[PATCH 5/9] ia64/uaccess: Enable hardened usercopy

Wed, 06 Jul 2016 15:38:42 -0700 

Enables CONFIG_HARDENED_USERCOPY checks on ia64.

Based on code from PaX and grsecurity.

Signed-off-by: Kees Cook <keesc...@chromium.org>
---
 arch/ia64/Kconfig               |  1 +
 arch/ia64/include/asm/uaccess.h | 18 +++++++++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig
index f80758cb7157..32a87ef516a0 100644
--- a/arch/ia64/Kconfig
+++ b/arch/ia64/Kconfig
@@ -53,6 +53,7 @@ config IA64
        select MODULES_USE_ELF_RELA
        select ARCH_USE_CMPXCHG_LOCKREF
        select HAVE_ARCH_AUDITSYSCALL
+       select HAVE_ARCH_HARDENED_USERCOPY
        default y
        help
          The Itanium Processor Family is Intel's 64-bit successor to
diff --git a/arch/ia64/include/asm/uaccess.h b/arch/ia64/include/asm/uaccess.h
index 2189d5ddc1ee..465c70982f40 100644
--- a/arch/ia64/include/asm/uaccess.h
+++ b/arch/ia64/include/asm/uaccess.h
@@ -241,12 +241,18 @@ extern unsigned long __must_check __copy_user (void 
__user *to, const void __use
 static inline unsigned long
 __copy_to_user (void __user *to, const void *from, unsigned long count)
 {
+       if (!__builtin_constant_p(count))
+               check_object_size(from, count, true);
+
        return __copy_user(to, (__force void __user *) from, count);
 }
 
 static inline unsigned long
 __copy_from_user (void *to, const void __user *from, unsigned long count)
 {
+       if (!__builtin_constant_p(count))
+               check_object_size(to, count, false);
+
        return __copy_user((__force void __user *) to, from, count);
 }
 
@@ -258,8 +264,11 @@ __copy_from_user (void *to, const void __user *from, 
unsigned long count)
        const void *__cu_from = (from);                                         
        \
        long __cu_len = (n);                                                    
        \
                                                                                
        \
-       if (__access_ok(__cu_to, __cu_len, get_fs()))                           
        \
-               __cu_len = __copy_user(__cu_to, (__force void __user *) 
__cu_from, __cu_len);   \
+       if (__access_ok(__cu_to, __cu_len, get_fs())) {                         
        \
+               if (!__builtin_constant_p(n))                                   
        \
+                       check_object_size(__cu_from, __cu_len, true);           
        \
+               __cu_len = __copy_user(__cu_to, (__force void __user *)  
__cu_from, __cu_len);  \
+       }                                                                       
        \
        __cu_len;                                                               
        \
 })
 
@@ -270,8 +279,11 @@ __copy_from_user (void *to, const void __user *from, 
unsigned long count)
        long __cu_len = (n);                                                    
        \
                                                                                
        \
        __chk_user_ptr(__cu_from);                                              
        \
-       if (__access_ok(__cu_from, __cu_len, get_fs()))                         
        \
+       if (__access_ok(__cu_from, __cu_len, get_fs())) {                       
        \
+               if (!__builtin_constant_p(n))                                   
        \
+                       check_object_size(__cu_to, __cu_len, false);            
        \
                __cu_len = __copy_user((__force void __user *) __cu_to, 
__cu_from, __cu_len);   \
+       }                                                                       
        \
        __cu_len;                                                               
        \
 })
 
-- 
2.7.4

_______________________________________________
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev

Reply via email to