Name: Check Permission Are Sane on module_param Usage
Status: Tested on 2.6.8-rc6-bk1
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (authored)

We can barf at bad permissions at compile time if we're prepared to
generate a whole heap of functions in the __exit section (which bloat
modules, but get discarded for core kernel).

Index: linux-2.6.10-rc2-bk11-Module/include/linux/moduleparam.h
===================================================================
--- linux-2.6.10-rc2-bk11-Module.orig/include/linux/moduleparam.h	2004-11-16 15:30:07.000000000 +1100
+++ linux-2.6.10-rc2-bk11-Module/include/linux/moduleparam.h	2004-11-29 11:03:39.000000000 +1100
@@ -45,12 +45,24 @@
 	void *elem;
 };
 
+/* Check permissions is a reasonable constant, eg. 0600.  To do this,
+ * we create an inline and reference it. */
+#define __module_perm_check(name, perm)					 \
+	static inline void __module_perm_check_##name(void)		 \
+	{								 \
+		BUILD_BUG_ON(perm >= 01000);				 \
+		/* user perms >= group perms >= other perms. */		 \
+		BUILD_BUG_ON(((perm >> 6) & 0x7) < ((perm >> 3) & 0x7)); \
+		BUILD_BUG_ON(((perm >> 3) & 0x7) < (perm & 0x7));	 \
+	}
+
 /* This is the fundamental function for registering boot/module
    parameters.  perm sets the visibility in driverfs: 000 means it's
    not there, read bits mean it's readable, write bits mean it's
    writable. */
 #define __module_param_call(prefix, name, set, get, arg, perm)		\
 	static char __param_str_##name[] = prefix #name;		\
+	__module_perm_check(name, (perm));				\
 	static struct kernel_param const __param_##name			\
 	__attribute_used__						\
     __attribute__ ((unused,__section__ ("__param"),aligned(sizeof(void *)))) \