uaccess: generalize access_ok()
There are many different ways that access_ok() is defined across architectures, but in the end, they all just compare against the user_addr_max() value or they accept anything. Provide one definition that works for most architectures, checking against TASK_SIZE_MAX for user processes or skipping the check inside of uaccess_kernel() sections. For architectures without CONFIG_SET_FS(), this should be the fastest check, as it comes down to a single comparison of a pointer against a compile-time constant, while the architecture specific versions tend to do something more complex for historic reasons or get something wrong. Type checking for __user annotations is handled inconsistently across architectures, but this is easily simplified as well by using an inline function that takes a 'const void __user *' argument. A handful of callers need an extra __user annotation for this. Some architectures had trick to use 33-bit or 65-bit arithmetic on the addresses to calculate the overflow, however this simpler version uses fewer registers, which means it can produce better object code in the end despite needing a second (statically predicted) branch. Reviewed-by: Christoph Hellwig <hch@lst.de> Acked-by: Mark Rutland <mark.rutland@arm.com> [arm64, asm-generic] Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Stafford Horne <shorne@gmail.com> Acked-by: Dinh Nguyen <dinguyen@kernel.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
This commit is contained in:
Arnd Bergmann
@@ -23,35 +23,6 @@
|
||||
|
||||
#include <linux/string.h> /* for generic string functions */
|
||||
|
||||
|
||||
#define __kernel_ok (uaccess_kernel())
|
||||
|
||||
/*
|
||||
* Algorithmically, for __user_ok() we want do:
|
||||
* (start < TASK_SIZE) && (start+len < TASK_SIZE)
|
||||
* where TASK_SIZE could either be retrieved from thread_info->addr_limit or
|
||||
* emitted directly in code.
|
||||
*
|
||||
* This can however be rewritten as follows:
|
||||
* (len <= TASK_SIZE) && (start+len < TASK_SIZE)
|
||||
*
|
||||
* Because it essentially checks if buffer end is within limit and @len is
|
||||
* non-ngeative, which implies that buffer start will be within limit too.
|
||||
*
|
||||
* The reason for rewriting being, for majority of cases, @len is generally
|
||||
* compile time constant, causing first sub-expression to be compile time
|
||||
* subsumed.
|
||||
*
|
||||
* The second part would generate weird large LIMMs e.g. (0x6000_0000 - 0x10),
|
||||
* so we check for TASK_SIZE using get_fs() since the addr_limit load from mem
|
||||
* would already have been done at this call site for __kernel_ok()
|
||||
*
|
||||
*/
|
||||
#define __user_ok(addr, sz) (((sz) <= TASK_SIZE) && \
|
||||
((addr) <= (get_fs() - (sz))))
|
||||
#define __access_ok(addr, sz) (unlikely(__kernel_ok) || \
|
||||
likely(__user_ok((addr), (sz))))
|
||||
|
||||
/*********** Single byte/hword/word copies ******************/
|
||||
|
||||
#define __get_user_fn(sz, u, k) \
|
||||
|
||||
Reference in New Issue
Block a user