diff options
| author | Arjan van de Ven <arjan@infradead.org> | 2009-10-02 07:50:50 -0700 |
|---|---|---|
| committer | Ingo Molnar <mingo@elte.hu> | 2009-10-02 19:01:42 +0200 |
| commit | 63312b6a6faae3f2e5577f2b001e3b504f10a2aa (patch) | |
| tree | 5ef6f8449d844652c7046c2659409ef8297f3e0b /arch | |
| parent | 4a3127693001c61a21d1ce680db6340623f52e93 (diff) | |
| download | kernel_samsung_smdk4412-63312b6a6faae3f2e5577f2b001e3b504f10a2aa.zip kernel_samsung_smdk4412-63312b6a6faae3f2e5577f2b001e3b504f10a2aa.tar.gz kernel_samsung_smdk4412-63312b6a6faae3f2e5577f2b001e3b504f10a2aa.tar.bz2 | |
x86: Add a Kconfig option to turn the copy_from_user warnings into errors
For automated testing it is useful to have the option to turn
the warnings on copy_from_user() etc checks into errors:
In function ‘copy_from_user’,
inlined from ‘fd_copyin’ at drivers/block/floppy.c:3080,
inlined from ‘fd_ioctl’ at drivers/block/floppy.c:3503:
linux/arch/x86/include/asm/uaccess_32.h:213:
error: call to ‘copy_from_user_overflow’ declared with attribute error:
copy_from_user buffer size is not provably correct
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
LKML-Reference: <20091002075050.4e9f7641@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/x86/Kconfig.debug | 14 | ||||
| -rw-r--r-- | arch/x86/include/asm/uaccess_32.h | 4 |
2 files changed, 17 insertions, 1 deletions
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug index d105f29..1bd2e36f 100644 --- a/arch/x86/Kconfig.debug +++ b/arch/x86/Kconfig.debug @@ -287,4 +287,18 @@ config OPTIMIZE_INLINING If unsure, say N. +config DEBUG_STRICT_USER_COPY_CHECKS + bool "Strict copy size checks" + depends on DEBUG_KERNEL + ---help--- + Enabling this option turns a certain set of sanity checks for user + copy operations into compile time failures. + + The copy_from_user() etc checks are there to help test if there + are sufficient security checks on the length argument of + the copy operation, by having gcc prove that the argument is + within bounds. + + If unsure, or if you run an older (pre 4.4) gcc, say N. + endmenu diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h index 952f9e7..0c9825e 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h @@ -193,7 +193,9 @@ unsigned long __must_check _copy_from_user(void *to, extern void copy_from_user_overflow(void) -#ifdef CONFIG_DEBUG_STACKOVERFLOW +#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS + __compiletime_error("copy_from_user() buffer size is not provably correct") +#else __compiletime_warning("copy_from_user() buffer size is not provably correct") #endif ; |