From: Linus Torvalds <torvalds@linux-foundation.org>
To: Andrey Konovalov <andreyknvl@google.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Robin Murphy <robin.murphy@arm.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Kees Cook <keescook@chromium.org>,
Kate Stewart <kstewart@linuxfoundation.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Shuah Khan <shuah@kernel.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
linux-mm <linux-mm@kvack.org>,
linux-arch <linux-arch@vger.kernel.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@vger.kernel.org>,
Linux
Subject: Re: [PATCH v6 11/11] arm64: annotate user pointers casts detected by sparse
Date: Thu, 6 Sep 2018 14:13:41 -0700 [thread overview]
Message-ID: <CA+55aFyW9N2tSb2bQvkthbVVyY6nt5yFeWQRLHp1zruBmb5ocw@mail.gmail.com> (raw)
In-Reply-To: <5d54526e5ff2e5ad63d0dfdd9ab17cf359afa4f2.1535629099.git.andreyknvl@google.com>
On Thu, Aug 30, 2018 at 4:41 AM Andrey Konovalov <andreyknvl@google.com> wrote:
>
> This patch adds __force annotations for __user pointers casts detected by
> sparse with the -Wcast-from-as flag enabled (added in [1]).
No, several of these are wrong, and just silence a warning that shows a problem.
So for example:
> static inline compat_uptr_t ptr_to_compat(void __user *uptr)
> {
> - return (u32)(unsigned long)uptr;
> + return (u32)(__force unsigned long)uptr;
> }
this actually looks correct.
But:
> --- a/arch/arm64/include/asm/uaccess.h
> +++ b/arch/arm64/include/asm/uaccess.h
> @@ -76,7 +76,7 @@ static inline unsigned long __range_ok(const void __user *addr, unsigned long si
> {
> unsigned long ret, limit = current_thread_info()->addr_limit;
>
> - __chk_user_ptr(addr);
> + __chk_user_ptr((void __force *)addr);
This looks actively wrong. The whole - and only - point of
"__chk_user_ptr()" is that it warns about a lack of a "__user *" type.
So the above makes no sense at all.
There are other similar "that makes no sense what-so-ever", like this one:
> - struct compat_group_req __user *gr32 = (void *)optval;
> + struct compat_group_req __user *gr32 = (__force void *)optval;
no, the additionl of __force is not the right thing, the problem, is
that a __user pointer is cast to a non-user 'void *' only to be
assigned to another user type.
The fix should have been to use (void __user *) as the cast instead,
no __force needed.
In general, I think the patch shows all the signs of "mindlessly just
add casts", which is exactly the wrong thing to do to sparse warnings.
Linus
WARNING: multiple messages have this Message-ID (diff)
From: Linus Torvalds <torvalds@linux-foundation.org>
To: Andrey Konovalov <andreyknvl@google.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Mark Rutland <mark.rutland@arm.com>,
Robin Murphy <robin.murphy@arm.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Kees Cook <keescook@chromium.org>,
Kate Stewart <kstewart@linuxfoundation.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
Shuah Khan <shuah@kernel.org>,
linux-arm-kernel <linux-arm-kernel@lists.infradead.org>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
linux-mm <linux-mm@kvack.org>,
linux-arch <linux-arch@vger.kernel.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Dmitry Vyukov <dvyukov@google.com>,
Kostya Serebryany <kcc@google.com>,
eugenis@google.com, Lee.Smith@arm.com,
Ramana Radhakrishnan <Ramana.Radhakrishnan@arm.com>,
Jacob.Bramley@arm.com, Ruben.Ayrapetyan@arm.com,
cpandya@codeaurora.org
Subject: Re: [PATCH v6 11/11] arm64: annotate user pointers casts detected by sparse
Date: Thu, 6 Sep 2018 14:13:41 -0700 [thread overview]
Message-ID: <CA+55aFyW9N2tSb2bQvkthbVVyY6nt5yFeWQRLHp1zruBmb5ocw@mail.gmail.com> (raw)
Message-ID: <20180906211341._4HxOCGRL57FHv8N0C9R-PX7KPXLFm3l6f6moUBjoY8@z> (raw)
In-Reply-To: <5d54526e5ff2e5ad63d0dfdd9ab17cf359afa4f2.1535629099.git.andreyknvl@google.com>
On Thu, Aug 30, 2018 at 4:41 AM Andrey Konovalov <andreyknvl@google.com> wrote:
>
> This patch adds __force annotations for __user pointers casts detected by
> sparse with the -Wcast-from-as flag enabled (added in [1]).
No, several of these are wrong, and just silence a warning that shows a problem.
So for example:
> static inline compat_uptr_t ptr_to_compat(void __user *uptr)
> {
> - return (u32)(unsigned long)uptr;
> + return (u32)(__force unsigned long)uptr;
> }
this actually looks correct.
But:
> --- a/arch/arm64/include/asm/uaccess.h
> +++ b/arch/arm64/include/asm/uaccess.h
> @@ -76,7 +76,7 @@ static inline unsigned long __range_ok(const void __user *addr, unsigned long si
> {
> unsigned long ret, limit = current_thread_info()->addr_limit;
>
> - __chk_user_ptr(addr);
> + __chk_user_ptr((void __force *)addr);
This looks actively wrong. The whole - and only - point of
"__chk_user_ptr()" is that it warns about a lack of a "__user *" type.
So the above makes no sense at all.
There are other similar "that makes no sense what-so-ever", like this one:
> - struct compat_group_req __user *gr32 = (void *)optval;
> + struct compat_group_req __user *gr32 = (__force void *)optval;
no, the additionl of __force is not the right thing, the problem, is
that a __user pointer is cast to a non-user 'void *' only to be
assigned to another user type.
The fix should have been to use (void __user *) as the cast instead,
no __force needed.
In general, I think the patch shows all the signs of "mindlessly just
add casts", which is exactly the wrong thing to do to sparse warnings.
Linus
next prev parent reply other threads:[~2018-09-06 21:13 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-30 11:41 [PATCH v6 00/11] arm64: untag user pointers passed to the kernel Andrey Konovalov
2018-08-30 11:41 ` Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 01/11] arm64: add type casts to untagged_addr macro Andrey Konovalov
2018-08-30 11:41 ` Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 02/11] uaccess: add untagged_addr definition for other arches Andrey Konovalov
2018-08-30 11:41 ` Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 03/11] arm64: untag user addresses in access_ok and __uaccess_mask_ptr Andrey Konovalov
2018-08-30 11:41 ` Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 04/11] mm, arm64: untag user addresses in mm/gup.c Andrey Konovalov
2018-08-30 11:41 ` Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 05/11] lib, arm64: untag addrs passed to strncpy_from_user and strnlen_user Andrey Konovalov
2018-08-30 11:41 ` Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 06/11] arm64: untag user address in __do_user_fault Andrey Konovalov
2018-08-30 11:41 ` Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 07/11] fs, arm64: untag user address in copy_mount_options Andrey Konovalov
2018-08-30 11:41 ` Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 08/11] usb, arm64: untag user addresses in devio Andrey Konovalov
2018-08-30 11:41 ` Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 09/11] arm64: update Documentation/arm64/tagged-pointers.txt Andrey Konovalov
2018-08-30 11:41 ` Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 10/11] selftests, arm64: add a selftest for passing tagged pointers to kernel Andrey Konovalov
2018-08-30 11:41 ` Andrey Konovalov
2018-08-30 11:41 ` [PATCH v6 11/11] arm64: annotate user pointers casts detected by sparse Andrey Konovalov
2018-08-30 11:41 ` Andrey Konovalov
2018-08-31 8:11 ` Luc Van Oostenryck
2018-08-31 8:11 ` Luc Van Oostenryck
2018-08-31 13:42 ` Al Viro
2018-08-31 13:42 ` Al Viro
2018-09-03 12:34 ` Andrey Konovalov
2018-09-03 12:34 ` Andrey Konovalov
2018-09-03 13:49 ` Vincenzo Frascino
2018-09-03 13:49 ` Vincenzo Frascino
2018-09-03 15:10 ` Luc Van Oostenryck
2018-09-03 15:10 ` Luc Van Oostenryck
2018-09-04 11:27 ` Vincenzo Frascino
2018-09-04 11:27 ` Vincenzo Frascino
2018-09-05 19:03 ` Luc Van Oostenryck
2018-09-05 19:03 ` Luc Van Oostenryck
2018-09-06 14:13 ` Vincenzo Frascino
2018-09-06 14:13 ` Vincenzo Frascino
2018-09-06 20:10 ` Luc Van Oostenryck
2018-09-06 20:10 ` Luc Van Oostenryck
2018-09-03 13:56 ` Al Viro
2018-09-03 13:56 ` Al Viro
2018-09-06 21:13 ` Linus Torvalds [this message]
2018-09-06 21:13 ` Linus Torvalds
2018-09-06 21:16 ` Linus Torvalds
2018-09-06 21:16 ` Linus Torvalds
2018-09-06 23:08 ` Luc Van Oostenryck
2018-09-06 23:08 ` Luc Van Oostenryck
2018-09-07 15:26 ` Catalin Marinas
2018-09-07 15:26 ` Catalin Marinas
2018-09-07 16:30 ` Linus Torvalds
2018-09-07 16:30 ` Linus Torvalds
2018-09-11 16:41 ` Catalin Marinas
2018-09-11 16:41 ` Catalin Marinas
2018-09-17 17:01 ` Andrey Konovalov
2018-09-17 17:01 ` Andrey Konovalov
2018-09-24 15:04 ` Andrey Konovalov
2018-09-24 15:04 ` Andrey Konovalov
2018-09-28 17:50 ` Catalin Marinas
2018-09-28 17:50 ` Catalin Marinas
2018-10-02 13:19 ` Andrey Konovalov
2018-10-02 13:19 ` Andrey Konovalov
2018-09-14 1:25 ` [LKP] [arm64] 7b5b51e7b3: kvm-unit-tests.rmap_chain.fail kernel test robot
2018-08-30 11:48 ` [PATCH v6 00/11] arm64: untag user pointers passed to the kernel Andrey Konovalov
2018-08-30 11:48 ` Andrey Konovalov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+55aFyW9N2tSb2bQvkthbVVyY6nt5yFeWQRLHp1zruBmb5ocw@mail.gmail.com \
--to=torvalds@linux-foundation.org \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@google.com \
--cc=catalin.marinas@arm.com \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=kstewart@linuxfoundation.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mark.rutland@arm.com \
--cc=mingo@kernel.org \
--cc=robin.murphy@arm.com \
--cc=shuah@kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).