diff options
| author | Arjan van de Ven <arjan@infradead.org> | 2009-10-02 10:50:50 -0400 |
|---|---|---|
| committer | Ingo Molnar <mingo@elte.hu> | 2009-10-02 13:01:42 -0400 |
| commit | 63312b6a6faae3f2e5577f2b001e3b504f10a2aa (patch) | |
| tree | 5ef6f8449d844652c7046c2659409ef8297f3e0b /arch/x86 | |
| parent | 4a3127693001c61a21d1ce680db6340623f52e93 (diff) | |
x86: Add a Kconfig option to turn the copy_from_user warnings into errors
For automated testing it is useful to have the option to turn
the warnings on copy_from_user() etc checks into errors:
In function ‘copy_from_user’,
inlined from ‘fd_copyin’ at drivers/block/floppy.c:3080,
inlined from ‘fd_ioctl’ at drivers/block/floppy.c:3503:
linux/arch/x86/include/asm/uaccess_32.h:213:
error: call to ‘copy_from_user_overflow’ declared with attribute error:
copy_from_user buffer size is not provably correct
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
LKML-Reference: <20091002075050.4e9f7641@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'arch/x86')
| -rw-r--r-- | arch/x86/Kconfig.debug | 14 | ||||
| -rw-r--r-- | arch/x86/include/asm/uaccess_32.h | 4 |
2 files changed, 17 insertions, 1 deletions
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug index d105f29bb6bb..1bd2e36f1538 100644 --- a/arch/x86/Kconfig.debug +++ b/arch/x86/Kconfig.debug | |||
| @@ -287,4 +287,18 @@ config OPTIMIZE_INLINING | |||
| 287 | 287 | ||
| 288 | If unsure, say N. | 288 | If unsure, say N. |
| 289 | 289 | ||
| 290 | config DEBUG_STRICT_USER_COPY_CHECKS | ||
| 291 | bool "Strict copy size checks" | ||
| 292 | depends on DEBUG_KERNEL | ||
| 293 | ---help--- | ||
| 294 | Enabling this option turns a certain set of sanity checks for user | ||
| 295 | copy operations into compile time failures. | ||
| 296 | |||
| 297 | The copy_from_user() etc checks are there to help test if there | ||
| 298 | are sufficient security checks on the length argument of | ||
| 299 | the copy operation, by having gcc prove that the argument is | ||
| 300 | within bounds. | ||
| 301 | |||
| 302 | If unsure, or if you run an older (pre 4.4) gcc, say N. | ||
| 303 | |||
| 290 | endmenu | 304 | endmenu |
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h index 952f9e793c3e..0c9825e97f36 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h | |||
| @@ -193,7 +193,9 @@ unsigned long __must_check _copy_from_user(void *to, | |||
| 193 | 193 | ||
| 194 | 194 | ||
| 195 | extern void copy_from_user_overflow(void) | 195 | extern void copy_from_user_overflow(void) |
| 196 | #ifdef CONFIG_DEBUG_STACKOVERFLOW | 196 | #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS |
| 197 | __compiletime_error("copy_from_user() buffer size is not provably correct") | ||
| 198 | #else | ||
| 197 | __compiletime_warning("copy_from_user() buffer size is not provably correct") | 199 | __compiletime_warning("copy_from_user() buffer size is not provably correct") |
| 198 | #endif | 200 | #endif |
| 199 | ; | 201 | ; |