diff options
| author | Russell King <rmk+kernel@arm.linux.org.uk> | 2012-09-07 18:22:28 +0100 |
|---|---|---|
| committer | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2015-12-21 19:22:24 +0100 |
| commit | c59f723a562f9539dfac68c1b306858e35a05cdd (patch) | |
| tree | 445aadf76dce4b88d1ad58e9b153b7737b210b33 /arch/arm/lib/copy_template.S | |
| parent | bd826b68f05e721b8be8a8dbe8f556ed7eb4ae54 (diff) | |
| download | kernel_samsung_smdk4412-c59f723a562f9539dfac68c1b306858e35a05cdd.zip kernel_samsung_smdk4412-c59f723a562f9539dfac68c1b306858e35a05cdd.tar.gz kernel_samsung_smdk4412-c59f723a562f9539dfac68c1b306858e35a05cdd.tar.bz2 | |
ARM: 7527/1: uaccess: explicitly check __user pointer when !CPU_USE_DOMAINS
The {get,put}_user macros don't perform range checking on the provided
__user address when !CPU_HAS_DOMAINS.
This patch reworks the out-of-line assembly accessors to check the user
address against a specified limit, returning -EFAULT if is is out of
range.
[will: changed get_user register allocation to match put_user]
[rmk: fixed building on older ARM architectures]
CRs-Fixed: 504011
Reported-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Git-commit: 8404663f81d212918ff85f493649a7991209fa04
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
Conflicts:
arch/arm/include/asm/assembler.h
arch/arm/lib/getuser.S
arch/arm/lib/putuser.S
Change-Id: I3818045a136fcdf72deb1371b132e090fd7ed643
Conflicts:
arch/arm/lib/getuser.S
arch/arm/lib/putuser.S
Diffstat (limited to 'arch/arm/lib/copy_template.S')
| -rw-r--r-- | arch/arm/lib/copy_template.S | 46 |
1 files changed, 37 insertions, 9 deletions
diff --git a/arch/arm/lib/copy_template.S b/arch/arm/lib/copy_template.S index 805e3f8..f2b5885 100644 --- a/arch/arm/lib/copy_template.S +++ b/arch/arm/lib/copy_template.S @@ -66,6 +66,7 @@ * than one 32bit instruction in Thumb-2) */ +#define PLDSIZE (CONFIG_ARM_PLD_SIZE) enter r4, lr @@ -90,19 +91,46 @@ CALGN( add pc, r4, ip ) PLD( pld [r1, #0] ) -2: PLD( subs r2, r2, #96 ) - PLD( pld [r1, #28] ) + +#if (PLDSIZE == 64) +2: PLD( cmp r2, #32) + PLD( blt .32copy) + +.64copy: + PLD( subs r2, r2, #(PLDSIZE*3+32) ) + PLD( pld [r1, #PLDSIZE-4] ) PLD( blt 4f ) - PLD( pld [r1, #60] ) - PLD( pld [r1, #92] ) + PLD( pld [r1, #PLDSIZE*2-4] ) + PLD( pld [r1, #PLDSIZE*3-4] ) +3: PLD( pld [r1, #PLDSIZE*4-4] ) +4: cpy8w r0, r1, r4, r5, abort=20f + cpy8w r0, r1, r4, r5, abort=20f + subs r2, r2, #PLDSIZE + bge 3b + PLD( cmn r2, #(PLDSIZE*3) ) + PLD( bge 4b ) + + PLD( cmn r2, #(PLDSIZE*4-32) ) + PLD( blt 5f) + +.32copy: + cpy8w r0, r1, r4, r5, abort=20f +#else +2: PLD( subs r2, r2, #(PLDSIZE*3) ) + PLD( pld [r1, #(PLDSIZE-4)] ) + PLD( blt 4f ) + PLD( pld [r1, #(PLDSIZE*2-4)] ) + PLD( pld [r1, #(PLDSIZE*3-4)] ) + +3: PLD( pld [r1, #(PLDSIZE*4-4)] ) +4: ldr8w r1, r3, r4, r5, r6, r7, r8, ip, lr, abort=20f + subs r2, r2, #PLDSIZE + str8w r0, r3, r4, r5, r6, r7, r8, ip, lr, abort=20f -3: PLD( pld [r1, #124] ) -4: ldr8w r1, r3, r4, r5, r6, r7, r8, ip, lr, abort=20f - subs r2, r2, #32 - str8w r0, r3, r4, r5, r6, r7, r8, ip, lr, abort=20f bge 3b - PLD( cmn r2, #96 ) + PLD( cmn r2, #(PLDSIZE*3) ) PLD( bge 4b ) +#endif 5: ands ip, r2, #28 rsb ip, ip, #32 |