From 592a88f927c56b76f80ffdf030cbec77df2393e5 Mon Sep 17 00:00:00 2001 From: Sedat Dilek Date: Fri, 29 Jul 2011 11:51:35 +0200 Subject: [PATCH] Revert "The help text for this config is duplicated across the x86, parisc, and" This reverts commit ab3b49d018924085e5d949c1af53fae0da9a8d94. --- arch/parisc/Kconfig | 1 - arch/parisc/Kconfig.debug | 14 ++++++++++++++ arch/s390/Kconfig | 1 - arch/s390/Kconfig.debug | 14 ++++++++++++++ arch/s390/lib/Makefile | 1 + arch/s390/lib/usercopy.c | 8 ++++++++ arch/sparc/lib/Makefile | 1 + arch/sparc/lib/usercopy.c | 8 ++++++++ arch/tile/Kconfig | 8 +++++++- arch/tile/include/asm/uaccess.h | 7 +------ arch/tile/lib/uaccess.c | 8 ++++++++ arch/x86/Kconfig | 1 - arch/x86/Kconfig.debug | 14 ++++++++++++++ arch/x86/lib/usercopy_32.c | 6 ++++++ arch/x86/lib/usercopy_64.c | 6 ++++++ lib/Kconfig.debug | 18 ------------------ lib/Makefile | 1 - lib/usercopy.c | 8 -------- 18 files changed, 88 insertions(+), 37 deletions(-) create mode 100644 arch/s390/lib/usercopy.c create mode 100644 arch/sparc/lib/usercopy.c delete mode 100644 lib/usercopy.c diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig index 5dcb59f..e077b0b 100644 --- a/arch/parisc/Kconfig +++ b/arch/parisc/Kconfig @@ -7,7 +7,6 @@ config PARISC select HAVE_FUNCTION_TRACE_MCOUNT_TEST if 64BIT select RTC_CLASS select RTC_DRV_GENERIC - select ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS select INIT_ALL_POSSIBLE select BUG select HAVE_IRQ_WORK diff --git a/arch/parisc/Kconfig.debug b/arch/parisc/Kconfig.debug index bc989e5..7305ac8 100644 --- a/arch/parisc/Kconfig.debug +++ b/arch/parisc/Kconfig.debug @@ -12,4 +12,18 @@ config DEBUG_RODATA portion of the kernel code won't be covered by a TLB anymore. If in doubt, say "N". +config DEBUG_STRICT_USER_COPY_CHECKS + bool "Strict copy size checks" + depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING + ---help--- + Enabling this option turns a certain set of sanity checks for user + copy operations into compile time failures. + + The copy_from_user() etc checks are there to help test if there + are sufficient security checks on the length argument of + the copy operation, by having gcc prove that the argument is + within bounds. + + If unsure, or if you run an older (pre 4.4) gcc, say N. + endmenu diff --git a/arch/s390/Kconfig b/arch/s390/Kconfig index 9e576bb..0f98bbd 100644 --- a/arch/s390/Kconfig +++ b/arch/s390/Kconfig @@ -119,7 +119,6 @@ config S390 select ARCH_INLINE_WRITE_UNLOCK_BH select ARCH_INLINE_WRITE_UNLOCK_IRQ select ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE - select ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS config SCHED_OMIT_FRAME_POINTER def_bool y diff --git a/arch/s390/Kconfig.debug b/arch/s390/Kconfig.debug index aa1796c..d76cef3 100644 --- a/arch/s390/Kconfig.debug +++ b/arch/s390/Kconfig.debug @@ -17,6 +17,20 @@ config STRICT_DEVMEM If you are unsure, say Y. +config DEBUG_STRICT_USER_COPY_CHECKS + def_bool n + prompt "Strict user copy size checks" + ---help--- + Enabling this option turns a certain set of sanity checks for user + copy operations into compile time warnings. + + The copy_from_user() etc checks are there to help test if there + are sufficient security checks on the length argument of + the copy operation, by having gcc prove that the argument is + within bounds. + + If unsure, or if you run an older (pre 4.4) gcc, say N. + config DEBUG_SET_MODULE_RONX def_bool y depends on MODULES diff --git a/arch/s390/lib/Makefile b/arch/s390/lib/Makefile index 97975ec..761ab8b 100644 --- a/arch/s390/lib/Makefile +++ b/arch/s390/lib/Makefile @@ -3,6 +3,7 @@ # lib-y += delay.o string.o uaccess_std.o uaccess_pt.o +obj-y += usercopy.o obj-$(CONFIG_32BIT) += div64.o qrnnd.o ucmpdi2.o lib-$(CONFIG_64BIT) += uaccess_mvcos.o lib-$(CONFIG_SMP) += spinlock.o diff --git a/arch/s390/lib/usercopy.c b/arch/s390/lib/usercopy.c new file mode 100644 index 0000000..14b363f --- /dev/null +++ b/arch/s390/lib/usercopy.c @@ -0,0 +1,8 @@ +#include +#include + +void copy_from_user_overflow(void) +{ + WARN(1, "Buffer overflow detected!\n"); +} +EXPORT_SYMBOL(copy_from_user_overflow); diff --git a/arch/sparc/lib/Makefile b/arch/sparc/lib/Makefile index 7747e40..7f01b8fc 100644 --- a/arch/sparc/lib/Makefile +++ b/arch/sparc/lib/Makefile @@ -43,3 +43,4 @@ obj-y += iomap.o obj-$(CONFIG_SPARC32) += atomic32.o obj-y += ksyms.o obj-$(CONFIG_SPARC64) += PeeCeeI.o +obj-y += usercopy.o diff --git a/arch/sparc/lib/usercopy.c b/arch/sparc/lib/usercopy.c new file mode 100644 index 0000000..14b363f --- /dev/null +++ b/arch/sparc/lib/usercopy.c @@ -0,0 +1,8 @@ +#include +#include + +void copy_from_user_overflow(void) +{ + WARN(1, "Buffer overflow detected!\n"); +} +EXPORT_SYMBOL(copy_from_user_overflow); diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig index 99ee890..b30f71a 100644 --- a/arch/tile/Kconfig +++ b/arch/tile/Kconfig @@ -7,7 +7,6 @@ config TILE select GENERIC_FIND_FIRST_BIT select USE_GENERIC_SMP_HELPERS select CC_OPTIMIZE_FOR_SIZE - select ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS select HAVE_GENERIC_HARDIRQS select GENERIC_IRQ_PROBE select GENERIC_PENDING_IRQ if SMP @@ -98,6 +97,13 @@ config STRICT_DEVMEM config SMP def_bool y +# Allow checking for compile-time determined overflow errors in +# copy_from_user(). There are still unprovable places in the +# generic code as of 2.6.34, so this option is not really compatible +# with -Werror, which is more useful in general. +config DEBUG_COPY_FROM_USER + def_bool n + config HVC_TILE select HVC_DRIVER def_bool y diff --git a/arch/tile/include/asm/uaccess.h b/arch/tile/include/asm/uaccess.h index 9a540be..ef34d2c 100644 --- a/arch/tile/include/asm/uaccess.h +++ b/arch/tile/include/asm/uaccess.h @@ -353,12 +353,7 @@ _copy_from_user(void *to, const void __user *from, unsigned long n) return n; } -#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS -/* - * There are still unprovable places in the generic code as of 2.6.34, so this - * option is not really compatible with -Werror, which is more useful in - * general. - */ +#ifdef CONFIG_DEBUG_COPY_FROM_USER extern void copy_from_user_overflow(void) __compiletime_warning("copy_from_user() size is not provably correct"); diff --git a/arch/tile/lib/uaccess.c b/arch/tile/lib/uaccess.c index 030abe3..f8d398c 100644 --- a/arch/tile/lib/uaccess.c +++ b/arch/tile/lib/uaccess.c @@ -22,3 +22,11 @@ int __range_ok(unsigned long addr, unsigned long size) is_arch_mappable_range(addr, size)); } EXPORT_SYMBOL(__range_ok); + +#ifdef CONFIG_DEBUG_COPY_FROM_USER +void copy_from_user_overflow(void) +{ + WARN(1, "Buffer overflow detected!\n"); +} +EXPORT_SYMBOL(copy_from_user_overflow); +#endif diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 20d13cf..873fb69 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -64,7 +64,6 @@ config X86 select HAVE_TEXT_POKE_SMP select HAVE_GENERIC_HARDIRQS select HAVE_SPARSE_IRQ - select ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS select GENERIC_FIND_FIRST_BIT select GENERIC_IRQ_PROBE select GENERIC_PENDING_IRQ if SMP diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug index 2b00959..c0f8a5c 100644 --- a/arch/x86/Kconfig.debug +++ b/arch/x86/Kconfig.debug @@ -270,4 +270,18 @@ config OPTIMIZE_INLINING If unsure, say N. +config DEBUG_STRICT_USER_COPY_CHECKS + bool "Strict copy size checks" + depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING + ---help--- + Enabling this option turns a certain set of sanity checks for user + copy operations into compile time failures. + + The copy_from_user() etc checks are there to help test if there + are sufficient security checks on the length argument of + the copy operation, by having gcc prove that the argument is + within bounds. + + If unsure, or if you run an older (pre 4.4) gcc, say N. + endmenu diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c index 8498684..e218d5d 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c @@ -883,3 +883,9 @@ _copy_from_user(void *to, const void __user *from, unsigned long n) return n; } EXPORT_SYMBOL(_copy_from_user); + +void copy_from_user_overflow(void) +{ + WARN(1, "Buffer overflow detected!\n"); +} +EXPORT_SYMBOL(copy_from_user_overflow); diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c index b7c2849..d7a5d9a 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c @@ -181,3 +181,9 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest) break; return len; } + +void copy_from_user_overflow(void) +{ + WARN(1, "Buffer overflow detected!\n"); +} +EXPORT_SYMBOL(copy_from_user_overflow); diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 5e4fd9a..c0cb9c4 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1109,24 +1109,6 @@ config SYSCTL_SYSCALL_CHECK to properly maintain and use. This enables checks that help you to keep things correct. -config ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS - bool - -config DEBUG_STRICT_USER_COPY_CHECKS - bool "Strict user copy size checks" - depends on ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS - depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING - help - Enabling this option turns a certain set of sanity checks for user - copy operations into compile time failures. - - The copy_from_user() etc checks are there to help test if there - are sufficient security checks on the length argument of - the copy operation, by having gcc prove that the argument is - within bounds. - - If unsure, say N. - source mm/Kconfig.debug source kernel/trace/Kconfig diff --git a/lib/Makefile b/lib/Makefile index fbf4b06..a4be79b 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -14,7 +14,6 @@ lib-y := ctype.o string.o vsprintf.o cmdline.o \ proportions.o prio_heap.o ratelimit.o show_mem.o \ is_single_threaded.o plist.o decompress.o find_next_bit.o -lib-$(CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS) += usercopy.o lib-$(CONFIG_MMU) += ioremap.o lib-$(CONFIG_SMP) += cpumask.o diff --git a/lib/usercopy.c b/lib/usercopy.c deleted file mode 100644 index 14b363f..0000000 --- a/lib/usercopy.c +++ /dev/null @@ -1,8 +0,0 @@ -#include -#include - -void copy_from_user_overflow(void) -{ - WARN(1, "Buffer overflow detected!\n"); -} -EXPORT_SYMBOL(copy_from_user_overflow); -- 1.7.6