mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-11-25 19:40:56 +07:00
4a31276930
A previous patch added the buffer size check to copy_from_user(). One of the things learned from analyzing the result of the previous patch is that in general, gcc is really good at proving that the code contains sufficient security checks to not need to do a runtime check. But that for those cases where gcc could not prove this, there was a relatively high percentage of real security issues. This patch turns the case of "gcc cannot prove" into a compile time warning, as long as a sufficiently new gcc is in use that supports this. The objective is that these warnings will trigger developers checking new cases out before a security hole enters a linux kernel release. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: James Morris <jmorris@namei.org> Cc: Jan Beulich <jbeulich@novell.com> LKML-Reference: <20090930130523.348ae6c4@infradead.org> Signed-off-by: Ingo Molnar <mingo@elte.hu>
45 lines
1.5 KiB
C
45 lines
1.5 KiB
C
#ifndef __LINUX_COMPILER_H
|
|
#error "Please don't include <linux/compiler-gcc4.h> directly, include <linux/compiler.h> instead."
|
|
#endif
|
|
|
|
/* GCC 4.1.[01] miscompiles __weak */
|
|
#ifdef __KERNEL__
|
|
# if __GNUC_MINOR__ == 1 && __GNUC_PATCHLEVEL__ <= 1
|
|
# error Your version of gcc miscompiles the __weak directive
|
|
# endif
|
|
#endif
|
|
|
|
#define __used __attribute__((__used__))
|
|
#define __must_check __attribute__((warn_unused_result))
|
|
#define __compiler_offsetof(a,b) __builtin_offsetof(a,b)
|
|
#define __always_inline inline __attribute__((always_inline))
|
|
|
|
/*
|
|
* A trick to suppress uninitialized variable warning without generating any
|
|
* code
|
|
*/
|
|
#define uninitialized_var(x) x = x
|
|
|
|
#if __GNUC_MINOR__ >= 3
|
|
/* Mark functions as cold. gcc will assume any path leading to a call
|
|
to them will be unlikely. This means a lot of manual unlikely()s
|
|
are unnecessary now for any paths leading to the usual suspects
|
|
like BUG(), printk(), panic() etc. [but let's keep them for now for
|
|
older compilers]
|
|
|
|
Early snapshots of gcc 4.3 don't support this and we can't detect this
|
|
in the preprocessor, but we can live with this because they're unreleased.
|
|
Maketime probing would be overkill here.
|
|
|
|
gcc also has a __attribute__((__hot__)) to move hot functions into
|
|
a special section, but I don't see any sense in this right now in
|
|
the kernel context */
|
|
#define __cold __attribute__((__cold__))
|
|
|
|
#endif
|
|
|
|
#define __compiletime_object_size(obj) __builtin_object_size(obj, 0)
|
|
#if __GNUC_MINOR__ >= 4
|
|
#define __compiletime_warning(message) __attribute__((warning(message)))
|
|
#endif
|