[PATCH] ERR_PTR: if errno value is known at compile time, make sure it's valid

From: Marcin Slusarz
Date: Thu May 22 2008 - 12:52:50 EST

ERR_PTR is easy to call with wrong argument (positive errno),
and this error lead to catastrophic event - oops or kernel panic
(dereference of invalid pointer).

As most of error handling code paths are rarely tested, this kind of
bug can be hidden for years. Currently there are > 1400 calls of ERR_PTR
with constant argument.

Signed-off-by: Marcin Slusarz <marcin.slusarz@xxxxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: Christoph Hellwig <hch@xxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Cc: Johannes Weiner <hannes@xxxxxxxxxxxx>
include/linux/err.h | 11 ++++++++++-
1 files changed, 10 insertions(+), 1 deletions(-)

diff --git a/include/linux/err.h b/include/linux/err.h
index ec87f31..4773ed3 100644
--- a/include/linux/err.h
+++ b/include/linux/err.h
@@ -18,12 +18,21 @@
#ifndef __ASSEMBLY__

#define IS_ERR_VALUE(x) unlikely((x) >= (unsigned long)-MAX_ERRNO)
+#define VALID_ERR_PTR_ARG(error) (error == 0 || IS_ERR_VALUE(error))

-static inline void *ERR_PTR(long error)
+static inline void *__ERR_PTR(long error)
return (void *) error;

+ * implementation note: we have to make it a macro, otherwise
+ * gcc won't break the build on wrong argument
+ */
+#define ERR_PTR(error) (BUILD_BUG_ON(__builtin_constant_p(error) && \
+ !VALID_ERR_PTR_ARG(error)), \
+ __ERR_PTR(error))
static inline long PTR_ERR(const void *ptr)
return (long) ptr;

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/