提交 73d35887 编写于 作者: K Kees Cook

ia64/uaccess: Enable hardened usercopy

Enables CONFIG_HARDENED_USERCOPY checks on ia64.

Based on code from PaX and grsecurity.
Signed-off-by: NKees Cook <keescook@chromium.org>
上级 faf5b63e
...@@ -53,6 +53,7 @@ config IA64 ...@@ -53,6 +53,7 @@ config IA64
select MODULES_USE_ELF_RELA select MODULES_USE_ELF_RELA
select ARCH_USE_CMPXCHG_LOCKREF select ARCH_USE_CMPXCHG_LOCKREF
select HAVE_ARCH_AUDITSYSCALL select HAVE_ARCH_AUDITSYSCALL
select HAVE_ARCH_HARDENED_USERCOPY
default y default y
help help
The Itanium Processor Family is Intel's 64-bit successor to The Itanium Processor Family is Intel's 64-bit successor to
......
...@@ -241,12 +241,18 @@ extern unsigned long __must_check __copy_user (void __user *to, const void __use ...@@ -241,12 +241,18 @@ extern unsigned long __must_check __copy_user (void __user *to, const void __use
static inline unsigned long static inline unsigned long
__copy_to_user (void __user *to, const void *from, unsigned long count) __copy_to_user (void __user *to, const void *from, unsigned long count)
{ {
if (!__builtin_constant_p(count))
check_object_size(from, count, true);
return __copy_user(to, (__force void __user *) from, count); return __copy_user(to, (__force void __user *) from, count);
} }
static inline unsigned long static inline unsigned long
__copy_from_user (void *to, const void __user *from, unsigned long count) __copy_from_user (void *to, const void __user *from, unsigned long count)
{ {
if (!__builtin_constant_p(count))
check_object_size(to, count, false);
return __copy_user((__force void __user *) to, from, count); return __copy_user((__force void __user *) to, from, count);
} }
...@@ -258,8 +264,11 @@ __copy_from_user (void *to, const void __user *from, unsigned long count) ...@@ -258,8 +264,11 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
const void *__cu_from = (from); \ const void *__cu_from = (from); \
long __cu_len = (n); \ long __cu_len = (n); \
\ \
if (__access_ok(__cu_to, __cu_len, get_fs())) \ if (__access_ok(__cu_to, __cu_len, get_fs())) { \
if (!__builtin_constant_p(n)) \
check_object_size(__cu_from, __cu_len, true); \
__cu_len = __copy_user(__cu_to, (__force void __user *) __cu_from, __cu_len); \ __cu_len = __copy_user(__cu_to, (__force void __user *) __cu_from, __cu_len); \
} \
__cu_len; \ __cu_len; \
}) })
...@@ -270,8 +279,11 @@ __copy_from_user (void *to, const void __user *from, unsigned long count) ...@@ -270,8 +279,11 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
long __cu_len = (n); \ long __cu_len = (n); \
\ \
__chk_user_ptr(__cu_from); \ __chk_user_ptr(__cu_from); \
if (__access_ok(__cu_from, __cu_len, get_fs())) \ if (__access_ok(__cu_from, __cu_len, get_fs())) { \
if (!__builtin_constant_p(n)) \
check_object_size(__cu_to, __cu_len, false); \
__cu_len = __copy_user((__force void __user *) __cu_to, __cu_from, __cu_len); \ __cu_len = __copy_user((__force void __user *) __cu_to, __cu_from, __cu_len); \
} \
__cu_len; \ __cu_len; \
}) })
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册