altera-fpga
diff --git a/‎arch/Kconfig‎
Lines changed: 9 additions & 0 deletions b/‎arch/Kconfig‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎arch/arm/Kconfig‎
Lines changed: 1 addition & 0 deletions b/‎arch/arm/Kconfig‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎arch/arm/include/asm/uaccess.h‎
Lines changed: 9 additions & 2 deletions b/‎arch/arm/include/asm/uaccess.h‎
Lines changed: 9 additions & 2 deletions
diff --git a/‎arch/arm64/Kconfig‎
Lines changed: 1 addition & 0 deletions b/‎arch/arm64/Kconfig‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎arch/arm64/include/asm/uaccess.h‎
Lines changed: 10 additions & 5 deletions b/‎arch/arm64/include/asm/uaccess.h‎
Lines changed: 10 additions & 5 deletions
diff --git a/‎arch/ia64/Kconfig‎
Lines changed: 1 addition & 0 deletions b/‎arch/ia64/Kconfig‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎arch/ia64/include/asm/uaccess.h‎
Lines changed: 15 additions & 3 deletions b/‎arch/ia64/include/asm/uaccess.h‎
Lines changed: 15 additions & 3 deletions
diff --git a/‎arch/powerpc/Kconfig‎
Lines changed: 1 addition & 0 deletions b/‎arch/powerpc/Kconfig‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎arch/powerpc/include/asm/uaccess.h‎
Lines changed: 19 additions & 2 deletions b/‎arch/powerpc/include/asm/uaccess.h‎
Lines changed: 19 additions & 2 deletions
diff --git a/‎arch/s390/Kconfig‎
Lines changed: 1 addition & 0 deletions b/‎arch/s390/Kconfig‎
Lines changed: 1 addition & 0 deletions
@@ -461,6 +461,15 @@ config CC_STACKPROTECTOR_STRONG
 
 endchoice
 
+config HAVE_ARCH_WITHIN_STACK_FRAMES
+	bool
+	help
+	  An architecture should select this if it can walk the kernel stack
+	  frames to determine if an object is part of either the arguments
+	  or local variables (i.e. that it excludes saved return addresses,
+	  and similar) by implementing an inline arch_within_stack_frames(),
+	  which is used by CONFIG_HARDENED_USERCOPY.
+
 config HAVE_CONTEXT_TRACKING
 	bool
 	help
 
@@ -35,6 +35,7 @@ config ARM
 	select HARDIRQS_SW_RESEND
 	select HAVE_ARCH_AUDITSYSCALL if (AEABI && !OABI_COMPAT)
 	select HAVE_ARCH_BITREVERSE if (CPU_32v7M || CPU_32v7) && !CPU_32v6
+	select HAVE_ARCH_HARDENED_USERCOPY
 	select HAVE_ARCH_JUMP_LABEL if !XIP_KERNEL && !CPU_ENDIAN_BE32 && MMU
 	select HAVE_ARCH_KGDB if !CPU_ENDIAN_BE32 && MMU
 	select HAVE_ARCH_MMAP_RND_BITS if MMU
 
@@ -480,7 +480,10 @@ arm_copy_from_user(void *to, const void __user *from, unsigned long n);
 static inline unsigned long __must_check
 __copy_from_user(void *to, const void __user *from, unsigned long n)
 {
-	unsigned int __ua_flags = uaccess_save_and_enable();
+	unsigned int __ua_flags;
+
+	check_object_size(to, n, false);
+	__ua_flags = uaccess_save_and_enable();
 	n = arm_copy_from_user(to, from, n);
 	uaccess_restore(__ua_flags);
 	return n;
@@ -495,11 +498,15 @@ static inline unsigned long __must_check
 __copy_to_user(void __user *to, const void *from, unsigned long n)
 {
 #ifndef CONFIG_UACCESS_WITH_MEMCPY
-	unsigned int __ua_flags = uaccess_save_and_enable();
+	unsigned int __ua_flags;
+
+	check_object_size(from, n, true);
+	__ua_flags = uaccess_save_and_enable();
 	n = arm_copy_to_user(to, from, n);
 	uaccess_restore(__ua_flags);
 	return n;
 #else
+	check_object_size(from, n, true);
 	return arm_copy_to_user(to, from, n);
 #endif
 }
 
@@ -54,6 +54,7 @@ config ARM64
 	select HAVE_ALIGNED_STRUCT_PAGE if SLUB
 	select HAVE_ARCH_AUDITSYSCALL
 	select HAVE_ARCH_BITREVERSE
+	select HAVE_ARCH_HARDENED_USERCOPY
 	select HAVE_ARCH_HUGE_VMAP
 	select HAVE_ARCH_JUMP_LABEL
 	select HAVE_ARCH_KASAN if SPARSEMEM_VMEMMAP && !(ARM64_16K_PAGES && ARM64_VA_BITS_48)
 
@@ -265,22 +265,25 @@ extern unsigned long __must_check __clear_user(void __user *addr, unsigned long
 static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n)
 {
 	kasan_check_write(to, n);
-	return  __arch_copy_from_user(to, from, n);
+	check_object_size(to, n, false);
+	return __arch_copy_from_user(to, from, n);
 }
 
 static inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n)
 {
 	kasan_check_read(from, n);
-	return  __arch_copy_to_user(to, from, n);
+	check_object_size(from, n, true);
+	return __arch_copy_to_user(to, from, n);
 }
 
 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
 {
 	kasan_check_write(to, n);
 
-	if (access_ok(VERIFY_READ, from, n))
+	if (access_ok(VERIFY_READ, from, n)) {
+		check_object_size(to, n, false);
 		n = __arch_copy_from_user(to, from, n);
-	else /* security hole - plug it */
+	} else /* security hole - plug it */
 		memset(to, 0, n);
 	return n;
 }
@@ -289,8 +292,10 @@ static inline unsigned long __must_check copy_to_user(void __user *to, const voi
 {
 	kasan_check_read(from, n);
 
-	if (access_ok(VERIFY_WRITE, to, n))
+	if (access_ok(VERIFY_WRITE, to, n)) {
+		check_object_size(from, n, true);
 		n = __arch_copy_to_user(to, from, n);
+	}
 	return n;
 }
 
 
@@ -52,6 +52,7 @@ config IA64
 	select MODULES_USE_ELF_RELA
 	select ARCH_USE_CMPXCHG_LOCKREF
 	select HAVE_ARCH_AUDITSYSCALL
+	select HAVE_ARCH_HARDENED_USERCOPY
 	default y
 	help
 	  The Itanium Processor Family is Intel's 64-bit successor to
 
@@ -241,12 +241,18 @@ extern unsigned long __must_check __copy_user (void __user *to, const void __use
 static inline unsigned long
 __copy_to_user (void __user *to, const void *from, unsigned long count)
 {
+	if (!__builtin_constant_p(count))
+		check_object_size(from, count, true);
+
 	return __copy_user(to, (__force void __user *) from, count);
 }
 
 static inline unsigned long
 __copy_from_user (void *to, const void __user *from, unsigned long count)
 {
+	if (!__builtin_constant_p(count))
+		check_object_size(to, count, false);
+
 	return __copy_user((__force void __user *) to, from, count);
 }
 
@@ -258,8 +264,11 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
 	const void *__cu_from = (from);							\
 	long __cu_len = (n);								\
 											\
-	if (__access_ok(__cu_to, __cu_len, get_fs()))					\
-		__cu_len = __copy_user(__cu_to, (__force void __user *) __cu_from, __cu_len);	\
+	if (__access_ok(__cu_to, __cu_len, get_fs())) {					\
+		if (!__builtin_constant_p(n))						\
+			check_object_size(__cu_from, __cu_len, true);			\
+		__cu_len = __copy_user(__cu_to, (__force void __user *)  __cu_from, __cu_len);	\
+	}										\
 	__cu_len;									\
 })
 
@@ -270,8 +279,11 @@ __copy_from_user (void *to, const void __user *from, unsigned long count)
 	long __cu_len = (n);								\
 											\
 	__chk_user_ptr(__cu_from);							\
-	if (__access_ok(__cu_from, __cu_len, get_fs()))					\
+	if (__access_ok(__cu_from, __cu_len, get_fs())) {				\
+		if (!__builtin_constant_p(n))						\
+			check_object_size(__cu_to, __cu_len, false);			\
 		__cu_len = __copy_user((__force void __user *) __cu_to, __cu_from, __cu_len);	\
+	}										\
 	__cu_len;									\
 })
 
 
@@ -166,6 +166,7 @@ config PPC
 	select HAVE_LIVEPATCH if HAVE_DYNAMIC_FTRACE_WITH_REGS
 	select GENERIC_CPU_AUTOPROBE
 	select HAVE_VIRT_CPU_ACCOUNTING
+	select HAVE_ARCH_HARDENED_USERCOPY
 
 config GENERIC_CSUM
 	def_bool CPU_LITTLE_ENDIAN
 
@@ -310,10 +310,15 @@ static inline unsigned long copy_from_user(void *to,
 {
 	unsigned long over;
 
-	if (access_ok(VERIFY_READ, from, n))
+	if (access_ok(VERIFY_READ, from, n)) {
+		if (!__builtin_constant_p(n))
+			check_object_size(to, n, false);
 		return __copy_tofrom_user((__force void __user *)to, from, n);
+	}
 	if ((unsigned long)from < TASK_SIZE) {
 		over = (unsigned long)from + n - TASK_SIZE;
+		if (!__builtin_constant_p(n - over))
+			check_object_size(to, n - over, false);
 		return __copy_tofrom_user((__force void __user *)to, from,
 				n - over) + over;
 	}
@@ -325,10 +330,15 @@ static inline unsigned long copy_to_user(void __user *to,
 {
 	unsigned long over;
 
-	if (access_ok(VERIFY_WRITE, to, n))
+	if (access_ok(VERIFY_WRITE, to, n)) {
+		if (!__builtin_constant_p(n))
+			check_object_size(from, n, true);
 		return __copy_tofrom_user(to, (__force void __user *)from, n);
+	}
 	if ((unsigned long)to < TASK_SIZE) {
 		over = (unsigned long)to + n - TASK_SIZE;
+		if (!__builtin_constant_p(n))
+			check_object_size(from, n - over, true);
 		return __copy_tofrom_user(to, (__force void __user *)from,
 				n - over) + over;
 	}
@@ -372,6 +382,10 @@ static inline unsigned long __copy_from_user_inatomic(void *to,
 		if (ret == 0)
 			return 0;
 	}
+
+	if (!__builtin_constant_p(n))
+		check_object_size(to, n, false);
+
 	return __copy_tofrom_user((__force void __user *)to, from, n);
 }
 
@@ -398,6 +412,9 @@ static inline unsigned long __copy_to_user_inatomic(void __user *to,
 		if (ret == 0)
 			return 0;
 	}
+	if (!__builtin_constant_p(n))
+		check_object_size(from, n, true);
+
 	return __copy_tofrom_user(to, (__force const void __user *)from, n);
 }
 
 
@@ -123,6 +123,7 @@ config S390
 	select HAVE_ALIGNED_STRUCT_PAGE if SLUB
 	select HAVE_ARCH_AUDITSYSCALL
 	select HAVE_ARCH_EARLY_PFN_TO_NID
+	select HAVE_ARCH_HARDENED_USERCOPY
 	select HAVE_ARCH_JUMP_LABEL
 	select CPU_NO_EFFICIENT_FFS if !HAVE_MARCH_Z9_109_FEATURES
 	select HAVE_ARCH_SECCOMP_FILTER
Original file line number	Diff line number	Diff line change
`@@ -265,22 +265,25 @@ extern unsigned long __must_check __clear_user(void __user *addr, unsigned long`
`265`	`265`	`static inline unsigned long __must_check __copy_from_user(void to, const void __user from, unsigned long n)`
`266`	`266`	`{`
`267`	`267`	`kasan_check_write(to, n);`
`268`		`- return __arch_copy_from_user(to, from, n);`
	`268`	`+ check_object_size(to, n, false);`
	`269`	`+ return __arch_copy_from_user(to, from, n);`
`269`	`270`	`}`
`270`	`271`
`271`	`272`	`static inline unsigned long __must_check __copy_to_user(void __user to, const void from, unsigned long n)`
`272`	`273`	`{`
`273`	`274`	`kasan_check_read(from, n);`
`274`		`- return __arch_copy_to_user(to, from, n);`
	`275`	`+ check_object_size(from, n, true);`
	`276`	`+ return __arch_copy_to_user(to, from, n);`
`275`	`277`	`}`
`276`	`278`
`277`	`279`	`static inline unsigned long __must_check copy_from_user(void to, const void __user from, unsigned long n)`
`278`	`280`	`{`
`279`	`281`	`kasan_check_write(to, n);`
`280`	`282`
`281`		`- if (access_ok(VERIFY_READ, from, n))`
	`283`	`+ if (access_ok(VERIFY_READ, from, n)) {`
	`284`	`+ check_object_size(to, n, false);`
`282`	`285`	`n = __arch_copy_from_user(to, from, n);`
`283`		`- else /* security hole - plug it */`
	`286`	`+ } else /* security hole - plug it */`
`284`	`287`	`memset(to, 0, n);`
`285`	`288`	`return n;`
`286`	`289`	`}`
`@@ -289,8 +292,10 @@ static inline unsigned long __must_check copy_to_user(void __user *to, const voi`
`289`	`292`	`{`
`290`	`293`	`kasan_check_read(from, n);`
`291`	`294`
`292`		`- if (access_ok(VERIFY_WRITE, to, n))`
	`295`	`+ if (access_ok(VERIFY_WRITE, to, n)) {`
	`296`	`+ check_object_size(from, n, true);`
`293`	`297`	`n = __arch_copy_to_user(to, from, n);`
	`298`	`+ }`
`294`	`299`	`return n;`
`295`	`300`	`}`
`296`	`301`