summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEugene Teo <eteo@redhat.com>2009-07-15 14:59:10 +0800
committerLinus Torvalds <torvalds@linux-foundation.org>2009-07-16 09:19:16 -0700
commita3ca86aea507904148870946d599e07a340b39bf (patch)
treeb5d6c35f8048bf7f071f1fc16f5d543c07a725b2
parent4a21b8cb3550f19f838f7c48345fbbf6a0e8536b (diff)
Add '-fno-delete-null-pointer-checks' to gcc CFLAGS
Turning on this flag could prevent the compiler from optimising away some "useless" checks for null pointers. Such bugs can sometimes become exploitable at compile time because of the -O2 optimisation. See http://gcc.gnu.org/onlinedocs/gcc-4.1.2/gcc/Optimize-Options.html An example that clearly shows this 'problem' is commit 6bf67672. static void __devexit agnx_pci_remove(struct pci_dev *pdev) { struct ieee80211_hw *dev = pci_get_drvdata(pdev); - struct agnx_priv *priv = dev->priv; + struct agnx_priv *priv; AGNX_TRACE; if (!dev) return; + priv = dev->priv; By reverting this patch, and compile it with and without -fno-delete-null-pointer-checks flag, we can see that the check for dev is compiled away. call printk # - testq %r12, %r12 # dev - je .L94 #, movq %r12, %rdi # dev, Clearly the 'fix' is to stop using dev before it is tested, but building with -fno-delete-null-pointer-checks flag at least makes it harder to abuse. Signed-off-by: Eugene Teo <eugeneteo@kernel.sg> Acked-by: Eric Paris <eparis@redhat.com> Acked-by: Wang Cong <amwang@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--Makefile3
1 files changed, 2 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index be0abacd042..79957b33877 100644
--- a/Makefile
+++ b/Makefile
@@ -343,7 +343,8 @@ KBUILD_CPPFLAGS := -D__KERNEL__
KBUILD_CFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
-fno-strict-aliasing -fno-common \
-Werror-implicit-function-declaration \
- -Wno-format-security
+ -Wno-format-security \
+ -fno-delete-null-pointer-checks
KBUILD_AFLAGS := -D__ASSEMBLY__
# Read KERNELRELEASE from include/config/kernel.release (if it exists)