From f27180dd63e1e6eca3230b9d3fdcc33564a81117 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Thu, 16 Jan 2020 13:18:38 +0100 Subject: asm-generic/uaccess.h: remove __strncpy_from_user/__strnlen_user This is a preparation for changing over architectures to the generic implementation one at a time. As there are no callers of either __strncpy_from_user() or __strnlen_user(), fold these into the strncpy_from_user() and strnlen_user() functions to make each implementation independent of the others. Many of these implementations have known bugs, but the intention here is to not change behavior at all and stay compatible with those bugs for the moment. Reviewed-by: Christoph Hellwig Signed-off-by: Arnd Bergmann --- include/asm-generic/uaccess.h | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) (limited to 'include') diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h index a0b2f270dddc..2f8a5d3bbd57 100644 --- a/include/asm-generic/uaccess.h +++ b/include/asm-generic/uaccess.h @@ -246,11 +246,15 @@ extern int __get_user_bad(void) __attribute__((noreturn)); /* * Copy a null terminated string from userspace. */ -#ifndef __strncpy_from_user +#ifndef strncpy_from_user static inline long -__strncpy_from_user(char *dst, const char __user *src, long count) +strncpy_from_user(char *dst, const char __user *src, long count) { char *tmp; + + if (!access_ok(src, 1)) + return -EFAULT; + strncpy(dst, (const char __force *)src, count); for (tmp = dst; *tmp && count > 0; tmp++, count--) ; @@ -258,24 +262,12 @@ __strncpy_from_user(char *dst, const char __user *src, long count) } #endif -static inline long -strncpy_from_user(char *dst, const char __user *src, long count) -{ - if (!access_ok(src, 1)) - return -EFAULT; - return __strncpy_from_user(dst, src, count); -} - +#ifndef strnlen_user /* * Return the size of a string (including the ending 0) * * Return 0 on exception, a value greater than N if too long - */ -#ifndef __strnlen_user -#define __strnlen_user(s, n) (strnlen((s), (n)) + 1) -#endif - -/* + * * Unlike strnlen, strnlen_user includes the nul terminator in * its returned count. Callers should check for a returned value * greater than N as an indication the string is too long. @@ -284,8 +276,10 @@ static inline long strnlen_user(const char __user *src, long n) { if (!access_ok(src, 1)) return 0; - return __strnlen_user(src, n); + + return strnlen(src, n) + 1; } +#endif /* * Zero Userspace -- cgit v1.2.3 From 98b861a304318e60eea584bef123d924e5d0dcff Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Sat, 23 Jan 2021 15:21:22 +0100 Subject: asm-generic: uaccess: remove inline strncpy_from_user/strnlen_user The inline version is used on three NOMMU architectures and is particularly inefficient when it scans the string one byte at a time twice. It also lacks a check for user_addr_max(), but this is probably ok on NOMMU targets. Consolidate the asm-generic implementation with the library version that is used everywhere else. This version is generalized enough to work efficiently on both MMU and NOMMU targets, and using the same code everywhere reduces the potential for subtle bugs. Mark the prototypes as __must_check in the process. Reviewed-by: Geert Uytterhoeven Acked-by: Geert Uytterhoeven Reviewed-by: Christoph Hellwig Signed-off-by: Arnd Bergmann --- arch/h8300/Kconfig | 2 ++ arch/m68k/Kconfig | 4 ++-- arch/riscv/Kconfig | 4 ++-- include/asm-generic/uaccess.h | 47 +++++++++---------------------------------- 4 files changed, 15 insertions(+), 42 deletions(-) (limited to 'include') diff --git a/arch/h8300/Kconfig b/arch/h8300/Kconfig index 3e3e0f16f7e0..53dfd2d47e0e 100644 --- a/arch/h8300/Kconfig +++ b/arch/h8300/Kconfig @@ -11,6 +11,8 @@ config H8300 select GENERIC_IRQ_SHOW select FRAME_POINTER select GENERIC_CPU_DEVICES + select GENERIC_STRNCPY_FROM_USER + select GENERIC_STRNLEN_USER select MODULES_USE_ELF_RELA select COMMON_CLK select ARCH_WANT_FRAME_POINTERS diff --git a/arch/m68k/Kconfig b/arch/m68k/Kconfig index 96989ad46f66..37a65bed6dfa 100644 --- a/arch/m68k/Kconfig +++ b/arch/m68k/Kconfig @@ -16,8 +16,8 @@ config M68K select GENERIC_CPU_DEVICES select GENERIC_IOMAP select GENERIC_IRQ_SHOW - select GENERIC_STRNCPY_FROM_USER if MMU - select GENERIC_STRNLEN_USER if MMU + select GENERIC_STRNCPY_FROM_USER + select GENERIC_STRNLEN_USER select HAVE_AOUT if MMU select HAVE_ASM_MODVERSIONS select HAVE_DEBUG_BUGVERBOSE diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index 8fcceb8eda07..47bbbcab91b2 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -56,8 +56,8 @@ config RISCV select GENERIC_PTDUMP if MMU select GENERIC_SCHED_CLOCK select GENERIC_SMP_IDLE_THREAD - select GENERIC_STRNCPY_FROM_USER if MMU - select GENERIC_STRNLEN_USER if MMU + select GENERIC_STRNCPY_FROM_USER + select GENERIC_STRNLEN_USER select GENERIC_TIME_VSYSCALL if MMU && 64BIT select HANDLE_DOMAIN_IRQ select HAVE_ARCH_AUDITSYSCALL diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h index 2f8a5d3bbd57..10ffa8b5c117 100644 --- a/include/asm-generic/uaccess.h +++ b/include/asm-generic/uaccess.h @@ -119,6 +119,11 @@ static inline void set_fs(mm_segment_t fs) #ifndef uaccess_kernel #define uaccess_kernel() (get_fs().seg == KERNEL_DS.seg) #endif + +#ifndef user_addr_max +#define user_addr_max() (uaccess_kernel() ? ~0UL : TASK_SIZE) +#endif + #endif /* CONFIG_SET_FS */ #define access_ok(addr, size) __access_ok((unsigned long)(addr),(size)) @@ -243,44 +248,6 @@ static inline int __get_user_fn(size_t size, const void __user *ptr, void *x) extern int __get_user_bad(void) __attribute__((noreturn)); -/* - * Copy a null terminated string from userspace. - */ -#ifndef strncpy_from_user -static inline long -strncpy_from_user(char *dst, const char __user *src, long count) -{ - char *tmp; - - if (!access_ok(src, 1)) - return -EFAULT; - - strncpy(dst, (const char __force *)src, count); - for (tmp = dst; *tmp && count > 0; tmp++, count--) - ; - return (tmp - dst); -} -#endif - -#ifndef strnlen_user -/* - * Return the size of a string (including the ending 0) - * - * Return 0 on exception, a value greater than N if too long - * - * Unlike strnlen, strnlen_user includes the nul terminator in - * its returned count. Callers should check for a returned value - * greater than N as an indication the string is too long. - */ -static inline long strnlen_user(const char __user *src, long n) -{ - if (!access_ok(src, 1)) - return 0; - - return strnlen(src, n) + 1; -} -#endif - /* * Zero Userspace */ @@ -305,4 +272,8 @@ clear_user(void __user *to, unsigned long n) #include +__must_check long strncpy_from_user(char *dst, const char __user *src, + long count); +__must_check long strnlen_user(const char __user *src, long n); + #endif /* __ASM_GENERIC_UACCESS_H */ -- cgit v1.2.3 From fc062ad8e406a08b624b3ab3427434800ff886f8 Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven Date: Wed, 14 Jul 2021 11:44:22 +0200 Subject: asm-generic: ffs: Drop bogus reference to ffz location The generic definition of ffz() is not defined in the same header files as the generic definitions of ffs(). Signed-off-by: Geert Uytterhoeven Signed-off-by: Arnd Bergmann --- include/asm-generic/bitops/builtin-ffs.h | 2 +- include/asm-generic/bitops/ffs.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/asm-generic/bitops/builtin-ffs.h b/include/asm-generic/bitops/builtin-ffs.h index 1dacfdb4247e..7b129329046b 100644 --- a/include/asm-generic/bitops/builtin-ffs.h +++ b/include/asm-generic/bitops/builtin-ffs.h @@ -8,7 +8,7 @@ * * This is defined the same way as * the libc and compiler builtin ffs routines, therefore - * differs in spirit from the above ffz (man ffs). + * differs in spirit from ffz (man ffs). */ #define ffs(x) __builtin_ffs(x) diff --git a/include/asm-generic/bitops/ffs.h b/include/asm-generic/bitops/ffs.h index e81868b2c0f0..323fd5d6ae26 100644 --- a/include/asm-generic/bitops/ffs.h +++ b/include/asm-generic/bitops/ffs.h @@ -8,7 +8,7 @@ * * This is defined the same way as * the libc and compiler builtin ffs routines, therefore - * differs in spirit from the above ffz (man ffs). + * differs in spirit from ffz (man ffs). */ static inline int ffs(int x) { -- cgit v1.2.3 From 8f76f9c46952659dd925c21c3f62a0d05a3f3e71 Mon Sep 17 00:00:00 2001 From: Vineet Gupta Date: Thu, 5 Aug 2021 12:14:08 -0700 Subject: bitops/non-atomic: make @nr unsigned to avoid any DIV signed math causes generation of costlier instructions such as DIV when they could be done by barrerl shifter. Worse part is this is not caught by things like bloat-o-meter since instruction length / symbols are typically same size. e.g. stock (signed math) __________________ 919b4614 : 919b4614: div r2,r0,0x20 ^^^ 919b4618: add2 r2,0x920f6050,r2 919b4620: ld_s r2,[r2,0] 919b4622: lsr r0,r2,r0 919b4626: j_s.d [blink] 919b4628: bmsk_s r0,r0,0 919b462a: nop_s (patched) unsigned math __________________ 919b4614 : 919b4614: lsr r2,r0,0x5 @nr/32 ^^^ 919b4618: add2 r2,0x920f6050,r2 919b4620: ld_s r2,[r2,0] 919b4622: lsr r0,r2,r0 #test_bit() 919b4626: j_s.d [blink] 919b4628: bmsk_s r0,r0,0 919b462a: nop_s Signed-off-by: Vineet Gupta Acked-by: Will Deacon Signed-off-by: Arnd Bergmann --- include/asm-generic/bitops/non-atomic.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/asm-generic/bitops/non-atomic.h b/include/asm-generic/bitops/non-atomic.h index 7e10c4b50c5d..c5a7d8eb9c2b 100644 --- a/include/asm-generic/bitops/non-atomic.h +++ b/include/asm-generic/bitops/non-atomic.h @@ -13,7 +13,7 @@ * If it's called on the same region of memory simultaneously, the effect * may be that only one operation succeeds. */ -static inline void __set_bit(int nr, volatile unsigned long *addr) +static inline void __set_bit(unsigned int nr, volatile unsigned long *addr) { unsigned long mask = BIT_MASK(nr); unsigned long *p = ((unsigned long *)addr) + BIT_WORD(nr); @@ -21,7 +21,7 @@ static inline void __set_bit(int nr, volatile unsigned long *addr) *p |= mask; } -static inline void __clear_bit(int nr, volatile unsigned long *addr) +static inline void __clear_bit(unsigned int nr, volatile unsigned long *addr) { unsigned long mask = BIT_MASK(nr); unsigned long *p = ((unsigned long *)addr) + BIT_WORD(nr); @@ -38,7 +38,7 @@ static inline void __clear_bit(int nr, volatile unsigned long *addr) * If it's called on the same region of memory simultaneously, the effect * may be that only one operation succeeds. */ -static inline void __change_bit(int nr, volatile unsigned long *addr) +static inline void __change_bit(unsigned int nr, volatile unsigned long *addr) { unsigned long mask = BIT_MASK(nr); unsigned long *p = ((unsigned long *)addr) + BIT_WORD(nr); @@ -55,7 +55,7 @@ static inline void __change_bit(int nr, volatile unsigned long *addr) * If two examples of this operation race, one can appear to succeed * but actually fail. You must protect multiple accesses with a lock. */ -static inline int __test_and_set_bit(int nr, volatile unsigned long *addr) +static inline int __test_and_set_bit(unsigned int nr, volatile unsigned long *addr) { unsigned long mask = BIT_MASK(nr); unsigned long *p = ((unsigned long *)addr) + BIT_WORD(nr); @@ -74,7 +74,7 @@ static inline int __test_and_set_bit(int nr, volatile unsigned long *addr) * If two examples of this operation race, one can appear to succeed * but actually fail. You must protect multiple accesses with a lock. */ -static inline int __test_and_clear_bit(int nr, volatile unsigned long *addr) +static inline int __test_and_clear_bit(unsigned int nr, volatile unsigned long *addr) { unsigned long mask = BIT_MASK(nr); unsigned long *p = ((unsigned long *)addr) + BIT_WORD(nr); @@ -85,7 +85,7 @@ static inline int __test_and_clear_bit(int nr, volatile unsigned long *addr) } /* WARNING: non atomic and it can be reordered! */ -static inline int __test_and_change_bit(int nr, +static inline int __test_and_change_bit(unsigned int nr, volatile unsigned long *addr) { unsigned long mask = BIT_MASK(nr); @@ -101,7 +101,7 @@ static inline int __test_and_change_bit(int nr, * @nr: bit number to test * @addr: Address to start counting from */ -static inline int test_bit(int nr, const volatile unsigned long *addr) +static inline int test_bit(unsigned int nr, const volatile unsigned long *addr) { return 1UL & (addr[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG-1))); } -- cgit v1.2.3