projects
/
lttng-modules.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
fix: don't allow userspace copy to read kernel memory
[lttng-modules.git]
/
lib
/
ringbuffer
/
backend.h
diff --git
a/lib/ringbuffer/backend.h
b/lib/ringbuffer/backend.h
index 43e1d47542d3140183bf80cc725dfa0d77e29257..855f1e017a2f5aa6936a7aa9ce521c31d9c1e1e7 100644
(file)
--- a/
lib/ringbuffer/backend.h
+++ b/
lib/ringbuffer/backend.h
@@
-277,7
+277,6
@@
void lib_ring_buffer_copy_from_user_inatomic(const struct lib_ring_buffer_config
size_t offset = ctx->buf_offset;
struct lib_ring_buffer_backend_pages *backend_pages;
unsigned long ret;
size_t offset = ctx->buf_offset;
struct lib_ring_buffer_backend_pages *backend_pages;
unsigned long ret;
- mm_segment_t old_fs = get_fs();
if (unlikely(!len))
return;
if (unlikely(!len))
return;
@@
-287,7
+286,6
@@
void lib_ring_buffer_copy_from_user_inatomic(const struct lib_ring_buffer_config
index = (offset & (chanb->subbuf_size - 1)) >> PAGE_SHIFT;
pagecpy = min_t(size_t, len, (-offset) & ~PAGE_MASK);
index = (offset & (chanb->subbuf_size - 1)) >> PAGE_SHIFT;
pagecpy = min_t(size_t, len, (-offset) & ~PAGE_MASK);
- set_fs(KERNEL_DS);
pagefault_disable();
if (unlikely(!lttng_access_ok(VERIFY_READ, src, len)))
goto fill_buffer;
pagefault_disable();
if (unlikely(!lttng_access_ok(VERIFY_READ, src, len)))
goto fill_buffer;
@@
-304,14
+302,12
@@
void lib_ring_buffer_copy_from_user_inatomic(const struct lib_ring_buffer_config
_lib_ring_buffer_copy_from_user_inatomic(bufb, offset, src, len, 0);
}
pagefault_enable();
_lib_ring_buffer_copy_from_user_inatomic(bufb, offset, src, len, 0);
}
pagefault_enable();
- set_fs(old_fs);
ctx->buf_offset += len;
return;
fill_buffer:
pagefault_enable();
ctx->buf_offset += len;
return;
fill_buffer:
pagefault_enable();
- set_fs(old_fs);
/*
* In the error path we call the slow path version to avoid
* the pollution of static inline code.
/*
* In the error path we call the slow path version to avoid
* the pollution of static inline code.
@@
-347,7
+343,6
@@
void lib_ring_buffer_strcpy_from_user_inatomic(const struct lib_ring_buffer_conf
size_t index, pagecpy;
size_t offset = ctx->buf_offset;
struct lib_ring_buffer_backend_pages *backend_pages;
size_t index, pagecpy;
size_t offset = ctx->buf_offset;
struct lib_ring_buffer_backend_pages *backend_pages;
- mm_segment_t old_fs = get_fs();
if (unlikely(!len))
return;
if (unlikely(!len))
return;
@@
-357,7
+352,6
@@
void lib_ring_buffer_strcpy_from_user_inatomic(const struct lib_ring_buffer_conf
index = (offset & (chanb->subbuf_size - 1)) >> PAGE_SHIFT;
pagecpy = min_t(size_t, len, (-offset) & ~PAGE_MASK);
index = (offset & (chanb->subbuf_size - 1)) >> PAGE_SHIFT;
pagecpy = min_t(size_t, len, (-offset) & ~PAGE_MASK);
- set_fs(KERNEL_DS);
pagefault_disable();
if (unlikely(!lttng_access_ok(VERIFY_READ, src, len)))
goto fill_buffer;
pagefault_disable();
if (unlikely(!lttng_access_ok(VERIFY_READ, src, len)))
goto fill_buffer;
@@
-388,14
+382,12
@@
void lib_ring_buffer_strcpy_from_user_inatomic(const struct lib_ring_buffer_conf
len, 0, pad);
}
pagefault_enable();
len, 0, pad);
}
pagefault_enable();
- set_fs(old_fs);
ctx->buf_offset += len;
return;
fill_buffer:
pagefault_enable();
ctx->buf_offset += len;
return;
fill_buffer:
pagefault_enable();
- set_fs(old_fs);
/*
* In the error path we call the slow path version to avoid
* the pollution of static inline code.
/*
* In the error path we call the slow path version to avoid
* the pollution of static inline code.
@@
-447,16
+439,12
@@
unsigned long lib_ring_buffer_copy_from_user_check_nofault(void *dest,
unsigned long len)
{
unsigned long ret;
unsigned long len)
{
unsigned long ret;
- mm_segment_t old_fs;
if (!lttng_access_ok(VERIFY_READ, src, len))
return 1;
if (!lttng_access_ok(VERIFY_READ, src, len))
return 1;
- old_fs = get_fs();
- set_fs(KERNEL_DS);
pagefault_disable();
ret = __copy_from_user_inatomic(dest, src, len);
pagefault_enable();
pagefault_disable();
ret = __copy_from_user_inatomic(dest, src, len);
pagefault_enable();
- set_fs(old_fs);
return ret;
}
return ret;
}
This page took
0.028826 seconds
and
4
git commands to generate.