diff options
author | Kees Cook <keescook@chromium.org> | 2016-06-24 01:04:01 +0300 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2016-07-27 00:41:48 +0300 |
commit | 5b710f34e194c6b7710f69fdb5d798fdf35b98c1 (patch) | |
tree | ed1e71a6c526cf24861803af7e48b81ce68e82b6 /arch/x86/include/asm/uaccess_32.h | |
parent | f5509cc18daa7f82bcc553be70df2117c8eedc16 (diff) | |
download | linux-5b710f34e194c6b7710f69fdb5d798fdf35b98c1.tar.xz |
x86/uaccess: Enable hardened usercopy
Enables CONFIG_HARDENED_USERCOPY checks on x86. This is done both in
copy_*_user() and __copy_*_user() because copy_*_user() actually calls
down to _copy_*_user() and not __copy_*_user().
Based on code from PaX and grsecurity.
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Valdis Kletnieks <valdis.kletnieks@vt.edu>
Diffstat (limited to 'arch/x86/include/asm/uaccess_32.h')
-rw-r--r-- | arch/x86/include/asm/uaccess_32.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h index 4b32da24faaf..7d3bdd1ed697 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h @@ -37,6 +37,7 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero static __always_inline unsigned long __must_check __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) { + check_object_size(from, n, true); return __copy_to_user_ll(to, from, n); } @@ -95,6 +96,7 @@ static __always_inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) { might_fault(); + check_object_size(to, n, false); if (__builtin_constant_p(n)) { unsigned long ret; |