kernel_5.10 no rt

hc

2023-12-11 6778948f9de86c3cfaf36725a7c87dcff9ba247f

 kernel/lib/usercopy.c
..
..
@@ -1,4 +1,7 @@
1
1
 // SPDX-License-Identifier: GPL-2.0
2
+#include <linux/bitops.h>
3
+#include <linux/fault-inject-usercopy.h>
4
+#include <linux/instrumented.h>
2
5
 #include <linux/uaccess.h>
3
6
 
4
7
 /* out-of-line parts */
..
..
@@ -8,8 +11,8 @@
8
11
 {
9
12
 	unsigned long res = n;
10
13
 	might_fault();
11
-	if (likely(access_ok(VERIFY_READ, from, n))) {
12
-		kasan_check_write(to, n);
14
+	if (!should_fail_usercopy() && likely(access_ok(from, n))) {
15
+		instrument_copy_from_user(to, from, n);
13
16
 		res = raw_copy_from_user(to, from, n);
14
17
 	}
15
18
 	if (unlikely(res))
..
..
@@ -23,11 +26,67 @@
23
26
 unsigned long _copy_to_user(void __user *to, const void *from, unsigned long n)
24
27
 {
25
28
 	might_fault();
26
-	if (likely(access_ok(VERIFY_WRITE, to, n))) {
27
-		kasan_check_read(from, n);
29
+	if (should_fail_usercopy())
30
+		return n;
31
+	if (likely(access_ok(to, n))) {
32
+		instrument_copy_to_user(to, from, n);
28
33
 		n = raw_copy_to_user(to, from, n);
29
34
 	}
30
35
 	return n;
31
36
 }
32
37
 EXPORT_SYMBOL(_copy_to_user);
33
38
 #endif
39
+
40
+/**
41
+ * check_zeroed_user: check if a userspace buffer only contains zero bytes
42
+ * @from: Source address, in userspace.
43
+ * @size: Size of buffer.
44
+ *
45
+ * This is effectively shorthand for "memchr_inv(from, 0, size) == NULL" for
46
+ * userspace addresses (and is more efficient because we don't care where the
47
+ * first non-zero byte is).
48
+ *
49
+ * Returns:
50
+ *  * 0: There were non-zero bytes present in the buffer.
51
+ *  * 1: The buffer was full of zero bytes.
52
+ *  * -EFAULT: access to userspace failed.
53
+ */
54
+int check_zeroed_user(const void __user *from, size_t size)
55
+{
56
+	unsigned long val;
57
+	uintptr_t align = (uintptr_t) from % sizeof(unsigned long);
58
+
59
+	if (unlikely(size == 0))
60
+		return 1;
61
+
62
+	from -= align;
63
+	size += align;
64
+
65
+	if (!user_read_access_begin(from, size))
66
+		return -EFAULT;
67
+
68
+	unsafe_get_user(val, (unsigned long __user *) from, err_fault);
69
+	if (align)
70
+		val &= ~aligned_byte_mask(align);
71
+
72
+	while (size > sizeof(unsigned long)) {
73
+		if (unlikely(val))
74
+			goto done;
75
+
76
+		from += sizeof(unsigned long);
77
+		size -= sizeof(unsigned long);
78
+
79
+		unsafe_get_user(val, (unsigned long __user *) from, err_fault);
80
+	}
81
+
82
+	if (size < sizeof(unsigned long))
83
+		val &= aligned_byte_mask(size);
84
+
85
+done:
86
+	user_read_access_end();
87
+	return (val == 0);
88
+err_fault:
89
+	user_read_access_end();
90
+	return -EFAULT;
91
+}
92
+EXPORT_SYMBOL(check_zeroed_user);