Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753222AbcLEW6X (ORCPT <rfc822;w@1wt.eu>);
        Mon, 5 Dec 2016 17:58:23 -0500
Received: from mga07.intel.com ([134.134.136.100]:49831 "EHLO mga07.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752963AbcLEW6V (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 5 Dec 2016 17:58:21 -0500
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.33,749,1477983600"; 
   d="scan'208";a="199325615"
Subject: Re: [lustre-devel] [PATCH] staging: lustre: Fix a spatch warning due to an assignment from kernel to user space
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset=us-ascii
From: Oleg Drokin <oleg.drokin@intel.com>
In-Reply-To: <20161202173332.5100-1-lambert.quentin@gmail.com>
Date: Mon, 5 Dec 2016 17:58:06 -0500
Cc: Andreas Dilger <andreas.dilger@intel.com>,
        James Simmons <jsimmons@infradead.org>,
        "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
        <lustre-devel@lists.lustre.org>, <devel@driverdev.osuosl.org>,
        <linux-kernel@vger.kernel.org>, <kernel-janitors@vger.kernel.org>
Content-Transfer-Encoding: 7bit
Message-Id: <306D1D4D-A949-44F6-BAFE-44F08F609D9B@intel.com>
References: <20161202173332.5100-1-lambert.quentin@gmail.com>
To: Quentin Lambert <lambert.quentin@gmail.com>
X-Mailer: Apple Mail (2.1283)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1490
Lines: 44


On Dec 2, 2016, at 12:33 PM, Quentin Lambert wrote:

> lnet_ipif_enumerate was assigning a pointer from kernel space to user
> space. This patch uses copy_to_user to properly do that assignment.

I guess it's a false positive?

While lnet_sock_ioctl()->kernel_sock_unlocked_ioctl() does call into the
f_op->unlocked_ioctl() with a userspace argument, note that we have
set_fs(KERNEL_DS); in there, therefore allowig copy_from_user
and friends to work on kernel data too as if it was userspace.
(I know it's ugly and we need to find a better way of getting this data,
but at least it's not incorrect).

> 
> Signed-off-by: Quentin Lambert <lambert.quentin@gmail.com>
> ---
> shouldn't we be using ifc_req instead of ifc_buf?
> 
> drivers/staging/lustre/lnet/lnet/lib-socket.c |    8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
> 
> --- a/drivers/staging/lustre/lnet/lnet/lib-socket.c
> +++ b/drivers/staging/lustre/lnet/lnet/lib-socket.c
> @@ -181,7 +181,13 @@ lnet_ipif_enumerate(char ***namesp)
> 			goto out0;
> 		}
> 
> -		ifc.ifc_buf = (char *)ifr;
> +		rc = copy_to_user(ifc.ifc_buf, (char *)ifr,
> +				  nalloc * sizeof(*ifr));
> +		if (rc) {
> +			rc = -ENOMEM;
> +			goto out1;
> +		}
> +
> 		ifc.ifc_len = nalloc * sizeof(*ifr);
> 
> 		rc = lnet_sock_ioctl(SIOCGIFCONF, (unsigned long)&ifc);
> _______________________________________________
> lustre-devel mailing list
> lustre-devel@lists.lustre.org
> http://lists.lustre.org/listinfo.cgi/lustre-devel-lustre.org