From: Gustavo Padovan <[email protected]>
struct sync_merge_data already have documentation on top of the
struct definition. No need to duplicate it.
Signed-off-by: Gustavo Padovan <[email protected]>
Reviewed-by: Maarten Lankhorst <[email protected]>
---
drivers/staging/android/uapi/sync.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/android/uapi/sync.h b/drivers/staging/android/uapi/sync.h
index a0cf357..4467c76 100644
--- a/drivers/staging/android/uapi/sync.h
+++ b/drivers/staging/android/uapi/sync.h
@@ -21,9 +21,9 @@
* @fence: returns the fd of the new fence to userspace
*/
struct sync_merge_data {
- __s32 fd2; /* fd of second fence */
- char name[32]; /* name of new fence */
- __s32 fence; /* fd on newly created fence */
+ __s32 fd2;
+ char name[32];
+ __s32 fence;
};
/**
--
2.5.5
From: Gustavo Padovan <[email protected]>
This function had copies in 3 different files. Unify them in kernel.h.
Cc: Joe Perches <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: David Airlie <[email protected]>
Cc: Daniel Vetter <[email protected]>
Cc: Rob Clark <[email protected]>
Signed-off-by: Gustavo Padovan <[email protected]>
---
drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c | 11 +++--------
drivers/gpu/drm/i915/i915_drv.h | 5 -----
drivers/gpu/drm/i915/i915_gem.c | 14 +++++++-------
drivers/gpu/drm/i915/i915_gem_execbuffer.c | 14 +++++++-------
drivers/gpu/drm/msm/msm_gem_submit.c | 11 +++--------
include/linux/kernel.h | 5 +++++
6 files changed, 25 insertions(+), 35 deletions(-)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
index 236ada9..afdd55d 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
@@ -28,11 +28,6 @@
#define BO_LOCKED 0x4000
#define BO_PINNED 0x2000
-static inline void __user *to_user_ptr(u64 address)
-{
- return (void __user *)(uintptr_t)address;
-}
-
static struct etnaviv_gem_submit *submit_create(struct drm_device *dev,
struct etnaviv_gpu *gpu, size_t nr)
{
@@ -347,21 +342,21 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data,
cmdbuf->exec_state = args->exec_state;
cmdbuf->ctx = file->driver_priv;
- ret = copy_from_user(bos, to_user_ptr(args->bos),
+ ret = copy_from_user(bos, u64_to_user_ptr(args->bos),
args->nr_bos * sizeof(*bos));
if (ret) {
ret = -EFAULT;
goto err_submit_cmds;
}
- ret = copy_from_user(relocs, to_user_ptr(args->relocs),
+ ret = copy_from_user(relocs, u64_to_user_ptr(args->relocs),
args->nr_relocs * sizeof(*relocs));
if (ret) {
ret = -EFAULT;
goto err_submit_cmds;
}
- ret = copy_from_user(stream, to_user_ptr(args->stream),
+ ret = copy_from_user(stream, u64_to_user_ptr(args->stream),
args->stream_size);
if (ret) {
ret = -EFAULT;
diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
index 1048093..bb624cc 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
@@ -3576,11 +3576,6 @@ static inline i915_reg_t i915_vgacntrl_reg(struct drm_device *dev)
return VGACNTRL;
}
-static inline void __user *to_user_ptr(u64 address)
-{
- return (void __user *)(uintptr_t)address;
-}
-
static inline unsigned long msecs_to_jiffies_timeout(const unsigned int m)
{
unsigned long j = msecs_to_jiffies(m);
diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
index dabc089..2889716 100644
--- a/drivers/gpu/drm/i915/i915_gem.c
+++ b/drivers/gpu/drm/i915/i915_gem.c
@@ -324,7 +324,7 @@ i915_gem_phys_pwrite(struct drm_i915_gem_object *obj,
{
struct drm_device *dev = obj->base.dev;
void *vaddr = obj->phys_handle->vaddr + args->offset;
- char __user *user_data = to_user_ptr(args->data_ptr);
+ char __user *user_data = u64_to_user_ptr(args->data_ptr);
int ret = 0;
/* We manually control the domain here and pretend that it
@@ -605,7 +605,7 @@ i915_gem_shmem_pread(struct drm_device *dev,
int needs_clflush = 0;
struct sg_page_iter sg_iter;
- user_data = to_user_ptr(args->data_ptr);
+ user_data = u64_to_user_ptr(args->data_ptr);
remain = args->size;
obj_do_bit17_swizzling = i915_gem_object_needs_bit17_swizzle(obj);
@@ -692,7 +692,7 @@ i915_gem_pread_ioctl(struct drm_device *dev, void *data,
return 0;
if (!access_ok(VERIFY_WRITE,
- to_user_ptr(args->data_ptr),
+ u64_to_user_ptr(args->data_ptr),
args->size))
return -EFAULT;
@@ -783,7 +783,7 @@ i915_gem_gtt_pwrite_fast(struct drm_device *dev,
if (ret)
goto out_unpin;
- user_data = to_user_ptr(args->data_ptr);
+ user_data = u64_to_user_ptr(args->data_ptr);
remain = args->size;
offset = i915_gem_obj_ggtt_offset(obj) + args->offset;
@@ -907,7 +907,7 @@ i915_gem_shmem_pwrite(struct drm_device *dev,
int needs_clflush_before = 0;
struct sg_page_iter sg_iter;
- user_data = to_user_ptr(args->data_ptr);
+ user_data = u64_to_user_ptr(args->data_ptr);
remain = args->size;
obj_do_bit17_swizzling = i915_gem_object_needs_bit17_swizzle(obj);
@@ -1036,12 +1036,12 @@ i915_gem_pwrite_ioctl(struct drm_device *dev, void *data,
return 0;
if (!access_ok(VERIFY_READ,
- to_user_ptr(args->data_ptr),
+ u64_to_user_ptr(args->data_ptr),
args->size))
return -EFAULT;
if (likely(!i915.prefault_disable)) {
- ret = fault_in_multipages_readable(to_user_ptr(args->data_ptr),
+ ret = fault_in_multipages_readable(u64_to_user_ptr(args->data_ptr),
args->size);
if (ret)
return -EFAULT;
diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
index 1328bc5..e60b4e7 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
@@ -514,7 +514,7 @@ i915_gem_execbuffer_relocate_vma(struct i915_vma *vma,
struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
int remain, ret;
- user_relocs = to_user_ptr(entry->relocs_ptr);
+ user_relocs = u64_to_user_ptr(entry->relocs_ptr);
remain = entry->relocation_count;
while (remain) {
@@ -865,7 +865,7 @@ i915_gem_execbuffer_relocate_slow(struct drm_device *dev,
u64 invalid_offset = (u64)-1;
int j;
- user_relocs = to_user_ptr(exec[i].relocs_ptr);
+ user_relocs = u64_to_user_ptr(exec[i].relocs_ptr);
if (copy_from_user(reloc+total, user_relocs,
exec[i].relocation_count * sizeof(*reloc))) {
@@ -1009,7 +1009,7 @@ validate_exec_list(struct drm_device *dev,
invalid_flags |= EXEC_OBJECT_NEEDS_GTT;
for (i = 0; i < count; i++) {
- char __user *ptr = to_user_ptr(exec[i].relocs_ptr);
+ char __user *ptr = u64_to_user_ptr(exec[i].relocs_ptr);
int length; /* limited by fault_in_pages_readable() */
if (exec[i].flags & invalid_flags)
@@ -1696,7 +1696,7 @@ i915_gem_execbuffer(struct drm_device *dev, void *data,
return -ENOMEM;
}
ret = copy_from_user(exec_list,
- to_user_ptr(args->buffers_ptr),
+ u64_to_user_ptr(args->buffers_ptr),
sizeof(*exec_list) * args->buffer_count);
if (ret != 0) {
DRM_DEBUG("copy %d exec entries failed %d\n",
@@ -1732,7 +1732,7 @@ i915_gem_execbuffer(struct drm_device *dev, void *data,
ret = i915_gem_do_execbuffer(dev, data, file, &exec2, exec2_list);
if (!ret) {
struct drm_i915_gem_exec_object __user *user_exec_list =
- to_user_ptr(args->buffers_ptr);
+ u64_to_user_ptr(args->buffers_ptr);
/* Copy the new buffer offsets back to the user's exec list. */
for (i = 0; i < args->buffer_count; i++) {
@@ -1786,7 +1786,7 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data,
return -ENOMEM;
}
ret = copy_from_user(exec2_list,
- to_user_ptr(args->buffers_ptr),
+ u64_to_user_ptr(args->buffers_ptr),
sizeof(*exec2_list) * args->buffer_count);
if (ret != 0) {
DRM_DEBUG("copy %d exec entries failed %d\n",
@@ -1799,7 +1799,7 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data,
if (!ret) {
/* Copy the new buffer offsets back to the user's exec list. */
struct drm_i915_gem_exec_object2 __user *user_exec_list =
- to_user_ptr(args->buffers_ptr);
+ u64_to_user_ptr(args->buffers_ptr);
int i;
for (i = 0; i < args->buffer_count; i++) {
diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c
index 43d2181..23d2528 100644
--- a/drivers/gpu/drm/msm/msm_gem_submit.c
+++ b/drivers/gpu/drm/msm/msm_gem_submit.c
@@ -28,11 +28,6 @@
#define BO_LOCKED 0x4000
#define BO_PINNED 0x2000
-static inline void __user *to_user_ptr(u64 address)
-{
- return (void __user *)(uintptr_t)address;
-}
-
static struct msm_gem_submit *submit_create(struct drm_device *dev,
struct msm_gpu *gpu, int nr)
{
@@ -68,7 +63,7 @@ static int submit_lookup_objects(struct msm_gem_submit *submit,
struct drm_gem_object *obj;
struct msm_gem_object *msm_obj;
void __user *userptr =
- to_user_ptr(args->bos + (i * sizeof(submit_bo)));
+ u64_to_user_ptr(args->bos + (i * sizeof(submit_bo)));
ret = copy_from_user(&submit_bo, userptr, sizeof(submit_bo));
if (ret) {
@@ -257,7 +252,7 @@ static int submit_reloc(struct msm_gem_submit *submit, struct msm_gem_object *ob
for (i = 0; i < nr_relocs; i++) {
struct drm_msm_gem_submit_reloc submit_reloc;
void __user *userptr =
- to_user_ptr(relocs + (i * sizeof(submit_reloc)));
+ u64_to_user_ptr(relocs + (i * sizeof(submit_reloc)));
uint32_t iova, off;
bool valid;
@@ -356,7 +351,7 @@ int msm_ioctl_gem_submit(struct drm_device *dev, void *data,
for (i = 0; i < args->nr_cmds; i++) {
struct drm_msm_gem_submit_cmd submit_cmd;
void __user *userptr =
- to_user_ptr(args->cmds + (i * sizeof(submit_cmd)));
+ u64_to_user_ptr(args->cmds + (i * sizeof(submit_cmd)));
struct msm_gem_object *msm_obj;
uint32_t iova;
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
index 2f7775e..0c843ec 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
@@ -53,6 +53,11 @@
#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
+static inline void __user *u64_to_user_ptr(u64 address)
+{
+ return (void __user *)(uintptr_t)address;
+}
+
/*
* This looks more complex than it should be. But we need to
* get the type for the ~ right in round_down (it needs to be
--
2.5.5
From: Gustavo Padovan <[email protected]>
Change SYNC_IOC_FILE_INFO (former SYNC_IOC_FENCE_INFO) behaviour to avoid
future API breaks and optimize buffer allocation.
Now num_fences can be filled by the caller to inform how many fences it
wants to retrieve from the kernel. If the num_fences passed is greater
than zero info->sync_fence_info should point to a buffer with enough space
to fit all fences.
However if num_fences passed to the kernel is 0, the kernel will reply
with number of fences of the sync_file.
Sending first an ioctl with num_fences = 0 can optimize buffer allocation,
in a first call with num_fences = 0 userspace will receive the actual
number of fences in the num_fences filed.
Then it can allocate a buffer with the correct size on sync_fence_info and
call SYNC_IOC_FILE_INFO again, but now with the actual value of num_fences
in the sync_file.
info->sync_fence_info was converted to __u64 pointer to prevent 32bit
compatibility issues. And a flags member was added.
An example userspace code for the later would be:
struct sync_file_info *info;
int err, size, num_fences;
info = malloc(sizeof(*info));
info.flags = 0;
err = ioctl(fd, SYNC_IOC_FILE_INFO, info);
num_fences = info->num_fences;
if (num_fences) {
info.flags = 0;
size = sizeof(struct sync_fence_info) * num_fences;
info->num_fences = num_fences;
info->sync_fence_info = (uint64_t) calloc(num_fences,
sizeof(struct sync_fence_info));
err = ioctl(fd, SYNC_IOC_FILE_INFO, info);
}
Finally the IOCTLs numbers were changed to avoid any potential old
userspace running the old API to get weird errors. Changing the opcodes
will make them fail right away. This is just a precaution, there no
upstream users of these interfaces yet and the only user is Android, but
we don't expect anyone trying to run android userspace and all it
dependencies on top of upstream kernels.
Signed-off-by: Gustavo Padovan <[email protected]>
Reviewed-by: Maarten Lankhorst <[email protected]>
Acked-by: Greg Hackmann <[email protected]>
Acked-by: Rob Clark <[email protected]>
Acked-by: Daniel Vetter <[email protected]>
---
v2: fix fence_info memory leak
v3: Comments from Emil Velikov
- improve commit message
- remove __u64 cast
- remove check for output fields in file_info
- clean up sync_fill_fence_info()
Comments from Maarten Lankhorst
- remove in.num_fences && !in.sync_fence_info check
- remove info->len and use only num_fences to calculate size
Comments from Dan Carpenter
- fix info->sync_fence_info documentation
v4: remove allocated struct sync_file_info (comment from Maarten)
v5: merge all commits that were changing the ABI
v6: fix -Wint-to-pointer-cast error on info.sync_fence_info
---
drivers/staging/android/sync.c | 76 ++++++++++++++++++++-----------------
drivers/staging/android/uapi/sync.h | 36 +++++++++++++-----
2 files changed, 67 insertions(+), 45 deletions(-)
diff --git a/drivers/staging/android/sync.c b/drivers/staging/android/sync.c
index 3a8f210..f9c6094 100644
--- a/drivers/staging/android/sync.c
+++ b/drivers/staging/android/sync.c
@@ -445,6 +445,11 @@ static long sync_file_ioctl_merge(struct sync_file *sync_file,
goto err_put_fd;
}
+ if (data.flags || data.pad) {
+ err = -EINVAL;
+ goto err_put_fd;
+ }
+
fence2 = sync_file_fdget(data.fd2);
if (!fence2) {
err = -ENOENT;
@@ -479,13 +484,9 @@ err_put_fd:
return err;
}
-static int sync_fill_fence_info(struct fence *fence, void *data, int size)
+static void sync_fill_fence_info(struct fence *fence,
+ struct sync_fence_info *info)
{
- struct sync_fence_info *info = data;
-
- if (size < sizeof(*info))
- return -ENOMEM;
-
strlcpy(info->obj_name, fence->ops->get_timeline_name(fence),
sizeof(info->obj_name));
strlcpy(info->driver_name, fence->ops->get_driver_name(fence),
@@ -495,58 +496,63 @@ static int sync_fill_fence_info(struct fence *fence, void *data, int size)
else
info->status = 0;
info->timestamp_ns = ktime_to_ns(fence->timestamp);
-
- return sizeof(*info);
}
static long sync_file_ioctl_fence_info(struct sync_file *sync_file,
unsigned long arg)
{
- struct sync_file_info *info;
+ struct sync_file_info info;
+ struct sync_fence_info *fence_info = NULL;
__u32 size;
- __u32 len = 0;
int ret, i;
- if (copy_from_user(&size, (void __user *)arg, sizeof(size)))
+ if (copy_from_user(&info, (void __user *)arg, sizeof(info)))
return -EFAULT;
- if (size < sizeof(struct sync_file_info))
+ if (info.flags || info.pad)
return -EINVAL;
- if (size > 4096)
- size = 4096;
-
- info = kzalloc(size, GFP_KERNEL);
- if (!info)
- return -ENOMEM;
-
- strlcpy(info->name, sync_file->name, sizeof(info->name));
- info->status = atomic_read(&sync_file->status);
- if (info->status >= 0)
- info->status = !info->status;
-
- len = sizeof(struct sync_file_info);
+ /*
+ * Passing num_fences = 0 means that userspace doesn't want to
+ * retrieve any sync_fence_info. If num_fences = 0 we skip filling
+ * sync_fence_info and return the actual number of fences on
+ * info->num_fences.
+ */
+ if (!info.num_fences)
+ goto no_fences;
- for (i = 0; i < sync_file->num_fences; ++i) {
- struct fence *fence = sync_file->cbs[i].fence;
+ if (info.num_fences < sync_file->num_fences)
+ return -EINVAL;
- ret = sync_fill_fence_info(fence, (u8 *)info + len, size - len);
+ size = sync_file->num_fences * sizeof(*fence_info);
+ fence_info = kzalloc(size, GFP_KERNEL);
+ if (!fence_info)
+ return -ENOMEM;
- if (ret < 0)
- goto out;
+ for (i = 0; i < sync_file->num_fences; ++i)
+ sync_fill_fence_info(sync_file->cbs[i].fence, &fence_info[i]);
- len += ret;
+ if (copy_to_user(u64_to_user_ptr(info.sync_fence_info), fence_info,
+ size)) {
+ ret = -EFAULT;
+ goto out;
}
- info->len = len;
+no_fences:
+ strlcpy(info.name, sync_file->name, sizeof(info.name));
+ info.status = atomic_read(&sync_file->status);
+ if (info.status >= 0)
+ info.status = !info.status;
+
+ info.num_fences = sync_file->num_fences;
- if (copy_to_user((void __user *)arg, info, len))
+ if (copy_to_user((void __user *)arg, &info, sizeof(info)))
ret = -EFAULT;
else
ret = 0;
out:
- kfree(info);
+ kfree(fence_info);
return ret;
}
@@ -560,7 +566,7 @@ static long sync_file_ioctl(struct file *file, unsigned int cmd,
case SYNC_IOC_MERGE:
return sync_file_ioctl_merge(sync_file, arg);
- case SYNC_IOC_FENCE_INFO:
+ case SYNC_IOC_FILE_INFO:
return sync_file_ioctl_fence_info(sync_file, arg);
default:
diff --git a/drivers/staging/android/uapi/sync.h b/drivers/staging/android/uapi/sync.h
index 4467c76..fbadb8a 100644
--- a/drivers/staging/android/uapi/sync.h
+++ b/drivers/staging/android/uapi/sync.h
@@ -16,14 +16,18 @@
/**
* struct sync_merge_data - data passed to merge ioctl
- * @fd2: file descriptor of second fence
* @name: name of new fence
+ * @fd2: file descriptor of second fence
* @fence: returns the fd of the new fence to userspace
+ * @flags: merge_data flags
+ * @pad: padding for 64-bit alignment, should always be zero
*/
struct sync_merge_data {
- __s32 fd2;
char name[32];
+ __s32 fd2;
__s32 fence;
+ __u32 flags;
+ __u32 pad;
};
/**
@@ -31,42 +35,54 @@ struct sync_merge_data {
* @obj_name: name of parent sync_timeline
* @driver_name: name of driver implementing the parent
* @status: status of the fence 0:active 1:signaled <0:error
+ * @flags: fence_info flags
* @timestamp_ns: timestamp of status change in nanoseconds
*/
struct sync_fence_info {
char obj_name[32];
char driver_name[32];
__s32 status;
+ __u32 flags;
__u64 timestamp_ns;
};
/**
* struct sync_file_info - data returned from fence info ioctl
- * @len: ioctl caller writes the size of the buffer its passing in.
- * ioctl returns length of sync_file_info returned to
- * userspace including pt_info.
* @name: name of fence
* @status: status of fence. 1: signaled 0:active <0:error
- * @sync_fence_info: array of sync_fence_info for every fence in the sync_file
+ * @flags: sync_file_info flags
+ * @num_fences number of fences in the sync_file
+ * @pad: padding for 64-bit alignment, should always be zero
+ * @sync_fence_info: pointer to array of structs sync_fence_info with all
+ * fences in the sync_file
*/
struct sync_file_info {
- __u32 len;
char name[32];
__s32 status;
+ __u32 flags;
+ __u32 num_fences;
+ __u32 pad;
- __u8 sync_fence_info[0];
+ __u64 sync_fence_info;
};
#define SYNC_IOC_MAGIC '>'
/**
+ * Opcodes 0, 1 and 2 were burned during a API change to avoid users of the
+ * old API to get weird errors when trying to handling sync_files. The API
+ * change happened during the de-stage of the Sync Framework when there was
+ * no upstream users available.
+ */
+
+/**
* DOC: SYNC_IOC_MERGE - merge two fences
*
* Takes a struct sync_merge_data. Creates a new fence containing copies of
* the sync_pts in both the calling fd and sync_merge_data.fd2. Returns the
* new fence's fd in sync_merge_data.fence
*/
-#define SYNC_IOC_MERGE _IOWR(SYNC_IOC_MAGIC, 1, struct sync_merge_data)
+#define SYNC_IOC_MERGE _IOWR(SYNC_IOC_MAGIC, 3, struct sync_merge_data)
/**
* DOC: SYNC_IOC_FENCE_INFO - get detailed information on a fence
@@ -79,6 +95,6 @@ struct sync_file_info {
* pt_info is a buffer containing sync_pt_infos for every sync_pt in the fence.
* To iterate over the sync_pt_infos, use the sync_pt_info.len field.
*/
-#define SYNC_IOC_FENCE_INFO _IOWR(SYNC_IOC_MAGIC, 2, struct sync_file_info)
+#define SYNC_IOC_FILE_INFO _IOWR(SYNC_IOC_MAGIC, 4, struct sync_file_info)
#endif /* _UAPI_LINUX_SYNC_H */
--
2.5.5
Op 19-04-16 om 22:42 schreef Gustavo Padovan:
> From: Gustavo Padovan <[email protected]>
>
> This function had copies in 3 different files. Unify them in kernel.h.
>
> Cc: Joe Perches <[email protected]>
> Cc: Andrew Morton <[email protected]>
> Cc: David Airlie <[email protected]>
> Cc: Daniel Vetter <[email protected]>
> Cc: Rob Clark <[email protected]>
> Signed-off-by: Gustavo Padovan <[email protected]>
> ---
> drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c | 11 +++--------
> drivers/gpu/drm/i915/i915_drv.h | 5 -----
> drivers/gpu/drm/i915/i915_gem.c | 14 +++++++-------
> drivers/gpu/drm/i915/i915_gem_execbuffer.c | 14 +++++++-------
> drivers/gpu/drm/msm/msm_gem_submit.c | 11 +++--------
> include/linux/kernel.h | 5 +++++
> 6 files changed, 25 insertions(+), 35 deletions(-)
>
> diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
> index 236ada9..afdd55d 100644
> --- a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
> +++ b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
> @@ -28,11 +28,6 @@
> #define BO_LOCKED 0x4000
> #define BO_PINNED 0x2000
>
> -static inline void __user *to_user_ptr(u64 address)
> -{
> - return (void __user *)(uintptr_t)address;
> -}
> -
> static struct etnaviv_gem_submit *submit_create(struct drm_device *dev,
> struct etnaviv_gpu *gpu, size_t nr)
> {
> @@ -347,21 +342,21 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data,
> cmdbuf->exec_state = args->exec_state;
> cmdbuf->ctx = file->driver_priv;
>
> - ret = copy_from_user(bos, to_user_ptr(args->bos),
> + ret = copy_from_user(bos, u64_to_user_ptr(args->bos),
> args->nr_bos * sizeof(*bos));
> if (ret) {
> ret = -EFAULT;
> goto err_submit_cmds;
> }
>
> - ret = copy_from_user(relocs, to_user_ptr(args->relocs),
> + ret = copy_from_user(relocs, u64_to_user_ptr(args->relocs),
> args->nr_relocs * sizeof(*relocs));
> if (ret) {
> ret = -EFAULT;
> goto err_submit_cmds;
> }
>
> - ret = copy_from_user(stream, to_user_ptr(args->stream),
> + ret = copy_from_user(stream, u64_to_user_ptr(args->stream),
> args->stream_size);
> if (ret) {
> ret = -EFAULT;
> diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
> index 1048093..bb624cc 100644
> --- a/drivers/gpu/drm/i915/i915_drv.h
> +++ b/drivers/gpu/drm/i915/i915_drv.h
> @@ -3576,11 +3576,6 @@ static inline i915_reg_t i915_vgacntrl_reg(struct drm_device *dev)
> return VGACNTRL;
> }
>
> -static inline void __user *to_user_ptr(u64 address)
> -{
> - return (void __user *)(uintptr_t)address;
> -}
> -
> static inline unsigned long msecs_to_jiffies_timeout(const unsigned int m)
> {
> unsigned long j = msecs_to_jiffies(m);
> diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
> index dabc089..2889716 100644
> --- a/drivers/gpu/drm/i915/i915_gem.c
> +++ b/drivers/gpu/drm/i915/i915_gem.c
> @@ -324,7 +324,7 @@ i915_gem_phys_pwrite(struct drm_i915_gem_object *obj,
> {
> struct drm_device *dev = obj->base.dev;
> void *vaddr = obj->phys_handle->vaddr + args->offset;
> - char __user *user_data = to_user_ptr(args->data_ptr);
> + char __user *user_data = u64_to_user_ptr(args->data_ptr);
> int ret = 0;
>
> /* We manually control the domain here and pretend that it
> @@ -605,7 +605,7 @@ i915_gem_shmem_pread(struct drm_device *dev,
> int needs_clflush = 0;
> struct sg_page_iter sg_iter;
>
> - user_data = to_user_ptr(args->data_ptr);
> + user_data = u64_to_user_ptr(args->data_ptr);
> remain = args->size;
>
> obj_do_bit17_swizzling = i915_gem_object_needs_bit17_swizzle(obj);
> @@ -692,7 +692,7 @@ i915_gem_pread_ioctl(struct drm_device *dev, void *data,
> return 0;
>
> if (!access_ok(VERIFY_WRITE,
> - to_user_ptr(args->data_ptr),
> + u64_to_user_ptr(args->data_ptr),
> args->size))
> return -EFAULT;
>
> @@ -783,7 +783,7 @@ i915_gem_gtt_pwrite_fast(struct drm_device *dev,
> if (ret)
> goto out_unpin;
>
> - user_data = to_user_ptr(args->data_ptr);
> + user_data = u64_to_user_ptr(args->data_ptr);
> remain = args->size;
>
> offset = i915_gem_obj_ggtt_offset(obj) + args->offset;
> @@ -907,7 +907,7 @@ i915_gem_shmem_pwrite(struct drm_device *dev,
> int needs_clflush_before = 0;
> struct sg_page_iter sg_iter;
>
> - user_data = to_user_ptr(args->data_ptr);
> + user_data = u64_to_user_ptr(args->data_ptr);
> remain = args->size;
>
> obj_do_bit17_swizzling = i915_gem_object_needs_bit17_swizzle(obj);
> @@ -1036,12 +1036,12 @@ i915_gem_pwrite_ioctl(struct drm_device *dev, void *data,
> return 0;
>
> if (!access_ok(VERIFY_READ,
> - to_user_ptr(args->data_ptr),
> + u64_to_user_ptr(args->data_ptr),
> args->size))
> return -EFAULT;
>
> if (likely(!i915.prefault_disable)) {
> - ret = fault_in_multipages_readable(to_user_ptr(args->data_ptr),
> + ret = fault_in_multipages_readable(u64_to_user_ptr(args->data_ptr),
> args->size);
> if (ret)
> return -EFAULT;
> diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> index 1328bc5..e60b4e7 100644
> --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> @@ -514,7 +514,7 @@ i915_gem_execbuffer_relocate_vma(struct i915_vma *vma,
> struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
> int remain, ret;
>
> - user_relocs = to_user_ptr(entry->relocs_ptr);
> + user_relocs = u64_to_user_ptr(entry->relocs_ptr);
>
> remain = entry->relocation_count;
> while (remain) {
> @@ -865,7 +865,7 @@ i915_gem_execbuffer_relocate_slow(struct drm_device *dev,
> u64 invalid_offset = (u64)-1;
> int j;
>
> - user_relocs = to_user_ptr(exec[i].relocs_ptr);
> + user_relocs = u64_to_user_ptr(exec[i].relocs_ptr);
>
> if (copy_from_user(reloc+total, user_relocs,
> exec[i].relocation_count * sizeof(*reloc))) {
> @@ -1009,7 +1009,7 @@ validate_exec_list(struct drm_device *dev,
> invalid_flags |= EXEC_OBJECT_NEEDS_GTT;
>
> for (i = 0; i < count; i++) {
> - char __user *ptr = to_user_ptr(exec[i].relocs_ptr);
> + char __user *ptr = u64_to_user_ptr(exec[i].relocs_ptr);
> int length; /* limited by fault_in_pages_readable() */
>
> if (exec[i].flags & invalid_flags)
> @@ -1696,7 +1696,7 @@ i915_gem_execbuffer(struct drm_device *dev, void *data,
> return -ENOMEM;
> }
> ret = copy_from_user(exec_list,
> - to_user_ptr(args->buffers_ptr),
> + u64_to_user_ptr(args->buffers_ptr),
> sizeof(*exec_list) * args->buffer_count);
> if (ret != 0) {
> DRM_DEBUG("copy %d exec entries failed %d\n",
> @@ -1732,7 +1732,7 @@ i915_gem_execbuffer(struct drm_device *dev, void *data,
> ret = i915_gem_do_execbuffer(dev, data, file, &exec2, exec2_list);
> if (!ret) {
> struct drm_i915_gem_exec_object __user *user_exec_list =
> - to_user_ptr(args->buffers_ptr);
> + u64_to_user_ptr(args->buffers_ptr);
>
> /* Copy the new buffer offsets back to the user's exec list. */
> for (i = 0; i < args->buffer_count; i++) {
> @@ -1786,7 +1786,7 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data,
> return -ENOMEM;
> }
> ret = copy_from_user(exec2_list,
> - to_user_ptr(args->buffers_ptr),
> + u64_to_user_ptr(args->buffers_ptr),
> sizeof(*exec2_list) * args->buffer_count);
> if (ret != 0) {
> DRM_DEBUG("copy %d exec entries failed %d\n",
> @@ -1799,7 +1799,7 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data,
> if (!ret) {
> /* Copy the new buffer offsets back to the user's exec list. */
> struct drm_i915_gem_exec_object2 __user *user_exec_list =
> - to_user_ptr(args->buffers_ptr);
> + u64_to_user_ptr(args->buffers_ptr);
> int i;
>
> for (i = 0; i < args->buffer_count; i++) {
> diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c
> index 43d2181..23d2528 100644
> --- a/drivers/gpu/drm/msm/msm_gem_submit.c
> +++ b/drivers/gpu/drm/msm/msm_gem_submit.c
> @@ -28,11 +28,6 @@
> #define BO_LOCKED 0x4000
> #define BO_PINNED 0x2000
>
> -static inline void __user *to_user_ptr(u64 address)
> -{
> - return (void __user *)(uintptr_t)address;
> -}
> -
> static struct msm_gem_submit *submit_create(struct drm_device *dev,
> struct msm_gpu *gpu, int nr)
> {
> @@ -68,7 +63,7 @@ static int submit_lookup_objects(struct msm_gem_submit *submit,
> struct drm_gem_object *obj;
> struct msm_gem_object *msm_obj;
> void __user *userptr =
> - to_user_ptr(args->bos + (i * sizeof(submit_bo)));
> + u64_to_user_ptr(args->bos + (i * sizeof(submit_bo)));
>
> ret = copy_from_user(&submit_bo, userptr, sizeof(submit_bo));
> if (ret) {
> @@ -257,7 +252,7 @@ static int submit_reloc(struct msm_gem_submit *submit, struct msm_gem_object *ob
> for (i = 0; i < nr_relocs; i++) {
> struct drm_msm_gem_submit_reloc submit_reloc;
> void __user *userptr =
> - to_user_ptr(relocs + (i * sizeof(submit_reloc)));
> + u64_to_user_ptr(relocs + (i * sizeof(submit_reloc)));
> uint32_t iova, off;
> bool valid;
>
> @@ -356,7 +351,7 @@ int msm_ioctl_gem_submit(struct drm_device *dev, void *data,
> for (i = 0; i < args->nr_cmds; i++) {
> struct drm_msm_gem_submit_cmd submit_cmd;
> void __user *userptr =
> - to_user_ptr(args->cmds + (i * sizeof(submit_cmd)));
> + u64_to_user_ptr(args->cmds + (i * sizeof(submit_cmd)));
> struct msm_gem_object *msm_obj;
> uint32_t iova;
>
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index 2f7775e..0c843ec 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -53,6 +53,11 @@
>
> #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
>
> +static inline void __user *u64_to_user_ptr(u64 address)
> +{
> + return (void __user *)(uintptr_t)address;
> +}
This could cast any integer to a user ptr, maybe add some preprocessor magic to only allow u64?
~Maarten
2016-04-20 Maarten Lankhorst <[email protected]>:
> Op 19-04-16 om 22:42 schreef Gustavo Padovan:
> > From: Gustavo Padovan <[email protected]>
> >
> > This function had copies in 3 different files. Unify them in kernel.h.
> >
> > Cc: Joe Perches <[email protected]>
> > Cc: Andrew Morton <[email protected]>
> > Cc: David Airlie <[email protected]>
> > Cc: Daniel Vetter <[email protected]>
> > Cc: Rob Clark <[email protected]>
> > Signed-off-by: Gustavo Padovan <[email protected]>
> > ---
> > drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c | 11 +++--------
> > drivers/gpu/drm/i915/i915_drv.h | 5 -----
> > drivers/gpu/drm/i915/i915_gem.c | 14 +++++++-------
> > drivers/gpu/drm/i915/i915_gem_execbuffer.c | 14 +++++++-------
> > drivers/gpu/drm/msm/msm_gem_submit.c | 11 +++--------
> > include/linux/kernel.h | 5 +++++
> > 6 files changed, 25 insertions(+), 35 deletions(-)
> >
> > diff --git a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
> > index 236ada9..afdd55d 100644
> > --- a/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
> > +++ b/drivers/gpu/drm/etnaviv/etnaviv_gem_submit.c
> > @@ -28,11 +28,6 @@
> > #define BO_LOCKED 0x4000
> > #define BO_PINNED 0x2000
> >
> > -static inline void __user *to_user_ptr(u64 address)
> > -{
> > - return (void __user *)(uintptr_t)address;
> > -}
> > -
> > static struct etnaviv_gem_submit *submit_create(struct drm_device *dev,
> > struct etnaviv_gpu *gpu, size_t nr)
> > {
> > @@ -347,21 +342,21 @@ int etnaviv_ioctl_gem_submit(struct drm_device *dev, void *data,
> > cmdbuf->exec_state = args->exec_state;
> > cmdbuf->ctx = file->driver_priv;
> >
> > - ret = copy_from_user(bos, to_user_ptr(args->bos),
> > + ret = copy_from_user(bos, u64_to_user_ptr(args->bos),
> > args->nr_bos * sizeof(*bos));
> > if (ret) {
> > ret = -EFAULT;
> > goto err_submit_cmds;
> > }
> >
> > - ret = copy_from_user(relocs, to_user_ptr(args->relocs),
> > + ret = copy_from_user(relocs, u64_to_user_ptr(args->relocs),
> > args->nr_relocs * sizeof(*relocs));
> > if (ret) {
> > ret = -EFAULT;
> > goto err_submit_cmds;
> > }
> >
> > - ret = copy_from_user(stream, to_user_ptr(args->stream),
> > + ret = copy_from_user(stream, u64_to_user_ptr(args->stream),
> > args->stream_size);
> > if (ret) {
> > ret = -EFAULT;
> > diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
> > index 1048093..bb624cc 100644
> > --- a/drivers/gpu/drm/i915/i915_drv.h
> > +++ b/drivers/gpu/drm/i915/i915_drv.h
> > @@ -3576,11 +3576,6 @@ static inline i915_reg_t i915_vgacntrl_reg(struct drm_device *dev)
> > return VGACNTRL;
> > }
> >
> > -static inline void __user *to_user_ptr(u64 address)
> > -{
> > - return (void __user *)(uintptr_t)address;
> > -}
> > -
> > static inline unsigned long msecs_to_jiffies_timeout(const unsigned int m)
> > {
> > unsigned long j = msecs_to_jiffies(m);
> > diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
> > index dabc089..2889716 100644
> > --- a/drivers/gpu/drm/i915/i915_gem.c
> > +++ b/drivers/gpu/drm/i915/i915_gem.c
> > @@ -324,7 +324,7 @@ i915_gem_phys_pwrite(struct drm_i915_gem_object *obj,
> > {
> > struct drm_device *dev = obj->base.dev;
> > void *vaddr = obj->phys_handle->vaddr + args->offset;
> > - char __user *user_data = to_user_ptr(args->data_ptr);
> > + char __user *user_data = u64_to_user_ptr(args->data_ptr);
> > int ret = 0;
> >
> > /* We manually control the domain here and pretend that it
> > @@ -605,7 +605,7 @@ i915_gem_shmem_pread(struct drm_device *dev,
> > int needs_clflush = 0;
> > struct sg_page_iter sg_iter;
> >
> > - user_data = to_user_ptr(args->data_ptr);
> > + user_data = u64_to_user_ptr(args->data_ptr);
> > remain = args->size;
> >
> > obj_do_bit17_swizzling = i915_gem_object_needs_bit17_swizzle(obj);
> > @@ -692,7 +692,7 @@ i915_gem_pread_ioctl(struct drm_device *dev, void *data,
> > return 0;
> >
> > if (!access_ok(VERIFY_WRITE,
> > - to_user_ptr(args->data_ptr),
> > + u64_to_user_ptr(args->data_ptr),
> > args->size))
> > return -EFAULT;
> >
> > @@ -783,7 +783,7 @@ i915_gem_gtt_pwrite_fast(struct drm_device *dev,
> > if (ret)
> > goto out_unpin;
> >
> > - user_data = to_user_ptr(args->data_ptr);
> > + user_data = u64_to_user_ptr(args->data_ptr);
> > remain = args->size;
> >
> > offset = i915_gem_obj_ggtt_offset(obj) + args->offset;
> > @@ -907,7 +907,7 @@ i915_gem_shmem_pwrite(struct drm_device *dev,
> > int needs_clflush_before = 0;
> > struct sg_page_iter sg_iter;
> >
> > - user_data = to_user_ptr(args->data_ptr);
> > + user_data = u64_to_user_ptr(args->data_ptr);
> > remain = args->size;
> >
> > obj_do_bit17_swizzling = i915_gem_object_needs_bit17_swizzle(obj);
> > @@ -1036,12 +1036,12 @@ i915_gem_pwrite_ioctl(struct drm_device *dev, void *data,
> > return 0;
> >
> > if (!access_ok(VERIFY_READ,
> > - to_user_ptr(args->data_ptr),
> > + u64_to_user_ptr(args->data_ptr),
> > args->size))
> > return -EFAULT;
> >
> > if (likely(!i915.prefault_disable)) {
> > - ret = fault_in_multipages_readable(to_user_ptr(args->data_ptr),
> > + ret = fault_in_multipages_readable(u64_to_user_ptr(args->data_ptr),
> > args->size);
> > if (ret)
> > return -EFAULT;
> > diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> > index 1328bc5..e60b4e7 100644
> > --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> > +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
> > @@ -514,7 +514,7 @@ i915_gem_execbuffer_relocate_vma(struct i915_vma *vma,
> > struct drm_i915_gem_exec_object2 *entry = vma->exec_entry;
> > int remain, ret;
> >
> > - user_relocs = to_user_ptr(entry->relocs_ptr);
> > + user_relocs = u64_to_user_ptr(entry->relocs_ptr);
> >
> > remain = entry->relocation_count;
> > while (remain) {
> > @@ -865,7 +865,7 @@ i915_gem_execbuffer_relocate_slow(struct drm_device *dev,
> > u64 invalid_offset = (u64)-1;
> > int j;
> >
> > - user_relocs = to_user_ptr(exec[i].relocs_ptr);
> > + user_relocs = u64_to_user_ptr(exec[i].relocs_ptr);
> >
> > if (copy_from_user(reloc+total, user_relocs,
> > exec[i].relocation_count * sizeof(*reloc))) {
> > @@ -1009,7 +1009,7 @@ validate_exec_list(struct drm_device *dev,
> > invalid_flags |= EXEC_OBJECT_NEEDS_GTT;
> >
> > for (i = 0; i < count; i++) {
> > - char __user *ptr = to_user_ptr(exec[i].relocs_ptr);
> > + char __user *ptr = u64_to_user_ptr(exec[i].relocs_ptr);
> > int length; /* limited by fault_in_pages_readable() */
> >
> > if (exec[i].flags & invalid_flags)
> > @@ -1696,7 +1696,7 @@ i915_gem_execbuffer(struct drm_device *dev, void *data,
> > return -ENOMEM;
> > }
> > ret = copy_from_user(exec_list,
> > - to_user_ptr(args->buffers_ptr),
> > + u64_to_user_ptr(args->buffers_ptr),
> > sizeof(*exec_list) * args->buffer_count);
> > if (ret != 0) {
> > DRM_DEBUG("copy %d exec entries failed %d\n",
> > @@ -1732,7 +1732,7 @@ i915_gem_execbuffer(struct drm_device *dev, void *data,
> > ret = i915_gem_do_execbuffer(dev, data, file, &exec2, exec2_list);
> > if (!ret) {
> > struct drm_i915_gem_exec_object __user *user_exec_list =
> > - to_user_ptr(args->buffers_ptr);
> > + u64_to_user_ptr(args->buffers_ptr);
> >
> > /* Copy the new buffer offsets back to the user's exec list. */
> > for (i = 0; i < args->buffer_count; i++) {
> > @@ -1786,7 +1786,7 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data,
> > return -ENOMEM;
> > }
> > ret = copy_from_user(exec2_list,
> > - to_user_ptr(args->buffers_ptr),
> > + u64_to_user_ptr(args->buffers_ptr),
> > sizeof(*exec2_list) * args->buffer_count);
> > if (ret != 0) {
> > DRM_DEBUG("copy %d exec entries failed %d\n",
> > @@ -1799,7 +1799,7 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data,
> > if (!ret) {
> > /* Copy the new buffer offsets back to the user's exec list. */
> > struct drm_i915_gem_exec_object2 __user *user_exec_list =
> > - to_user_ptr(args->buffers_ptr);
> > + u64_to_user_ptr(args->buffers_ptr);
> > int i;
> >
> > for (i = 0; i < args->buffer_count; i++) {
> > diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c
> > index 43d2181..23d2528 100644
> > --- a/drivers/gpu/drm/msm/msm_gem_submit.c
> > +++ b/drivers/gpu/drm/msm/msm_gem_submit.c
> > @@ -28,11 +28,6 @@
> > #define BO_LOCKED 0x4000
> > #define BO_PINNED 0x2000
> >
> > -static inline void __user *to_user_ptr(u64 address)
> > -{
> > - return (void __user *)(uintptr_t)address;
> > -}
> > -
> > static struct msm_gem_submit *submit_create(struct drm_device *dev,
> > struct msm_gpu *gpu, int nr)
> > {
> > @@ -68,7 +63,7 @@ static int submit_lookup_objects(struct msm_gem_submit *submit,
> > struct drm_gem_object *obj;
> > struct msm_gem_object *msm_obj;
> > void __user *userptr =
> > - to_user_ptr(args->bos + (i * sizeof(submit_bo)));
> > + u64_to_user_ptr(args->bos + (i * sizeof(submit_bo)));
> >
> > ret = copy_from_user(&submit_bo, userptr, sizeof(submit_bo));
> > if (ret) {
> > @@ -257,7 +252,7 @@ static int submit_reloc(struct msm_gem_submit *submit, struct msm_gem_object *ob
> > for (i = 0; i < nr_relocs; i++) {
> > struct drm_msm_gem_submit_reloc submit_reloc;
> > void __user *userptr =
> > - to_user_ptr(relocs + (i * sizeof(submit_reloc)));
> > + u64_to_user_ptr(relocs + (i * sizeof(submit_reloc)));
> > uint32_t iova, off;
> > bool valid;
> >
> > @@ -356,7 +351,7 @@ int msm_ioctl_gem_submit(struct drm_device *dev, void *data,
> > for (i = 0; i < args->nr_cmds; i++) {
> > struct drm_msm_gem_submit_cmd submit_cmd;
> > void __user *userptr =
> > - to_user_ptr(args->cmds + (i * sizeof(submit_cmd)));
> > + u64_to_user_ptr(args->cmds + (i * sizeof(submit_cmd)));
> > struct msm_gem_object *msm_obj;
> > uint32_t iova;
> >
> > diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> > index 2f7775e..0c843ec 100644
> > --- a/include/linux/kernel.h
> > +++ b/include/linux/kernel.h
> > @@ -53,6 +53,11 @@
> >
> > #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
> >
> > +static inline void __user *u64_to_user_ptr(u64 address)
> > +{
> > + return (void __user *)(uintptr_t)address;
> > +}
> This could cast any integer to a user ptr, maybe add some preprocessor magic to only allow u64?
Right, that makes sense. I'll add typecheck() and send an updated v11 version.
Gustavo