Commit 22426465 authored by Al Viro's avatar Al Viro

ppc32: fix copy_from_user()

should clear on access_ok() failures.  Also remove the useless
range truncation logics.

Cc: stable@vger.kernel.org
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent aace880f
...@@ -308,40 +308,23 @@ extern unsigned long __copy_tofrom_user(void __user *to, ...@@ -308,40 +308,23 @@ extern unsigned long __copy_tofrom_user(void __user *to,
static inline unsigned long copy_from_user(void *to, static inline unsigned long copy_from_user(void *to,
const void __user *from, unsigned long n) const void __user *from, unsigned long n)
{ {
unsigned long over; if (likely(access_ok(VERIFY_READ, from, n))) {
if (access_ok(VERIFY_READ, from, n)) {
if (!__builtin_constant_p(n)) if (!__builtin_constant_p(n))
check_object_size(to, n, false); check_object_size(to, n, false);
return __copy_tofrom_user((__force void __user *)to, from, n); return __copy_tofrom_user((__force void __user *)to, from, n);
} }
if ((unsigned long)from < TASK_SIZE) { memset(to, 0, n);
over = (unsigned long)from + n - TASK_SIZE;
if (!__builtin_constant_p(n - over))
check_object_size(to, n - over, false);
return __copy_tofrom_user((__force void __user *)to, from,
n - over) + over;
}
return n; return n;
} }
static inline unsigned long copy_to_user(void __user *to, static inline unsigned long copy_to_user(void __user *to,
const void *from, unsigned long n) const void *from, unsigned long n)
{ {
unsigned long over;
if (access_ok(VERIFY_WRITE, to, n)) { if (access_ok(VERIFY_WRITE, to, n)) {
if (!__builtin_constant_p(n)) if (!__builtin_constant_p(n))
check_object_size(from, n, true); check_object_size(from, n, true);
return __copy_tofrom_user(to, (__force void __user *)from, n); return __copy_tofrom_user(to, (__force void __user *)from, n);
} }
if ((unsigned long)to < TASK_SIZE) {
over = (unsigned long)to + n - TASK_SIZE;
if (!__builtin_constant_p(n))
check_object_size(from, n - over, true);
return __copy_tofrom_user(to, (__force void __user *)from,
n - over) + over;
}
return n; return n;
} }
...@@ -439,10 +422,6 @@ static inline unsigned long clear_user(void __user *addr, unsigned long size) ...@@ -439,10 +422,6 @@ static inline unsigned long clear_user(void __user *addr, unsigned long size)
might_fault(); might_fault();
if (likely(access_ok(VERIFY_WRITE, addr, size))) if (likely(access_ok(VERIFY_WRITE, addr, size)))
return __clear_user(addr, size); return __clear_user(addr, size);
if ((unsigned long)addr < TASK_SIZE) {
unsigned long over = (unsigned long)addr + size - TASK_SIZE;
return __clear_user(addr, size - over) + over;
}
return size; return size;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment