summaryrefslogtreecommitdiff
path: root/include/linux/thread_info.h
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2017-06-30 04:42:43 +0300
committerAl Viro <viro@zeniv.linux.org.uk>2017-06-30 05:21:21 +0300
commitb0377fedb6528087ed319b0d054d6ed82240372c (patch)
treeec1836456be61ee80f6cd416d9d98fcdbe548cd5 /include/linux/thread_info.h
parent9c5f6908de03a4f52ba7364b11fcd6116225480c (diff)
downloadlinux-b0377fedb6528087ed319b0d054d6ed82240372c.tar.xz
copy_{to,from}_user(): consolidate object size checks
... and move them into thread_info.h, next to check_object_size() Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include/linux/thread_info.h')
-rw-r--r--include/linux/thread_info.h27
1 files changed, 27 insertions, 0 deletions
diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h
index d7d3ea637dd0..250a27614328 100644
--- a/include/linux/thread_info.h
+++ b/include/linux/thread_info.h
@@ -113,6 +113,33 @@ static inline void check_object_size(const void *ptr, unsigned long n,
{ }
#endif /* CONFIG_HARDENED_USERCOPY */
+extern void __compiletime_error("copy source size is too small")
+__bad_copy_from(void);
+extern void __compiletime_error("copy destination size is too small")
+__bad_copy_to(void);
+
+static inline void copy_overflow(int size, unsigned long count)
+{
+ WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count);
+}
+
+static __always_inline bool
+check_copy_size(const void *addr, size_t bytes, bool is_source)
+{
+ int sz = __compiletime_object_size(addr);
+ if (unlikely(sz >= 0 && sz < bytes)) {
+ if (!__builtin_constant_p(bytes))
+ copy_overflow(sz, bytes);
+ else if (is_source)
+ __bad_copy_from();
+ else
+ __bad_copy_to();
+ return false;
+ }
+ check_object_size(addr, bytes, is_source);
+ return true;
+}
+
#ifndef arch_setup_new_exec
static inline void arch_setup_new_exec(void) { }
#endif