API tools faq
paste
Advertisement
asdhasodjassd

Post fb041b598997d63c0f7d7305dfae70046bf66fe1 rw_copy_check_uvector

asdhasodjassd
Oct 23rd, 2020 (edited)
205
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.95 KB | None | 0 0
raw download clone embed print report
  1. Post fb041b598997d63c0f7d7305dfae70046bf66fe1 rw_copy_check_uvector
  2.  
  3. 0000000000005170 <rw_copy_check_uvector>:
  4. * or a negative error code on error.
  5. */
  6. ssize_t rw_copy_check_uvector(int type, const struct iovec __user *uvector,
  7. unsigned long nr_segs, unsigned long fast_segs,
  8. struct iovec *fast_pointer, struct iovec **ret_pointer)
  9. {
  10. 5170: d503233f paciasp
  11. 5174: a9bb7bfd stp x29, x30, [sp, #-80]!
  12. 5178: f9000bf9 str x25, [sp, #16]
  13. 517c: a9025ff8 stp x24, x23, [sp, #32]
  14. 5180: a90357f6 stp x22, x21, [sp, #48]
  15. 5184: a9044ff4 stp x20, x19, [sp, #64]
  16. 5188: 910003fd mov x29, sp
  17. 518c: aa0503f3 mov x19, x5
  18. 5190: aa0403f4 mov x20, x4
  19. /*
  20. * SuS says "The readv() function *may* fail if the iovcnt argument
  21. * was less than or equal to 0, or greater than {IOV_MAX}. Linux has
  22. * traditionally returned zero for zero segments, so...
  23. */
  24. if (nr_segs == 0) {
  25. 5194: b40000c2 cbz x2, 51ac <rw_copy_check_uvector+0x3c>
  26. 5198: aa0203f6 mov x22, x2
  27.  
  28. /*
  29. * First get the "struct iovec" from user memory and
  30. * verify all the pointers
  31. */
  32. if (nr_segs > UIO_MAXIOV) {
  33. 519c: f110005f cmp x2, #0x400
  34. 51a0: 54000189 b.ls 51d0 <rw_copy_check_uvector+0x60> // b.plast
  35. 51a4: 928002a0 mov x0, #0xffffffffffffffea // #-22
  36. 51a8: 14000002 b 51b0 <rw_copy_check_uvector+0x40>
  37. 51ac: aa1f03e0 mov x0, xzr
  38. iov[seg].iov_len = len;
  39. }
  40. ret += len;
  41. }
  42. out:
  43. *ret_pointer = iov;
  44. 51b0: f9000274 str x20, [x19]
  45. return ret;
  46. }
  47. 51b4: a9444ff4 ldp x20, x19, [sp, #64]
  48. 51b8: a94357f6 ldp x22, x21, [sp, #48]
  49. 51bc: a9425ff8 ldp x24, x23, [sp, #32]
  50. 51c0: f9400bf9 ldr x25, [sp, #16]
  51. 51c4: a8c57bfd ldp x29, x30, [sp], #80
  52. 51c8: d50323bf autiasp
  53. 51cc: d65f03c0 ret
  54. 51d0: aa0103f7 mov x23, x1
  55. 51d4: 2a0003f5 mov w21, w0
  56. if (nr_segs > fast_segs) {
  57. 51d8: eb0302df cmp x22, x3
  58. 51dc: 540000a9 b.ls 51f0 <rw_copy_check_uvector+0x80> // b.plast
  59. iov = kmalloc_array(nr_segs, sizeof(struct iovec), GFP_KERNEL);
  60. 51e0: aa1603e0 mov x0, x22
  61. 51e4: 9400004b bl 5310 <kmalloc_array>
  62. 51e8: aa0003f4 mov x20, x0
  63. if (iov == NULL) {
  64. 51ec: b4000780 cbz x0, 52dc <rw_copy_check_uvector+0x16c>
  65. 51f0: d5384119 mrs x25, sp_el0
  66. (current->flags & PF_KTHREAD || test_thread_flag(TIF_TAGGED_ADDR)))
  67. 51f4: 3940bb2a ldrb w10, [x25, #46]
  68. unsigned long ret, limit = current_thread_info()->addr_limit;
  69. 51f8: f9400729 ldr x9, [x25, #8]
  70. if (copy_from_user(iov, uvector, nr_segs*sizeof(*uvector))) {
  71. 51fc: d37ceed8 lsl x24, x22, #4
  72. 5200: d378dee8 lsl x8, x23, #8
  73. (current->flags & PF_KTHREAD || test_thread_flag(TIF_TAGGED_ADDR)))
  74. 5204: 3728008a tbnz w10, #5, 5214 <rw_copy_check_uvector+0xa4>
  75. 5208: f940032b ldr x11, [x25]
  76. 520c: aa1703ea mov x10, x23
  77. if (IS_ENABLED(CONFIG_ARM64_TAGGED_ADDR_ABI) &&
  78. 5210: 36d0004b tbz w11, #26, 5218 <rw_copy_check_uvector+0xa8>
  79. addr = untagged_addr(addr);
  80. 5214: 8a8822ea and x10, x23, x8, asr #8
  81. asm volatile(
  82. 5218: ab18014a adds x10, x10, x24
  83. 521c: 9a8983e9 csel x9, xzr, x9, hi // hi = pmore
  84. 5220: da9f314a csinv x10, x10, xzr, cc // cc = lo, ul, last
  85. 5224: fa09015f sbcs xzr, x10, x9
  86. 5228: 9a9f87ea cset x10, ls // ls = plast
  87. if (likely(access_ok(from, n))) {
  88. 522c: b400060a cbz x10, 52ec <rw_copy_check_uvector+0x17c>
  89. __uaccess_enable(ARM64_ALT_PAN_NOT_UAO);
  90. 5230: d503201f nop
  91. : "r" (ptr), "r" (current_thread_info()->addr_limit),
  92. 5234: f9400729 ldr x9, [x25, #8]
  93. "r" (untagged_addr(ptr))
  94. 5238: 8a8822e8 and x8, x23, x8, asr #8
  95. asm volatile(
  96. 523c: ea29011f bics xzr, x8, x9
  97. 5240: 9a9f02e1 csel x1, x23, xzr, eq // eq = none
  98. csdb();
  99. 5244: d503229f csdb
  100. res = raw_copy_from_user(to, from, n);
  101. 5248: aa1403e0 mov x0, x20
  102. 524c: aa1803e2 mov x2, x24
  103. 5250: 94000000 bl 0 <__arch_copy_from_user>
  104. __uaccess_disable(ARM64_ALT_PAN_NOT_UAO);
  105. 5254: d503201f nop
  106. if (unlikely(res))
  107. 5258: b50004e0 cbnz x0, 52f4 <rw_copy_check_uvector+0x184>
  108. for (seg = 0; seg < nr_segs; seg++) {
  109. 525c: f10006df cmp x22, #0x1
  110. 5260: 91002288 add x8, x20, #0x8
  111. 5264: 9a9f86c9 csinc x9, x22, xzr, hi // hi = pmore
  112. 5268: 32144bea mov w10, #0x7ffff000 // #2147479552
  113. 526c: 14000005 b 5280 <rw_copy_check_uvector+0x110>
  114. ret += len;
  115. 5270: 8b000160 add x0, x11, x0
  116. for (seg = 0; seg < nr_segs; seg++) {
  117. 5274: f1000529 subs x9, x9, #0x1
  118. 5278: 91004108 add x8, x8, #0x10
  119. 527c: 54fff9a0 b.eq 51b0 <rw_copy_check_uvector+0x40> // b.none
  120. ssize_t len = (ssize_t)iov[seg].iov_len;
  121. 5280: f940010b ldr x11, [x8]
  122. if (len < 0) {
  123. 5284: b7fff90b tbnz x11, #63, 51a4 <rw_copy_check_uvector+0x34>
  124. && unlikely(!access_ok(buf, len))) {
  125. 5288: 37f801f5 tbnz w21, #31, 52c4 <rw_copy_check_uvector+0x154>
  126. 528c: f85f810c ldur x12, [x8, #-8]
  127. (current->flags & PF_KTHREAD || test_thread_flag(TIF_TAGGED_ADDR)))
  128. 5290: 3940bb2e ldrb w14, [x25, #46]
  129. unsigned long ret, limit = current_thread_info()->addr_limit;
  130. 5294: f940072d ldr x13, [x25, #8]
  131. (current->flags & PF_KTHREAD || test_thread_flag(TIF_TAGGED_ADDR)))
  132. 5298: 3728006e tbnz w14, #5, 52a4 <rw_copy_check_uvector+0x134>
  133. 529c: f940032e ldr x14, [x25]
  134. if (IS_ENABLED(CONFIG_ARM64_TAGGED_ADDR_ABI) &&
  135. 52a0: 36d0006e tbz w14, #26, 52ac <rw_copy_check_uvector+0x13c>
  136. 52a4: d378dd8e lsl x14, x12, #8
  137. addr = untagged_addr(addr);
  138. 52a8: 8a8e218c and x12, x12, x14, asr #8
  139. asm volatile(
  140. 52ac: ab0b018c adds x12, x12, x11
  141. 52b0: 9a8d83ed csel x13, xzr, x13, hi // hi = pmore
  142. 52b4: da9f318c csinv x12, x12, xzr, cc // cc = lo, ul, last
  143. 52b8: fa0d019f sbcs xzr, x12, x13
  144. 52bc: 9a9f87ec cset x12, ls // ls = plast
  145. if (type >= 0
  146. 52c0: b400012c cbz x12, 52e4 <rw_copy_check_uvector+0x174>
  147. if (len > MAX_RW_COUNT - ret) {
  148. 52c4: cb00014c sub x12, x10, x0
  149. 52c8: eb0c017f cmp x11, x12
  150. 52cc: 54fffd29 b.ls 5270 <rw_copy_check_uvector+0x100> // b.plast
  151. 52d0: aa0c03eb mov x11, x12
  152. iov[seg].iov_len = len;
  153. 52d4: f900010c str x12, [x8]
  154. 52d8: 17ffffe6 b 5270 <rw_copy_check_uvector+0x100>
  155. 52dc: 92800160 mov x0, #0xfffffffffffffff4 // #-12
  156. 52e0: 17ffffb4 b 51b0 <rw_copy_check_uvector+0x40>
  157. 52e4: 928001a0 mov x0, #0xfffffffffffffff2 // #-14
  158. 52e8: 17ffffb2 b 51b0 <rw_copy_check_uvector+0x40>
  159. 52ec: aa1803e2 mov x2, x24
  160. 52f0: 14000002 b 52f8 <rw_copy_check_uvector+0x188>
  161. 52f4: aa0003e2 mov x2, x0
  162. memset(to + (n - res), 0, res);
  163. 52f8: cb020308 sub x8, x24, x2
  164. 52fc: 8b080280 add x0, x20, x8
  165. 5300: 2a1f03e1 mov w1, wzr
  166. 5304: 94000000 bl 0 <memset>
  167. 5308: 928001a0 mov x0, #0xfffffffffffffff2 // #-14
  168. 530c: 17ffffa9 b 51b0 <rw_copy_check_uvector+0x40>
  169.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!