lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1282184898-30599-1-git-send-email-sboyd@codeaurora.org>
Date:	Wed, 18 Aug 2010 19:28:18 -0700
From:	Stephen Boyd <sboyd@...eaurora.org>
To:	linux-arch@...r.kernel.org
Cc:	linux-kernel@...r.kernel.org, Arnd Bergmann <arnd@...db.de>,
	x86@...nel.org, linux-arm-kernel@...ts.infradead.org,
	linux-s390@...r.kernel.org, linux-parisc@...r.kernel.org,
	Arjan van de Ven <arjan@...ux.intel.com>,
	Heiko Carstens <heiko.carstens@...ibm.com>,
	Helge Deller <deller@....de>
Subject: [PATCHv2 2/1] Consolidate CONFIG_DEBUG_STRICT_USER_COPY_CHECKS

The help text for this config is duplicated across the x86,
parisc, s390, and arm Kconfig.debug files. Arnd Bergman noted
that the help text was slightly misleading and should be fixed to
state that enabling this option isn't a problem when using pre 4.4
gcc.

To simplify the rewording, consolidate the text into
lib/Kconfig.debug and modify it there to be more explicit about
when you should say N to this config.

Signed-off-by: Stephen Boyd <sboyd@...eaurora.org>
Cc: Arnd Bergmann <arnd@...db.de>
Cc: x86@...nel.org
Cc: linux-arm-kernel@...ts.infradead.org
Cc: linux-s390@...r.kernel.org
Cc: linux-parisc@...r.kernel.org
Cc: Arjan van de Ven <arjan@...ux.intel.com>
Cc: Heiko Carstens <heiko.carstens@...ibm.com>
Cc: Helge Deller <deller@....de>
---

This depends on a patch sent to the arm mailing list adding
CONFIG_DEBUG_STRICT_USER_COPY_CHECKS to ARM.

LKML: http://lkml.org/lkml/2010/8/17/535

 arch/arm/Kconfig.debug    |   15 ++-------------
 arch/parisc/Kconfig.debug |   15 ++-------------
 arch/s390/Kconfig.debug   |   14 ++------------
 arch/x86/Kconfig.debug    |   15 ++-------------
 lib/Kconfig.debug         |   16 ++++++++++++++++
 5 files changed, 24 insertions(+), 51 deletions(-)

diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug
index 64e33b8..326c7f1 100644
--- a/arch/arm/Kconfig.debug
+++ b/arch/arm/Kconfig.debug
@@ -128,18 +128,7 @@ config DEBUG_S3C_UART
 	  The uncompressor code port configuration is now handled
 	  by CONFIG_S3C_LOWLEVEL_UART_PORT.
 
-config DEBUG_STRICT_USER_COPY_CHECKS
-	bool "Strict user copy size checks"
-	depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING
-	help
-	  Enabling this option turns a certain set of sanity checks for user
-	  copy operations into compile time errors.
-
-	  The copy_from_user() etc checks are there to help test if there
-	  are sufficient security checks on the length argument of
-	  the copy operation, by having gcc prove that the argument is
-	  within bounds.
-
-	  If unsure, or if you run an older (pre 4.4) gcc, say N.
+config ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS
+	def_bool y
 
 endmenu
diff --git a/arch/parisc/Kconfig.debug b/arch/parisc/Kconfig.debug
index 7305ac8..b13e8d0 100644
--- a/arch/parisc/Kconfig.debug
+++ b/arch/parisc/Kconfig.debug
@@ -12,18 +12,7 @@ config DEBUG_RODATA
          portion of the kernel code won't be covered by a TLB anymore.
          If in doubt, say "N".
 
-config DEBUG_STRICT_USER_COPY_CHECKS
-	bool "Strict copy size checks"
-	depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING
-	---help---
-	  Enabling this option turns a certain set of sanity checks for user
-	  copy operations into compile time failures.
-
-	  The copy_from_user() etc checks are there to help test if there
-	  are sufficient security checks on the length argument of
-	  the copy operation, by having gcc prove that the argument is
-	  within bounds.
-
-	  If unsure, or if you run an older (pre 4.4) gcc, say N.
+config ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS
+	def_bool y
 
 endmenu
diff --git a/arch/s390/Kconfig.debug b/arch/s390/Kconfig.debug
index 45e0c61..6df8e30 100644
--- a/arch/s390/Kconfig.debug
+++ b/arch/s390/Kconfig.debug
@@ -6,17 +6,7 @@ config TRACE_IRQFLAGS_SUPPORT
 
 source "lib/Kconfig.debug"
 
-config DEBUG_STRICT_USER_COPY_CHECKS
-	bool "Strict user copy size checks"
-	---help---
-	  Enabling this option turns a certain set of sanity checks for user
-	  copy operations into compile time warnings.
-
-	  The copy_from_user() etc checks are there to help test if there
-	  are sufficient security checks on the length argument of
-	  the copy operation, by having gcc prove that the argument is
-	  within bounds.
-
-	  If unsure, or if you run an older (pre 4.4) gcc, say N.
+config ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS
+	def_bool y
 
 endmenu
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
index 7508508..d24afa3 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -285,18 +285,7 @@ config OPTIMIZE_INLINING
 
 	  If unsure, say N.
 
-config DEBUG_STRICT_USER_COPY_CHECKS
-	bool "Strict copy size checks"
-	depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING
-	---help---
-	  Enabling this option turns a certain set of sanity checks for user
-	  copy operations into compile time failures.
-
-	  The copy_from_user() etc checks are there to help test if there
-	  are sufficient security checks on the length argument of
-	  the copy operation, by having gcc prove that the argument is
-	  within bounds.
-
-	  If unsure, or if you run an older (pre 4.4) gcc, say N.
+config ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS
+	def_bool y
 
 endmenu
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 9e06b7f..bbb1ac5 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -1013,6 +1013,22 @@ config SYSCTL_SYSCALL_CHECK
 	  to properly maintain and use. This enables checks that help
 	  you to keep things correct.
 
+config DEBUG_STRICT_USER_COPY_CHECKS
+	bool "Strict user copy size checks"
+	depends on ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS
+	depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING
+	help
+	  Enabling this option turns a certain set of sanity checks for user
+	  copy operations into compile time warnings/errors.
+
+	  The copy_from_user() etc checks are there to help test if there
+	  are sufficient security checks on the length argument of
+	  the copy operation, by having gcc prove that the argument is
+	  within bounds.
+
+	  If unsure, or if you run an older (pre 4.4) gcc where this option
+	  is a no-op, say N.
+
 source mm/Kconfig.debug
 source kernel/trace/Kconfig
 
-- 
Sent by an employee of the Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ