From: "J. Bruce Fields" <bfields@fieldses.org>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH v2 02/10] svcrdma: Add missing access_ok() call in svc_rdma.c
Date: Mon, 1 Jun 2015 15:31:01 -0400 [thread overview]
Message-ID: <20150601193101.GA26972@fieldses.org> (raw)
In-Reply-To: <20150526174847.7061.52013.stgit@klimt.1015granger.net>
On Tue, May 26, 2015 at 01:48:47PM -0400, Chuck Lever wrote:
> Ensure a proper memory access check is done by read_reset_stat(),
> then fix the following compiler warning.
>
> In file included from linux-2.6/include/net/checksum.h:25,
> from linux-2.6/include/linux/skbuff.h:31,
> from linux-2.6/include/linux/icmpv6.h:4,
> from linux-2.6/include/linux/ipv6.h:64,
> from linux-2.6/include/net/ipv6.h:16,
> from linux-2.6/include/linux/sunrpc/clnt.h:27,
> from linux-2.6/net/sunrpc/xprtrdma/svc_rdma.c:47:
> In function ‘copy_to_user’,
> inlined from ‘read_reset_stat’ at
> linux-2.6/net/sunrpc/xprtrdma/svc_rdma.c:113:
> linux-2.6/arch/x86/include/asm/uaccess.h:735: warning:
> call to ‘__copy_to_user_overflow’ declared with attribute warning:
> copy_to_user() buffer size is not provably correct
How do you get that warning? I can't hit it even with
CONFIG_USER_STRICT_USER_COPY_CHECKS set. Based on comments in arch/x86
I would have thought this would only trigger when len was a constant.
--b.
>
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
>
> net/sunrpc/xprtrdma/svc_rdma.c | 8 ++++++--
> 1 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/net/sunrpc/xprtrdma/svc_rdma.c b/net/sunrpc/xprtrdma/svc_rdma.c
> index c1b6270..8eedb60 100644
> --- a/net/sunrpc/xprtrdma/svc_rdma.c
> +++ b/net/sunrpc/xprtrdma/svc_rdma.c
> @@ -98,7 +98,11 @@ static int read_reset_stat(struct ctl_table *table, int write,
> else {
> char str_buf[32];
> char *data;
> - int len = snprintf(str_buf, 32, "%d\n", atomic_read(stat));
> + int len;
> +
> + if (!access_ok(VERIFY_WRITE, buffer, *lenp))
> + return -EFAULT;
> + len = snprintf(str_buf, 32, "%d\n", atomic_read(stat));
> if (len >= 32)
> return -EFAULT;
> len = strlen(str_buf);
> @@ -110,7 +114,7 @@ static int read_reset_stat(struct ctl_table *table, int write,
> len -= *ppos;
> if (len > *lenp)
> len = *lenp;
> - if (len && copy_to_user(buffer, str_buf, len))
> + if (len && __copy_to_user(buffer, str_buf, len))
> return -EFAULT;
> *lenp = len;
> *ppos += len;
next prev parent reply other threads:[~2015-06-01 19:31 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-26 17:48 [PATCH v2 00/10] NFS/RDMA server patches for 4.2 Chuck Lever
2015-05-26 17:48 ` [PATCH v2 01/10] svcrdma: Fix byte-swapping in svc_rdma_sendto.c Chuck Lever
2015-06-01 18:40 ` J. Bruce Fields
2015-06-01 18:47 ` Chuck Lever
2015-05-26 17:48 ` [PATCH v2 02/10] svcrdma: Add missing access_ok() call in svc_rdma.c Chuck Lever
2015-06-01 19:31 ` J. Bruce Fields [this message]
2015-06-01 20:01 ` Chuck Lever
2015-06-02 15:28 ` J. Bruce Fields
2015-05-26 17:48 ` [PATCH v2 03/10] SUNRPC: Move EXPORT_SYMBOL for svc_process Chuck Lever
2015-05-26 17:49 ` [PATCH v2 04/10] svcrdma: Remove svc_rdma_xdr_decode_deferred_req() Chuck Lever
2015-05-26 17:49 ` [PATCH v2 05/10] svcrdma: Keep rpcrdma_msg fields in network byte-order Chuck Lever
2015-05-26 17:49 ` [PATCH v2 06/10] svcrdma: Replace GFP_KERNEL in a loop with GFP_NOFAIL Chuck Lever
2015-05-26 17:49 ` [PATCH v2 07/10] svcrdma: Add a separate "max data segs macro for svcrdma Chuck Lever
2015-05-26 17:49 ` [PATCH v2 08/10] svcrdma: Add backward direction service for RPC/RDMA transport Chuck Lever
2015-06-01 20:26 ` J. Bruce Fields
2015-06-01 20:45 ` Chuck Lever
2015-06-02 15:30 ` J. Bruce Fields
2015-06-03 19:49 ` Chuck Lever
2015-06-03 19:47 ` J. Bruce Fields
2015-05-26 17:49 ` [PATCH v2 09/10] SUNRPC: Clean up bc_send() Chuck Lever
2015-06-01 20:19 ` Chuck Lever
2015-06-01 20:24 ` J. Bruce Fields
2015-05-26 17:50 ` [PATCH v2 10/10] rpcrdma: Merge svcrdma and xprtrdma modules into one Chuck Lever
2015-06-01 20:24 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150601193101.GA26972@fieldses.org \
--to=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.