75045f77f7
Currently, most fixups for attempting to access userspace memory are handled using _ASM_EXTABLE, which is also used for various other types of fixups (e.g. safe MSR access, IRET failures, and a bunch of other things). In order to make it possible to add special safety checks to uaccess fixups (in particular, checking whether the fault address is actually in userspace), introduce a new exception table handler ex_handler_uaccess() and wire it up to all the user access fixups (excluding ones that already use _ASM_EXTABLE_EX). Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Tested-by: Kees Cook <keescook@chromium.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: kernel-hardening@lists.openwall.com Cc: dvyukov@google.com Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: "Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com> Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: linux-fsdevel@vger.kernel.org Cc: Borislav Petkov <bp@alien8.de> Link: https://lkml.kernel.org/r/20180828201421.157735-5-jannh@google.com
104 lines
2.0 KiB
ArmAsm
104 lines
2.0 KiB
ArmAsm
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* __put_user functions.
|
|
*
|
|
* (C) Copyright 2005 Linus Torvalds
|
|
* (C) Copyright 2005 Andi Kleen
|
|
* (C) Copyright 2008 Glauber Costa
|
|
*
|
|
* These functions have a non-standard call interface
|
|
* to make them more efficient, especially as they
|
|
* return an error value in addition to the "real"
|
|
* return value.
|
|
*/
|
|
#include <linux/linkage.h>
|
|
#include <asm/thread_info.h>
|
|
#include <asm/errno.h>
|
|
#include <asm/asm.h>
|
|
#include <asm/smap.h>
|
|
#include <asm/export.h>
|
|
|
|
|
|
/*
|
|
* __put_user_X
|
|
*
|
|
* Inputs: %eax[:%edx] contains the data
|
|
* %ecx contains the address
|
|
*
|
|
* Outputs: %eax is error code (0 or -EFAULT)
|
|
*
|
|
* These functions should not modify any other registers,
|
|
* as they get called from within inline assembly.
|
|
*/
|
|
|
|
#define ENTER mov PER_CPU_VAR(current_task), %_ASM_BX
|
|
#define EXIT ASM_CLAC ; \
|
|
ret
|
|
|
|
.text
|
|
ENTRY(__put_user_1)
|
|
ENTER
|
|
cmp TASK_addr_limit(%_ASM_BX),%_ASM_CX
|
|
jae bad_put_user
|
|
ASM_STAC
|
|
1: movb %al,(%_ASM_CX)
|
|
xor %eax,%eax
|
|
EXIT
|
|
ENDPROC(__put_user_1)
|
|
EXPORT_SYMBOL(__put_user_1)
|
|
|
|
ENTRY(__put_user_2)
|
|
ENTER
|
|
mov TASK_addr_limit(%_ASM_BX),%_ASM_BX
|
|
sub $1,%_ASM_BX
|
|
cmp %_ASM_BX,%_ASM_CX
|
|
jae bad_put_user
|
|
ASM_STAC
|
|
2: movw %ax,(%_ASM_CX)
|
|
xor %eax,%eax
|
|
EXIT
|
|
ENDPROC(__put_user_2)
|
|
EXPORT_SYMBOL(__put_user_2)
|
|
|
|
ENTRY(__put_user_4)
|
|
ENTER
|
|
mov TASK_addr_limit(%_ASM_BX),%_ASM_BX
|
|
sub $3,%_ASM_BX
|
|
cmp %_ASM_BX,%_ASM_CX
|
|
jae bad_put_user
|
|
ASM_STAC
|
|
3: movl %eax,(%_ASM_CX)
|
|
xor %eax,%eax
|
|
EXIT
|
|
ENDPROC(__put_user_4)
|
|
EXPORT_SYMBOL(__put_user_4)
|
|
|
|
ENTRY(__put_user_8)
|
|
ENTER
|
|
mov TASK_addr_limit(%_ASM_BX),%_ASM_BX
|
|
sub $7,%_ASM_BX
|
|
cmp %_ASM_BX,%_ASM_CX
|
|
jae bad_put_user
|
|
ASM_STAC
|
|
4: mov %_ASM_AX,(%_ASM_CX)
|
|
#ifdef CONFIG_X86_32
|
|
5: movl %edx,4(%_ASM_CX)
|
|
#endif
|
|
xor %eax,%eax
|
|
EXIT
|
|
ENDPROC(__put_user_8)
|
|
EXPORT_SYMBOL(__put_user_8)
|
|
|
|
bad_put_user:
|
|
movl $-EFAULT,%eax
|
|
EXIT
|
|
END(bad_put_user)
|
|
|
|
_ASM_EXTABLE_UA(1b, bad_put_user)
|
|
_ASM_EXTABLE_UA(2b, bad_put_user)
|
|
_ASM_EXTABLE_UA(3b, bad_put_user)
|
|
_ASM_EXTABLE_UA(4b, bad_put_user)
|
|
#ifdef CONFIG_X86_32
|
|
_ASM_EXTABLE_UA(5b, bad_put_user)
|
|
#endif
|