Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 63312b6a authored Oct 02, 2009 by Arjan van de Ven Committed by Ingo Molnar Oct 02, 2009

x86: Add a Kconfig option to turn the copy_from_user warnings into errors



For automated testing it is useful to have the option to turn
the warnings on copy_from_user() etc checks into errors:

 In function ‘copy_from_user’,
     inlined from ‘fd_copyin’ at drivers/block/floppy.c:3080,
     inlined from ‘fd_ioctl’ at drivers/block/floppy.c:3503:
   linux/arch/x86/include/asm/uaccess_32.h:213:
  error: call to ‘copy_from_user_overflow’ declared with attribute error:
  copy_from_user buffer size is not provably correct

Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
LKML-Reference: <20091002075050.4e9f7641@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>

parent 4a312769

arch/x86/Kconfig.debug

+14 −0

Original line number	Diff line number	Diff line
		@@ -287,4 +287,18 @@ config OPTIMIZE_INLINING

		If unsure, say N.

		config DEBUG_STRICT_USER_COPY_CHECKS
		bool "Strict copy size checks"
		depends on DEBUG_KERNEL
		---help---
		Enabling this option turns a certain set of sanity checks for user
		copy operations into compile time failures.

		The copy_from_user() etc checks are there to help test if there
		are sufficient security checks on the length argument of
		the copy operation, by having gcc prove that the argument is
		within bounds.

		If unsure, or if you run an older (pre 4.4) gcc, say N.

		endmenu

arch/x86/include/asm/uaccess_32.h

+3 −1

Original line number	Diff line number	Diff line
		@@ -193,7 +193,9 @@ unsigned long __must_check _copy_from_user(void *to,


		extern void copy_from_user_overflow(void)
		#ifdef CONFIG_DEBUG_STACKOVERFLOW
		#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
		__compiletime_error("copy_from_user() buffer size is not provably correct")
		#else
		__compiletime_warning("copy_from_user() buffer size is not provably correct")
		#endif
		;

include/linux/compiler-gcc4.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -41,4 +41,5 @@
		#define __compiletime_object_size(obj) __builtin_object_size(obj, 0)
		#if __GNUC_MINOR__ >= 4
		#define __compiletime_warning(message) __attribute__((warning(message)))
		#define __compiletime_error(message) __attribute__((error(message)))
		#endif

include/linux/compiler.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -273,6 +273,9 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
		#ifndef __compiletime_warning
		# define __compiletime_warning(message)
		#endif
		#ifndef __compiletime_error
		# define __compiletime_error(message)
		#endif

		/*
		* Prevent the compiler from merging or refetching accesses. The compiler