ARM: uaccess: Enable hardened usercopy · tjh.dev/kernel@dfd45b6

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

ARM: uaccess: Enable hardened usercopy

Enables CONFIG_HARDENED_USERCOPY checks on arm.

Based on code from PaX and grsecurity.

Signed-off-by: Kees Cook <keescook@chromium.org>

Kees Cook 9 years ago dfd45b61 5b710f34

+10 -2

2 changed files

expand all

arch

arm

Kconfig

include

asm

uaccess.h

arch/arm/Kconfig

··· 35 35 select HARDIRQS_SW_RESEND 36 36 select HAVE_ARCH_AUDITSYSCALL if (AEABI && !OABI_COMPAT) 37 37 select HAVE_ARCH_BITREVERSE if (CPU_32v7M || CPU_32v7) && !CPU_32v6 38 + select HAVE_ARCH_HARDENED_USERCOPY 38 39 select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL && !CPU_ENDIAN_BE32 && MMU 39 40 select HAVE_ARCH_KGDB if !CPU_ENDIAN_BE32 && MMU 40 41 select HAVE_ARCH_MMAP_RND_BITS if MMU

+9 -2

arch/arm/include/asm/uaccess.h

··· 496 496 static inline unsigned long __must_check 497 497 __copy_from_user(void *to, const void __user *from, unsigned long n) 498 498 { 499 - unsigned int __ua_flags = uaccess_save_and_enable(); 499 + unsigned int __ua_flags; 500 + 501 + check_object_size(to, n, false); 502 + __ua_flags = uaccess_save_and_enable(); 500 503 n = arm_copy_from_user(to, from, n); 501 504 uaccess_restore(__ua_flags); 502 505 return n; ··· 514 511 __copy_to_user(void __user *to, const void *from, unsigned long n) 515 512 { 516 513 #ifndef CONFIG_UACCESS_WITH_MEMCPY 517 - unsigned int __ua_flags = uaccess_save_and_enable(); 514 + unsigned int __ua_flags; 515 + 516 + check_object_size(from, n, true); 517 + __ua_flags = uaccess_save_and_enable(); 518 518 n = arm_copy_to_user(to, from, n); 519 519 uaccess_restore(__ua_flags); 520 520 return n; 521 521 #else 522 + check_object_size(from, n, true); 522 523 return arm_copy_to_user(to, from, n); 523 524 #endif 524 525 }