summaryrefslogtreecommitdiffstats
path: root/arch
diff options
context:
space:
mode:
authorHirokazu Takata <takata@linux-m32r.org>2006-04-10 22:53:20 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>2006-04-11 06:18:34 -0700
commit04dfd0de4ec04aaf7d9d42439c972c642a15a75c (patch)
tree26f093671aee900dadc7458f774eb9eb9e209b78 /arch
parent7c1c4e541888947947bc46a18a9a5543a259ed62 (diff)
[PATCH] m32r: security fix of {get,put}_user macros
Update {get,put}_user macros for m32r kernel. - Modify get_user to use __get_user_asm macro, instead of __get_user_x macro. - Remove arch/m32r/lib/{get,put}user.S. - Some cosmetic updates. I would like to thank NIIBE Yutaka for his reporting about the m32r kernel's security problem in {get,put}_user macros. There were no address checking for user space access in {get,put}_user macros. ;-) Signed-off-by: Hirokazu Takata <takata@linux-m32r.org> Cc: NIIBE Yutaka <gniibe@fsij.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'arch')
-rw-r--r--arch/m32r/kernel/m32r_ksyms.c4
-rw-r--r--arch/m32r/lib/Makefile4
-rw-r--r--arch/m32r/lib/getuser.S88
-rw-r--r--arch/m32r/lib/putuser.S84
4 files changed, 2 insertions, 178 deletions
diff --git a/arch/m32r/kernel/m32r_ksyms.c b/arch/m32r/kernel/m32r_ksyms.c
index be8b711367e..60009508dbe 100644
--- a/arch/m32r/kernel/m32r_ksyms.c
+++ b/arch/m32r/kernel/m32r_ksyms.c
@@ -38,10 +38,6 @@ EXPORT_SYMBOL(__udelay);
EXPORT_SYMBOL(__delay);
EXPORT_SYMBOL(__const_udelay);
-EXPORT_SYMBOL(__get_user_1);
-EXPORT_SYMBOL(__get_user_2);
-EXPORT_SYMBOL(__get_user_4);
-
EXPORT_SYMBOL(strpbrk);
EXPORT_SYMBOL(strstr);
diff --git a/arch/m32r/lib/Makefile b/arch/m32r/lib/Makefile
index e632d10c7d7..d16b4e40d1a 100644
--- a/arch/m32r/lib/Makefile
+++ b/arch/m32r/lib/Makefile
@@ -2,6 +2,6 @@
# Makefile for M32R-specific library files..
#
-lib-y := checksum.o ashxdi3.o memset.o memcpy.o getuser.o \
- putuser.o delay.o strlen.o usercopy.o csum_partial_copy.o
+lib-y := checksum.o ashxdi3.o memset.o memcpy.o \
+ delay.o strlen.o usercopy.o csum_partial_copy.o
diff --git a/arch/m32r/lib/getuser.S b/arch/m32r/lib/getuser.S
deleted file mode 100644
index 58a0db055c5..00000000000
--- a/arch/m32r/lib/getuser.S
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * __get_user functions.
- *
- * (C) Copyright 2001 Hirokazu Takata
- *
- * These functions have a non-standard call interface
- * to make them more efficient, especially as they
- * return an error value in addition to the "real"
- * return value.
- */
-
-#include <linux/config.h>
-
-/*
- * __get_user_X
- *
- * Inputs: r0 contains the address
- *
- * Outputs: r0 is error code (0 or -EFAULT)
- * r1 contains zero-extended value
- *
- * These functions should not modify any other registers,
- * as they get called from within inline assembly.
- */
-
-#ifdef CONFIG_ISA_DUAL_ISSUE
-
- .text
- .balign 4
- .globl __get_user_1
-__get_user_1:
-1: ldub r1, @r0 || ldi r0, #0
- jmp r14
-
- .balign 4
- .globl __get_user_2
-__get_user_2:
-2: lduh r1, @r0 || ldi r0, #0
- jmp r14
-
- .balign 4
- .globl __get_user_4
-__get_user_4:
-3: ld r1, @r0 || ldi r0, #0
- jmp r14
-
-bad_get_user:
- ldi r1, #0 || ldi r0, #-14
- jmp r14
-
-#else /* not CONFIG_ISA_DUAL_ISSUE */
-
- .text
- .balign 4
- .globl __get_user_1
-__get_user_1:
-1: ldub r1, @r0
- ldi r0, #0
- jmp r14
-
- .balign 4
- .globl __get_user_2
-__get_user_2:
-2: lduh r1, @r0
- ldi r0, #0
- jmp r14
-
- .balign 4
- .globl __get_user_4
-__get_user_4:
-3: ld r1, @r0
- ldi r0, #0
- jmp r14
-
-bad_get_user:
- ldi r1, #0
- ldi r0, #-14
- jmp r14
-
-#endif /* not CONFIG_ISA_DUAL_ISSUE */
-
-.section __ex_table,"a"
- .long 1b,bad_get_user
- .long 2b,bad_get_user
- .long 3b,bad_get_user
-.previous
-
- .end
diff --git a/arch/m32r/lib/putuser.S b/arch/m32r/lib/putuser.S
deleted file mode 100644
index 218154cc389..00000000000
--- a/arch/m32r/lib/putuser.S
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * __put_user functions.
- *
- * (C) Copyright 1998 Linus Torvalds
- * (C) Copyright 2001 Hirokazu Takata
- *
- * These functions have a non-standard call interface
- * to make them more efficient.
- */
-
-#include <linux/config.h>
-
-/*
- * __put_user_X
- *
- * Inputs: r0 contains the address
- * r1 contains the value
- *
- * Outputs: r0 is error code (0 or -EFAULT)
- * r1 is corrupted (will contain "current_task").
- *
- * These functions should not modify any other registers,
- * as they get called from within inline assembly.
- */
-
-#ifdef CONFIG_ISA_DUAL_ISSUE
-
- .text
- .balign 4
- .globl __put_user_1
-__put_user_1:
-1: stb r1, @r0 || ldi r0, #0
- jmp r14
-
- .balign 4
- .globl __put_user_2
-__put_user_2:
-2: sth r1, @r0 || ldi r0, #0
- jmp r14
-
- .balign 4
- .globl __put_user_4
-__put_user_4:
-3: st r1, @r0 || ldi r0, #0
- jmp r14
-
-bad_put_user:
- ldi r0, #-14 || jmp r14
-
-#else /* not CONFIG_ISA_DUAL_ISSUE */
-
- .text
- .balign 4
- .globl __put_user_1
-__put_user_1:
-1: stb r1, @r0
- ldi r0, #0
- jmp r14
-
- .balign 4
- .globl __put_user_2
-__put_user_2:
-2: sth r1, @r0
- ldi r0, #0
- jmp r14
-
- .balign 4
- .globl __put_user_4
-__put_user_4:
-3: st r1, @r0
- ldi r0, #0
- jmp r14
-
-bad_put_user:
- ldi r0, #-14
- jmp r14
-
-#endif /* not CONFIG_ISA_DUAL_ISSUE */
-
-.section __ex_table,"a"
- .long 1b,bad_put_user
- .long 2b,bad_put_user
- .long 3b,bad_put_user
-.previous