~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,5 +1,9 @@
1	1	// SPDX-License-Identifier: GPL-2.0
	2	+#include <linux/bitops.h>
	3	+#include <linux/fault-inject-usercopy.h>
	4	+#include <linux/instrumented.h>
2	5	#include <linux/uaccess.h>
	6	+#include <linux/nospec.h>
3	7
4	8	/* out-of-line parts */
5	9
..	..	@@ -8,8 +12,14 @@
8	12	{
9	13	unsigned long res = n;
10	14	might_fault();
11		- if (likely(access_ok(VERIFY_READ, from, n))) {
12		- kasan_check_write(to, n);
	15	+ if (!should_fail_usercopy() && likely(access_ok(from, n))) {
	16	+ /*
	17	+ * Ensure that bad access_ok() speculation will not
	18	+ * lead to nasty side effects after the copy is
	19	+ * finished:
	20	+ */
	21	+ barrier_nospec();
	22	+ instrument_copy_from_user(to, from, n);
13	23	res = raw_copy_from_user(to, from, n);
14	24	}
15	25	if (unlikely(res))
..	..	@@ -23,11 +33,67 @@
23	33	unsigned long _copy_to_user(void __user to, const void from, unsigned long n)
24	34	{
25	35	might_fault();
26		- if (likely(access_ok(VERIFY_WRITE, to, n))) {
27		- kasan_check_read(from, n);
	36	+ if (should_fail_usercopy())
	37	+ return n;
	38	+ if (likely(access_ok(to, n))) {
	39	+ instrument_copy_to_user(to, from, n);
28	40	n = raw_copy_to_user(to, from, n);
29	41	}
30	42	return n;
31	43	}
32	44	EXPORT_SYMBOL(_copy_to_user);
33	45	#endif
	46	+
	47	+/**
	48	+ * check_zeroed_user: check if a userspace buffer only contains zero bytes
	49	+ * @from: Source address, in userspace.
	50	+ * @size: Size of buffer.
	51	+ *
	52	+ * This is effectively shorthand for "memchr_inv(from, 0, size) == NULL" for
	53	+ * userspace addresses (and is more efficient because we don't care where the
	54	+ * first non-zero byte is).
	55	+ *
	56	+ * Returns:
	57	+ * * 0: There were non-zero bytes present in the buffer.
	58	+ * * 1: The buffer was full of zero bytes.
	59	+ * * -EFAULT: access to userspace failed.
	60	+ */
	61	+int check_zeroed_user(const void __user *from, size_t size)
	62	+{
	63	+ unsigned long val;
	64	+ uintptr_t align = (uintptr_t) from % sizeof(unsigned long);
	65	+
	66	+ if (unlikely(size == 0))
	67	+ return 1;
	68	+
	69	+ from -= align;
	70	+ size += align;
	71	+
	72	+ if (!user_read_access_begin(from, size))
	73	+ return -EFAULT;
	74	+
	75	+ unsafe_get_user(val, (unsigned long __user *) from, err_fault);
	76	+ if (align)
	77	+ val &= ~aligned_byte_mask(align);
	78	+
	79	+ while (size > sizeof(unsigned long)) {
	80	+ if (unlikely(val))
	81	+ goto done;
	82	+
	83	+ from += sizeof(unsigned long);
	84	+ size -= sizeof(unsigned long);
	85	+
	86	+ unsafe_get_user(val, (unsigned long __user *) from, err_fault);
	87	+ }
	88	+
	89	+ if (size < sizeof(unsigned long))
	90	+ val &= aligned_byte_mask(size);
	91	+
	92	+done:
	93	+ user_read_access_end();
	94	+ return (val == 0);
	95	+err_fault:
	96	+ user_read_access_end();
	97	+ return -EFAULT;
	98	+}
	99	+EXPORT_SYMBOL(check_zeroed_user);