uaccess: generalize access_ok()
There are many different ways that access_ok() is defined across
architectures, but in the end, they all just compare against the
user_addr_max() value or they accept anything.
Provide one definition that works for most architectures, checking
against TASK_SIZE_MAX for user processes or skipping the check inside
of uaccess_kernel() sections.
For architectures without CONFIG_SET_FS(), this should be the fastest
check, as it comes down to a single comparison of a pointer against a
compile-time constant, while the architecture specific versions tend to
do something more complex for historic reasons or get something wrong.
Type checking for __user annotations is handled inconsistently across
architectures, but this is easily simplified as well by using an inline
function that takes a 'const void __user *' argument. A handful of
callers need an extra __user annotation for this.
Some architectures had trick to use 33-bit or 65-bit arithmetic on the
addresses to calculate the overflow, however this simpler version uses
fewer registers, which means it can produce better object code in the
end despite needing a second (statically predicted) branch.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Acked-by: Mark Rutland <mark.rutland@arm.com> [arm64, asm-generic]
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Stafford Horne <shorne@gmail.com>
Acked-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-02-15 19:55:04 +03:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
#ifndef __ASM_GENERIC_ACCESS_OK_H__
|
|
|
|
#define __ASM_GENERIC_ACCESS_OK_H__
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Checking whether a pointer is valid for user space access.
|
|
|
|
* These definitions work on most architectures, but overrides can
|
|
|
|
* be used where necessary.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* architectures with compat tasks have a variable TASK_SIZE and should
|
|
|
|
* override this to a constant.
|
|
|
|
*/
|
|
|
|
#ifndef TASK_SIZE_MAX
|
|
|
|
#define TASK_SIZE_MAX TASK_SIZE
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef __access_ok
|
|
|
|
/*
|
|
|
|
* 'size' is a compile-time constant for most callers, so optimize for
|
|
|
|
* this case to turn the check into a single comparison against a constant
|
|
|
|
* limit and catch all possible overflows.
|
|
|
|
* On architectures with separate user address space (m68k, s390, parisc,
|
|
|
|
* sparc64) or those without an MMU, this should always return true.
|
|
|
|
*
|
|
|
|
* This version was originally contributed by Jonas Bonn for the
|
|
|
|
* OpenRISC architecture, and was found to be the most efficient
|
|
|
|
* for constant 'size' and 'limit' values.
|
|
|
|
*/
|
|
|
|
static inline int __access_ok(const void __user *ptr, unsigned long size)
|
|
|
|
{
|
2022-02-11 23:42:45 +03:00
|
|
|
unsigned long limit = TASK_SIZE_MAX;
|
uaccess: generalize access_ok()
There are many different ways that access_ok() is defined across
architectures, but in the end, they all just compare against the
user_addr_max() value or they accept anything.
Provide one definition that works for most architectures, checking
against TASK_SIZE_MAX for user processes or skipping the check inside
of uaccess_kernel() sections.
For architectures without CONFIG_SET_FS(), this should be the fastest
check, as it comes down to a single comparison of a pointer against a
compile-time constant, while the architecture specific versions tend to
do something more complex for historic reasons or get something wrong.
Type checking for __user annotations is handled inconsistently across
architectures, but this is easily simplified as well by using an inline
function that takes a 'const void __user *' argument. A handful of
callers need an extra __user annotation for this.
Some architectures had trick to use 33-bit or 65-bit arithmetic on the
addresses to calculate the overflow, however this simpler version uses
fewer registers, which means it can produce better object code in the
end despite needing a second (statically predicted) branch.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Acked-by: Mark Rutland <mark.rutland@arm.com> [arm64, asm-generic]
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Stafford Horne <shorne@gmail.com>
Acked-by: Dinh Nguyen <dinguyen@kernel.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2022-02-15 19:55:04 +03:00
|
|
|
unsigned long addr = (unsigned long)ptr;
|
|
|
|
|
|
|
|
if (IS_ENABLED(CONFIG_ALTERNATE_USER_ADDRESS_SPACE) ||
|
|
|
|
!IS_ENABLED(CONFIG_MMU))
|
|
|
|
return true;
|
|
|
|
|
|
|
|
return (size <= limit) && (addr <= (limit - size));
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifndef access_ok
|
|
|
|
#define access_ok(addr, size) likely(__access_ok(addr, size))
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#endif
|