From: Arnd Bergmann <arnd@arndb.de>
To: Linus Torvalds <torvalds@osdl.org>
Cc: Andreas Schwab <schwab@suse.de>, <linux-kernel@vger.kernel.org>,
Matthew Wilcox <willy@debian.org>
Subject: Re: [PATCH] use size_t for the broken ioctl numbers
Date: Mon, 8 Sep 2003 15:03:20 +0200 [thread overview]
Message-ID: <200309081503.20459.arnd@arndb.de> (raw)
In-Reply-To: <Pine.LNX.4.44.0309071617380.21192-100000@home.osdl.org>
On Monday 08 September 2003 01:21, Linus Torvalds wrote:
> In fact, what you'd want to do is not just verify that it compiles, but
> also verify that the object code matches.
I have checked now that the object code for arch/s390/kernel/compat_ioctl.o
remains identical and that the whole kernel compiles for s390 and i386,
after fixing the broken ioctl numbers.
> Because there _is_ one case where adding the [1] will still compile, but
> generate wrong code: if the "size" argument to the _IOx() was not a type,
> but a real actual array.
Yes, there had to be a catch. The new version below catches that error
too, making that a link time failure and also checks that the size
field does not overflow.
Arnd <><
--- 1.1/include/asm-i386/ioctl.h Tue Feb 5 18:39:44 2002
+++ edited/include/asm-i386/ioctl.h Mon Sep 8 13:21:28 2003
@@ -52,11 +52,21 @@
((nr) << _IOC_NRSHIFT) | \
((size) << _IOC_SIZESHIFT))
+/* provoke compile error for invalid uses of size argument */
+extern int __invalid_size_argument_for_IOC;
+#define _IOC_TYPECHECK(t) \
+ ((sizeof(t) == sizeof(t[1]) && \
+ sizeof(t) < (1 << _IOC_SIZEBITS)) ? \
+ sizeof(t) : __invalid_size_argument_for_IOC)
+
/* used to create numbers */
#define _IO(type,nr) _IOC(_IOC_NONE,(type),(nr),0)
-#define _IOR(type,nr,size) _IOC(_IOC_READ,(type),(nr),sizeof(size))
-#define _IOW(type,nr,size) _IOC(_IOC_WRITE,(type),(nr),sizeof(size))
-#define _IOWR(type,nr,size) _IOC(_IOC_READ|_IOC_WRITE,(type),(nr),sizeof(size))
+#define _IOR(type,nr,size) _IOC(_IOC_READ,(type),(nr),(_IOC_TYPECHECK(size)))
+#define _IOW(type,nr,size) _IOC(_IOC_WRITE,(type),(nr),(_IOC_TYPECHECK(size)))
+#define _IOWR(type,nr,size) _IOC(_IOC_READ|_IOC_WRITE,(type),(nr),(_IOC_TYPECHECK(size)))
+#define _IOR_BAD(type,nr,size) _IOC(_IOC_READ,(type),(nr),sizeof(size))
+#define _IOW_BAD(type,nr,size) _IOC(_IOC_WRITE,(type),(nr),sizeof(size))
+#define _IOWR_BAD(type,nr,size) _IOC(_IOC_READ|_IOC_WRITE,(type),(nr),sizeof(size))
/* used to decode ioctl numbers.. */
#define _IOC_DIR(nr) (((nr) >> _IOC_DIRSHIFT) & _IOC_DIRMASK)
next prev parent reply other threads:[~2003-09-08 13:03 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <tbGb.75d.15@gated-at.bofh.it>
[not found] ` <tbPO.7j9.5@gated-at.bofh.it>
2003-09-07 21:28 ` [PATCH] use size_t for the broken ioctl numbers Arnd Bergmann
2003-09-07 23:15 ` Linus Torvalds
2003-09-07 23:21 ` Linus Torvalds
2003-09-08 13:03 ` Arnd Bergmann [this message]
2003-09-08 13:33 ` Andreas Schwab
2003-09-08 13:35 ` Andries Brouwer
2003-09-07 6:22 Matthew Wilcox
2003-09-07 16:48 ` Andreas Schwab
2003-09-07 17:29 ` Linus Torvalds
2003-09-07 17:34 ` Andreas Schwab
2003-09-08 13:10 ` Ingo Oeser
2003-09-08 12:38 ` Andries Brouwer
2003-09-08 15:13 ` Linus Torvalds
2003-09-08 18:40 ` Andries Brouwer
2003-09-08 18:54 ` Linus Torvalds
2003-09-08 19:28 ` Randy.Dunlap
2003-09-08 19:53 ` Jeff Garzik
2003-09-08 20:15 ` Linus Torvalds
2003-09-08 20:26 ` Dave Jones
2003-09-08 21:53 ` Jeff Garzik
2003-09-08 22:25 ` Dave Jones
2003-09-08 20:27 ` Andries Brouwer
2003-09-08 20:43 ` Linus Torvalds
2003-09-09 11:40 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200309081503.20459.arnd@arndb.de \
--to=arnd@arndb.de \
--cc=linux-kernel@vger.kernel.org \
--cc=schwab@suse.de \
--cc=torvalds@osdl.org \
--cc=willy@debian.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.