From: Christoph Hellwig <hch@lst.de>
To: kbuild-all@lists.01.org
Subject: Re: [kbuild] [hch-misc:quota-compat 1/1] fs/quota/quota.c:417 compat_copy_fs_quota_stat() error: copy_to_user() '&from' too small (4 vs 8)
Date: Thu, 23 Jul 2020 14:13:14 +0200 [thread overview]
Message-ID: <20200723121314.GA1338@lst.de> (raw)
In-Reply-To: <20200723120602.GT2571@kadam>
[-- Attachment #1: Type: text/plain, Size: 2964 bytes --]
Thanks. That commit has a few other issues as well :)
On Thu, Jul 23, 2020 at 03:06:02PM +0300, Dan Carpenter wrote:
> tree: git://git.infradead.org/users/hch/misc.git quota-compat
> head: 50cfd16ee025f4dab73eccc8e159cef8a46b6e23
> commit: 50cfd16ee025f4dab73eccc8e159cef8a46b6e23 [1/1] quota: simplify the quotactl compat handling
> config: i386-randconfig-m021-20200723 (attached as .config)
> compiler: gcc-9 (Debian 9.3.0-14) 9.3.0
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> smatch warnings:
> fs/quota/quota.c:417 compat_copy_fs_quota_stat() error: copy_to_user() '&from' too small (4 vs 8)
>
> git remote add hch-misc git://git.infradead.org/users/hch/misc.git
> git remote update hch-misc
> git checkout 50cfd16ee025f4dab73eccc8e159cef8a46b6e23
> vim +417 fs/quota/quota.c
>
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 413 static int compat_copy_fs_quota_stat(struct compat_fs_quota_stat __user *to,
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 414 struct fs_quota_stat *from)
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 415 {
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 416 /* Copying qs_version, qs_flags, qs_pad */
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 @417 if (copy_to_user(to, &from, offsetof(typeof(*to), qs_uquota)))
> ^^^^^
> This shouldn't be the address, it should just be "from".
>
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 418 return -EFAULT;
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 419 /* Copying qs_uquota and qs_gquota */
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 420 if (compat_copy_fs_qfilestat(&to->qs_uquota, &from->qs_uquota) ||
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 421 compat_copy_fs_qfilestat(&to->qs_gquota, &from->qs_gquota))
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 422 return -EFAULT;
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 423 /* Copying the rest */
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 424 if (copy_to_user(&to->qs_incoredqs, &from->qs_incoredqs,
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 425 sizeof(*to) - offsetof(typeof(*to), qs_incoredqs)) ||
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 426 put_user(from->qs_iwarnlimit, &to->qs_iwarnlimit))
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 427 return -EFAULT;
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 428 return 0;
> 50cfd16ee025f4 Christoph Hellwig 2020-07-22 429 }
>
> ---
> 0-DAY CI Kernel Test Service, Intel Corporation
> https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
> _______________________________________________
> kbuild mailing list -- kbuild(a)lists.01.org
> To unsubscribe send an email to kbuild-leave(a)lists.01.org
---end quoted text---
prev parent reply other threads:[~2020-07-23 12:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-23 12:06 [hch-misc:quota-compat 1/1] fs/quota/quota.c:417 compat_copy_fs_quota_stat() error: copy_to_user() '&from' too small (4 vs 8) Dan Carpenter
2020-07-23 12:06 ` [kbuild] " Dan Carpenter
2020-07-23 12:13 ` Christoph Hellwig [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200723121314.GA1338@lst.de \
--to=hch@lst.de \
--cc=kbuild-all@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.