diff options
author | Chris Metcalf <cmetcalf@tilera.com> | 2013-08-09 16:21:43 -0400 |
---|---|---|
committer | Chris Metcalf <cmetcalf@tilera.com> | 2013-08-30 11:56:42 -0400 |
commit | c0f060106000bafafc56ad2af147e541458eabdd (patch) | |
tree | b76b78391f9e86d558f44640000e0589b5076431 | |
parent | 084fe6a0f53f61fd5f9b33391af1077addec0ce0 (diff) | |
download | kernel-common-c0f060106000bafafc56ad2af147e541458eabdd.tar.gz kernel-common-c0f060106000bafafc56ad2af147e541458eabdd.tar.bz2 kernel-common-c0f060106000bafafc56ad2af147e541458eabdd.zip |
tile: fix strncpy_from_user bug
In strncpy_from_user_asm, when the destination buffer length was the
same as the actual string length, we were returning the size of the
destination buffer. But since it's a NUL terminated string, we should
return the length of the string instead.
Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
-rw-r--r-- | arch/tile/lib/usercopy_32.S | 11 | ||||
-rw-r--r-- | arch/tile/lib/usercopy_64.S | 11 |
2 files changed, 12 insertions, 10 deletions
diff --git a/arch/tile/lib/usercopy_32.S b/arch/tile/lib/usercopy_32.S index bb4c127be6e9..1bc162224638 100644 --- a/arch/tile/lib/usercopy_32.S +++ b/arch/tile/lib/usercopy_32.S @@ -48,12 +48,13 @@ strnlen_user_fault: */ STD_ENTRY(strncpy_from_user_asm) { bz r2, 2f; move r3, r0 } -1: { lb_u r4, r1; addi r1, r1, 1; addi r2, r2, -1 } +1: { lb_u r4, r1; addi r1, r1, 1; addi r2, r2, -1 } { sb r0, r4; addi r0, r0, 1 } - bz r2, 2f - bnzt r4, 1b - addi r0, r0, -1 /* don't count the trailing NUL */ -2: { sub r0, r0, r3; jrp lr } + bz r4, 2f + bnzt r2, 1b + { sub r0, r0, r3; jrp lr } +2: addi r0, r0, -1 /* don't count the trailing NUL */ + { sub r0, r0, r3; jrp lr } STD_ENDPROC(strncpy_from_user_asm) .pushsection .fixup,"ax" strncpy_from_user_fault: diff --git a/arch/tile/lib/usercopy_64.S b/arch/tile/lib/usercopy_64.S index 0d94844eb218..b3b31a3306f8 100644 --- a/arch/tile/lib/usercopy_64.S +++ b/arch/tile/lib/usercopy_64.S @@ -48,12 +48,13 @@ strnlen_user_fault: */ STD_ENTRY(strncpy_from_user_asm) { beqz r2, 2f; move r3, r0 } -1: { ld1u r4, r1; addi r1, r1, 1; addi r2, r2, -1 } +1: { ld1u r4, r1; addi r1, r1, 1; addi r2, r2, -1 } { st1 r0, r4; addi r0, r0, 1 } - beqz r2, 2f - bnezt r4, 1b - addi r0, r0, -1 /* don't count the trailing NUL */ -2: { sub r0, r0, r3; jrp lr } + beqz r4, 2f + bnezt r2, 1b + { sub r0, r0, r3; jrp lr } +2: addi r0, r0, -1 /* don't count the trailing NUL */ + { sub r0, r0, r3; jrp lr } STD_ENDPROC(strncpy_from_user_asm) .pushsection .fixup,"ax" strncpy_from_user_fault: |