copy_{from,to}_user(): move kasan checks and might_fault() out-of-line

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

copy_{from,to}_user(): move kasan checks and might_fault() out-of-line
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9c5f6908 · Al Viro · 2ea659a9 · 9c5f6908 · 9c5f6908
Commit 9c5f6908 authored Jun 29, 2017 by Al Viro
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 10 deletions

include/linux/uaccess.h include/linux/uaccess.h +8 -8

lib/usercopy.c lib/usercopy.c +8 -2

No files found.
--- a/include/linux/uaccess.h
+++ b/include/linux/uaccess.h
@@ -109,8 +109,11 @@ static inline unsigned long
 _copy_from_user(void *to, const void __user *from, unsigned long n)
 {
 	unsigned long res = n;
-	if (likely(access_ok(VERIFY_READ, from, n)))
+	might_fault();
+	if (likely(access_ok(VERIFY_READ, from, n))) {
+		kasan_check_write(to, n);
 		res = raw_copy_from_user(to, from, n);
+	}
 	if (unlikely(res))
 		memset(to + (n - res), 0, res);
 	return res;
@@ -124,8 +127,11 @@ _copy_from_user(void *, const void __user *, unsigned long);
 static inline unsigned long
 _copy_to_user(void __user *to, const void *from, unsigned long n)
 {
-	if (access_ok(VERIFY_WRITE, to, n))
+	might_fault();
+	if (access_ok(VERIFY_WRITE, to, n)) {
+		kasan_check_read(from, n);
 		n = raw_copy_to_user(to, from, n);
+	}
 	return n;
 }
 #else
@@ -146,9 +152,6 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
 {
 	int sz = __compiletime_object_size(to);
-	might_fault();
-	kasan_check_write(to, n);
 	if (likely(sz < 0 || sz >= n)) {
 		check_object_size(to, n, false);
 		n = _copy_from_user(to, from, n);
@@ -165,9 +168,6 @@ copy_to_user(void __user *to, const void *from, unsigned long n)
 {
 	int sz = __compiletime_object_size(from);
-	kasan_check_read(from, n);
-	might_fault();
 	if (likely(sz < 0 || sz >= n)) {
 		check_object_size(from, n, true);
 		n = _copy_to_user(to, from, n);

--- a/lib/usercopy.c
+++ b/lib/usercopy.c
@@ -6,8 +6,11 @@
 unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n)
 {
 	unsigned long res = n;
-	if (likely(access_ok(VERIFY_READ, from, n)))
+	might_fault();
+	if (likely(access_ok(VERIFY_READ, from, n))) {
+		kasan_check_write(to, n);
 		res = raw_copy_from_user(to, from, n);
+	}
 	if (unlikely(res))
 		memset(to + (n - res), 0, res);
 	return res;
@@ -18,8 +21,11 @@ EXPORT_SYMBOL(_copy_from_user);
 #ifndef INLINE_COPY_TO_USER
 unsigned long _copy_to_user(void *to, const void __user *from, unsigned long n)
 {
-	if (likely(access_ok(VERIFY_WRITE, to, n)))
+	might_fault();
+	if (likely(access_ok(VERIFY_WRITE, to, n))) {
+		kasan_check_read(from, n);
 		n = raw_copy_to_user(to, from, n);
+	}
 	return n;
 }
 EXPORT_SYMBOL(_copy_to_user);