Skip to content

Commit 9c5f690

Browse files
author
Al Viro
committed
copy_{from,to}_user(): move kasan checks and might_fault() out-of-line
Signed-off-by: Al Viro <[email protected]>
1 parent 2ea659a commit 9c5f690

File tree

2 files changed

+16
-10
lines changed

2 files changed

+16
-10
lines changed

include/linux/uaccess.h

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -109,8 +109,11 @@ static inline unsigned long
109109
_copy_from_user(void *to, const void __user *from, unsigned long n)
110110
{
111111
unsigned long res = n;
112-
if (likely(access_ok(VERIFY_READ, from, n)))
112+
might_fault();
113+
if (likely(access_ok(VERIFY_READ, from, n))) {
114+
kasan_check_write(to, n);
113115
res = raw_copy_from_user(to, from, n);
116+
}
114117
if (unlikely(res))
115118
memset(to + (n - res), 0, res);
116119
return res;
@@ -124,8 +127,11 @@ _copy_from_user(void *, const void __user *, unsigned long);
124127
static inline unsigned long
125128
_copy_to_user(void __user *to, const void *from, unsigned long n)
126129
{
127-
if (access_ok(VERIFY_WRITE, to, n))
130+
might_fault();
131+
if (access_ok(VERIFY_WRITE, to, n)) {
132+
kasan_check_read(from, n);
128133
n = raw_copy_to_user(to, from, n);
134+
}
129135
return n;
130136
}
131137
#else
@@ -146,9 +152,6 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
146152
{
147153
int sz = __compiletime_object_size(to);
148154

149-
might_fault();
150-
kasan_check_write(to, n);
151-
152155
if (likely(sz < 0 || sz >= n)) {
153156
check_object_size(to, n, false);
154157
n = _copy_from_user(to, from, n);
@@ -165,9 +168,6 @@ copy_to_user(void __user *to, const void *from, unsigned long n)
165168
{
166169
int sz = __compiletime_object_size(from);
167170

168-
kasan_check_read(from, n);
169-
might_fault();
170-
171171
if (likely(sz < 0 || sz >= n)) {
172172
check_object_size(from, n, true);
173173
n = _copy_to_user(to, from, n);

lib/usercopy.c

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,11 @@
66
unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n)
77
{
88
unsigned long res = n;
9-
if (likely(access_ok(VERIFY_READ, from, n)))
9+
might_fault();
10+
if (likely(access_ok(VERIFY_READ, from, n))) {
11+
kasan_check_write(to, n);
1012
res = raw_copy_from_user(to, from, n);
13+
}
1114
if (unlikely(res))
1215
memset(to + (n - res), 0, res);
1316
return res;
@@ -18,8 +21,11 @@ EXPORT_SYMBOL(_copy_from_user);
1821
#ifndef INLINE_COPY_TO_USER
1922
unsigned long _copy_to_user(void *to, const void __user *from, unsigned long n)
2023
{
21-
if (likely(access_ok(VERIFY_WRITE, to, n)))
24+
might_fault();
25+
if (likely(access_ok(VERIFY_WRITE, to, n))) {
26+
kasan_check_read(from, n);
2227
n = raw_copy_to_user(to, from, n);
28+
}
2329
return n;
2430
}
2531
EXPORT_SYMBOL(_copy_to_user);

0 commit comments

Comments
 (0)