lnet_ipif_enumerate was assigning a pointer from kernel space to user
space. This patch uses copy_to_user to properly do that assignment.
Signed-off-by: Quentin Lambert <[email protected]>
---
shouldn't we be using ifc_req instead of ifc_buf?
drivers/staging/lustre/lnet/lnet/lib-socket.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/staging/lustre/lnet/lnet/lib-socket.c
+++ b/drivers/staging/lustre/lnet/lnet/lib-socket.c
@@ -181,7 +181,13 @@ lnet_ipif_enumerate(char ***namesp)
goto out0;
}
- ifc.ifc_buf = (char *)ifr;
+ rc = copy_to_user(ifc.ifc_buf, (char *)ifr,
+ nalloc * sizeof(*ifr));
+ if (rc) {
+ rc = -ENOMEM;
+ goto out1;
+ }
+
ifc.ifc_len = nalloc * sizeof(*ifr);
rc = lnet_sock_ioctl(SIOCGIFCONF, (unsigned long)&ifc);
On Fri, Dec 02, 2016 at 06:33:32PM +0100, Quentin Lambert wrote:
> lnet_ipif_enumerate was assigning a pointer from kernel space to user
> space. This patch uses copy_to_user to properly do that assignment.
Put the exact warning message here.
>
> Signed-off-by: Quentin Lambert <[email protected]>
> ---
> shouldn't we be using ifc_req instead of ifc_buf?
>
> drivers/staging/lustre/lnet/lnet/lib-socket.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> --- a/drivers/staging/lustre/lnet/lnet/lib-socket.c
> +++ b/drivers/staging/lustre/lnet/lnet/lib-socket.c
> @@ -181,7 +181,13 @@ lnet_ipif_enumerate(char ***namesp)
> goto out0;
> }
>
> - ifc.ifc_buf = (char *)ifr;
> + rc = copy_to_user(ifc.ifc_buf, (char *)ifr,
> + nalloc * sizeof(*ifr));
> + if (rc) {
> + rc = -ENOMEM;
> + goto out1;
> + }
No idea what's going on here. The original code is correct.
regards,
dan carpenter
On Dec 2, 2016, at 12:33 PM, Quentin Lambert wrote:
> lnet_ipif_enumerate was assigning a pointer from kernel space to user
> space. This patch uses copy_to_user to properly do that assignment.
I guess it's a false positive?
While lnet_sock_ioctl()->kernel_sock_unlocked_ioctl() does call into the
f_op->unlocked_ioctl() with a userspace argument, note that we have
set_fs(KERNEL_DS); in there, therefore allowig copy_from_user
and friends to work on kernel data too as if it was userspace.
(I know it's ugly and we need to find a better way of getting this data,
but at least it's not incorrect).
>
> Signed-off-by: Quentin Lambert <[email protected]>
> ---
> shouldn't we be using ifc_req instead of ifc_buf?
>
> drivers/staging/lustre/lnet/lnet/lib-socket.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> --- a/drivers/staging/lustre/lnet/lnet/lib-socket.c
> +++ b/drivers/staging/lustre/lnet/lnet/lib-socket.c
> @@ -181,7 +181,13 @@ lnet_ipif_enumerate(char ***namesp)
> goto out0;
> }
>
> - ifc.ifc_buf = (char *)ifr;
> + rc = copy_to_user(ifc.ifc_buf, (char *)ifr,
> + nalloc * sizeof(*ifr));
> + if (rc) {
> + rc = -ENOMEM;
> + goto out1;
> + }
> +
> ifc.ifc_len = nalloc * sizeof(*ifr);
>
> rc = lnet_sock_ioctl(SIOCGIFCONF, (unsigned long)&ifc);
> _______________________________________________
> lustre-devel mailing list
> [email protected]
> http://lists.lustre.org/listinfo.cgi/lustre-devel-lustre.org
On 12/05/2016 11:58 PM, Oleg Drokin wrote:
> I guess it's a false positive?
Yes, probably.
Thank you for the explanation though, I don't fully understand all this yet,
I am still learning.
Sorry for the noise.
Quentin
Hi all,
I am looking at the drivers/staging/lustre/lustre/llite/dir.c:
1469 /* Call mdc_iocontrol */
1470 rc = obd_iocontrol(LL_IOC_FID2MDTIDX, exp,
sizeof(fid), &fid,
1471 &index);
1472 if (rc)
and sparse says:
drivers/staging/lustre/lustre/llite/dir.c:1471:37: warning: incorrect
type in argument 5 (different address spaces)
I was wondering if there was any value to add a cast to fix the warning?
And I guess this solution would also apply in my original patch to
drivers/staging/lustre/lnet/lnet/lib-socket.c
Quentin
On Wed, Dec 07, 2016 at 04:20:06PM +0100, Quentin Lambert wrote:
> Hi all,
>
> I am looking at the drivers/staging/lustre/lustre/llite/dir.c:
>
> 1469 /* Call mdc_iocontrol */
> 1470 rc = obd_iocontrol(LL_IOC_FID2MDTIDX, exp,
> sizeof(fid), &fid,
> 1471 &index);
> 1472 if (rc)
>
> and sparse says:
>
> drivers/staging/lustre/lustre/llite/dir.c:1471:37: warning:
> incorrect type in argument 5 (different address spaces)
>
> I was wondering if there was any value to add a cast to fix the warning?
> And I guess this solution would also apply in my original patch to
>
> drivers/staging/lustre/lnet/lnet/lib-socket.c
Just leave these alone until someone can come clean it up properly.
Warnings are good! People have spent years and years to create
programs to print warnings. Don't silence the warning by adding a cast.
The warning means show that the code is dangerous.
regards,
dan carpenter
Lustre is kind of a mess with regards to keeping user and kernel
pointers separate. It's not going to be easy to fix.
regards,
dan carpenter
On 12/07/2016 04:33 PM, Dan Carpenter wrote:
> Lustre is kind of a mess with regards to keeping user and kernel
> pointers separate. It's not going to be easy to fix.
Fair enough.
I am trying to make a contribution to drivers/staging using sparse.
With that in mind, do you still fill I should keep clear of lustre?
I feel that actually doing the work properly could be a meaningful
learning experience.
I start to understand now, that what I was proposing before was
more of a hack than a solution and would have resulted in hiding
meaningful infos.
Quentin
On Dec 7, 2016, at 10:33 AM, Dan Carpenter wrote:
> Lustre is kind of a mess with regards to keeping user and kernel
> pointers separate. It's not going to be easy to fix.
Actually I believe I made significant inroads in properly cleaning (almost?) everything
in this area about a year ago (to the point that only false positives were left).
I guess some more stuff crept in, I'll just make another run through and see
what else I can improve.
On Dec 7, 2016, at 10:20 AM, Quentin Lambert wrote:
> Hi all,
>
> I am looking at the drivers/staging/lustre/lustre/llite/dir.c:
>
> 1469 /* Call mdc_iocontrol */
> 1470 rc = obd_iocontrol(LL_IOC_FID2MDTIDX, exp, sizeof(fid), &fid,
> 1471 &index);
> 1472 if (rc)
>
> and sparse says:
>
> drivers/staging/lustre/lustre/llite/dir.c:1471:37: warning: incorrect type in argument 5 (different address spaces)
>
> I was wondering if there was any value to add a cast to fix the warning?
These's a sister warning to this one, btw, in
drivers/staging/lustre/lustre/lmv/lmv_obd.c:996:19: warning: cast removes address space of expression
It is an ugly kludge and I guess needs to just be reworked somehow instead to avoid
these ugly games.
On Wed, Dec 07, 2016 at 04:42:30PM +0100, Quentin Lambert wrote:
>
>
> On 12/07/2016 04:33 PM, Dan Carpenter wrote:
> >Lustre is kind of a mess with regards to keeping user and kernel
> >pointers separate. It's not going to be easy to fix.
> Fair enough.
> I am trying to make a contribution to drivers/staging using sparse.
> With that in mind, do you still fill I should keep clear of lustre?
> I feel that actually doing the work properly could be a meaningful
> learning experience.
It's just that you're the fifth person to look at lustre __user
annotations and it doesn't end well. You need to be a lustre expert
who can test things.
But for other lustre things, feel free.
regards,
dan carpenter
> > On 12/07/2016 04:33 PM, Dan Carpenter wrote:
> > >Lustre is kind of a mess with regards to keeping user and kernel
> > >pointers separate. It's not going to be easy to fix.
> > Fair enough.
> > I am trying to make a contribution to drivers/staging using sparse.
> > With that in mind, do you still fill I should keep clear of lustre?
> > I feel that actually doing the work properly could be a meaningful
> > learning experience.
>
> It's just that you're the fifth person to look at lustre __user
> annotations and it doesn't end well. You need to be a lustre expert
> who can test things.
>
> But for other lustre things, feel free.
Actually we are working to fix this issue. We are working on a
process that lustre patch posted here get sucked up and put
into our test harness automatically. It needs more love but its
coming along.