diff options
author | Christoph Hellwig <hch@lst.de> | 2020-06-08 21:35:04 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-06-09 09:39:16 -0700 |
commit | 2a71e81d32198785387c8bc0f2cc5d78f84e2e78 (patch) | |
tree | 8fae2ecb69aa0286ab0e2c7fe9e3ca3678f37251 | |
parent | fa94111d94354de76c47fea6e1187d1ee91e23a7 (diff) | |
download | lwn-2a71e81d32198785387c8bc0f2cc5d78f84e2e78.tar.gz lwn-2a71e81d32198785387c8bc0f2cc5d78f84e2e78.zip |
maccess: return -ERANGE when probe_kernel_read() fails
Allow the callers to distinguish a real unmapped address vs a range
that can't be probed.
Suggested-by: Masami Hiramatsu <mhiramat@kernel.org>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/20200521152301.2587579-24-hch@lst.de
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | mm/maccess.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/mm/maccess.c b/mm/maccess.c index db7cf48d8fed..88845eda5047 100644 --- a/mm/maccess.c +++ b/mm/maccess.c @@ -24,7 +24,7 @@ bool __weak probe_kernel_read_allowed(const void *unsafe_src, size_t size) long probe_kernel_read(void *dst, const void *src, size_t size) { if (!probe_kernel_read_allowed(src, size)) - return -EFAULT; + return -ERANGE; pagefault_disable(); probe_kernel_read_loop(dst, src, size, u64, Efault); @@ -68,7 +68,7 @@ long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count) if (unlikely(count <= 0)) return 0; if (!probe_kernel_read_allowed(unsafe_addr, count)) - return -EFAULT; + return -ERANGE; pagefault_disable(); do { @@ -93,7 +93,8 @@ Efault: * @size: size of the data chunk * * Safely read from kernel address @src to the buffer at @dst. If a kernel - * fault happens, handle that and return -EFAULT. + * fault happens, handle that and return -EFAULT. If @src is not a valid kernel + * address, return -ERANGE. * * We ensure that the copy_from_user is executed in atomic context so that * do_page_fault() doesn't attempt to take mmap_lock. This makes @@ -106,7 +107,7 @@ long probe_kernel_read(void *dst, const void *src, size_t size) mm_segment_t old_fs = get_fs(); if (!probe_kernel_read_allowed(src, size)) - return -EFAULT; + return -ERANGE; set_fs(KERNEL_DS); pagefault_disable(); @@ -158,8 +159,9 @@ long probe_kernel_write(void *dst, const void *src, size_t size) * * On success, returns the length of the string INCLUDING the trailing NUL. * - * If access fails, returns -EFAULT (some data may have been copied - * and the trailing NUL added). + * If access fails, returns -EFAULT (some data may have been copied and the + * trailing NUL added). If @unsafe_addr is not a valid kernel address, return + * -ERANGE. * * If @count is smaller than the length of the string, copies @count-1 bytes, * sets the last byte of @dst buffer to NUL and returns @count. @@ -173,7 +175,7 @@ long strncpy_from_kernel_nofault(char *dst, const void *unsafe_addr, long count) if (unlikely(count <= 0)) return 0; if (!probe_kernel_read_allowed(unsafe_addr, count)) - return -EFAULT; + return -ERANGE; set_fs(KERNEL_DS); pagefault_disable(); |