Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753222AbcLEW6X (ORCPT ); Mon, 5 Dec 2016 17:58:23 -0500 Received: from mga07.intel.com ([134.134.136.100]:49831 "EHLO mga07.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752963AbcLEW6V (ORCPT ); Mon, 5 Dec 2016 17:58:21 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.33,749,1477983600"; d="scan'208";a="199325615" Subject: Re: [lustre-devel] [PATCH] staging: lustre: Fix a spatch warning due to an assignment from kernel to user space Mime-Version: 1.0 (Apple Message framework v1283) Content-Type: text/plain; charset=us-ascii From: Oleg Drokin In-Reply-To: <20161202173332.5100-1-lambert.quentin@gmail.com> Date: Mon, 5 Dec 2016 17:58:06 -0500 Cc: Andreas Dilger , James Simmons , "Greg Kroah-Hartman" , , , , Content-Transfer-Encoding: 7bit Message-Id: <306D1D4D-A949-44F6-BAFE-44F08F609D9B@intel.com> References: <20161202173332.5100-1-lambert.quentin@gmail.com> To: Quentin Lambert X-Mailer: Apple Mail (2.1283) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1490 Lines: 44 On Dec 2, 2016, at 12:33 PM, Quentin Lambert wrote: > lnet_ipif_enumerate was assigning a pointer from kernel space to user > space. This patch uses copy_to_user to properly do that assignment. I guess it's a false positive? While lnet_sock_ioctl()->kernel_sock_unlocked_ioctl() does call into the f_op->unlocked_ioctl() with a userspace argument, note that we have set_fs(KERNEL_DS); in there, therefore allowig copy_from_user and friends to work on kernel data too as if it was userspace. (I know it's ugly and we need to find a better way of getting this data, but at least it's not incorrect). > > Signed-off-by: Quentin Lambert > --- > shouldn't we be using ifc_req instead of ifc_buf? > > drivers/staging/lustre/lnet/lnet/lib-socket.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > --- a/drivers/staging/lustre/lnet/lnet/lib-socket.c > +++ b/drivers/staging/lustre/lnet/lnet/lib-socket.c > @@ -181,7 +181,13 @@ lnet_ipif_enumerate(char ***namesp) > goto out0; > } > > - ifc.ifc_buf = (char *)ifr; > + rc = copy_to_user(ifc.ifc_buf, (char *)ifr, > + nalloc * sizeof(*ifr)); > + if (rc) { > + rc = -ENOMEM; > + goto out1; > + } > + > ifc.ifc_len = nalloc * sizeof(*ifr); > > rc = lnet_sock_ioctl(SIOCGIFCONF, (unsigned long)&ifc); > _______________________________________________ > lustre-devel mailing list > lustre-devel@lists.lustre.org > http://lists.lustre.org/listinfo.cgi/lustre-devel-lustre.org