* [koverstreet-bcachefs:bcachefs-rebalance_v2 481/799] fs/bcachefs/init/chardev.c:578 bch2_ioctl_query_accounting() warn: potential user controlled sizeof overflow 'arg.accounting_u64s * 8' '0-u32max * 8'
@ 2026-01-27 1:35 kernel test robot
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2026-01-27 1:35 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp, Dan Carpenter
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
TO: Kent Overstreet <kent.overstreet@linux.dev>
Hi Kent,
First bad commit (maybe != root cause):
tree: https://github.com/koverstreet/bcachefs bcachefs-rebalance_v2
head: d4b3d00447faf8d4d95db47e3902e4ca4db8fbdc
commit: 29e05f82d6bdd4efef504f6f68922db28e2e4917 [481/799] bcachefs: bit more reorg
:::::: branch date: 3 months ago
:::::: commit date: 3 months ago
config: parisc-randconfig-r071-20260127 (https://download.01.org/0day-ci/archive/20260127/202601270943.24L6Etqo-lkp@intel.com/config)
compiler: hppa-linux-gcc (GCC) 10.5.0
smatch version: v0.5.0-8994-gd50c5a4c
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202601270943.24L6Etqo-lkp@intel.com/
smatch warnings:
fs/bcachefs/init/chardev.c:578 bch2_ioctl_query_accounting() warn: potential user controlled sizeof overflow 'arg.accounting_u64s * 8' '0-u32max * 8'
vim +578 fs/bcachefs/init/chardev.c
1c6fdbd8f2465dd fs/bcachefs/chardev.c Kent Overstreet 2017-03-16 566
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 567 static long bch2_ioctl_query_accounting(struct bch_fs *c,
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 568 struct bch_ioctl_query_accounting __user *user_arg)
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 569 {
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 570 struct bch_ioctl_query_accounting arg;
635c5791582a65e fs/bcachefs/chardev.c Kent Overstreet 2025-07-14 571 CLASS(darray_char, accounting)();
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 572
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 573 if (!test_bit(BCH_FS_started, &c->flags))
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 574 return -EINVAL;
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 575
635c5791582a65e fs/bcachefs/chardev.c Kent Overstreet 2025-07-14 576 int ret = copy_from_user_errcode(&arg, user_arg, sizeof(arg)) ?:
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 577 bch2_fs_accounting_read(c, &accounting, arg.accounting_types_mask) ?:
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 @578 (arg.accounting_u64s * sizeof(u64) < accounting.nr ? -ERANGE : 0) ?:
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 579 copy_to_user_errcode(&user_arg->accounting, accounting.data, accounting.nr);
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 580 if (ret)
635c5791582a65e fs/bcachefs/chardev.c Kent Overstreet 2025-07-14 581 return ret;
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 582
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 583 arg.capacity = c->capacity;
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 584 arg.used = bch2_fs_usage_read_short(c).used;
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 585 arg.online_reserved = percpu_u64_get(c->online_reserved);
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 586 arg.accounting_u64s = accounting.nr / sizeof(u64);
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 587
635c5791582a65e fs/bcachefs/chardev.c Kent Overstreet 2025-07-14 588 return copy_to_user_errcode(user_arg, &arg, sizeof(arg));
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 589 }
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 590
:::::: The code at line 578 was first introduced by commit
:::::: 8863d1e092005d5b31f7e712827a5605f8a7ba22 bcachefs: BCH_IOCTL_QUERY_ACCOUNTING
:::::: TO: Kent Overstreet <kent.overstreet@linux.dev>
:::::: CC: Kent Overstreet <kent.overstreet@linux.dev>
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 3+ messages in thread
* [koverstreet-bcachefs:bcachefs-rebalance_v2 481/799] fs/bcachefs/init/chardev.c:578 bch2_ioctl_query_accounting() warn: potential user controlled sizeof overflow 'arg.accounting_u64s * 8' '0-u32max * 8'
@ 2026-05-14 8:39 ` Dan Carpenter
0 siblings, 0 replies; 3+ messages in thread
From: kernel test robot @ 2026-05-14 8:04 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp, Dan Carpenter
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
TO: Kent Overstreet <kent.overstreet@linux.dev>
tree: https://github.com/koverstreet/bcachefs bcachefs-rebalance_v2
head: d4b3d00447faf8d4d95db47e3902e4ca4db8fbdc
commit: 29e05f82d6bdd4efef504f6f68922db28e2e4917 [481/799] bcachefs: bit more reorg
:::::: branch date: 6 months ago
:::::: commit date: 7 months ago
config: i386-randconfig-141-20260514 (https://download.01.org/0day-ci/archive/20260514/202605141559.kX6o5Q6d-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
smatch: v0.5.0-9185-gbcc58b9c
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202605141559.kX6o5Q6d-lkp@intel.com/
smatch warnings:
fs/bcachefs/init/chardev.c:578 bch2_ioctl_query_accounting() warn: potential user controlled sizeof overflow 'arg.accounting_u64s * 8' '0-u32max * 8'
vim +578 fs/bcachefs/init/chardev.c
1c6fdbd8f2465dd fs/bcachefs/chardev.c Kent Overstreet 2017-03-16 566
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 567 static long bch2_ioctl_query_accounting(struct bch_fs *c,
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 568 struct bch_ioctl_query_accounting __user *user_arg)
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 569 {
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 570 struct bch_ioctl_query_accounting arg;
635c5791582a65e fs/bcachefs/chardev.c Kent Overstreet 2025-07-14 571 CLASS(darray_char, accounting)();
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 572
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 573 if (!test_bit(BCH_FS_started, &c->flags))
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 574 return -EINVAL;
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 575
635c5791582a65e fs/bcachefs/chardev.c Kent Overstreet 2025-07-14 576 int ret = copy_from_user_errcode(&arg, user_arg, sizeof(arg)) ?:
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 577 bch2_fs_accounting_read(c, &accounting, arg.accounting_types_mask) ?:
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 @578 (arg.accounting_u64s * sizeof(u64) < accounting.nr ? -ERANGE : 0) ?:
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 579 copy_to_user_errcode(&user_arg->accounting, accounting.data, accounting.nr);
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 580 if (ret)
635c5791582a65e fs/bcachefs/chardev.c Kent Overstreet 2025-07-14 581 return ret;
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 582
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 583 arg.capacity = c->capacity;
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 584 arg.used = bch2_fs_usage_read_short(c).used;
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 585 arg.online_reserved = percpu_u64_get(c->online_reserved);
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 586 arg.accounting_u64s = accounting.nr / sizeof(u64);
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 587
635c5791582a65e fs/bcachefs/chardev.c Kent Overstreet 2025-07-14 588 return copy_to_user_errcode(user_arg, &arg, sizeof(arg));
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 589 }
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 590
:::::: The code at line 578 was first introduced by commit
:::::: 8863d1e092005d5b31f7e712827a5605f8a7ba22 bcachefs: BCH_IOCTL_QUERY_ACCOUNTING
:::::: TO: Kent Overstreet <kent.overstreet@linux.dev>
:::::: CC: Kent Overstreet <kent.overstreet@linux.dev>
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 3+ messages in thread
* [koverstreet-bcachefs:bcachefs-rebalance_v2 481/799] fs/bcachefs/init/chardev.c:578 bch2_ioctl_query_accounting() warn: potential user controlled sizeof overflow 'arg.accounting_u64s * 8' '0-u32max * 8'
@ 2026-05-14 8:39 ` Dan Carpenter
0 siblings, 0 replies; 3+ messages in thread
From: Dan Carpenter @ 2026-05-14 8:39 UTC (permalink / raw)
To: oe-kbuild, Kent Overstreet; +Cc: lkp, oe-kbuild-all
tree: https://github.com/koverstreet/bcachefs bcachefs-rebalance_v2
head: d4b3d00447faf8d4d95db47e3902e4ca4db8fbdc
commit: 29e05f82d6bdd4efef504f6f68922db28e2e4917 [481/799] bcachefs: bit more reorg
config: i386-randconfig-141-20260514 (https://download.01.org/0day-ci/archive/20260514/202605141559.kX6o5Q6d-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
smatch: v0.5.0-9185-gbcc58b9c
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Reported-by: Dan Carpenter <error27@gmail.com>
| Closes: https://lore.kernel.org/r/202605141559.kX6o5Q6d-lkp@intel.com/
smatch warnings:
fs/bcachefs/init/chardev.c:578 bch2_ioctl_query_accounting() warn: potential user controlled sizeof overflow 'arg.accounting_u64s * 8' '0-u32max * 8'
vim +578 fs/bcachefs/init/chardev.c
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 567 static long bch2_ioctl_query_accounting(struct bch_fs *c,
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 568 struct bch_ioctl_query_accounting __user *user_arg)
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 569 {
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 570 struct bch_ioctl_query_accounting arg;
635c5791582a65e fs/bcachefs/chardev.c Kent Overstreet 2025-07-14 571 CLASS(darray_char, accounting)();
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 572
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 573 if (!test_bit(BCH_FS_started, &c->flags))
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 574 return -EINVAL;
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 575
635c5791582a65e fs/bcachefs/chardev.c Kent Overstreet 2025-07-14 576 int ret = copy_from_user_errcode(&arg, user_arg, sizeof(arg)) ?:
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 577 bch2_fs_accounting_read(c, &accounting, arg.accounting_types_mask) ?:
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 @578 (arg.accounting_u64s * sizeof(u64) < accounting.nr ? -ERANGE : 0) ?:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This can have an integer overflow on i386.
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 579 copy_to_user_errcode(&user_arg->accounting, accounting.data, accounting.nr);
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 580 if (ret)
635c5791582a65e fs/bcachefs/chardev.c Kent Overstreet 2025-07-14 581 return ret;
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 582
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 583 arg.capacity = c->capacity;
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 584 arg.used = bch2_fs_usage_read_short(c).used;
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 585 arg.online_reserved = percpu_u64_get(c->online_reserved);
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 586 arg.accounting_u64s = accounting.nr / sizeof(u64);
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 587
635c5791582a65e fs/bcachefs/chardev.c Kent Overstreet 2025-07-14 588 return copy_to_user_errcode(user_arg, &arg, sizeof(arg));
8863d1e092005d5 fs/bcachefs/chardev.c Kent Overstreet 2024-03-01 589 }
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-05-14 8:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-27 1:35 [koverstreet-bcachefs:bcachefs-rebalance_v2 481/799] fs/bcachefs/init/chardev.c:578 bch2_ioctl_query_accounting() warn: potential user controlled sizeof overflow 'arg.accounting_u64s * 8' '0-u32max * 8' kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2026-05-14 8:04 kernel test robot
2026-05-14 8:39 ` Dan Carpenter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.