mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-08-25 10:19:47 +00:00
53048788d6
[ Upstream commite6b44ce192] The new __must_check annotation on __copy_from_user() successfully identified some code that has lacked the check since at least linux-2.1.73: arch/x86/math-emu/reg_ld_str.c:88:2: error: ignoring return value of \ function declared with 'warn_unused_result' attribute [-Werror,-Wunused-result] __copy_from_user(sti_ptr, s, 10); ^~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~ arch/x86/math-emu/reg_ld_str.c:1129:2: error: ignoring return value of \ function declared with 'warn_unused_result' attribute [-Werror,-Wunused-result] __copy_from_user(register_base + offset, s, other); ^~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/x86/math-emu/reg_ld_str.c:1131:3: error: ignoring return value of \ function declared with 'warn_unused_result' attribute [-Werror,-Wunused-result] __copy_from_user(register_base, s + other, offset); ^~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In addition, the get_user()/put_user() helpers do not enforce a return value check, but actually still require one. These have been missing for even longer. Change the internal wrappers around get_user()/put_user() to force a signal and add a corresponding wrapper around __copy_from_user() to check all such cases. [ bp: Break long lines. ] Fixes: 257e458057e5 ("Import 2.1.73") Fixes:9dd819a151("uaccess: add missing __must_check attributes") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Bill Metzenthen <billm@melbpc.org.au> Cc: Ingo Molnar <mingo@redhat.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: x86-ml <x86@kernel.org> Link: https://lkml.kernel.org/r/20191001142344.1274185-1-arnd@arndb.de Signed-off-by: Sasha Levin <sashal@kernel.org>
130 lines
4.4 KiB
C
130 lines
4.4 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*---------------------------------------------------------------------------+
|
|
| fpu_system.h |
|
|
| |
|
|
| Copyright (C) 1992,1994,1997 |
|
|
| W. Metzenthen, 22 Parker St, Ormond, Vic 3163, |
|
|
| Australia. E-mail billm@suburbia.net |
|
|
| |
|
|
+---------------------------------------------------------------------------*/
|
|
|
|
#ifndef _FPU_SYSTEM_H
|
|
#define _FPU_SYSTEM_H
|
|
|
|
/* system dependent definitions */
|
|
|
|
#include <linux/sched.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/mm.h>
|
|
|
|
#include <asm/desc.h>
|
|
#include <asm/mmu_context.h>
|
|
|
|
static inline struct desc_struct FPU_get_ldt_descriptor(unsigned seg)
|
|
{
|
|
static struct desc_struct zero_desc;
|
|
struct desc_struct ret = zero_desc;
|
|
|
|
#ifdef CONFIG_MODIFY_LDT_SYSCALL
|
|
seg >>= 3;
|
|
mutex_lock(¤t->mm->context.lock);
|
|
if (current->mm->context.ldt && seg < current->mm->context.ldt->nr_entries)
|
|
ret = current->mm->context.ldt->entries[seg];
|
|
mutex_unlock(¤t->mm->context.lock);
|
|
#endif
|
|
return ret;
|
|
}
|
|
|
|
#define SEG_TYPE_WRITABLE (1U << 1)
|
|
#define SEG_TYPE_EXPANDS_DOWN (1U << 2)
|
|
#define SEG_TYPE_EXECUTE (1U << 3)
|
|
#define SEG_TYPE_EXPAND_MASK (SEG_TYPE_EXPANDS_DOWN | SEG_TYPE_EXECUTE)
|
|
#define SEG_TYPE_EXECUTE_MASK (SEG_TYPE_WRITABLE | SEG_TYPE_EXECUTE)
|
|
|
|
static inline unsigned long seg_get_base(struct desc_struct *d)
|
|
{
|
|
unsigned long base = (unsigned long)d->base2 << 24;
|
|
|
|
return base | ((unsigned long)d->base1 << 16) | d->base0;
|
|
}
|
|
|
|
static inline unsigned long seg_get_limit(struct desc_struct *d)
|
|
{
|
|
return ((unsigned long)d->limit1 << 16) | d->limit0;
|
|
}
|
|
|
|
static inline unsigned long seg_get_granularity(struct desc_struct *d)
|
|
{
|
|
return d->g ? 4096 : 1;
|
|
}
|
|
|
|
static inline bool seg_expands_down(struct desc_struct *d)
|
|
{
|
|
return (d->type & SEG_TYPE_EXPAND_MASK) == SEG_TYPE_EXPANDS_DOWN;
|
|
}
|
|
|
|
static inline bool seg_execute_only(struct desc_struct *d)
|
|
{
|
|
return (d->type & SEG_TYPE_EXECUTE_MASK) == SEG_TYPE_EXECUTE;
|
|
}
|
|
|
|
static inline bool seg_writable(struct desc_struct *d)
|
|
{
|
|
return (d->type & SEG_TYPE_EXECUTE_MASK) == SEG_TYPE_WRITABLE;
|
|
}
|
|
|
|
#define I387 (¤t->thread.fpu.state)
|
|
#define FPU_info (I387->soft.info)
|
|
|
|
#define FPU_CS (*(unsigned short *) &(FPU_info->regs->cs))
|
|
#define FPU_SS (*(unsigned short *) &(FPU_info->regs->ss))
|
|
#define FPU_DS (*(unsigned short *) &(FPU_info->regs->ds))
|
|
#define FPU_EAX (FPU_info->regs->ax)
|
|
#define FPU_EFLAGS (FPU_info->regs->flags)
|
|
#define FPU_EIP (FPU_info->regs->ip)
|
|
#define FPU_ORIG_EIP (FPU_info->___orig_eip)
|
|
|
|
#define FPU_lookahead (I387->soft.lookahead)
|
|
|
|
/* nz if ip_offset and cs_selector are not to be set for the current
|
|
instruction. */
|
|
#define no_ip_update (*(u_char *)&(I387->soft.no_update))
|
|
#define FPU_rm (*(u_char *)&(I387->soft.rm))
|
|
|
|
/* Number of bytes of data which can be legally accessed by the current
|
|
instruction. This only needs to hold a number <= 108, so a byte will do. */
|
|
#define access_limit (*(u_char *)&(I387->soft.alimit))
|
|
|
|
#define partial_status (I387->soft.swd)
|
|
#define control_word (I387->soft.cwd)
|
|
#define fpu_tag_word (I387->soft.twd)
|
|
#define registers (I387->soft.st_space)
|
|
#define top (I387->soft.ftop)
|
|
|
|
#define instruction_address (*(struct address *)&I387->soft.fip)
|
|
#define operand_address (*(struct address *)&I387->soft.foo)
|
|
|
|
#define FPU_access_ok(y,z) if ( !access_ok(y,z) ) \
|
|
math_abort(FPU_info,SIGSEGV)
|
|
#define FPU_abort math_abort(FPU_info, SIGSEGV)
|
|
#define FPU_copy_from_user(to, from, n) \
|
|
do { if (copy_from_user(to, from, n)) FPU_abort; } while (0)
|
|
|
|
#undef FPU_IGNORE_CODE_SEGV
|
|
#ifdef FPU_IGNORE_CODE_SEGV
|
|
/* access_ok() is very expensive, and causes the emulator to run
|
|
about 20% slower if applied to the code. Anyway, errors due to bad
|
|
code addresses should be much rarer than errors due to bad data
|
|
addresses. */
|
|
#define FPU_code_access_ok(z)
|
|
#else
|
|
/* A simpler test than access_ok() can probably be done for
|
|
FPU_code_access_ok() because the only possible error is to step
|
|
past the upper boundary of a legal code area. */
|
|
#define FPU_code_access_ok(z) FPU_access_ok((void __user *)FPU_EIP,z)
|
|
#endif
|
|
|
|
#define FPU_get_user(x,y) do { if (get_user((x),(y))) FPU_abort; } while (0)
|
|
#define FPU_put_user(x,y) do { if (put_user((x),(y))) FPU_abort; } while (0)
|
|
|
|
#endif
|