From: kernel test robot <lkp@intel.com>
To: Ilya Leoshkevich <iii@linux.ibm.com>
Cc: oe-kbuild-all@lists.linux.dev, linux-kernel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
Linux Memory Management List <linux-mm@kvack.org>,
Alexander Potapenko <glider@google.com>
Subject: mm/kmsan/hooks.c:269:14: sparse: sparse: cast removes address space '__user' of expression
Date: Mon, 3 Mar 2025 07:47:55 +0800 [thread overview]
Message-ID: <202503030742.0cGEybrx-lkp@intel.com> (raw)
Hi Ilya,
First bad commit (maybe != root cause):
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 7eb172143d5508b4da468ed59ee857c6e5e01da6
commit: 3a8f6f3b469b4075919a3613e182f9a70df92d46 kmsan: enable on s390
date: 8 months ago
config: s390-randconfig-r122-20250303 (https://download.01.org/0day-ci/archive/20250303/202503030742.0cGEybrx-lkp@intel.com/config)
compiler: clang version 19.1.7 (https://github.com/llvm/llvm-project cd708029e0b2869e80abe31ddb175f7c35361f90)
reproduce: (https://download.01.org/0day-ci/archive/20250303/202503030742.0cGEybrx-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202503030742.0cGEybrx-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
>> mm/kmsan/hooks.c:269:14: sparse: sparse: cast removes address space '__user' of expression
mm/kmsan/hooks.c:271:75: sparse: sparse: incorrect type in argument 3 (different address spaces) @@ expected void const *user_addr @@ got void [noderef] __user *to @@
mm/kmsan/hooks.c:271:75: sparse: expected void const *user_addr
mm/kmsan/hooks.c:271:75: sparse: got void [noderef] __user *to
mm/kmsan/hooks.c:280:50: sparse: sparse: cast removes address space '__user' of expression
mm/kmsan/hooks.c:306:59: sparse: sparse: Using plain integer as NULL pointer
mm/kmsan/hooks.c:319:79: sparse: sparse: Using plain integer as NULL pointer
mm/kmsan/hooks.c:325:79: sparse: sparse: Using plain integer as NULL pointer
mm/kmsan/hooks.c:421:78: sparse: sparse: Using plain integer as NULL pointer
vim +/__user +269 mm/kmsan/hooks.c
b073d7f8aee4eb Alexander Potapenko 2022-09-15 247
75cf0290271bf6 Alexander Potapenko 2022-09-15 248 void kmsan_copy_to_user(void __user *to, const void *from, size_t to_copy,
75cf0290271bf6 Alexander Potapenko 2022-09-15 249 size_t left)
75cf0290271bf6 Alexander Potapenko 2022-09-15 250 {
75cf0290271bf6 Alexander Potapenko 2022-09-15 251 unsigned long ua_flags;
75cf0290271bf6 Alexander Potapenko 2022-09-15 252
75cf0290271bf6 Alexander Potapenko 2022-09-15 253 if (!kmsan_enabled || kmsan_in_runtime())
75cf0290271bf6 Alexander Potapenko 2022-09-15 254 return;
75cf0290271bf6 Alexander Potapenko 2022-09-15 255 /*
75cf0290271bf6 Alexander Potapenko 2022-09-15 256 * At this point we've copied the memory already. It's hard to check it
75cf0290271bf6 Alexander Potapenko 2022-09-15 257 * before copying, as the size of actually copied buffer is unknown.
75cf0290271bf6 Alexander Potapenko 2022-09-15 258 */
75cf0290271bf6 Alexander Potapenko 2022-09-15 259
75cf0290271bf6 Alexander Potapenko 2022-09-15 260 /* copy_to_user() may copy zero bytes. No need to check. */
75cf0290271bf6 Alexander Potapenko 2022-09-15 261 if (!to_copy)
75cf0290271bf6 Alexander Potapenko 2022-09-15 262 return;
75cf0290271bf6 Alexander Potapenko 2022-09-15 263 /* Or maybe copy_to_user() failed to copy anything. */
75cf0290271bf6 Alexander Potapenko 2022-09-15 264 if (to_copy <= left)
75cf0290271bf6 Alexander Potapenko 2022-09-15 265 return;
75cf0290271bf6 Alexander Potapenko 2022-09-15 266
75cf0290271bf6 Alexander Potapenko 2022-09-15 267 ua_flags = user_access_save();
f926e9326f3a79 Ilya Leoshkevich 2024-06-21 268 if (!IS_ENABLED(CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE) ||
f926e9326f3a79 Ilya Leoshkevich 2024-06-21 @269 (u64)to < TASK_SIZE) {
75cf0290271bf6 Alexander Potapenko 2022-09-15 270 /* This is a user memory access, check it. */
75cf0290271bf6 Alexander Potapenko 2022-09-15 271 kmsan_internal_check_memory((void *)from, to_copy - left, to,
75cf0290271bf6 Alexander Potapenko 2022-09-15 272 REASON_COPY_TO_USER);
75cf0290271bf6 Alexander Potapenko 2022-09-15 273 } else {
75cf0290271bf6 Alexander Potapenko 2022-09-15 274 /* Otherwise this is a kernel memory access. This happens when a
75cf0290271bf6 Alexander Potapenko 2022-09-15 275 * compat syscall passes an argument allocated on the kernel
75cf0290271bf6 Alexander Potapenko 2022-09-15 276 * stack to a real syscall.
75cf0290271bf6 Alexander Potapenko 2022-09-15 277 * Don't check anything, just copy the shadow of the copied
75cf0290271bf6 Alexander Potapenko 2022-09-15 278 * bytes.
75cf0290271bf6 Alexander Potapenko 2022-09-15 279 */
75cf0290271bf6 Alexander Potapenko 2022-09-15 280 kmsan_internal_memmove_metadata((void *)to, (void *)from,
75cf0290271bf6 Alexander Potapenko 2022-09-15 281 to_copy - left);
75cf0290271bf6 Alexander Potapenko 2022-09-15 282 }
75cf0290271bf6 Alexander Potapenko 2022-09-15 283 user_access_restore(ua_flags);
75cf0290271bf6 Alexander Potapenko 2022-09-15 284 }
75cf0290271bf6 Alexander Potapenko 2022-09-15 285 EXPORT_SYMBOL(kmsan_copy_to_user);
75cf0290271bf6 Alexander Potapenko 2022-09-15 286
:::::: The code at line 269 was first introduced by commit
:::::: f926e9326f3a79f7e01ac790e2361f44d8ca8320 kmsan: fix kmsan_copy_to_user() on arches with overlapping address spaces
:::::: TO: Ilya Leoshkevich <iii@linux.ibm.com>
:::::: CC: Andrew Morton <akpm@linux-foundation.org>
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2025-03-02 23:48 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-02 23:47 kernel test robot [this message]
-- strict thread matches above, loose matches on Subject: below --
2025-07-30 2:01 mm/kmsan/hooks.c:269:14: sparse: sparse: cast removes address space '__user' of expression kernel test robot
2025-06-13 4:28 kernel test robot
2025-06-15 8:11 ` David Laight
2025-04-22 8:15 kernel test robot
2025-01-28 19:42 kernel test robot
2024-12-12 11:02 kernel test robot
2024-11-01 4:56 kernel test robot
2024-09-22 11:36 kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202503030742.0cGEybrx-lkp@intel.com \
--to=lkp@intel.com \
--cc=akpm@linux-foundation.org \
--cc=glider@google.com \
--cc=iii@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=oe-kbuild-all@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).