From: Martin Schwidefsky <schwidefsky@de.ibm.com>
To: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>,
Martin Schwidefsky <schwidefsky@de.ibm.com>
Subject: [patch 01/32] [PATCH] uaccess: implement strict user copy checks
Date: Wed, 24 Feb 2010 09:44:31 +0100 [thread overview]
Message-ID: <20100224084447.121436009@de.ibm.com> (raw)
In-Reply-To: 20100224084430.193562869@de.ibm.com
[-- Attachment #1: 100-strict-copy-user.diff --]
[-- Type: text/plain, Size: 3415 bytes --]
From: Heiko Carstens <heiko.carstens@de.ibm.com>
Same as on x86 and sparc, besides the fact that enabling the option
will just emit compile time warnings instead of errors.
Keeps allyesconfig kernels compiling.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
---
arch/s390/Kconfig.debug | 13 +++++++++++++
arch/s390/include/asm/uaccess.h | 12 ++++++++++++
arch/s390/lib/Makefile | 2 +-
arch/s390/lib/usercopy.c | 8 ++++++++
4 files changed, 34 insertions(+), 1 deletion(-)
Index: quilt-2.6/arch/s390/include/asm/uaccess.h
===================================================================
--- quilt-2.6.orig/arch/s390/include/asm/uaccess.h 2010-02-24 09:28:13.000000000 +0100
+++ quilt-2.6/arch/s390/include/asm/uaccess.h 2010-02-24 09:44:22.000000000 +0100
@@ -265,6 +265,12 @@
return uaccess.copy_from_user(n, from, to);
}
+extern void copy_from_user_overflow(void)
+#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
+__compiletime_warning("copy_from_user() buffer size is not provably correct")
+#endif
+;
+
/**
* copy_from_user: - Copy a block of data from user space.
* @to: Destination address, in kernel space.
@@ -284,7 +290,13 @@
static inline unsigned long __must_check
copy_from_user(void *to, const void __user *from, unsigned long n)
{
+ unsigned int sz = __compiletime_object_size(to);
+
might_fault();
+ if (unlikely(sz != -1 && sz < n)) {
+ copy_from_user_overflow();
+ return n;
+ }
if (access_ok(VERIFY_READ, from, n))
n = __copy_from_user(to, from, n);
else
Index: quilt-2.6/arch/s390/Kconfig.debug
===================================================================
--- quilt-2.6.orig/arch/s390/Kconfig.debug 2010-02-24 09:28:13.000000000 +0100
+++ quilt-2.6/arch/s390/Kconfig.debug 2010-02-24 09:44:22.000000000 +0100
@@ -6,4 +6,17 @@
source "lib/Kconfig.debug"
+config DEBUG_STRICT_USER_COPY_CHECKS
+ bool "Strict user copy size checks"
+ ---help---
+ Enabling this option turns a certain set of sanity checks for user
+ copy operations into compile time warnings.
+
+ The copy_from_user() etc checks are there to help test if there
+ are sufficient security checks on the length argument of
+ the copy operation, by having gcc prove that the argument is
+ within bounds.
+
+ If unsure, or if you run an older (pre 4.4) gcc, say N.
+
endmenu
Index: quilt-2.6/arch/s390/lib/Makefile
===================================================================
--- quilt-2.6.orig/arch/s390/lib/Makefile 2010-02-24 09:28:13.000000000 +0100
+++ quilt-2.6/arch/s390/lib/Makefile 2010-02-24 09:44:22.000000000 +0100
@@ -2,7 +2,7 @@
# Makefile for s390-specific library files..
#
-lib-y += delay.o string.o uaccess_std.o uaccess_pt.o
+lib-y += delay.o string.o uaccess_std.o uaccess_pt.o usercopy.o
obj-$(CONFIG_32BIT) += div64.o qrnnd.o ucmpdi2.o
lib-$(CONFIG_64BIT) += uaccess_mvcos.o
lib-$(CONFIG_SMP) += spinlock.o
Index: quilt-2.6/arch/s390/lib/usercopy.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ quilt-2.6/arch/s390/lib/usercopy.c 2010-02-24 09:44:22.000000000 +0100
@@ -0,0 +1,8 @@
+#include <linux/module.h>
+#include <linux/bug.h>
+
+void copy_from_user_overflow(void)
+{
+ WARN(1, "Buffer overflow detected!\n");
+}
+EXPORT_SYMBOL(copy_from_user_overflow);
next prev parent reply other threads:[~2010-02-24 8:44 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-24 8:44 [patch 00/32] s390 patch queue for 2.6.34 Martin Schwidefsky
2010-02-24 8:44 ` Martin Schwidefsky [this message]
2010-02-24 8:44 ` [patch 02/32] [PATCH] adapt text to cu3088-removal Martin Schwidefsky
2010-02-24 8:44 ` [patch 03/32] [PATCH] cio: consolidate workqueues Martin Schwidefsky
2010-02-24 8:44 ` [patch 04/32] [PATCH] cio: introduce cio_settle Martin Schwidefsky
2010-02-24 8:44 ` [patch 05/32] [PATCH] cio: wait for channel report Martin Schwidefsky
2010-02-24 8:44 ` [patch 06/32] [PATCH] cio: make wait_events interruptible Martin Schwidefsky
2010-02-24 8:44 ` [patch 07/32] [PATCH] use inline assembly contraints available with gcc 3.3.3 Martin Schwidefsky
2010-02-24 8:44 ` [patch 08/32] [PATCH] zfcpdump: remove cross arch dump support Martin Schwidefsky
2010-02-24 8:44 ` [patch 09/32] [PATCH] smp: rename and add lowcore defines Martin Schwidefsky
2010-02-24 8:44 ` [patch 10/32] [PATCH] smp: always reboot on cpu 0 Martin Schwidefsky
2010-02-24 8:44 ` [patch 11/32] [PATCH] qdio: account processed SBAL during queue scan Martin Schwidefsky
2010-02-24 8:44 ` [patch 12/32] [PATCH] qdio: optimize cache line usage of struct qdio_irq Martin Schwidefsky
2010-02-24 8:44 ` [patch 13/32] [PATCH] add MACHINE_IS_LPAR flag Martin Schwidefsky
2010-02-24 8:44 ` [patch 14/32] [PATCH] sysinfo: fix SYSIB 3,2,2 structure Martin Schwidefsky
2010-02-24 8:44 ` [patch 15/32] [PATCH] spinlock: check virtual cpu running status Martin Schwidefsky
2010-02-24 8:44 ` [patch 16/32] [PATCH] smp: rework sigp code Martin Schwidefsky
2010-02-24 8:44 ` [patch 17/32] [PATCH] Replace ENOTSUPP usage with EOPNOTSUPP Martin Schwidefsky
2010-02-24 8:44 ` [patch 18/32] [PATCH] free_initmem: reduce code duplication Martin Schwidefsky
2010-02-24 8:44 ` [patch 19/32] [PATCH] ccw_device_notify: improve return codes Martin Schwidefsky
2010-02-24 8:44 ` [patch 20/32] [PATCH] Cleanup struct _lowcore usage and defines Martin Schwidefsky
2010-02-24 8:44 ` [patch 21/32] [PATCH] bug: use relative pointers in bug table entries Martin Schwidefsky
2010-02-24 8:44 ` [patch 22/32] [PATCH] use kprobes_built_in() in mm/fault code Martin Schwidefsky
2010-02-24 8:44 ` [patch 23/32] [PATCH] dasd: fix online/offline race Martin Schwidefsky
2010-02-24 8:44 ` [patch 24/32] [PATCH] add z9-ec/z10 instruction to kernel disassembler Martin Schwidefsky
2010-02-24 8:44 ` [patch 25/32] [PATCH] seq_file: convert drivers/s390/ Martin Schwidefsky
2010-02-24 8:44 ` [patch 26/32] [PATCH] codepage conversion of kernel parameter line Martin Schwidefsky
2010-02-24 8:44 ` [patch 27/32] [PATCH] Define new s390 ELF note sections in elf.h Martin Schwidefsky
2010-02-24 8:44 ` [patch 28/32] [PATCH] add support for compressed kernels Martin Schwidefsky
2010-02-24 8:44 ` [patch 29/32] [PATCH] correct vdso version string Martin Schwidefsky
2010-02-24 8:45 ` [patch 30/32] [PATCH] dasd: fix refcounting Martin Schwidefsky
2010-02-24 8:45 ` [patch 31/32] [PATCH] dasd: correct offline processing Martin Schwidefsky
2010-02-24 8:45 ` [patch 32/32] [PATCH] cio: trigger subchannel event at resume time Martin Schwidefsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100224084447.121436009@de.ibm.com \
--to=schwidefsky@de.ibm.com \
--cc=heiko.carstens@de.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.