Blackfin: add missing access_ok() checks to user functions
The core string/clear user functions weren't checking the user pointers
which caused kernel crashes with some bad programs and tests (like LTP).
Signed-off-by: Robin Getz <robin.getz@analog.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
diff --git a/arch/blackfin/include/asm/uaccess.h b/arch/blackfin/include/asm/uaccess.h
index 3248033..97729be 100644
--- a/arch/blackfin/include/asm/uaccess.h
+++ b/arch/blackfin/include/asm/uaccess.h
@@ -233,16 +233,29 @@
}
/*
- * Return the size of a string (including the ending 0)
+ * Get the size of a string in user space.
+ * src: The string to measure
+ * n: The maximum valid length
*
- * Return 0 on exception, a value greater than N if too long
+ * Get the size of a NUL-terminated string in user space.
+ *
+ * Returns the size of the string INCLUDING the terminating NUL.
+ * On exception, returns 0.
+ * If the string is too long, returns a value greater than n.
*/
-static inline long strnlen_user(const char *src, long n)
+static inline long __must_check strnlen_user(const char *src, long n)
{
- return (strlen(src) + 1);
+ if (!access_ok(VERIFY_READ, src, 1))
+ return 0;
+ return strnlen(src, n) + 1;
}
-#define strlen_user(str) strnlen_user(str, 32767)
+static inline long __must_check strlen_user(const char *src)
+{
+ if (!access_ok(VERIFY_READ, src, 1))
+ return 0;
+ return strlen(src) + 1;
+}
/*
* Zero Userspace
@@ -251,6 +264,8 @@
static inline unsigned long __must_check
__clear_user(void *to, unsigned long n)
{
+ if (!access_ok(VERIFY_WRITE, to, n))
+ return n;
memset(to, 0, n);
return 0;
}