Re: include/linux/thread_info.h:259:25: error: call to '__bad_copy_to' declared with attribute error: copy destination size is too small

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "Arnd Bergmann" <arnd@arndb.de>
To: "Philip Li" <philip.li@intel.com>,
	"Elizabeth Figura" <zfigura@codeweavers.com>
Cc: "kernel test robot" <lkp@intel.com>,
	oe-kbuild-all@lists.linux.dev, linux-kernel@vger.kernel.org
Subject: Re: include/linux/thread_info.h:259:25: error: call to '__bad_copy_to' declared with attribute error: copy destination size is too small
Date: Fri, 14 Feb 2025 12:22:33 +0100	[thread overview]
Message-ID: <9791da8a-fb5f-46d0-a86f-66738293d155@app.fastmail.com> (raw)
In-Reply-To: <Z68CX3HMEUW00WYi@rli9-mobl>



On Fri, Feb 14, 2025, at 09:44, Philip Li wrote:
> On Mon, Feb 10, 2025 at 02:39:46PM -0600, Elizabeth Figura wrote:
>> On Friday, 7 February 2025 06:11:47 CST kernel test robot wrote:
>> >    In file included from include/linux/spinlock.h:60,
>> >                     from include/linux/wait.h:9,
>> >                     from include/linux/wait_bit.h:8,
>> >                     from include/linux/fs.h:6,
>> >                     from drivers/misc/ntsync.c:11:
>> >    In function 'check_copy_size',
>> >        inlined from 'copy_from_user' at include/linux/uaccess.h:207:7,
>> >        inlined from 'setup_wait' at drivers/misc/ntsync.c:888:6:
>> > >> include/linux/thread_info.h:259:25: error: call to '__bad_copy_to' declared with attribute error: copy destination size is too small
>> >      259 |                         __bad_copy_to();
>> >          |                         ^~~~~~~~~~~~~~~
>> 
>> This was caught before and mentioned in [1]. The suggestion there of changing "args->count" to "count" doesn't help.
>> 
>> Somehow gcc 12 thinks that the array_size(count, sizeof(*fds)) parameter is constant, although it's finnicky and depends on exactly where __builtin_constant_p() is evaluated.
>> 
>> The bug goes away with gcc 13. Is this worth trying to work around? I don't have any ideas for how to do so.
>
> Thanks for the info, at bot side, we will ignore this error to
> avoid further reporting on old gcc.

gcc-12 isn't really "old", we support gcc-5 through gcc-14 at the moment.

Maybe the change below would address it? (Not sure I handled the
"+1" right here, but something like that should make it obvious
to the compiler what the check is).

      Arnd

diff --git a/drivers/misc/ntsync.c b/drivers/misc/ntsync.c
index 055395cde42b..ae13aae9194b 100644
--- a/drivers/misc/ntsync.c
+++ b/drivers/misc/ntsync.c
@@ -873,6 +873,7 @@ static int setup_wait(struct ntsync_device *dev,
 {
 	int fds[NTSYNC_MAX_WAIT_COUNT + 1];
 	const __u32 count = args->count;
+	size_t size = count * sizeof(fds[0]);
 	struct ntsync_q *q;
 	__u32 total_count;
 	__u32 i, j;
@@ -880,15 +881,14 @@ static int setup_wait(struct ntsync_device *dev,
 	if (args->pad || (args->flags & ~NTSYNC_WAIT_REALTIME))
 		return -EINVAL;
 
-	if (args->count > NTSYNC_MAX_WAIT_COUNT)
+	if (size >= sizeof(fds))
 		return -EINVAL;
 
 	total_count = count;
 	if (args->alert)
 		total_count++;
 
-	if (copy_from_user(fds, u64_to_user_ptr(args->objs),
-			   array_size(count, sizeof(*fds))))
+	if (copy_from_user(fds, u64_to_user_ptr(args->objs), size))
 		return -EFAULT;
 	if (args->alert)
 		fds[count] = args->alert;

next prev parent reply	other threads:[~2025-02-14 11:22 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-02-07 12:11 include/linux/thread_info.h:259:25: error: call to '__bad_copy_to' declared with attribute error: copy destination size is too small kernel test robot
2025-02-10 20:39 ` Elizabeth Figura
2025-02-14  8:44   ` Philip Li
2025-02-14 11:22     ` Arnd Bergmann [this message]
2025-02-18  2:44       ` Oliver Sang
2025-02-18  6:04         ` Arnd Bergmann
2025-02-18  8:08       ` Geert Uytterhoeven
  -- strict thread matches above, loose matches on Subject: below --
2025-02-22 21:49 kernel test robot

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:055395cde42 dfblob:ae13aae9194 )
 OR (
bs:"Re: include/linux/thread_info.h:259:25: error: call to '__bad_copy_to' declared with attribute error: copy destination size is too small" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9791da8a-fb5f-46d0-a86f-66738293d155@app.fastmail.com \
    --to=arnd@arndb.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lkp@intel.com \
    --cc=oe-kbuild-all@lists.linux.dev \
    --cc=philip.li@intel.com \
    --cc=zfigura@codeweavers.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox