mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-07 13:43:51 +00:00
9f0cf4adb6
gcc (4.x) supports the __builtin_object_size() builtin, which reports the size of an object that a pointer point to, when known at compile time. If the buffer size is not known at compile time, a constant -1 is returned. This patch uses this feature to add a sanity check to copy_from_user(); if the target buffer is known to be smaller than the copy size, the copy is aborted and a WARNing is emitted in memory debug mode. These extra checks compile away when the object size is not known, or if both the buffer size and the copy length are constants. Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> LKML-Reference: <20090926143301.2c396b94@infradead.org> Signed-off-by: Ingo Molnar <mingo@elte.hu>
288 lines
7.9 KiB
C
288 lines
7.9 KiB
C
#ifndef __LINUX_COMPILER_H
|
|
#define __LINUX_COMPILER_H
|
|
|
|
#ifndef __ASSEMBLY__
|
|
|
|
#ifdef __CHECKER__
|
|
# define __user __attribute__((noderef, address_space(1)))
|
|
# define __kernel /* default address space */
|
|
# define __safe __attribute__((safe))
|
|
# define __force __attribute__((force))
|
|
# define __nocast __attribute__((nocast))
|
|
# define __iomem __attribute__((noderef, address_space(2)))
|
|
# define __acquires(x) __attribute__((context(x,0,1)))
|
|
# define __releases(x) __attribute__((context(x,1,0)))
|
|
# define __acquire(x) __context__(x,1)
|
|
# define __release(x) __context__(x,-1)
|
|
# define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0)
|
|
extern void __chk_user_ptr(const volatile void __user *);
|
|
extern void __chk_io_ptr(const volatile void __iomem *);
|
|
#else
|
|
# define __user
|
|
# define __kernel
|
|
# define __safe
|
|
# define __force
|
|
# define __nocast
|
|
# define __iomem
|
|
# define __chk_user_ptr(x) (void)0
|
|
# define __chk_io_ptr(x) (void)0
|
|
# define __builtin_warning(x, y...) (1)
|
|
# define __acquires(x)
|
|
# define __releases(x)
|
|
# define __acquire(x) (void)0
|
|
# define __release(x) (void)0
|
|
# define __cond_lock(x,c) (c)
|
|
#endif
|
|
|
|
#ifdef __KERNEL__
|
|
|
|
#ifdef __GNUC__
|
|
#include <linux/compiler-gcc.h>
|
|
#endif
|
|
|
|
#define notrace __attribute__((no_instrument_function))
|
|
|
|
/* Intel compiler defines __GNUC__. So we will overwrite implementations
|
|
* coming from above header files here
|
|
*/
|
|
#ifdef __INTEL_COMPILER
|
|
# include <linux/compiler-intel.h>
|
|
#endif
|
|
|
|
/*
|
|
* Generic compiler-dependent macros required for kernel
|
|
* build go below this comment. Actual compiler/compiler version
|
|
* specific implementations come from the above header files
|
|
*/
|
|
|
|
struct ftrace_branch_data {
|
|
const char *func;
|
|
const char *file;
|
|
unsigned line;
|
|
union {
|
|
struct {
|
|
unsigned long correct;
|
|
unsigned long incorrect;
|
|
};
|
|
struct {
|
|
unsigned long miss;
|
|
unsigned long hit;
|
|
};
|
|
unsigned long miss_hit[2];
|
|
};
|
|
};
|
|
|
|
/*
|
|
* Note: DISABLE_BRANCH_PROFILING can be used by special lowlevel code
|
|
* to disable branch tracing on a per file basis.
|
|
*/
|
|
#if defined(CONFIG_TRACE_BRANCH_PROFILING) \
|
|
&& !defined(DISABLE_BRANCH_PROFILING) && !defined(__CHECKER__)
|
|
void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
|
|
|
|
#define likely_notrace(x) __builtin_expect(!!(x), 1)
|
|
#define unlikely_notrace(x) __builtin_expect(!!(x), 0)
|
|
|
|
#define __branch_check__(x, expect) ({ \
|
|
int ______r; \
|
|
static struct ftrace_branch_data \
|
|
__attribute__((__aligned__(4))) \
|
|
__attribute__((section("_ftrace_annotated_branch"))) \
|
|
______f = { \
|
|
.func = __func__, \
|
|
.file = __FILE__, \
|
|
.line = __LINE__, \
|
|
}; \
|
|
______r = likely_notrace(x); \
|
|
ftrace_likely_update(&______f, ______r, expect); \
|
|
______r; \
|
|
})
|
|
|
|
/*
|
|
* Using __builtin_constant_p(x) to ignore cases where the return
|
|
* value is always the same. This idea is taken from a similar patch
|
|
* written by Daniel Walker.
|
|
*/
|
|
# ifndef likely
|
|
# define likely(x) (__builtin_constant_p(x) ? !!(x) : __branch_check__(x, 1))
|
|
# endif
|
|
# ifndef unlikely
|
|
# define unlikely(x) (__builtin_constant_p(x) ? !!(x) : __branch_check__(x, 0))
|
|
# endif
|
|
|
|
#ifdef CONFIG_PROFILE_ALL_BRANCHES
|
|
/*
|
|
* "Define 'is'", Bill Clinton
|
|
* "Define 'if'", Steven Rostedt
|
|
*/
|
|
#define if(cond, ...) __trace_if( (cond , ## __VA_ARGS__) )
|
|
#define __trace_if(cond) \
|
|
if (__builtin_constant_p((cond)) ? !!(cond) : \
|
|
({ \
|
|
int ______r; \
|
|
static struct ftrace_branch_data \
|
|
__attribute__((__aligned__(4))) \
|
|
__attribute__((section("_ftrace_branch"))) \
|
|
______f = { \
|
|
.func = __func__, \
|
|
.file = __FILE__, \
|
|
.line = __LINE__, \
|
|
}; \
|
|
______r = !!(cond); \
|
|
______f.miss_hit[______r]++; \
|
|
______r; \
|
|
}))
|
|
#endif /* CONFIG_PROFILE_ALL_BRANCHES */
|
|
|
|
#else
|
|
# define likely(x) __builtin_expect(!!(x), 1)
|
|
# define unlikely(x) __builtin_expect(!!(x), 0)
|
|
#endif
|
|
|
|
/* Optimization barrier */
|
|
#ifndef barrier
|
|
# define barrier() __memory_barrier()
|
|
#endif
|
|
|
|
#ifndef RELOC_HIDE
|
|
# define RELOC_HIDE(ptr, off) \
|
|
({ unsigned long __ptr; \
|
|
__ptr = (unsigned long) (ptr); \
|
|
(typeof(ptr)) (__ptr + (off)); })
|
|
#endif
|
|
|
|
#endif /* __KERNEL__ */
|
|
|
|
#endif /* __ASSEMBLY__ */
|
|
|
|
#ifdef __KERNEL__
|
|
/*
|
|
* Allow us to mark functions as 'deprecated' and have gcc emit a nice
|
|
* warning for each use, in hopes of speeding the functions removal.
|
|
* Usage is:
|
|
* int __deprecated foo(void)
|
|
*/
|
|
#ifndef __deprecated
|
|
# define __deprecated /* unimplemented */
|
|
#endif
|
|
|
|
#ifdef MODULE
|
|
#define __deprecated_for_modules __deprecated
|
|
#else
|
|
#define __deprecated_for_modules
|
|
#endif
|
|
|
|
#ifndef __must_check
|
|
#define __must_check
|
|
#endif
|
|
|
|
#ifndef CONFIG_ENABLE_MUST_CHECK
|
|
#undef __must_check
|
|
#define __must_check
|
|
#endif
|
|
#ifndef CONFIG_ENABLE_WARN_DEPRECATED
|
|
#undef __deprecated
|
|
#undef __deprecated_for_modules
|
|
#define __deprecated
|
|
#define __deprecated_for_modules
|
|
#endif
|
|
|
|
/*
|
|
* Allow us to avoid 'defined but not used' warnings on functions and data,
|
|
* as well as force them to be emitted to the assembly file.
|
|
*
|
|
* As of gcc 3.4, static functions that are not marked with attribute((used))
|
|
* may be elided from the assembly file. As of gcc 3.4, static data not so
|
|
* marked will not be elided, but this may change in a future gcc version.
|
|
*
|
|
* NOTE: Because distributions shipped with a backported unit-at-a-time
|
|
* compiler in gcc 3.3, we must define __used to be __attribute__((used))
|
|
* for gcc >=3.3 instead of 3.4.
|
|
*
|
|
* In prior versions of gcc, such functions and data would be emitted, but
|
|
* would be warned about except with attribute((unused)).
|
|
*
|
|
* Mark functions that are referenced only in inline assembly as __used so
|
|
* the code is emitted even though it appears to be unreferenced.
|
|
*/
|
|
#ifndef __used
|
|
# define __used /* unimplemented */
|
|
#endif
|
|
|
|
#ifndef __maybe_unused
|
|
# define __maybe_unused /* unimplemented */
|
|
#endif
|
|
|
|
#ifndef noinline
|
|
#define noinline
|
|
#endif
|
|
|
|
/*
|
|
* Rather then using noinline to prevent stack consumption, use
|
|
* noinline_for_stack instead. For documentaiton reasons.
|
|
*/
|
|
#define noinline_for_stack noinline
|
|
|
|
#ifndef __always_inline
|
|
#define __always_inline inline
|
|
#endif
|
|
|
|
#endif /* __KERNEL__ */
|
|
|
|
/*
|
|
* From the GCC manual:
|
|
*
|
|
* Many functions do not examine any values except their arguments,
|
|
* and have no effects except the return value. Basically this is
|
|
* just slightly more strict class than the `pure' attribute above,
|
|
* since function is not allowed to read global memory.
|
|
*
|
|
* Note that a function that has pointer arguments and examines the
|
|
* data pointed to must _not_ be declared `const'. Likewise, a
|
|
* function that calls a non-`const' function usually must not be
|
|
* `const'. It does not make sense for a `const' function to return
|
|
* `void'.
|
|
*/
|
|
#ifndef __attribute_const__
|
|
# define __attribute_const__ /* unimplemented */
|
|
#endif
|
|
|
|
/*
|
|
* Tell gcc if a function is cold. The compiler will assume any path
|
|
* directly leading to the call is unlikely.
|
|
*/
|
|
|
|
#ifndef __cold
|
|
#define __cold
|
|
#endif
|
|
|
|
/* Simple shorthand for a section definition */
|
|
#ifndef __section
|
|
# define __section(S) __attribute__ ((__section__(#S)))
|
|
#endif
|
|
|
|
/* Are two types/vars the same type (ignoring qualifiers)? */
|
|
#ifndef __same_type
|
|
# define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b))
|
|
#endif
|
|
|
|
/* Compile time object size, -1 for unknown */
|
|
#ifndef __compiletime_object_size
|
|
# define __compiletime_object_size(obj) -1
|
|
#endif
|
|
/*
|
|
* Prevent the compiler from merging or refetching accesses. The compiler
|
|
* is also forbidden from reordering successive instances of ACCESS_ONCE(),
|
|
* but only when the compiler is aware of some particular ordering. One way
|
|
* to make the compiler aware of ordering is to put the two invocations of
|
|
* ACCESS_ONCE() in different C statements.
|
|
*
|
|
* This macro does absolutely -nothing- to prevent the CPU from reordering,
|
|
* merging, or refetching absolutely anything at any time. Its main intended
|
|
* use is to mediate communication between process-level code and irq/NMI
|
|
* handlers, all running on the same CPU.
|
|
*/
|
|
#define ACCESS_ONCE(x) (*(volatile typeof(x) *)&(x))
|
|
|
|
#endif /* __LINUX_COMPILER_H */
|