Re: Add "FORTIFY_SOURCE" to the linux kernel
From: Petr Vandrovec
Date: Wed May 25 2005 - 09:18:52 EST
arjan@xxxxxxxxxxxxxxxxxxxxxxxx wrote:
diff -purN linux-2.6.12-rc5/include/asm-ppc/uaccess.h linux-fortify/include/asm-ppc/uaccess.h
--- linux-2.6.12-rc5/include/asm-ppc/uaccess.h 2005-05-25 10:10:45.000000000 +0200
+++ linux-fortify/include/asm-ppc/uaccess.h 2005-05-25 10:23:00.000000000 +0200
@@ -330,8 +330,18 @@ copy_to_user(void __user *to, const void
return n;
}
+extern void __chk_fail(void);
+
static inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long size)
{
+#ifdef CONFIG_FORTIFY_SOURCE
+ /*
+ * if we know the size of "to" then we can validate that we don't overrun the buffer.
+ * note that if __nbytes is known at compiletime this check is nicely optimized out
+ */
+ if (__bos0 (to) != (size_t) -1 && size > __bos0 (to))
+ __chk_fail();
+#endif
return __copy_tofrom_user((__force void __user *)to, from, size);
}
+EXPORT_SYMBOL_GPL(__chk_fail);
Hello,
how is this going to comply with rule that no existing symbols will be turned
into GPLONLY symbols, as stated by Linus couple of time, and mentioned for example
at http://www.tux.org/lkml/#s1-19 ? To me it looks that no non-GPL module can work
on such kernel anymore, as memcpy/strcpy/... functions now, although themselves non-GPL
accessible (but inline...), depend on GPLONLY symbols. Can you explain this to
me?
And if you think that it is right thing to do, would not it be simpler for
everybody changing module loader so it just refuses to load non-GPL modules ?
Final functionality would be same in both cases...
Thanks,
Petr Vandrovec
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/