Use clamping to more easily normalize input values

The kernel has min/max/clamp macros to make range comparisons easier.
Clamp is a newer invention, but we can define it for older kernels in
terms of min and max.

2 files changed, 9 insertions, 12 deletions

diff --git a/tapset/conversions.stp b/tapset/conversions.stp
index ec990aed..3bbbb725 100644
--- a/tapset/conversions.stp
+++ b/tapset/conversions.stp
@@ -35,8 +35,7 @@ deref_fault: /* branched to from deref_string() */
  */
 function kernel_string_n:string (addr:long, n:long) %{ /* pure */
   char *destination = THIS->__retvalue;
-  long len = THIS->n + 1;
-  len = (len > MAXSTRINGLEN) ? MAXSTRINGLEN : len;
+  int64_t len = clamp_t(int64_t, THIS->n + 1, 1, MAXSTRINGLEN);
   deref_string (destination, THIS->addr, len);
   if (0) {
 deref_fault: /* branched to from deref_string() */
@@ -210,9 +209,8 @@ function user_string_n:string (addr:long, n:long) {
  * the rare cases when userspace data is not accessible at the given address.
  */
 function user_string_n2:string (addr:long, n:long, err_msg:string) %{ /* pure */ /* unprivileged */
-	long len = THIS->n + 1;
+	int64_t len = clamp_t(int64_t, THIS->n + 1, 1, MAXSTRINGLEN);
         assert_is_myproc();
-	len = (len > MAXSTRINGLEN) ? MAXSTRINGLEN : len;
 	if (_stp_strncpy_from_user(THIS->__retvalue,
 				(char __user *) (uintptr_t) THIS->addr,
 				len) < 0)
@@ -232,11 +230,10 @@ function user_string_n2:string (addr:long, n:long, err_msg:string) %{ /* pure */
  * about the failure.
  */
 function user_string_n_warn:string (addr:long, n:long) %{ /* pure */ /* unprivileged */
-	long len = THIS->n + 1;
+	int64_t len = clamp_t(int64_t, THIS->n + 1, 1, MAXSTRINGLEN);
 	long rc;
 
         assert_is_myproc();
-	len = (len > MAXSTRINGLEN) ? MAXSTRINGLEN : len;
 	rc = _stp_strncpy_from_user(THIS->__retvalue,
 			(char __user *) (uintptr_t) THIS->addr, len);
 	if (rc < 0) {
@@ -264,9 +261,8 @@ function user_string_n_warn:string (addr:long, n:long) %{ /* pure */ /* unprivil
  * address.
  */
 function user_string_n_quoted:string (addr:long, n:long) %{ /* pure */ /* unprivileged */
-        long len;
+        int64_t len = clamp_t(int64_t, THIS->n + 1, 1, MAXSTRINGLEN);
         assert_is_myproc();
-	len = THIS->n + 1;
 	if (THIS->addr == 0)
 		strlcpy(THIS->__retvalue, "NULL", MAXSTRINGLEN);
 	else
diff --git a/tapset/string.stp b/tapset/string.stp
index 59ba74ee..d03e5570 100644
--- a/tapset/string.stp
+++ b/tapset/string.stp
@@ -27,8 +27,8 @@ function strlen:long(s:string) %{ /* pure */ /* unprivileged */
  * starting at the given start position.
  */
 function substr:string(str:string,start:long, length:long) %{ /* pure */ /* unprivileged */
-	int length = THIS->length >= MAXSTRINGLEN ? MAXSTRINGLEN : THIS->length + 1;
-	if (THIS->start >= 0 && length > 0 && THIS->start < strlen(THIS->str))
+	int64_t length = clamp_t(int64_t, THIS->length + 1, 0, MAXSTRINGLEN);
+	if (THIS->start >= 0 && THIS->start < strlen(THIS->str))
 		strlcpy(THIS->__retvalue, THIS->str + THIS->start, length);
 %}
 
@@ -87,7 +87,8 @@ function text_str:string(input:string)
  */
 function text_strn:string(input:string, len:long, quoted:long)
 %{ /* pure */ /* unprivileged */
-	_stp_text_str(THIS->__retvalue, THIS->input, THIS->len, THIS->quoted, 0);
+	int64_t len = clamp_t(int64_t, THIS->len, 0, MAXSTRINGLEN);
+	_stp_text_str(THIS->__retvalue, THIS->input, len, THIS->quoted, 0);
 %}
 
 /**
@@ -162,4 +163,4 @@ function str_replace:string (prnt_str:string, srch_str:string, rplc_str:string)
 function strtol:long(str:string, base:long)
 %{ /* pure */ /* unprivileged */
 	THIS->__retvalue = simple_strtol(THIS->str, NULL, THIS->base);
-%}
\ No newline at end of file
+%}