sparc: Use __builtin_object_size() to validate the buffer size for copy_from_user()

[pandora-kernel.git] / arch / sparc / include / asm / uaccess_32.h

diff --git a/arch/sparc/include/asm/uaccess_32.h b/arch/sparc/include/asm/uaccess_32.h
index 8303ac4..489d2ba 100644 (file)
--- a/arch/sparc/include/asm/uaccess_32.h
+++ b/arch/sparc/include/asm/uaccess_32.h
@@ -260,8 +260,23 @@ static inline unsigned long __copy_to_user(void __user *to, const void *from, un
        return __copy_user(to, (__force void __user *) from, n);
 }
 
+extern void copy_from_user_overflow(void)
+#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
+       __compiletime_error("copy_from_user() buffer size is not provably correct")
+#else
+       __compiletime_warning("copy_from_user() buffer size is not provably correct")
+#endif
+;
+
 static inline unsigned long copy_from_user(void *to, const void __user *from, unsigned long n)
 {
+       int sz = __compiletime_object_size(to);
+
+       if (unlikely(sz != -1 && sz < n)) {
+               copy_from_user_overflow();
+               return -EFAULT;
+       }
+
        if (n && __access_ok((unsigned long) from, n))
                return __copy_user((__force void __user *) to, from, n);
        else