[PATCH 0/9] Series to make copy_from_user to a stack slot provable right



[PATCH 0/9] Series to make copy_from_user to a stack slot provable right

This series contains a series of patches that, when applied, make every
copy_from_user() in a make allyesconfig to a (direct) stack slot
provable-by-gcc to have a correct size.

This is useful because if we fix all of these, we can make the non-provable
case an error, as an indication of a possible security hole.

Now the series has 4 types of patches
1) changes where the original code really was missing checks
2) changes where the checks were coded so complex and games were played with
types, that I (and the compiler) couldn't be sure if it was correct or
not
3) changes where we're hitting a small gcc missing optimization, but where
a simplification of the code allows gcc to prove things anyway.
(http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41477 is filed for this)
4) a case in sys_socketcall where Dave Miller and co were very smart in
optimizing the code to the point where it's not reasonable for gcc
to realize the result is ok.



--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



Relevant Pages

  • Re: [patch 00/2] improve .text size on gcc 4.0 and newer compilers
    ... The gcc people very much have a "Oh, ... > massive 5%+ size difference here, from 2 simple patches. ... > into losing maintainance battles. ... > The current inline model seems to be a lost battle, ...
    (Linux-Kernel)
  • Re: Kernel Cross Compiling [update]
    ... >>my primary goal isn't to get this fixed by the gcc folks, ... and I can live with a few patches. ... > patch is carefully documented. ... > wants to report bugs to the gcc folks; ...
    (Linux-Kernel)
  • Re: [PATCH] Remove pointless <0 comparison for unsigned variable in fs/fcntl.c
    ... The warning is sometimes useful, but when it comes to a construct like ... that the range of a type is smaller on one architecture than another. ... IOW, a lot of the gcc warnings are just not valid, and trying to shut gcc ... It's not even that I will drop the patches, ...
    (Linux-Kernel)
  • Re: Kernel Cross Compiling [update]
    ... > my primary goal isn't to get this fixed by the gcc folks, ... and I can live with a few patches. ... My crosstool package has very, very few patches, and each patch is carefully documented. ... I don't want to say the Debian and Red Hat compilers are bad, ...
    (Linux-Kernel)
  • Re: [PATCH] Remove pointless <0 comparison for unsigned variable in fs/fcntl.c
    ... On Tue, 23 Nov 2004, Linus Torvalds wrote: ... would you accept patches like this? ... Shutting up gcc is not the primary goal here, ... To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ ...
    (Linux-Kernel)