From: Arnd Bergmann <arnd@arndb.de>
To: Linus Torvalds <torvalds@osdl.org>
Cc: Andreas Schwab <schwab@suse.de>, <linux-kernel@vger.kernel.org>,
Matthew Wilcox <willy@debian.org>
Subject: Re: [PATCH] use size_t for the broken ioctl numbers
Date: Mon, 8 Sep 2003 15:03:20 +0200 [thread overview]
Message-ID: <200309081503.20459.arnd@arndb.de> (raw)
In-Reply-To: <Pine.LNX.4.44.0309071617380.21192-100000@home.osdl.org>
On Monday 08 September 2003 01:21, Linus Torvalds wrote:
> In fact, what you'd want to do is not just verify that it compiles, but
> also verify that the object code matches.
I have checked now that the object code for arch/s390/kernel/compat_ioctl.o
remains identical and that the whole kernel compiles for s390 and i386,
after fixing the broken ioctl numbers.
> Because there _is_ one case where adding the [1] will still compile, but
> generate wrong code: if the "size" argument to the _IOx() was not a type,
> but a real actual array.
Yes, there had to be a catch. The new version below catches that error
too, making that a link time failure and also checks that the size
field does not overflow.
Arnd <><
--- 1.1/include/asm-i386/ioctl.h Tue Feb 5 18:39:44 2002
+++ edited/include/asm-i386/ioctl.h Mon Sep 8 13:21:28 2003
@@ -52,11 +52,21 @@
((nr) << _IOC_NRSHIFT) | \
((size) << _IOC_SIZESHIFT))
+/* provoke compile error for invalid uses of size argument */
+extern int __invalid_size_argument_for_IOC;
+#define _IOC_TYPECHECK(t) \
+ ((sizeof(t) == sizeof(t[1]) && \
+ sizeof(t) < (1 << _IOC_SIZEBITS)) ? \
+ sizeof(t) : __invalid_size_argument_for_IOC)
+
/* used to create numbers */
#define _IO(type,nr) _IOC(_IOC_NONE,(type),(nr),0)
-#define _IOR(type,nr,size) _IOC(_IOC_READ,(type),(nr),sizeof(size))
-#define _IOW(type,nr,size) _IOC(_IOC_WRITE,(type),(nr),sizeof(size))
-#define _IOWR(type,nr,size) _IOC(_IOC_READ|_IOC_WRITE,(type),(nr),sizeof(size))
+#define _IOR(type,nr,size) _IOC(_IOC_READ,(type),(nr),(_IOC_TYPECHECK(size)))
+#define _IOW(type,nr,size) _IOC(_IOC_WRITE,(type),(nr),(_IOC_TYPECHECK(size)))
+#define _IOWR(type,nr,size) _IOC(_IOC_READ|_IOC_WRITE,(type),(nr),(_IOC_TYPECHECK(size)))
+#define _IOR_BAD(type,nr,size) _IOC(_IOC_READ,(type),(nr),sizeof(size))
+#define _IOW_BAD(type,nr,size) _IOC(_IOC_WRITE,(type),(nr),sizeof(size))
+#define _IOWR_BAD(type,nr,size) _IOC(_IOC_READ|_IOC_WRITE,(type),(nr),sizeof(size))
/* used to decode ioctl numbers.. */
#define _IOC_DIR(nr) (((nr) >> _IOC_DIRSHIFT) & _IOC_DIRMASK)
next prev parent reply other threads:[~2003-09-08 13:03 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <tbGb.75d.15@gated-at.bofh.it>
[not found] ` <tbPO.7j9.5@gated-at.bofh.it>
2003-09-07 21:28 ` [PATCH] use size_t for the broken ioctl numbers Arnd Bergmann
2003-09-07 23:15 ` Linus Torvalds
2003-09-07 23:21 ` Linus Torvalds
2003-09-08 13:03 ` Arnd Bergmann [this message]
2003-09-08 13:33 ` Andreas Schwab
2003-09-08 13:35 ` Andries Brouwer
2003-09-07 6:22 Matthew Wilcox
2003-09-07 16:48 ` Andreas Schwab
2003-09-07 17:29 ` Linus Torvalds
2003-09-07 17:34 ` Andreas Schwab
2003-09-08 13:10 ` Ingo Oeser
2003-09-08 12:38 ` Andries Brouwer
2003-09-08 15:13 ` Linus Torvalds
2003-09-08 18:40 ` Andries Brouwer
2003-09-08 18:54 ` Linus Torvalds
2003-09-08 19:28 ` Randy.Dunlap
2003-09-08 19:53 ` Jeff Garzik
2003-09-08 20:15 ` Linus Torvalds
2003-09-08 20:26 ` Dave Jones
2003-09-08 21:53 ` Jeff Garzik
2003-09-08 22:25 ` Dave Jones
2003-09-08 20:27 ` Andries Brouwer
2003-09-08 20:43 ` Linus Torvalds
2003-09-09 11:40 ` Jens Axboe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200309081503.20459.arnd@arndb.de \
--to=arnd@arndb.de \
--cc=linux-kernel@vger.kernel.org \
--cc=schwab@suse.de \
--cc=torvalds@osdl.org \
--cc=willy@debian.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox