From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Evgeniy Polyakov <zbr@ioremap.net>,
linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
kernel test robot <lkp@intel.com>
Subject: Re: [PATCH] w1: Misuse of get_user()/put_user() reported by sparse
Date: Fri, 26 Nov 2021 17:24:09 +0100 [thread overview]
Message-ID: <YaEKKeNW70WJe38G@kroah.com> (raw)
In-Reply-To: <39ec092d-428c-7fce-7291-a88a4caf8b9f@csgroup.eu>
On Fri, Nov 26, 2021 at 05:10:46PM +0100, Christophe Leroy wrote:
>
>
> Le 26/11/2021 à 17:00, Greg Kroah-Hartman a écrit :
> > On Fri, Nov 19, 2021 at 10:15:09AM +0100, Christophe Leroy wrote:
> > > sparse warnings: (new ones prefixed by >>)
> > > > > drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected char [noderef] __user *_pu_addr @@ got char *buf @@
> > > drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: expected char [noderef] __user *_pu_addr
> > > drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: got char *buf
> > > > > drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected char const [noderef] __user *_gu_addr @@ got char const *buf @@
> > > drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: expected char const [noderef] __user *_gu_addr
> > > drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: got char const *buf
> > >
> > > The buffer buf is a failsafe buffer in kernel space, it's not user
> > > memory hence doesn't deserve the use of get_user() or put_user().
> > >
> > > Access 'buf' content directly.
> > >
> > > Reported-by: kernel test robot <lkp@intel.com>
> > > Link: https://lore.kernel.org/lkml/202111190526.K5vb7NWC-lkp@intel.com/T/
> > > Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
> > > ---
> > > drivers/w1/slaves/w1_ds28e04.c | 10 ++--------
> > > 1 file changed, 2 insertions(+), 8 deletions(-)
> > >
> > > diff --git a/drivers/w1/slaves/w1_ds28e04.c b/drivers/w1/slaves/w1_ds28e04.c
> > > index e4f336111edc..d75bb16fb7a1 100644
> > > --- a/drivers/w1/slaves/w1_ds28e04.c
> > > +++ b/drivers/w1/slaves/w1_ds28e04.c
> > > @@ -339,10 +339,7 @@ static BIN_ATTR_RW(pio, 1);
> > > static ssize_t crccheck_show(struct device *dev, struct device_attribute *attr,
> > > char *buf)
> > > {
> > > - if (put_user(w1_enable_crccheck + 0x30, buf))
> > > - return -EFAULT;
> > > -
> > > - return sizeof(w1_enable_crccheck);
> > > + return sprintf(buf, "%d", w1_enable_crccheck);
> >
> > This should be sysfs_emit(), right?
>
> Ok
>
> >
> > > }
> > > static ssize_t crccheck_store(struct device *dev, struct device_attribute *attr,
> > > @@ -353,11 +350,8 @@ static ssize_t crccheck_store(struct device *dev, struct device_attribute *attr,
> > > if (count != 1 || !buf)
> > > return -EINVAL;
> > > - if (get_user(val, buf))
> > > - return -EFAULT;
> > > -
> > > /* convert to decimal */
> > > - val = val - 0x30;
> > > + val = *buf - 0x30;
> >
> > Why not use a proper function that can parse a string and turn it into a
> > number?
>
> I wanted to keep the change minimal. But I can also replace it with some
> scanf.
>
> But don't we have any generic function to read and store a bool after all ?
Yes we do, please use kstrtobool().
thanks,
greg k-h
WARNING: multiple messages have this Message-ID (diff)
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Evgeniy Polyakov <zbr@ioremap.net>,
linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
kernel test robot <lkp@intel.com>
Subject: Re: [PATCH] w1: Misuse of get_user()/put_user() reported by sparse
Date: Fri, 26 Nov 2021 17:24:09 +0100 [thread overview]
Message-ID: <YaEKKeNW70WJe38G@kroah.com> (raw)
In-Reply-To: <39ec092d-428c-7fce-7291-a88a4caf8b9f@csgroup.eu>
On Fri, Nov 26, 2021 at 05:10:46PM +0100, Christophe Leroy wrote:
>
>
> Le 26/11/2021 à 17:00, Greg Kroah-Hartman a écrit :
> > On Fri, Nov 19, 2021 at 10:15:09AM +0100, Christophe Leroy wrote:
> > > sparse warnings: (new ones prefixed by >>)
> > > > > drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected char [noderef] __user *_pu_addr @@ got char *buf @@
> > > drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: expected char [noderef] __user *_pu_addr
> > > drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: got char *buf
> > > > > drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected char const [noderef] __user *_gu_addr @@ got char const *buf @@
> > > drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: expected char const [noderef] __user *_gu_addr
> > > drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: got char const *buf
> > >
> > > The buffer buf is a failsafe buffer in kernel space, it's not user
> > > memory hence doesn't deserve the use of get_user() or put_user().
> > >
> > > Access 'buf' content directly.
> > >
> > > Reported-by: kernel test robot <lkp@intel.com>
> > > Link: https://lore.kernel.org/lkml/202111190526.K5vb7NWC-lkp@intel.com/T/
> > > Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
> > > ---
> > > drivers/w1/slaves/w1_ds28e04.c | 10 ++--------
> > > 1 file changed, 2 insertions(+), 8 deletions(-)
> > >
> > > diff --git a/drivers/w1/slaves/w1_ds28e04.c b/drivers/w1/slaves/w1_ds28e04.c
> > > index e4f336111edc..d75bb16fb7a1 100644
> > > --- a/drivers/w1/slaves/w1_ds28e04.c
> > > +++ b/drivers/w1/slaves/w1_ds28e04.c
> > > @@ -339,10 +339,7 @@ static BIN_ATTR_RW(pio, 1);
> > > static ssize_t crccheck_show(struct device *dev, struct device_attribute *attr,
> > > char *buf)
> > > {
> > > - if (put_user(w1_enable_crccheck + 0x30, buf))
> > > - return -EFAULT;
> > > -
> > > - return sizeof(w1_enable_crccheck);
> > > + return sprintf(buf, "%d", w1_enable_crccheck);
> >
> > This should be sysfs_emit(), right?
>
> Ok
>
> >
> > > }
> > > static ssize_t crccheck_store(struct device *dev, struct device_attribute *attr,
> > > @@ -353,11 +350,8 @@ static ssize_t crccheck_store(struct device *dev, struct device_attribute *attr,
> > > if (count != 1 || !buf)
> > > return -EINVAL;
> > > - if (get_user(val, buf))
> > > - return -EFAULT;
> > > -
> > > /* convert to decimal */
> > > - val = val - 0x30;
> > > + val = *buf - 0x30;
> >
> > Why not use a proper function that can parse a string and turn it into a
> > number?
>
> I wanted to keep the change minimal. But I can also replace it with some
> scanf.
>
> But don't we have any generic function to read and store a bool after all ?
Yes we do, please use kstrtobool().
thanks,
greg k-h
next prev parent reply other threads:[~2021-11-26 16:24 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-19 9:15 [PATCH] w1: Misuse of get_user()/put_user() reported by sparse Christophe Leroy
2021-11-19 9:15 ` Christophe Leroy
2021-11-26 16:00 ` Greg Kroah-Hartman
2021-11-26 16:00 ` Greg Kroah-Hartman
2021-11-26 16:10 ` Christophe Leroy
2021-11-26 16:10 ` Christophe Leroy
2021-11-26 16:24 ` Greg Kroah-Hartman [this message]
2021-11-26 16:24 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YaEKKeNW70WJe38G@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=christophe.leroy@csgroup.eu \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=lkp@intel.com \
--cc=zbr@ioremap.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.