rtdm_strncpy_from_user(struct rtdm_fd *fd,
                                         char *dst,
                                         const char __user *src, size_t count)
 {
-       if (unlikely(!access_rok(src, 1)))
-               return -EFAULT;
-       return __xn_strncpy_from_user(dst, src, count);
+       return cobalt_strncpy_from_user(dst, src, count);
 }
 
 static inline int rtdm_rt_capable(struct rtdm_fd *fd)
diff --git a/kernel/cobalt/arch/arm/syscall.c b/kernel/cobalt/arch/arm/syscall.c
index 735208b..ee78243 100644
--- a/kernel/cobalt/arch/arm/syscall.c
+++ b/kernel/cobalt/arch/arm/syscall.c
@@ -49,5 +49,5 @@ int xnarch_local_syscall(unsigned long a1, unsigned long a2,
                break;
        }
 
-       return __xn_safe_copy_to_user((void *)a2, &info, sizeof(info));
+       return cobalt_copy_to_user((void *)a2, &info, sizeof(info));
 }
diff --git a/kernel/cobalt/bufd.c b/kernel/cobalt/bufd.c
index decd1bd..9b41b6a 100644
--- a/kernel/cobalt/bufd.c
+++ b/kernel/cobalt/bufd.c
@@ -328,7 +328,7 @@ ssize_t xnbufd_copy_to_kmem(void *to, struct xnbufd *bufd, 
size_t len)
         */
        if (current->mm == bufd->b_mm) {
                preemptible_only();
-               if (__xn_safe_copy_from_user(to, (void __user *)from, len))
+               if (cobalt_copy_from_user(to, (void __user *)from, len))
                        return -EFAULT;
                goto advance_offset;
        }
@@ -433,7 +433,7 @@ ssize_t xnbufd_copy_from_kmem(struct xnbufd *bufd, void 
*from, size_t len)
         */
        if (current->mm == bufd->b_mm) {
                preemptible_only();
-               if (__xn_safe_copy_to_user((void __user *)to, from, len))
+               if (cobalt_copy_to_user((void __user *)to, from, len))
                        return -EFAULT;
                goto advance_offset;
        }
@@ -546,7 +546,7 @@ ssize_t xnbufd_unmap_uwrite(struct xnbufd *bufd)
         */
        to = (void __user *)bufd->b_ptr;
        from = bufd->b_carry;
-       ret = __xn_safe_copy_to_user(to, from, len);
+       ret = cobalt_copy_to_user(to, from, len);
 
        if (bufd->b_len > sizeof(bufd->b_buf))
                xnfree(bufd->b_carry);
diff --git a/kernel/cobalt/include/asm-generic/xenomai/syscall.h 
b/kernel/cobalt/include/asm-generic/xenomai/syscall.h
index 8a00008..84fa2ef 100644
--- a/kernel/cobalt/include/asm-generic/xenomai/syscall.h
+++ b/kernel/cobalt/include/asm-generic/xenomai/syscall.h
@@ -42,22 +42,22 @@
 #define __xn_get_user(dst, srcP)               __get_user_inatomic(dst, srcP)
 #define __xn_strncpy_from_user(dstP, srcP, n)  strncpy_from_user(dstP, srcP, n)
 
-static inline int __xn_safe_copy_from_user(void *dst, const void __user *src,
-                                          size_t size)
+static inline int cobalt_copy_from_user(void *dst, const void __user *src,
+                                       size_t size)
 {
        return (!access_rok(src, size) ||
                __xn_copy_from_user(dst, src, size)) ? -EFAULT : 0;
 }
 
-static inline int __xn_safe_copy_to_user(void __user *dst, const void *src,
-                                        size_t size)
+static inline int cobalt_copy_to_user(void __user *dst, const void *src,
+                                     size_t size)
 {
        return (!access_wok(dst, size) ||
                __xn_copy_to_user(dst, src, size)) ? -EFAULT : 0;
 }
 
-static inline int __xn_safe_strncpy_from_user(char *dst,
-                                             const char __user *src, size_t 
count)
+static inline int cobalt_strncpy_from_user(char *dst, const char __user *src,
+                                          size_t count)
 {
        if (unlikely(!access_rok(src, 1)))
                return -EFAULT;
diff --git a/kernel/cobalt/posix/clock.c b/kernel/cobalt/posix/clock.c
index d0b108e..7fd148a 100644
--- a/kernel/cobalt/posix/clock.c
+++ b/kernel/cobalt/posix/clock.c
@@ -139,7 +139,7 @@ COBALT_SYSCALL(clock_getres, current,
        if (ret)
                return ret;
 
-       if (u_ts && __xn_safe_copy_to_user(u_ts, &ts, sizeof(ts)))
+       if (u_ts && cobalt_copy_to_user(u_ts, &ts, sizeof(ts)))
                return -EFAULT;
 
        trace_cobalt_clock_getres(clock_id, &ts);
@@ -186,7 +186,7 @@ COBALT_SYSCALL(clock_gettime, current,
        if (ret)
                return ret;
 
-       if (__xn_safe_copy_to_user(u_ts, &ts, sizeof(*u_ts)))
+       if (cobalt_copy_to_user(u_ts, &ts, sizeof(*u_ts)))
                return -EFAULT;
 
        trace_cobalt_clock_gettime(clock_id, &ts);
@@ -226,7 +226,7 @@ COBALT_SYSCALL(clock_settime, current,
 {
        struct timespec ts;
 
-       if (__xn_safe_copy_from_user(&ts, u_ts, sizeof(ts)))
+       if (cobalt_copy_from_user(&ts, u_ts, sizeof(ts)))
                return -EFAULT;
 
        return __cobalt_clock_settime(clock_id, &ts);
@@ -291,12 +291,12 @@ COBALT_SYSCALL(clock_nanosleep, nonrestartable,
        if (u_rmt)
                rmtp = &rmt;
 
-       if (__xn_safe_copy_from_user(&rqt, u_rqt, sizeof(rqt)))
+       if (cobalt_copy_from_user(&rqt, u_rqt, sizeof(rqt)))
                return -EFAULT;
 
        ret = __cobalt_clock_nanosleep(clock_id, flags, &rqt, rmtp);
        if (ret == -EINTR && flags == 0 && rmtp) {
-               if (__xn_safe_copy_to_user(u_rmt, rmtp, sizeof(*u_rmt)))
+               if (cobalt_copy_to_user(u_rmt, rmtp, sizeof(*u_rmt)))
                        return -EFAULT;
        }
 
diff --git a/kernel/cobalt/posix/compat.c b/kernel/cobalt/posix/compat.c
index 5808371..6118f8a 100644
--- a/kernel/cobalt/posix/compat.c
+++ b/kernel/cobalt/posix/compat.c
@@ -117,7 +117,7 @@ int sys32_get_param_ex(int policy,
 {
        struct compat_sched_param_ex cpex;
 
-       if (u_cp == NULL || __xn_safe_copy_from_user(&cpex, u_cp, sizeof(cpex)))
+       if (u_cp == NULL || cobalt_copy_from_user(&cpex, u_cp, sizeof(cpex)))
                return -EFAULT;
 
        p->sched_priority = cpex.sched_priority;
@@ -179,7 +179,7 @@ int sys32_put_param_ex(int policy,
                break;
        }
 
-       return __xn_safe_copy_to_user(u_cp, &cpex, sizeof(cpex));
+       return cobalt_copy_to_user(u_cp, &cpex, sizeof(cpex));
 }
 EXPORT_SYMBOL_GPL(sys32_put_param_ex);
 
@@ -189,7 +189,7 @@ int sys32_get_mqattr(struct mq_attr *ap,
        struct compat_mq_attr cattr;
 
        if (u_cap == NULL ||
-           __xn_safe_copy_from_user(&cattr, u_cap, sizeof(cattr)))
+           cobalt_copy_from_user(&cattr, u_cap, sizeof(cattr)))
                return -EFAULT;
 
        ap->mq_flags = cattr.mq_flags;
@@ -212,7 +212,7 @@ int sys32_put_mqattr(struct compat_mq_attr __user *u_cap,
        cattr.mq_curmsgs = ap->mq_curmsgs;
 
        return u_cap == NULL ? -EFAULT :
-               __xn_safe_copy_to_user(u_cap, &cattr, sizeof(cattr));
+               cobalt_copy_to_user(u_cap, &cattr, sizeof(cattr));
 }
 EXPORT_SYMBOL_GPL(sys32_put_mqattr);
 
@@ -226,7 +226,7 @@ int sys32_get_sigevent(struct sigevent *ev,
        if (u_cev == NULL)
                return -EFAULT;
 
-       ret = __xn_safe_copy_from_user(&cev, u_cev, sizeof(cev));
+       ret = cobalt_copy_from_user(&cev, u_cev, sizeof(cev));
        if (ret)
                return ret;
 
@@ -256,7 +256,7 @@ int sys32_get_sigset(sigset_t *set, const compat_sigset_t 
*u_cset)
        if (u_cset == NULL)
                return -EFAULT;
 
-       ret = __xn_safe_copy_from_user(&cset, u_cset, sizeof(cset));
+       ret = cobalt_copy_from_user(&cset, u_cset, sizeof(cset));
        if (ret)
                return ret;
 
@@ -275,7 +275,7 @@ int sys32_put_sigset(compat_sigset_t *u_cset, const 
sigset_t *set)
 
        sigset_to_compat(&cset, set);
 
-       return __xn_safe_copy_to_user(u_cset, &cset, sizeof(cset));
+       return cobalt_copy_to_user(u_cset, &cset, sizeof(cset));
 }
 EXPORT_SYMBOL_GPL(sys32_put_sigset);
 
@@ -287,7 +287,7 @@ int sys32_get_sigval(union sigval *val, const union 
compat_sigval *u_cval)
        if (u_cval == NULL)
                return -EFAULT;
 
-       ret = __xn_safe_copy_from_user(&cval, u_cval, sizeof(cval));
+       ret = cobalt_copy_from_user(&cval, u_cval, sizeof(cval));
        if (ret)
                return ret;
 
@@ -391,7 +391,7 @@ int sys32_get_iovec(struct iovec *iov,
        int ret, n;
        
        for (n = 0, p = u_ciov; n < ciovlen; n++, p++) {
-               ret = __xn_safe_copy_from_user(&ciov, p, sizeof(ciov));
+               ret = cobalt_copy_from_user(&ciov, p, sizeof(ciov));
                if (ret)
                        return ret;
                iov[n].iov_base = compat_ptr(ciov.iov_base);
@@ -413,7 +413,7 @@ int sys32_put_iovec(struct compat_iovec __user *u_ciov,
        for (n = 0, p = u_ciov; n < iovlen; n++, p++) {
                ciov.iov_base = ptr_to_compat(iov[n].iov_base);
                ciov.iov_len = iov[n].iov_len;
-               ret = __xn_safe_copy_to_user(p, &ciov, sizeof(*p));
+               ret = cobalt_copy_to_user(p, &ciov, sizeof(*p));
                if (ret)
                        return ret;
        }
diff --git a/kernel/cobalt/posix/cond.c b/kernel/cobalt/posix/cond.c
index 208501a..cdd0720 100644
--- a/kernel/cobalt/posix/cond.c
+++ b/kernel/cobalt/posix/cond.c
@@ -278,10 +278,10 @@ COBALT_SYSCALL(cond_init, current,
        struct cobalt_condattr attr;
        int err;
 
-       if (__xn_safe_copy_from_user(&cnd, u_cnd, sizeof(cnd)))
+       if (cobalt_copy_from_user(&cnd, u_cnd, sizeof(cnd)))
                return -EFAULT;
 
-       if (__xn_safe_copy_from_user(&attr, u_attr, sizeof(attr)))
+       if (cobalt_copy_from_user(&attr, u_attr, sizeof(attr)))
                return -EFAULT;
 
        trace_cobalt_cond_init(u_cnd, &attr);
@@ -290,7 +290,7 @@ COBALT_SYSCALL(cond_init, current,
        if (err < 0)
                return err;
 
-       return __xn_safe_copy_to_user(u_cnd, &cnd, sizeof(*u_cnd));
+       return cobalt_copy_to_user(u_cnd, &cnd, sizeof(*u_cnd));
 }
 
 COBALT_SYSCALL(cond_destroy, current,
@@ -299,7 +299,7 @@ COBALT_SYSCALL(cond_destroy, current,
        struct cobalt_cond_shadow cnd;
        int err;
 
-       if (__xn_safe_copy_from_user(&cnd, u_cnd, sizeof(cnd)))
+       if (cobalt_copy_from_user(&cnd, u_cnd, sizeof(cnd)))
                return -EFAULT;
 
        trace_cobalt_cond_destroy(u_cnd);
@@ -308,7 +308,7 @@ COBALT_SYSCALL(cond_destroy, current,
        if (err < 0)
                return err;
 
-       return __xn_safe_copy_to_user(u_cnd, &cnd, sizeof(*u_cnd));
+       return cobalt_copy_to_user(u_cnd, &cnd, sizeof(*u_cnd));
 }
 
 struct us_cond_data {
@@ -319,7 +319,7 @@ static inline int cond_fetch_timeout(struct timespec *ts,
                                     const void __user *u_ts)
 {
        return u_ts == NULL ? -EFAULT :
-               __xn_safe_copy_from_user(ts, u_ts, sizeof(*ts));
+               cobalt_copy_from_user(ts, u_ts, sizeof(*ts));
 }
 
 int __cobalt_cond_wait_prologue(struct cobalt_cond_shadow __user *u_cnd,
diff --git a/kernel/cobalt/posix/event.c b/kernel/cobalt/posix/event.c
index 2366a4c..f9a4cc2 100644
--- a/kernel/cobalt/posix/event.c
+++ b/kernel/cobalt/posix/event.c
@@ -102,7 +102,7 @@ COBALT_SYSCALL(event_init, current,
        shadow.handle = event->handle;
        shadow.state_offset = (__u32)stateoff;
 
-       return __xn_safe_copy_to_user(u_event, &shadow, sizeof(*u_event));
+       return cobalt_copy_to_user(u_event, &shadow, sizeof(*u_event));
 }
 
 int __cobalt_event_wait(struct cobalt_event_shadow __user *u_event,
@@ -184,7 +184,7 @@ out:
        xnlock_put_irqrestore(&nklock, s);
 
        if (ret == 0 &&
-           __xn_safe_copy_to_user(u_bits_r, &rbits, sizeof(rbits)))
+           cobalt_copy_to_user(u_bits_r, &rbits, sizeof(rbits)))
                return -EFAULT;
 
        return ret;
@@ -201,7 +201,7 @@ COBALT_SYSCALL(event_wait, primary,
 
        if (u_ts) {
                tsp = &ts;
-               ret = __xn_safe_copy_from_user(&ts, u_ts, sizeof(ts));
+               ret = cobalt_copy_from_user(&ts, u_ts, sizeof(ts));
                if (ret)
                        return ret;
        }
@@ -384,9 +384,9 @@ COBALT_SYSCALL(event_inquire, current,
 
        xnlock_put_irqrestore(&nklock, s);
 
-       ret = __xn_safe_copy_to_user(u_info, &info, sizeof(info));
+       ret = cobalt_copy_to_user(u_info, &info, sizeof(info));
        if (ret == 0 && nrwait > 0)
-               ret = __xn_safe_copy_to_user(u_waitlist, t, nrwait * 
sizeof(pid_t));
+               ret = cobalt_copy_to_user(u_waitlist, t, nrwait * 
sizeof(pid_t));
 
        if (t && t != fbuf)
                xnfree(t);
diff --git a/kernel/cobalt/posix/io.c b/kernel/cobalt/posix/io.c
index 213b4f4..cadc2d1 100644
--- a/kernel/cobalt/posix/io.c
+++ b/kernel/cobalt/posix/io.c
@@ -82,7 +82,7 @@ COBALT_SYSCALL(recvmsg, probing,
        struct msghdr m;
        ssize_t ret;
 
-       ret = __xn_safe_copy_from_user(&m, umsg, sizeof(m));
+       ret = cobalt_copy_from_user(&m, umsg, sizeof(m));
        if (ret)
                return ret;
 
@@ -90,7 +90,7 @@ COBALT_SYSCALL(recvmsg, probing,
        if (ret < 0)
                return ret;
 
-       return __xn_safe_copy_to_user(umsg, &m, sizeof(*umsg)) ?: ret;
+       return cobalt_copy_to_user(umsg, &m, sizeof(*umsg)) ?: ret;
 }
 
 COBALT_SYSCALL(sendmsg, probing,
@@ -99,7 +99,7 @@ COBALT_SYSCALL(sendmsg, probing,
        struct msghdr m;
        int ret;
 
-       ret = __xn_safe_copy_from_user(&m, umsg, sizeof(m));
+       ret = cobalt_copy_from_user(&m, umsg, sizeof(m));
 
        return ret ?: rtdm_fd_sendmsg(fd, &m, flags);
 }
@@ -112,7 +112,7 @@ COBALT_SYSCALL(mmap, lostage,
        void *u_addr = NULL;
        int ret;
 
-       ret = __xn_safe_copy_from_user(&rma, u_rma, sizeof(rma));
+       ret = cobalt_copy_from_user(&rma, u_rma, sizeof(rma));
        if (ret)
                return ret;
 
@@ -120,7 +120,7 @@ COBALT_SYSCALL(mmap, lostage,
        if (ret)
                return ret;
 
-       return __xn_safe_copy_to_user(u_addrp, &u_addr, sizeof(u_addr));
+       return cobalt_copy_to_user(u_addrp, &u_addr, sizeof(u_addr));
 }
 
 int __cobalt_first_fd_valid_p(fd_set *fds[XNSELECT_MAX_TYPES], int nfds)
@@ -198,7 +198,7 @@ COBALT_SYSCALL(select, nonrestartable,
 
        if (u_tv) {
                if (!access_wok(u_tv, sizeof(tv))
-                   || __xn_copy_from_user(&tv, u_tv, sizeof(tv)))
+                   || cobalt_copy_from_user(&tv, u_tv, sizeof(tv)))
                        return -EFAULT;
 
                if (tv.tv_usec > 1000000)
@@ -216,9 +216,9 @@ COBALT_SYSCALL(select, nonrestartable,
                        out_fds[i] = & out_fds_storage[i];
                        if (!access_wok((void __user *) ufd_sets[i],
                                        sizeof(fd_set))
-                           || __xn_copy_from_user(in_fds[i],
-                                                  (void __user *) ufd_sets[i],
-                                                  fds_size))
+                           || cobalt_copy_from_user(in_fds[i],
+                                                    (void __user *) 
ufd_sets[i],
+                                                    fds_size))
                                return -EFAULT;
                }
 
@@ -260,15 +260,15 @@ COBALT_SYSCALL(select, nonrestartable,
                else
                        tv.tv_sec = tv.tv_usec = 0;
 
-               if (__xn_copy_to_user(u_tv, &tv, sizeof(tv)))
+               if (cobalt_copy_to_user(u_tv, &tv, sizeof(tv)))
                        return -EFAULT;
        }
 
        if (err >= 0)
                for (i = 0; i < XNSELECT_MAX_TYPES; i++)
                        if (ufd_sets[i]
-                           && __xn_copy_to_user((void __user *) ufd_sets[i],
-                                                out_fds[i], sizeof(fd_set)))
+                           && cobalt_copy_to_user((void __user *) ufd_sets[i],
+                                                  out_fds[i], sizeof(fd_set)))
                                return -EFAULT;
        return err;
 }
diff --git a/kernel/cobalt/posix/monitor.c b/kernel/cobalt/posix/monitor.c
index 5df5604..380a75f 100644
--- a/kernel/cobalt/posix/monitor.c
+++ b/kernel/cobalt/posix/monitor.c
@@ -106,7 +106,7 @@ COBALT_SYSCALL(monitor_init, current,
        shadow.handle = mon->handle;
        shadow.state_offset = (__u32)stateoff;
 
-       return __xn_safe_copy_to_user(u_mon, &shadow, sizeof(*u_mon));
+       return cobalt_copy_to_user(u_mon, &shadow, sizeof(*u_mon));
 }
 
 /* nklock held, irqs off */
@@ -309,7 +309,7 @@ COBALT_SYSCALL(monitor_wait, nonrestartable,
 
        if (u_ts) {
                tsp = &ts;
-               ret = __xn_safe_copy_from_user(&ts, u_ts, sizeof(ts));
+               ret = cobalt_copy_from_user(&ts, u_ts, sizeof(ts));
                if (ret)
                        return ret;
        }
diff --git a/kernel/cobalt/posix/mqueue.c b/kernel/cobalt/posix/mqueue.c
index 66ec415..8d5758a 100644
--- a/kernel/cobalt/posix/mqueue.c
+++ b/kernel/cobalt/posix/mqueue.c
@@ -767,7 +767,7 @@ COBALT_SYSCALL(mq_notify, primary,
 {
        struct sigevent sev;
 
-       if (evp && __xn_safe_copy_from_user(&sev, evp, sizeof(sev)))
+       if (evp && cobalt_copy_from_user(&sev, evp, sizeof(sev)))
                return -EFAULT;
 
        return __cobalt_mq_notify(fd, evp ? &sev : NULL);
@@ -781,7 +781,7 @@ int __cobalt_mq_open(const char __user *u_name, int oflags,
        mqd_t uqd;
        int ret;
 
-       len = __xn_safe_strncpy_from_user(name, u_name, sizeof(name));
+       len = cobalt_strncpy_from_user(name, u_name, sizeof(name));
        if (len < 0)
                return -EFAULT;
 
@@ -813,7 +813,7 @@ COBALT_SYSCALL(mq_open, lostage,
        struct mq_attr _attr, *attr = &_attr;
 
        if ((oflags & O_CREAT) && u_attr) {
-               if (__xn_safe_copy_from_user(&_attr, u_attr, sizeof(_attr)))
+               if (cobalt_copy_from_user(&_attr, u_attr, sizeof(_attr)))
                        return -EFAULT;
        } else
                attr = NULL;
@@ -833,7 +833,7 @@ COBALT_SYSCALL(mq_unlink, lostage, (const char __user 
*u_name))
        char name[COBALT_MAXNAME];
        unsigned len;
 
-       len = __xn_safe_strncpy_from_user(name, u_name, sizeof(name));
+       len = cobalt_strncpy_from_user(name, u_name, sizeof(name));
        if (len < 0)
                return -EFAULT;
        if (len >= sizeof(name))
@@ -873,14 +873,14 @@ COBALT_SYSCALL(mq_getattr, current,
        if (ret)
                return ret;
 
-       return __xn_safe_copy_to_user(u_attr, &attr, sizeof(attr));
+       return cobalt_copy_to_user(u_attr, &attr, sizeof(attr));
 }
 
 static inline int mq_fetch_timeout(struct timespec *ts,
                                   const void __user *u_ts)
 {
        return u_ts == NULL ? -EFAULT :
-               __xn_safe_copy_from_user(ts, u_ts, sizeof(*ts));
+               cobalt_copy_from_user(ts, u_ts, sizeof(*ts));
 }
 
 int __cobalt_mq_timedsend(mqd_t uqd, const void __user *u_buf, size_t len,
@@ -913,7 +913,7 @@ int __cobalt_mq_timedsend(mqd_t uqd, const void __user 
*u_buf, size_t len,
                goto out;
        }
 
-       ret = __xn_safe_copy_from_user(msg->data, u_buf, len);
+       ret = cobalt_copy_from_user(msg->data, u_buf, len);
        if (ret) {
                mq_finish_rcv(mqd, msg);
                goto out;
@@ -962,7 +962,7 @@ int __cobalt_mq_timedreceive(mqd_t uqd, void __user *u_buf,
                goto fail;
        }
 
-       ret = __xn_safe_copy_to_user(u_buf, msg->data, msg->len);
+       ret = cobalt_copy_to_user(u_buf, msg->data, msg->len);
        if (ret) {
                mq_finish_rcv(mqd, msg);
                goto fail;
@@ -995,14 +995,14 @@ COBALT_SYSCALL(mq_timedreceive, primary,
        ssize_t len;
        int ret;
 
-       ret = __xn_safe_copy_from_user(&len, u_len, sizeof(len));
+       ret = cobalt_copy_from_user(&len, u_len, sizeof(len));
        if (ret)
                return ret;
 
        ret = __cobalt_mq_timedreceive(uqd, u_buf, &len, u_prio,
                                       u_ts, u_ts ? mq_fetch_timeout : NULL);
 
-       return ret ?: __xn_safe_copy_to_user(u_len, &len, sizeof(*u_len));
+       return ret ?: cobalt_copy_to_user(u_len, &len, sizeof(*u_len));
 }
 
 int cobalt_mq_pkg_init(void)
diff --git a/kernel/cobalt/posix/mutex.c b/kernel/cobalt/posix/mutex.c
index 43620c5..1bd4c07 100644
--- a/kernel/cobalt/posix/mutex.c
+++ b/kernel/cobalt/posix/mutex.c
@@ -259,10 +259,10 @@ COBALT_SYSCALL(mutex_init, current,
        struct cobalt_mutex *mutex;
        int err;
 
-       if (__xn_safe_copy_from_user(&mx, u_mx, sizeof(mx)))
+       if (cobalt_copy_from_user(&mx, u_mx, sizeof(mx)))
                return -EFAULT;
 
-       if (__xn_safe_copy_from_user(&attr, u_attr, sizeof(attr)))
+       if (cobalt_copy_from_user(&attr, u_attr, sizeof(attr)))
                return -EFAULT;
 
        mutex = xnmalloc(sizeof(*mutex));
@@ -283,7 +283,7 @@ COBALT_SYSCALL(mutex_init, current,
                return err;
        }
 
-       return __xn_safe_copy_to_user(u_mx, &mx, sizeof(*u_mx));
+       return cobalt_copy_to_user(u_mx, &mx, sizeof(*u_mx));
 }
 
 COBALT_SYSCALL(mutex_destroy, current,
@@ -294,7 +294,7 @@ COBALT_SYSCALL(mutex_destroy, current,
        spl_t s;
        int err;
 
-       if (__xn_safe_copy_from_user(&mx, u_mx, sizeof(mx)))
+       if (cobalt_copy_from_user(&mx, u_mx, sizeof(mx)))
                return -EFAULT;
 
        xnlock_get_irqsave(&nklock, s);
@@ -325,7 +325,7 @@ COBALT_SYSCALL(mutex_destroy, current,
        xnlock_put_irqrestore(&nklock, s);
        cobalt_mutex_destroy_inner(mx.handle, mutex->owningq);
 
-       return __xn_safe_copy_to_user(u_mx, &mx, sizeof(*u_mx));
+       return cobalt_copy_to_user(u_mx, &mx, sizeof(*u_mx));
 }
 
 COBALT_SYSCALL(mutex_trylock, primary,
@@ -379,7 +379,7 @@ static inline int mutex_fetch_timeout(struct timespec *ts,
                                      const void __user *u_ts)
 {
        return u_ts == NULL ? -EFAULT :
-               __xn_safe_copy_from_user(ts, u_ts, sizeof(*ts));
+               cobalt_copy_from_user(ts, u_ts, sizeof(*ts));
 }
 
 COBALT_SYSCALL(mutex_timedlock, primary,
diff --git a/kernel/cobalt/posix/nsem.c b/kernel/cobalt/posix/nsem.c
index 9cbbfcd..43d66db 100644
--- a/kernel/cobalt/posix/nsem.c
+++ b/kernel/cobalt/posix/nsem.c
@@ -110,7 +110,7 @@ sem_open(struct cobalt_process *cc, struct 
cobalt_sem_shadow __user *ushadow,
                        return ERR_PTR(rc);
                }
 
-               if (__xn_safe_copy_to_user(ushadow, &shadow, sizeof(shadow))) {
+               if (cobalt_copy_to_user(ushadow, &shadow, sizeof(shadow))) {
                        __cobalt_sem_destroy(shadow.handle);
                        return ERR_PTR(-EFAULT);
                }
diff --git a/kernel/cobalt/posix/sched.c b/kernel/cobalt/posix/sched.c
index c89f1ce..94a9b74 100644
--- a/kernel/cobalt/posix/sched.c
+++ b/kernel/cobalt/posix/sched.c
@@ -545,7 +545,7 @@ sched_fetch_config(int policy, const void __user *u_config, 
size_t *len)
        if (buf == NULL)
                return ERR_PTR(-ENOMEM);
 
-       ret = __xn_safe_copy_from_user(buf, u_config, *len);
+       ret = cobalt_copy_from_user(buf, u_config, *len);
        if (ret) {
                xnfree(buf);
                return ERR_PTR(ret);
@@ -563,7 +563,7 @@ static int sched_ack_config(int policy, const union 
sched_config *config,
                return 0;
 
        return u_p == NULL ? -EFAULT :
-               __xn_safe_copy_to_user(&u_p->quota.info, &config->quota.info,
+               cobalt_copy_to_user(&u_p->quota.info, &config->quota.info,
                                       sizeof(u_p->quota.info));
 }
 
@@ -579,12 +579,12 @@ static ssize_t sched_put_config(int policy,
        if (policy == SCHED_QUOTA) {
                if (u_len < sizeof(config->quota))
                        return -EINVAL;
-               return __xn_safe_copy_to_user(&u_p->quota.info, 
&config->quota.info,
+               return cobalt_copy_to_user(&u_p->quota.info, 
&config->quota.info,
                                              sizeof(u_p->quota.info)) ?:
                        sizeof(u_p->quota.info);
        }
 
-       return __xn_safe_copy_to_user(u_config, config, len) ?: len;
+       return cobalt_copy_to_user(u_config, config, len) ?: len;
 }
 
 int __cobalt_sched_setconfig_np(int cpu, int policy,
@@ -705,7 +705,7 @@ COBALT_SYSCALL(sched_weightprio, current,
 {
        struct sched_param_ex param_ex;
 
-       if (__xn_safe_copy_from_user(&param_ex, u_param, sizeof(param_ex)))
+       if (cobalt_copy_from_user(&param_ex, u_param, sizeof(param_ex)))
                return -EFAULT;
 
        return __cobalt_sched_weightprio(policy, &param_ex);
diff --git a/kernel/cobalt/posix/sem.c b/kernel/cobalt/posix/sem.c
index 7aab3a0..ab97fb3 100644
--- a/kernel/cobalt/posix/sem.c
+++ b/kernel/cobalt/posix/sem.c
@@ -270,7 +270,7 @@ static inline int sem_fetch_timeout(struct timespec *ts,
                                    const void __user *u_ts)
 {
        return u_ts == NULL ? -EFAULT :
-               __xn_safe_copy_from_user(ts, u_ts, sizeof(*ts));
+               cobalt_copy_from_user(ts, u_ts, sizeof(*ts));
 }
 
 int __cobalt_sem_timedwait(struct cobalt_sem_shadow __user *u_sem,
@@ -415,7 +415,7 @@ COBALT_SYSCALL(sem_init, current,
        struct cobalt_sem_shadow sm;
        struct cobalt_sem *sem;
 
-       if (__xn_safe_copy_from_user(&sm, u_sem, sizeof(sm)))
+       if (cobalt_copy_from_user(&sm, u_sem, sizeof(sm)))
                return -EFAULT;
 
        if (flags & ~(SEM_FIFO|SEM_PULSE|SEM_PSHARED|SEM_REPORT|\
@@ -426,7 +426,7 @@ COBALT_SYSCALL(sem_init, current,
        if (IS_ERR(sem))
                return PTR_ERR(sem);
 
-       return __xn_safe_copy_to_user(u_sem, &sm, sizeof(*u_sem));
+       return cobalt_copy_to_user(u_sem, &sm, sizeof(*u_sem));
 }
 
 COBALT_SYSCALL(sem_post, current,
@@ -483,7 +483,7 @@ COBALT_SYSCALL(sem_getvalue, current,
        if (ret)
                return ret;
 
-       return __xn_safe_copy_to_user(u_sval, &sval, sizeof(sval));
+       return cobalt_copy_to_user(u_sval, &sval, sizeof(sval));
 }
 
 COBALT_SYSCALL(sem_destroy, current,
@@ -492,7 +492,7 @@ COBALT_SYSCALL(sem_destroy, current,
        struct cobalt_sem_shadow sm;
        int err;
 
-       if (__xn_safe_copy_from_user(&sm, u_sem, sizeof(sm)))
+       if (cobalt_copy_from_user(&sm, u_sem, sizeof(sm)))
                return -EFAULT;
 
        trace_cobalt_psem_destroy(sm.handle);
@@ -501,7 +501,7 @@ COBALT_SYSCALL(sem_destroy, current,
        if (err < 0)
                return err;
 
-       return __xn_safe_copy_to_user(u_sem, &sm, sizeof(*u_sem)) ?: err;
+       return cobalt_copy_to_user(u_sem, &sm, sizeof(*u_sem)) ?: err;
 }
 
 COBALT_SYSCALL(sem_broadcast_np, current,
@@ -596,9 +596,9 @@ COBALT_SYSCALL(sem_inquire, current,
 
        xnlock_put_irqrestore(&nklock, s);
 
-       ret = __xn_safe_copy_to_user(u_info, &info, sizeof(info));
+       ret = cobalt_copy_to_user(u_info, &info, sizeof(info));
        if (ret == 0 && nrwait > 0)
-               ret = __xn_safe_copy_to_user(u_waitlist, t, nrwait * 
sizeof(pid_t));
+               ret = cobalt_copy_to_user(u_waitlist, t, nrwait * 
sizeof(pid_t));
 
        if (t && t != fbuf)
                xnfree(t);
diff --git a/kernel/cobalt/posix/signal.c b/kernel/cobalt/posix/signal.c
index 91986b2..86b7b00 100644
--- a/kernel/cobalt/posix/signal.c
+++ b/kernel/cobalt/posix/signal.c
@@ -381,17 +381,14 @@ COBALT_SYSCALL(sigwait, primary,
        sigset_t set;
        int sig;
 
-       if (__xn_safe_copy_from_user(&set, u_set, sizeof(set)))
+       if (cobalt_copy_from_user(&set, u_set, sizeof(set)))
                return -EFAULT;
 
        sig = signal_wait(&set, XN_INFINITE, NULL, NULL);
        if (sig < 0)
                return sig;
 
-       if (__xn_safe_copy_to_user(u_sig, &sig, sizeof(*u_sig)))
-               return -EFAULT;
-
-       return 0;
+       return cobalt_copy_to_user(u_sig, &sig, sizeof(*u_sig));
 }
 
 int __cobalt_sigtimedwait(sigset_t *set,
@@ -421,10 +418,10 @@ COBALT_SYSCALL(sigtimedwait, nonrestartable,
        struct timespec timeout;
        sigset_t set;
 
-       if (__xn_safe_copy_from_user(&set, u_set, sizeof(set)))
+       if (cobalt_copy_from_user(&set, u_set, sizeof(set)))
                return -EFAULT;
 
-       if (__xn_safe_copy_from_user(&timeout, u_timeout, sizeof(timeout)))
+       if (cobalt_copy_from_user(&timeout, u_timeout, sizeof(timeout)))
                return -EFAULT;
 
        return __cobalt_sigtimedwait(&set, &timeout, u_si, signal_put_siginfo);
@@ -444,7 +441,7 @@ COBALT_SYSCALL(sigwaitinfo, nonrestartable,
 {
        sigset_t set;
 
-       if (__xn_safe_copy_from_user(&set, u_set, sizeof(set)))
+       if (cobalt_copy_from_user(&set, u_set, sizeof(set)))
                return -EFAULT;
 
        return __cobalt_sigwaitinfo(&set, u_si, signal_put_siginfo);
@@ -454,7 +451,7 @@ COBALT_SYSCALL(sigpending, primary, (old_sigset_t __user 
*u_set))
 {
        struct cobalt_thread *curr = cobalt_current_thread();
 
-       return __xn_safe_copy_to_user(u_set, &curr->sigpending, sizeof(*u_set));
+       return cobalt_copy_to_user(u_set, &curr->sigpending, sizeof(*u_set));
 }
 
 int __cobalt_kill(struct cobalt_thread *thread, int sig, int group) /* 
nklocked, IRQs off */
@@ -587,7 +584,7 @@ COBALT_SYSCALL(sigqueue, conforming,
        union sigval val;
        int ret;
 
-       ret = __xn_safe_copy_from_user(&val, u_value, sizeof(val));
+       ret = cobalt_copy_from_user(&val, u_value, sizeof(val));
 
        return ret ?: __cobalt_sigqueue(pid, sig, &val);
 }
diff --git a/kernel/cobalt/posix/syscall.c b/kernel/cobalt/posix/syscall.c
index 16d0101..b5d4d1c 100644
--- a/kernel/cobalt/posix/syscall.c
+++ b/kernel/cobalt/posix/syscall.c
@@ -190,7 +190,7 @@ static COBALT_SYSCALL(get_current, current,
        if (cur == NULL)
                return -EPERM;
 
-       return __xn_safe_copy_to_user(u_handle, &cur->handle,
+       return cobalt_copy_to_user(u_handle, &cur->handle,
                                      sizeof(*u_handle));
 }
 
@@ -217,7 +217,7 @@ static COBALT_SYSCALL(backtrace, current,
         * Fetch the backtrace array, filled with PC values as seen
         * from the relaxing thread in user-space. This can't fail
         */
-       ret = __xn_safe_copy_from_user(backtrace, u_backtrace, nr * 
sizeof(long));
+       ret = cobalt_copy_from_user(backtrace, u_backtrace, nr * sizeof(long));
        if (ret)
                return ret;
 
@@ -236,7 +236,7 @@ static COBALT_SYSCALL(serialdbg, current,
                n = len;
                if (n > sizeof(buf))
                        n = sizeof(buf);
-               if (__xn_safe_copy_from_user(buf, u_msg, n))
+               if (cobalt_copy_from_user(buf, u_msg, n))
                        return -EFAULT;
                __ipipe_serial_debug("%.*s", n, buf);
                u_msg += n;
@@ -302,7 +302,7 @@ static COBALT_SYSCALL(bind, lostage,
        struct cobalt_featinfo *f;
        int abirev;
 
-       if (__xn_safe_copy_from_user(&breq, u_breq, sizeof(breq)))
+       if (cobalt_copy_from_user(&breq, u_breq, sizeof(breq)))
                return -EFAULT;
 
        f = &breq.feat_ret;
@@ -335,7 +335,7 @@ static COBALT_SYSCALL(bind, lostage,
        f->clock_freq = cobalt_pipeline.clock_freq;
        f->vdso_offset = cobalt_umm_offset(&cobalt_ppd_get(1)->umm, nkvdso);
 
-       if (__xn_safe_copy_to_user(u_breq, &breq, sizeof(breq)))
+       if (cobalt_copy_to_user(u_breq, &breq, sizeof(breq)))
                return -EFAULT;
 
        /*
@@ -410,7 +410,7 @@ static int get_conf_option(int option, void __user *u_buf, 
size_t u_bufsz)
                return -EINVAL;
        }
 
-       ret = __xn_safe_copy_to_user(u_buf, &val, sizeof(val));
+       ret = cobalt_copy_to_user(u_buf, &val, sizeof(val));
 
        return ret ? -EFAULT : 0;
 }
@@ -433,7 +433,7 @@ static int stop_services(const void __user *u_buf, size_t 
u_bufsz)
        if (u_bufsz != sizeof(int))
                return -EINVAL;
 
-       ret = __xn_safe_copy_from_user(&timeout, u_buf, sizeof(timeout));
+       ret = cobalt_copy_from_user(&timeout, u_buf, sizeof(timeout));
        if (ret)
                return ret;
 
diff --git a/kernel/cobalt/posix/syscall32.c b/kernel/cobalt/posix/syscall32.c
index 218bc7b..78d3c57 100644
--- a/kernel/cobalt/posix/syscall32.c
+++ b/kernel/cobalt/posix/syscall32.c
@@ -249,7 +249,7 @@ COBALT_SYSCALL32emu(mq_timedreceive, primary,
        ssize_t len;
        int ret;
 
-       ret = __xn_safe_copy_from_user(&clen, u_len, sizeof(*u_len));
+       ret = cobalt_copy_from_user(&clen, u_len, sizeof(*u_len));
        if (ret)
                return ret;
 
@@ -258,14 +258,14 @@ COBALT_SYSCALL32emu(mq_timedreceive, primary,
                                       u_ts, u_ts ? sys32_fetch_timeout : NULL);
        clen = len;
 
-       return ret ?: __xn_safe_copy_to_user(u_len, &clen, sizeof(*u_len));
+       return ret ?: cobalt_copy_to_user(u_len, &clen, sizeof(*u_len));
 }
 
 static inline int mq_fetch_timeout(struct timespec *ts,
                                   const void __user *u_ts)
 {
        return u_ts == NULL ? -EFAULT :
-               __xn_safe_copy_from_user(ts, u_ts, sizeof(*ts));
+               cobalt_copy_from_user(ts, u_ts, sizeof(*ts));
 
 }
 
@@ -315,7 +315,7 @@ sys32_fetch_config(int policy, const void __user *u_config, 
size_t *len)
        if (cbuf == NULL)
                return ERR_PTR(-ENOMEM);
 
-       ret = __xn_safe_copy_from_user(cbuf, u_config, *len);
+       ret = cobalt_copy_from_user(cbuf, u_config, *len);
        if (ret) {
                buf = ERR_PTR(ret);
                goto out;
@@ -365,7 +365,7 @@ static int sys32_ack_config(int policy, const union 
sched_config *config,
                return 0;
 
        return u_config == NULL ? -EFAULT :
-               __xn_safe_copy_to_user(&u_p->quota.info, &config->quota.info,
+               cobalt_copy_to_user(&u_p->quota.info, &config->quota.info,
                                       sizeof(u_p->quota.info));
 }
 
@@ -382,7 +382,7 @@ static ssize_t sys32_put_config(int policy,
        if (policy == SCHED_QUOTA) {
                if (u_len < sizeof(u_p->quota))
                        return -EINVAL;
-               return __xn_safe_copy_to_user(&u_p->quota.info, 
&config->quota.info,
+               return cobalt_copy_to_user(&u_p->quota.info, 
&config->quota.info,
                                              sizeof(u_p->quota.info)) ?:
                        sizeof(u_p->quota.info);
        }
@@ -535,7 +535,7 @@ COBALT_SYSCALL32emu(sigwait, primary,
        if (sig < 0)
                return sig;
 
-       return __xn_safe_copy_to_user(u_sig, &sig, sizeof(*u_sig));
+       return cobalt_copy_to_user(u_sig, &sig, sizeof(*u_sig));
 }
 
 COBALT_SYSCALL32emu(sigtimedwait, nonrestartable,
@@ -777,7 +777,7 @@ COBALT_SYSCALL32emu(mmap, lostage,
 
        u_caddr = ptr_to_compat(u_addr);
 
-       return __xn_safe_copy_to_user(u_caddrp, &u_caddr, sizeof(u_caddr));
+       return cobalt_copy_to_user(u_caddrp, &u_caddr, sizeof(u_caddr));
 }
 
 COBALT_SYSCALL32emu(backtrace, current,
@@ -794,7 +794,7 @@ COBALT_SYSCALL32emu(backtrace, current,
        if (nr > SIGSHADOW_BACKTRACE_DEPTH)
                nr = SIGSHADOW_BACKTRACE_DEPTH;
 
-       ret = __xn_safe_copy_from_user(cbacktrace, u_backtrace,
+       ret = cobalt_copy_from_user(cbacktrace, u_backtrace,
                                       nr * sizeof(compat_ulong_t));
        if (ret)
                return ret;
@@ -819,7 +819,7 @@ COBALT_SYSCALL32x(mq_timedreceive, primary,
        ssize_t len;
        int ret;
 
-       ret = __xn_safe_copy_from_user(&clen, u_len, sizeof(*u_len));
+       ret = cobalt_copy_from_user(&clen, u_len, sizeof(*u_len));
        if (ret)
                return ret;
 
@@ -828,7 +828,7 @@ COBALT_SYSCALL32x(mq_timedreceive, primary,
                                       u_ts, u_ts ? mq_fetch_timeout : NULL);
        clen = len;
 
-       return ret ?: __xn_safe_copy_to_user(u_len, &clen, sizeof(*u_len));
+       return ret ?: cobalt_copy_to_user(u_len, &clen, sizeof(*u_len));
 }
 
 #endif /* COBALT_SYSCALL32x */
diff --git a/kernel/cobalt/posix/thread.c b/kernel/cobalt/posix/thread.c
index a106292..cc47c10 100644
--- a/kernel/cobalt/posix/thread.c
+++ b/kernel/cobalt/posix/thread.c
@@ -483,7 +483,7 @@ int __cobalt_thread_setschedparam_ex(unsigned long pth,
                ret = -EPERM;
 
        if (ret == 0 &&
-           __xn_safe_copy_to_user(u_promoted, &promoted, sizeof(promoted)))
+           cobalt_copy_to_user(u_promoted, &promoted, sizeof(promoted)))
                ret = -EFAULT;
 
        return ret;
@@ -503,7 +503,7 @@ COBALT_SYSCALL(thread_setschedparam_ex, conforming,
 {
        struct sched_param_ex param_ex;
 
-       if (__xn_safe_copy_from_user(&param_ex, u_param, sizeof(param_ex)))
+       if (cobalt_copy_from_user(&param_ex, u_param, sizeof(param_ex)))
                return -EFAULT;
 
        return __cobalt_thread_setschedparam_ex(pth, policy, &param_ex,
@@ -530,7 +530,7 @@ int __cobalt_thread_getschedparam_ex(unsigned long pth,
 
        trace_cobalt_pthread_getschedparam(pth, policy, param_ex);
 
-       if (__xn_safe_copy_to_user(u_policy, &policy, sizeof(int)))
+       if (cobalt_copy_to_user(u_policy, &policy, sizeof(int)))
                return -EFAULT;
 
        return policy;
@@ -553,7 +553,7 @@ COBALT_SYSCALL(thread_getschedparam_ex, current,
        if (policy < 0)
                return policy;
 
-       return __xn_safe_copy_to_user(u_param, &param_ex, sizeof(param_ex));
+       return cobalt_copy_to_user(u_param, &param_ex, sizeof(param_ex));
 }
 
 int __cobalt_thread_create(unsigned long pth, int policy,
@@ -613,7 +613,7 @@ COBALT_SYSCALL(thread_create, init,
        struct sched_param_ex param_ex;
        int ret;
 
-       ret = __xn_safe_copy_from_user(&param_ex, u_param, sizeof(param_ex));
+       ret = cobalt_copy_from_user(&param_ex, u_param, sizeof(param_ex));
        if (ret)
                return ret;
 
@@ -668,7 +668,7 @@ COBALT_SYSCALL(thread_setmode, primary,
        if (ret)
                return ret;
 
-       if (u_mode_r && __xn_safe_copy_to_user(u_mode_r, &old, sizeof(old)))
+       if (u_mode_r && cobalt_copy_to_user(u_mode_r, &old, sizeof(old)))
                return -EFAULT;
 
        return 0;
@@ -683,8 +683,8 @@ COBALT_SYSCALL(thread_setname, current,
        struct task_struct *p;
        spl_t s;
 
-       if (__xn_safe_strncpy_from_user(name, u_name,
-                                       sizeof(name) - 1) < 0)
+       if (cobalt_strncpy_from_user(name, u_name,
+                                    sizeof(name) - 1) < 0)
                return -EFAULT;
 
        name[sizeof(name) - 1] = '\0';
@@ -830,7 +830,7 @@ COBALT_SYSCALL(thread_getstat, current,
        strcpy(stat.personality, thread->personality->name);
        xnlock_put_irqrestore(&nklock, s);
 
-       return __xn_safe_copy_to_user(u_stat, &stat, sizeof(stat));
+       return cobalt_copy_to_user(u_stat, &stat, sizeof(stat));
 }
 
 #ifdef CONFIG_XENO_OPT_COBALT_EXTENSION
diff --git a/kernel/cobalt/posix/timer.c b/kernel/cobalt/posix/timer.c
index 7ef61c3..925219d 100644
--- a/kernel/cobalt/posix/timer.c
+++ b/kernel/cobalt/posix/timer.c
@@ -455,7 +455,7 @@ int __cobalt_timer_create(clockid_t clock,
        if (ret)
                return ret;
 
-       if (__xn_safe_copy_to_user(u_tm, &timerid, sizeof(timerid))) {
+       if (cobalt_copy_to_user(u_tm, &timerid, sizeof(timerid))) {
                timer_delete(timerid);
                return -EFAULT;
        }
@@ -472,7 +472,7 @@ COBALT_SYSCALL(timer_create, current,
 
        if (u_sev) {
                evp = &sev;
-               if (__xn_safe_copy_from_user(&sev, u_sev, sizeof(sev)))
+               if (cobalt_copy_from_user(&sev, u_sev, sizeof(sev)))
                        return -EFAULT;
        }
 
@@ -490,14 +490,14 @@ COBALT_SYSCALL(timer_settime, primary,
        if (u_oldval == NULL)
                oldvp = NULL;
 
-       if (__xn_safe_copy_from_user(&newv, u_newval, sizeof(newv)))
+       if (cobalt_copy_from_user(&newv, u_newval, sizeof(newv)))
                return -EFAULT;
 
        ret = __cobalt_timer_settime(tm, flags, &newv, oldvp);
        if (ret)
                return ret;
 
-       if (oldvp && __xn_safe_copy_to_user(u_oldval, oldvp, sizeof(oldv))) {
+       if (oldvp && cobalt_copy_to_user(u_oldval, oldvp, sizeof(oldv))) {
                __cobalt_timer_settime(tm, flags, oldvp, NULL);
                return -EFAULT;
        }
@@ -515,7 +515,7 @@ COBALT_SYSCALL(timer_gettime, current,
        if (ret)
                return ret;
 
-       return __xn_safe_copy_to_user(u_val, &val, sizeof(val));
+       return cobalt_copy_to_user(u_val, &val, sizeof(val));
 }
 
 COBALT_SYSCALL(timer_getoverrun, current, (timer_t timerid))
diff --git a/kernel/cobalt/posix/timerfd.c b/kernel/cobalt/posix/timerfd.c
index ad3b9bf..d566053 100644
--- a/kernel/cobalt/posix/timerfd.c
+++ b/kernel/cobalt/posix/timerfd.c
@@ -94,11 +94,9 @@ static ssize_t timerfd_read(struct rtdm_fd *fd, void __user 
*buf, size_t size)
 
        if (err == 0) {
                if (aligned)
-                       err = __xn_put_user(ticks, u_ticks);
+                       err = __xn_put_user(ticks, u_ticks) ? -EFAULT : 0;
                else
-                       err = __xn_copy_to_user(buf, &ticks, sizeof(ticks));
-               if (err)
-                       err = -EFAULT;
+                       err = cobalt_copy_to_user(buf, &ticks, sizeof(ticks));
        }
 
        return err ?: sizeof(ticks);
@@ -284,7 +282,7 @@ COBALT_SYSCALL(timerfd_settime, primary,
        struct itimerspec ovalue, value;
        int ret;
 
-       ret = __xn_safe_copy_from_user(&value, new_value, sizeof(value));
+       ret = cobalt_copy_from_user(&value, new_value, sizeof(value));
        if (ret)
                return ret;
 
@@ -293,7 +291,7 @@ COBALT_SYSCALL(timerfd_settime, primary,
                return ret;
 
        if (old_value) {
-               ret = __xn_safe_copy_to_user(old_value, &ovalue, 
sizeof(ovalue));
+               ret = cobalt_copy_to_user(old_value, &ovalue, sizeof(ovalue));
                value.it_value.tv_sec = 0;
                value.it_value.tv_nsec = 0;
                __cobalt_timerfd_settime(fd, flags, &value, NULL);
@@ -328,5 +326,5 @@ COBALT_SYSCALL(timerfd_gettime, current,
 
        ret = __cobalt_timerfd_gettime(fd, &value);
 
-       return ret ?: __xn_safe_copy_to_user(curr_value, &value, sizeof(value));
+       return ret ?: cobalt_copy_to_user(curr_value, &value, sizeof(value));
 }


_______________________________________________
Xenomai-git mailing list
Xenomai-git@xenomai.org
http://www.xenomai.org/mailman/listinfo/xenomai-git

Reply via email to