diff options
| -rw-r--r-- | arch/x86/include/asm/uaccess.h | 16 | ||||
| -rw-r--r-- | include/linux/uaccess.h | 4 | ||||
| -rw-r--r-- | lib/strncpy_from_user.c | 8 | ||||
| -rw-r--r-- | lib/strnlen_user.c | 7 | 
4 files changed, 17 insertions, 18 deletions
| diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h index dd73cf90fb18..be439e246d91 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -773,21 +773,21 @@ copy_to_user(void __user *to, const void *from, unsigned long n)  #define user_access_begin()	__uaccess_begin()  #define user_access_end()	__uaccess_end() -#define unsafe_put_user(x, ptr)						\ -({										\ +#define unsafe_put_user(x, ptr, err_label)					\ +do {										\  	int __pu_err;								\  	__put_user_size((x), (ptr), sizeof(*(ptr)), __pu_err, -EFAULT);		\ -	__builtin_expect(__pu_err, 0);						\ -}) +	if (unlikely(__pu_err)) goto err_label;					\ +} while (0) -#define unsafe_get_user(x, ptr)						\ -({										\ +#define unsafe_get_user(x, ptr, err_label)					\ +do {										\  	int __gu_err;								\  	unsigned long __gu_val;							\  	__get_user_size(__gu_val, (ptr), sizeof(*(ptr)), __gu_err, -EFAULT);	\  	(x) = (__force __typeof__(*(ptr)))__gu_val;				\ -	__builtin_expect(__gu_err, 0);						\ -}) +	if (unlikely(__gu_err)) goto err_label;					\ +} while (0)  #endif /* _ASM_X86_UACCESS_H */ diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h index 349557825428..f30c187ed785 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -114,8 +114,8 @@ extern long strncpy_from_unsafe(char *dst, const void *unsafe_addr, long count);  #ifndef user_access_begin  #define user_access_begin() do { } while (0)  #define user_access_end() do { } while (0) -#define unsafe_get_user(x, ptr) __get_user(x, ptr) -#define unsafe_put_user(x, ptr) __put_user(x, ptr) +#define unsafe_get_user(x, ptr, err) do { if (unlikely(__get_user(x, ptr))) goto err; } while (0) +#define unsafe_put_user(x, ptr, err) do { if (unlikely(__put_user(x, ptr))) goto err; } while (0)  #endif  #endif		/* __LINUX_UACCESS_H__ */ diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c index 33840324138c..5a003a2ebd96 100644 --- a/lib/strncpy_from_user.c +++ b/lib/strncpy_from_user.c @@ -39,8 +39,8 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src, long  		unsigned long c, data;  		/* Fall back to byte-at-a-time if we get a page fault */ -		if (unlikely(unsafe_get_user(c,(unsigned long __user *)(src+res)))) -			break; +		unsafe_get_user(c, (unsigned long __user *)(src+res), byte_at_a_time); +  		*(unsigned long *)(dst+res) = c;  		if (has_zero(c, &data, &constants)) {  			data = prep_zero_mask(c, data, &constants); @@ -55,8 +55,7 @@ byte_at_a_time:  	while (max) {  		char c; -		if (unlikely(unsafe_get_user(c,src+res))) -			return -EFAULT; +		unsafe_get_user(c,src+res, efault);  		dst[res] = c;  		if (!c)  			return res; @@ -75,6 +74,7 @@ byte_at_a_time:  	 * Nope: we hit the address space limit, and we still had more  	 * characters the caller would have wanted. That's an EFAULT.  	 */ +efault:  	return -EFAULT;  } diff --git a/lib/strnlen_user.c b/lib/strnlen_user.c index 2625943625d7..8e105ed4df12 100644 --- a/lib/strnlen_user.c +++ b/lib/strnlen_user.c @@ -45,8 +45,7 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count,  	src -= align;  	max += align; -	if (unlikely(unsafe_get_user(c,(unsigned long __user *)src))) -		return 0; +	unsafe_get_user(c, (unsigned long __user *)src, efault);  	c |= aligned_byte_mask(align);  	for (;;) { @@ -61,8 +60,7 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count,  		if (unlikely(max <= sizeof(unsigned long)))  			break;  		max -= sizeof(unsigned long); -		if (unlikely(unsafe_get_user(c,(unsigned long __user *)(src+res)))) -			return 0; +		unsafe_get_user(c, (unsigned long __user *)(src+res), efault);  	}  	res -= align; @@ -77,6 +75,7 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count,  	 * Nope: we hit the address space limit, and we still had more  	 * characters the caller would have wanted. That's 0.  	 */ +efault:  	return 0;  } | 
