copy_{from,to}_user(): move kasan checks and might_fault() out-of-line

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2017-06-29 21:39:54 -04:00 · 2017-06-29 21:39:54 -04:00 · 9c5f6908de
--- a/include/linux/uaccess.h
+++ b/include/linux/uaccess.h
@ -109,8 +109,11 @@ static inline unsigned long
 _copy_from_user(void *to, const void __user *from, unsigned long n)
 {
 	unsigned long res = n;
-	if (likely(access_ok(VERIFY_READ, from, n)))
+	might_fault();
 	if (likely(access_ok(VERIFY_READ, from, n))) {
 		kasan_check_write(to, n);
 		res = raw_copy_from_user(to, from, n);
 	}
 	if (unlikely(res))
 		memset(to + (n - res), 0, res);
 	return res;
@ -124,8 +127,11 @@ _copy_from_user(void *, const void __user *, unsigned long);
 static inline unsigned long
 _copy_to_user(void __user *to, const void *from, unsigned long n)
 {
-	if (access_ok(VERIFY_WRITE, to, n))
+	might_fault();
 	if (access_ok(VERIFY_WRITE, to, n)) {
 		kasan_check_read(from, n);
 		n = raw_copy_to_user(to, from, n);
 	}
 	return n;
 }
 #else
@ -146,9 +152,6 @@ copy_from_user(void *to, const void __user *from, unsigned long n)
 {
 	int sz = __compiletime_object_size(to);
 	might_fault();
 	kasan_check_write(to, n);
 	if (likely(sz < 0 || sz >= n)) {
 		check_object_size(to, n, false);
 		n = _copy_from_user(to, from, n);
@ -165,9 +168,6 @@ copy_to_user(void __user *to, const void *from, unsigned long n)
 {
 	int sz = __compiletime_object_size(from);
 	kasan_check_read(from, n);
 	might_fault();
 	if (likely(sz < 0 || sz >= n)) {
 		check_object_size(from, n, true);
 		n = _copy_to_user(to, from, n);
--- a/lib/usercopy.c
+++ b/lib/usercopy.c
@ -6,8 +6,11 @@
 unsigned long _copy_from_user(void *to, const void __user *from, unsigned long n)
 {
 	unsigned long res = n;
-	if (likely(access_ok(VERIFY_READ, from, n)))
+	might_fault();
 	if (likely(access_ok(VERIFY_READ, from, n))) {
 		kasan_check_write(to, n);
 		res = raw_copy_from_user(to, from, n);
 	}
 	if (unlikely(res))
 		memset(to + (n - res), 0, res);
 	return res;
@ -18,8 +21,11 @@ EXPORT_SYMBOL(_copy_from_user);
 #ifndef INLINE_COPY_TO_USER
 unsigned long _copy_to_user(void *to, const void __user *from, unsigned long n)
 {
-	if (likely(access_ok(VERIFY_WRITE, to, n)))
+	might_fault();
 	if (likely(access_ok(VERIFY_WRITE, to, n))) {
 		kasan_check_read(from, n);
 		n = raw_copy_to_user(to, from, n);
 	}
 	return n;
 }
 EXPORT_SYMBOL(_copy_to_user);