[PATCH] x86: Add a Kconfig option to turn the copy_from_user warnings into errors

From: Arjan van de Ven
Date: Fri Oct 02 2009 - 10:35:27 EST

Next message: Hennerich, Michael: "RE: [Uclinux-dist-devel] [PATCH v2] mfd: ADP5520 MultifunctionLCDBacklight and Keypad Input Device Driver"
Previous message: Peter Jones: "Re: [PATCH] iSCSI/iBFT: use proper address translation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

For automated testing it is useful to have the option to turn
the warnings on copy_from_user() etc checks into errors:

In function â??copy_from_userâ??,
inlined from â??fd_copyinâ?? at drivers/block/floppy.c:3080,
inlined from â??fd_ioctlâ?? at drivers/block/floppy.c:3503:
/home/arjan/linux/arch/x86/include/asm/uaccess_32.h:213:
error: call to â??copy_from_user_overflowâ?? declared with attribute error:
copy_from_user buffer size is not provably correct

Signed-off-by: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>
---
arch/x86/Kconfig.debug | 14 ++++++++++++++
arch/x86/include/asm/uaccess_32.h | 4 +++-
include/linux/compiler-gcc4.h | 1 +
include/linux/compiler.h | 3 +++
4 files changed, 21 insertions(+), 1 deletions(-)

diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index d105f29..1bd2e36 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -287,4 +287,18 @@ config OPTIMIZE_INLINING

If unsure, say N.

+config DEBUG_STRICT_USER_COPY_CHECKS
+ bool "Strict copy size checks"
+ depends on DEBUG_KERNEL
+ ---help---
+ Enabling this option turns a certain set of sanity checks for user
+ copy operations into compile time failures.
+
+ The copy_from_user() etc checks are there to help test if there
+ are sufficient security checks on the length argument of
+ the copy operation, by having gcc prove that the argument is
+ within bounds.
+
+ If unsure, or if you run an older (pre 4.4) gcc, say N.
+
endmenu
diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h
index 952f9e7..0c9825e 100644
--- a/arch/x86/include/asm/uaccess_32.h
+++ b/arch/x86/include/asm/uaccess_32.h
@@ -193,7 +193,9 @@ unsigned long __must_check _copy_from_user(void *to,

extern void copy_from_user_overflow(void)
-#ifdef CONFIG_DEBUG_STACKOVERFLOW
+#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
+ __compiletime_error("copy_from_user() buffer size is not provably correct")
+#else
__compiletime_warning("copy_from_user() buffer size is not provably correct")
#endif
;
diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
index f1709c1..77542c5 100644
--- a/include/linux/compiler-gcc4.h
+++ b/include/linux/compiler-gcc4.h
@@ -41,4 +41,5 @@
#define __compiletime_object_size(obj) __builtin_object_size(obj, 0)
#if __GNUC_MINOR__ >= 4
#define __compiletime_warning(message) __attribute__((warning(message)))
+#define __compiletime_error(message) __attribute__((error(message)))
#endif
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 241dfd8..d1cc9f0 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -192,6 +192,9 @@ extern void __chk_io_ptr(const volatile void __iomem *);
#ifndef __compiletime_warning
# define __compiletime_warning(message)
#endif
+#ifndef __compiletime_error
+# define __compiletime_error(message)
+#endif

/*
* Prevent the compiler from merging or refetching accesses. The compiler
--
1.6.2.5

--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Hennerich, Michael: "RE: [Uclinux-dist-devel] [PATCH v2] mfd: ADP5520 MultifunctionLCDBacklight and Keypad Input Device Driver"
Previous message: Peter Jones: "Re: [PATCH] iSCSI/iBFT: use proper address translation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]