aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArjan van de Ven <arjan@infradead.org>2009-10-02 10:50:50 -0400
committerIngo Molnar <mingo@elte.hu>2009-10-02 13:01:42 -0400
commit63312b6a6faae3f2e5577f2b001e3b504f10a2aa (patch)
tree5ef6f8449d844652c7046c2659409ef8297f3e0b
parent4a3127693001c61a21d1ce680db6340623f52e93 (diff)
x86: Add a Kconfig option to turn the copy_from_user warnings into errors
For automated testing it is useful to have the option to turn the warnings on copy_from_user() etc checks into errors: In function ‘copy_from_user’, inlined from ‘fd_copyin’ at drivers/block/floppy.c:3080, inlined from ‘fd_ioctl’ at drivers/block/floppy.c:3503: linux/arch/x86/include/asm/uaccess_32.h:213: error: call to ‘copy_from_user_overflow’ declared with attribute error: copy_from_user buffer size is not provably correct Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andrew Morton <akpm@linux-foundation.org> LKML-Reference: <20091002075050.4e9f7641@infradead.org> Signed-off-by: Ingo Molnar <mingo@elte.hu>
-rw-r--r--arch/x86/Kconfig.debug14
-rw-r--r--arch/x86/include/asm/uaccess_32.h4
-rw-r--r--include/linux/compiler-gcc4.h1
-rw-r--r--include/linux/compiler.h3
4 files changed, 21 insertions, 1 deletions
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index d105f29bb6bb..1bd2e36f1538 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -287,4 +287,18 @@ config OPTIMIZE_INLINING
287 287
288 If unsure, say N. 288 If unsure, say N.
289 289
290config DEBUG_STRICT_USER_COPY_CHECKS
291 bool "Strict copy size checks"
292 depends on DEBUG_KERNEL
293 ---help---
294 Enabling this option turns a certain set of sanity checks for user
295 copy operations into compile time failures.
296
297 The copy_from_user() etc checks are there to help test if there
298 are sufficient security checks on the length argument of
299 the copy operation, by having gcc prove that the argument is
300 within bounds.
301
302 If unsure, or if you run an older (pre 4.4) gcc, say N.
303
290endmenu 304endmenu
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
index 952f9e793c3e..0c9825e97f36 100644
--- a/arch/x86/include/asm/uaccess_32.h
+++ b/arch/x86/include/asm/uaccess_32.h
@@ -193,7 +193,9 @@ unsigned long __must_check _copy_from_user(void *to,
193 193
194 194
195extern void copy_from_user_overflow(void) 195extern void copy_from_user_overflow(void)
196#ifdef CONFIG_DEBUG_STACKOVERFLOW 196#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
197 __compiletime_error("copy_from_user() buffer size is not provably correct")
198#else
197 __compiletime_warning("copy_from_user() buffer size is not provably correct") 199 __compiletime_warning("copy_from_user() buffer size is not provably correct")
198#endif 200#endif
199; 201;
diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
index f1709c1f9eae..77542c57e20a 100644
--- a/include/linux/compiler-gcc4.h
+++ b/include/linux/compiler-gcc4.h
@@ -41,4 +41,5 @@
41#define __compiletime_object_size(obj) __builtin_object_size(obj, 0) 41#define __compiletime_object_size(obj) __builtin_object_size(obj, 0)
42#if __GNUC_MINOR__ >= 4 42#if __GNUC_MINOR__ >= 4
43#define __compiletime_warning(message) __attribute__((warning(message))) 43#define __compiletime_warning(message) __attribute__((warning(message)))
44#define __compiletime_error(message) __attribute__((error(message)))
44#endif 45#endif
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 950356311f12..88fd4b673cb4 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -273,6 +273,9 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
273#ifndef __compiletime_warning 273#ifndef __compiletime_warning
274# define __compiletime_warning(message) 274# define __compiletime_warning(message)
275#endif 275#endif
276#ifndef __compiletime_error
277# define __compiletime_error(message)
278#endif
276 279
277/* 280/*
278 * Prevent the compiler from merging or refetching accesses. The compiler 281 * Prevent the compiler from merging or refetching accesses. The compiler