From: Martin Schwidefsky <schwidefsky@de.ibm.com>
To: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>,
Martin Schwidefsky <schwidefsky@de.ibm.com>
Subject: [patch 01/32] [PATCH] uaccess: implement strict user copy checks
Date: Wed, 24 Feb 2010 09:44:31 +0100 [thread overview]
Message-ID: <20100224084447.121436009@de.ibm.com> (raw)
In-Reply-To: 20100224084430.193562869@de.ibm.com
[-- Attachment #1: 100-strict-copy-user.diff --]
[-- Type: text/plain, Size: 3416 bytes --]
From: Heiko Carstens <heiko.carstens@de.ibm.com>
Same as on x86 and sparc, besides the fact that enabling the option
will just emit compile time warnings instead of errors.
Keeps allyesconfig kernels compiling.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
---
arch/s390/Kconfig.debug | 13 +++++++++++++
arch/s390/include/asm/uaccess.h | 12 ++++++++++++
arch/s390/lib/Makefile | 2 +-
arch/s390/lib/usercopy.c | 8 ++++++++
4 files changed, 34 insertions(+), 1 deletion(-)
Index: quilt-2.6/arch/s390/include/asm/uaccess.h
===================================================================
--- quilt-2.6.orig/arch/s390/include/asm/uaccess.h 2010-02-24 09:28:13.000000000 +0100
+++ quilt-2.6/arch/s390/include/asm/uaccess.h 2010-02-24 09:44:22.000000000 +0100
@@ -265,6 +265,12 @@
return uaccess.copy_from_user(n, from, to);
}
+extern void copy_from_user_overflow(void)
+#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
+__compiletime_warning("copy_from_user() buffer size is not provably correct")
+#endif
+;
+
/**
* copy_from_user: - Copy a block of data from user space.
* @to: Destination address, in kernel space.
@@ -284,7 +290,13 @@
static inline unsigned long __must_check
copy_from_user(void *to, const void __user *from, unsigned long n)
{
+ unsigned int sz = __compiletime_object_size(to);
+
might_fault();
+ if (unlikely(sz != -1 && sz < n)) {
+ copy_from_user_overflow();
+ return n;
+ }
if (access_ok(VERIFY_READ, from, n))
n = __copy_from_user(to, from, n);
else
Index: quilt-2.6/arch/s390/Kconfig.debug
===================================================================
--- quilt-2.6.orig/arch/s390/Kconfig.debug 2010-02-24 09:28:13.000000000 +0100
+++ quilt-2.6/arch/s390/Kconfig.debug 2010-02-24 09:44:22.000000000 +0100
@@ -6,4 +6,17 @@
source "lib/Kconfig.debug"
+config DEBUG_STRICT_USER_COPY_CHECKS
+ bool "Strict user copy size checks"
+ ---help---
+ Enabling this option turns a certain set of sanity checks for user
+ copy operations into compile time warnings.
+
+ The copy_from_user() etc checks are there to help test if there
+ are sufficient security checks on the length argument of
+ the copy operation, by having gcc prove that the argument is
+ within bounds.
+
+ If unsure, or if you run an older (pre 4.4) gcc, say N.
+
endmenu
Index: quilt-2.6/arch/s390/lib/Makefile
===================================================================
--- quilt-2.6.orig/arch/s390/lib/Makefile 2010-02-24 09:28:13.000000000 +0100
+++ quilt-2.6/arch/s390/lib/Makefile 2010-02-24 09:44:22.000000000 +0100
@@ -2,7 +2,7 @@
# Makefile for s390-specific library files..
#
-lib-y += delay.o string.o uaccess_std.o uaccess_pt.o
+lib-y += delay.o string.o uaccess_std.o uaccess_pt.o usercopy.o
obj-$(CONFIG_32BIT) += div64.o qrnnd.o ucmpdi2.o
lib-$(CONFIG_64BIT) += uaccess_mvcos.o
lib-$(CONFIG_SMP) += spinlock.o
Index: quilt-2.6/arch/s390/lib/usercopy.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ quilt-2.6/arch/s390/lib/usercopy.c 2010-02-24 09:44:22.000000000 +0100
@@ -0,0 +1,8 @@
+#include <linux/module.h>
+#include <linux/bug.h>
+
+void copy_from_user_overflow(void)
+{
+ WARN(1, "Buffer overflow detected!\n");
+}
+EXPORT_SYMBOL(copy_from_user_overflow);
next prev parent reply other threads:[~2010-02-24 8:44 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-24 8:44 [patch 00/32] s390 patch queue for 2.6.34 Martin Schwidefsky
2010-02-24 8:44 ` Martin Schwidefsky [this message]
2010-02-24 8:44 ` [patch 02/32] [PATCH] adapt text to cu3088-removal Martin Schwidefsky
2010-02-24 8:44 ` [patch 03/32] [PATCH] cio: consolidate workqueues Martin Schwidefsky
2010-02-24 8:44 ` [patch 04/32] [PATCH] cio: introduce cio_settle Martin Schwidefsky
2010-02-24 8:44 ` [patch 05/32] [PATCH] cio: wait for channel report Martin Schwidefsky
2010-02-24 8:44 ` [patch 06/32] [PATCH] cio: make wait_events interruptible Martin Schwidefsky
2010-02-24 8:44 ` [patch 07/32] [PATCH] use inline assembly contraints available with gcc 3.3.3 Martin Schwidefsky
2010-02-24 8:44 ` [patch 08/32] [PATCH] zfcpdump: remove cross arch dump support Martin Schwidefsky
2010-02-24 8:44 ` [patch 09/32] [PATCH] smp: rename and add lowcore defines Martin Schwidefsky
2010-02-24 8:44 ` [patch 10/32] [PATCH] smp: always reboot on cpu 0 Martin Schwidefsky
2010-02-24 8:44 ` [patch 11/32] [PATCH] qdio: account processed SBAL during queue scan Martin Schwidefsky
2010-02-24 8:44 ` [patch 12/32] [PATCH] qdio: optimize cache line usage of struct qdio_irq Martin Schwidefsky
2010-02-24 8:44 ` [patch 13/32] [PATCH] add MACHINE_IS_LPAR flag Martin Schwidefsky
2010-02-24 8:44 ` [patch 14/32] [PATCH] sysinfo: fix SYSIB 3,2,2 structure Martin Schwidefsky
2010-02-24 8:44 ` [patch 15/32] [PATCH] spinlock: check virtual cpu running status Martin Schwidefsky
2010-02-24 8:44 ` [patch 16/32] [PATCH] smp: rework sigp code Martin Schwidefsky
2010-02-24 8:44 ` [patch 17/32] [PATCH] Replace ENOTSUPP usage with EOPNOTSUPP Martin Schwidefsky
2010-02-24 8:44 ` [patch 18/32] [PATCH] free_initmem: reduce code duplication Martin Schwidefsky
2010-02-24 8:44 ` [patch 19/32] [PATCH] ccw_device_notify: improve return codes Martin Schwidefsky
2010-02-24 8:44 ` [patch 20/32] [PATCH] Cleanup struct _lowcore usage and defines Martin Schwidefsky
2010-02-24 8:44 ` [patch 21/32] [PATCH] bug: use relative pointers in bug table entries Martin Schwidefsky
2010-02-24 8:44 ` [patch 22/32] [PATCH] use kprobes_built_in() in mm/fault code Martin Schwidefsky
2010-02-24 8:44 ` [patch 23/32] [PATCH] dasd: fix online/offline race Martin Schwidefsky
2010-02-24 8:44 ` [patch 24/32] [PATCH] add z9-ec/z10 instruction to kernel disassembler Martin Schwidefsky
2010-02-24 8:44 ` [patch 25/32] [PATCH] seq_file: convert drivers/s390/ Martin Schwidefsky
2010-02-24 8:44 ` [patch 26/32] [PATCH] codepage conversion of kernel parameter line Martin Schwidefsky
2010-02-24 8:44 ` [patch 27/32] [PATCH] Define new s390 ELF note sections in elf.h Martin Schwidefsky
2010-02-24 8:44 ` [patch 28/32] [PATCH] add support for compressed kernels Martin Schwidefsky
2010-02-24 8:44 ` [patch 29/32] [PATCH] correct vdso version string Martin Schwidefsky
2010-02-24 8:45 ` [patch 30/32] [PATCH] dasd: fix refcounting Martin Schwidefsky
2010-02-24 8:45 ` [patch 31/32] [PATCH] dasd: correct offline processing Martin Schwidefsky
2010-02-24 8:45 ` [patch 32/32] [PATCH] cio: trigger subchannel event at resume time Martin Schwidefsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100224084447.121436009@de.ibm.com \
--to=schwidefsky@de.ibm.com \
--cc=heiko.carstens@de.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox