1. 02 Oct, 2009 1 commit
    • Arjan van de Ven's avatar
      x86: Add a Kconfig option to turn the copy_from_user warnings into errors · 63312b6a
      Arjan van de Ven authored
      For automated testing it is useful to have the option to turn
      the warnings on copy_from_user() etc checks into errors:
      
       In function ‘copy_from_user’,
           inlined from ‘fd_copyin’ at drivers/block/floppy.c:3080,
           inlined from ‘fd_ioctl’ at drivers/block/floppy.c:3503:
         linux/arch/x86/include/asm/uaccess_32.h:213:
        error: call to ‘copy_from_user_overflow’ declared with attribute error:
        copy_from_user buffer size is not provably correct
      Signed-off-by: default avatarArjan van de Ven <arjan@linux.intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      LKML-Reference: <20091002075050.4e9f7641@infradead.org>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      63312b6a
  2. 01 Oct, 2009 1 commit
    • Arjan van de Ven's avatar
      x86: Turn the copy_from_user check into an (optional) compile time warning · 4a312769
      Arjan van de Ven authored
      A previous patch added the buffer size check to copy_from_user().
      
      One of the things learned from analyzing the result of the previous
      patch is that in general, gcc is really good at proving that the
      code contains sufficient security checks to not need to do a
      runtime check. But that for those cases where gcc could not prove
      this, there was a relatively high percentage of real security
      issues.
      
      This patch turns the case of "gcc cannot prove" into a compile time
      warning, as long as a sufficiently new gcc is in use that supports
      this. The objective is that these warnings will trigger developers
      checking new cases out before a security hole enters a linux kernel
      release.
      Signed-off-by: default avatarArjan van de Ven <arjan@linux.intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: James Morris <jmorris@namei.org>
      Cc: Jan Beulich <jbeulich@novell.com>
      LKML-Reference: <20090930130523.348ae6c4@infradead.org>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      4a312769
  3. 28 Sep, 2009 1 commit
    • Arjan van de Ven's avatar
      x86: Use __builtin_memset and __builtin_memcpy for memset/memcpy · ff60fab7
      Arjan van de Ven authored
      GCC provides reasonable memset/memcpy functions itself, with __builtin_memset
      and __builtin_memcpy. For the "unknown" cases, it'll fall back to our
      current existing functions, but for fixed size versions it'll inline
      something smart. Quite often that will be the same as we have now,
      but sometimes it can do something smarter (for example, if the code
      then sets the first member of a struct, it can do a shorter memset).
      
      In addition, and this is more important, gcc knows which registers and
      such are not clobbered (while for our asm version it pretty much
      acts like a compiler barrier), so for various cases it can avoid reloading
      values.
      
      The effect on codesize is shown below on my typical laptop .config:
      
         text	   data	    bss	    dec	    hex	filename
      5605675	2041100	6525148	14171923	 d83f13	vmlinux.before
      5595849	2041668	6525148	14162665	 d81ae9	vmlinux.after
      
      Due to some not-so-good behavior in the gcc 3.x series, this change
      is only done for GCC 4.x and above.
      Signed-off-by: default avatarArjan van de Ven <arjan@linux.intel.com>
      LKML-Reference: <20090928142122.6fc57e9c@infradead.org>
      Signed-off-by: default avatarH. Peter Anvin <hpa@zytor.com>
      ff60fab7
  4. 26 Sep, 2009 1 commit
    • Arjan van de Ven's avatar
      x86: Use __builtin_object_size() to validate the buffer size for copy_from_user() · 9f0cf4ad
      Arjan van de Ven authored
      gcc (4.x) supports the __builtin_object_size() builtin, which
      reports the size of an object that a pointer point to, when known
      at compile time. If the buffer size is not known at compile time, a
      constant -1 is returned.
      
      This patch uses this feature to add a sanity check to
      copy_from_user(); if the target buffer is known to be smaller than
      the copy size, the copy is aborted and a WARNing is emitted in
      memory debug mode.
      
      These extra checks compile away when the object size is not known,
      or if both the buffer size and the copy length are constants.
      Signed-off-by: default avatarArjan van de Ven <arjan@linux.intel.com>
      LKML-Reference: <20090926143301.2c396b94@infradead.org>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      9f0cf4ad
  5. 25 Sep, 2009 1 commit
  6. 24 Sep, 2009 5 commits
    • Rusty Russell's avatar
      x86: Remove redundant non-NUMA topology functions · b0c6fbe4
      Rusty Russell authored
      arch/x86/include/asm/topology.h declares inline fns cpu_to_node and
      cpumask_of_node for !NUMA, even though they are then declared as
      macros by asm-generic/topology.h, which is #included just below.
      
      The macros (which are the same) end up being used; these functions
      are just confusing.
      Noticed-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
      Cc: "Greg Kroah-Hartman" <gregkh@suse.de>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Tejun Heo <tj@kernel.org>
      LKML-Reference: <200909241748.45629.rusty@rustcorp.com.au>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      b0c6fbe4
    • Jason Wessel's avatar
      x86: early_printk: Protect against using the same device twice · 429a6e5e
      Jason Wessel authored
      If you use the kernel argument:
      
        earlyprintk=serial,ttyS0,115200
      
      This will cause a recursive hang printing the same line
      again and again:
      
       BIOS-e820: 000000003fff3000 - 0000000040000000 (ACPI data)
       BIOS-e820: 00000000e0000000 - 00000000f0000000 (reserved)
       BIOS-e820: 00000000fec00000 - 0000000100000000 (reserved)
      bootconsole [earlyser0] enabled
      Linux version 2.6.31-07863-gb64ada6b (mingo@sirius) (gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC) ) #16789 SMP Wed Sep 23 21:09:43 CEST 2009
      Linux version 2.6.31-07863-gb64ada6b (mingo@sirius) (gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC) ) #16789 SMP Wed Sep 23 21:09:43 CEST 2009
      Linux version 2.6.31-07863-gb64ada6b (mingo@sirius) (gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC) ) #16789 SMP Wed Sep 23 21:09:43 CEST 2009
      Linux version 2.6.31-07863-gb64ada6b (mingo@sirius) (gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC) ) #16789 SMP Wed Sep 23 21:09:43 CEST 2009
      Linux version 2.6.31-07863-gb64ada6b (mingo@sirius) (gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC) ) #16789 SMP Wed Sep 23 21:09:43 CEST 2009
      
      Instead warn the end user that they specified the device
      a second time, and ignore that second console.
      Reported-by: default avatarIngo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarJason Wessel <jason.wessel@windriver.com>
      Cc: Len Brown <lenb@kernel.org>
      Cc: Greg KH <gregkh@suse.de>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      LKML-Reference: <4ABAAB89.1080407@windriver.com>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      429a6e5e
    • Ingo Molnar's avatar
      Merge branch 'linus' into x86/urgent · d2ff6de5
      Ingo Molnar authored
      Merge reason: Queueing up dependent early-printk fix.
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      d2ff6de5
    • Roland Dreier's avatar
      x86: Reduce verbosity of "PAT enabled" kernel message · e23a8b6a
      Roland Dreier authored
      On modern systems, the kernel prints the message
      
          x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106
      
      once for every CPU.
      
      This gets kind of ridiculous on huge systems; for example, on a
      64-thread system I was lucky enough to get:
      
          dmesg| grep 'PAT enabled' | wc
               64     704    5174
      
      There is already a BUG() if non-boot CPUs have PAT capabilities
      that don't match the boot CPU, so just print the message on the
      boot CPU. (I kept the print after the wrmsrl() that enables PAT,
      so that the log output continues to mean that the system survived
      enabling PAT on the boot CPU)
      Signed-off-by: default avatarRoland Dreier <rolandd@cisco.com>
      Cc: Suresh Siddha <suresh.b.siddha@intel.com>
      Cc: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
      LKML-Reference: <adavdj92sso.fsf@cisco.com>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      e23a8b6a
    • Roland Dreier's avatar
      x86: Reduce verbosity of "TSC is reliable" message · ea01c0d7
      Roland Dreier authored
      On modern systems, the kernel prints the message
      
          Skipping synchronization checks as TSC is reliable.
      
      once for every non-boot CPU.
      
      This gets kind of ridiculous on huge systems; for example, on a
      64-thread system I was lucky enough to get:
      
          $ dmesg | grep 'TSC is reliable' | wc
               63     567    4221
      
      There's no point to doing this for every CPU, since the code is
      just checking the boot CPU anyway, so change this to a
      printk_once() to make the message appears only once.
      Signed-off-by: default avatarRoland Dreier <rolandd@cisco.com>
      LKML-Reference: <adazl8l2swc.fsf@cisco.com>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      ea01c0d7
  7. 23 Sep, 2009 30 commits