| Message ID | 926b572075a26835f4e39d05710cd1b75fd4d5a4.1637945194.git.christophe.leroy@csgroup.eu (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v2] w1: Misuse of get_user()/put_user() reported by sparse | expand |
| Context | Check | Description |
|---|---|---|
| snowpatch_ozlabs/github-powerpc_clang | success | Successfully ran 7 jobs. |
| snowpatch_ozlabs/github-powerpc_sparse | success | Successfully ran 4 jobs. |
| snowpatch_ozlabs/github-powerpc_kernel_qemu | success | Successfully ran 24 jobs. |
On Fri, Nov 26, 2021 at 05:47:58PM +0100, Christophe Leroy wrote: > sparse warnings: (new ones prefixed by >>) > >> drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected char [noderef] __user *_pu_addr @@ got char *buf @@ > drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: expected char [noderef] __user *_pu_addr > drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: got char *buf > >> drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected char const [noderef] __user *_gu_addr @@ got char const *buf @@ > drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: expected char const [noderef] __user *_gu_addr > drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: got char const *buf > > The buffer buf is a failsafe buffer in kernel space, it's not user > memory hence doesn't deserve the use of get_user() or put_user(). > > Access 'buf' content directly. > > Reported-by: kernel test robot <lkp@intel.com> > Link: https://lore.kernel.org/lkml/202111190526.K5vb7NWC-lkp@intel.com/T/ > Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> > --- > v2: Use sysfs_emit() and kstrtobool() > --- > drivers/w1/slaves/w1_ds28e04.c | 25 +++---------------------- > 1 file changed, 3 insertions(+), 22 deletions(-) > > diff --git a/drivers/w1/slaves/w1_ds28e04.c b/drivers/w1/slaves/w1_ds28e04.c > index e4f336111edc..98f80f412cfd 100644 > --- a/drivers/w1/slaves/w1_ds28e04.c > +++ b/drivers/w1/slaves/w1_ds28e04.c > @@ -32,7 +32,7 @@ static int w1_strong_pullup = 1; > module_param_named(strong_pullup, w1_strong_pullup, int, 0); > > /* enable/disable CRC checking on DS28E04-100 memory accesses */ > -static char w1_enable_crccheck = 1; > +static bool w1_enable_crccheck = true; > > #define W1_EEPROM_SIZE 512 > #define W1_PAGE_COUNT 16 > @@ -339,32 +339,13 @@ static BIN_ATTR_RW(pio, 1); > static ssize_t crccheck_show(struct device *dev, struct device_attribute *attr, > char *buf) > { > - if (put_user(w1_enable_crccheck + 0x30, buf)) > - return -EFAULT; > - > - return sizeof(w1_enable_crccheck); > + return sysfs_emit(buf, "%d\n", w1_enable_crccheck); > } > > static ssize_t crccheck_store(struct device *dev, struct device_attribute *attr, > const char *buf, size_t count) > { > - char val; > - > - if (count != 1 || !buf) > - return -EINVAL; > - > - if (get_user(val, buf)) > - return -EFAULT; > - > - /* convert to decimal */ > - val = val - 0x30; > - if (val != 0 && val != 1) > - return -EINVAL; > - > - /* set the new value */ > - w1_enable_crccheck = val; > - > - return sizeof(w1_enable_crccheck); > + return kstrtobool(buf, &w1_enable_crccheck) ? : count; Please spell this line out, using ? : is unreadable at times. thanks, greg k-h
Le 26/11/2021 à 17:54, Greg Kroah-Hartman a écrit : > On Fri, Nov 26, 2021 at 05:47:58PM +0100, Christophe Leroy wrote: >> sparse warnings: (new ones prefixed by >>) >>>> drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected char [noderef] __user *_pu_addr @@ got char *buf @@ >> drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: expected char [noderef] __user *_pu_addr >> drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: got char *buf >>>> drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected char const [noderef] __user *_gu_addr @@ got char const *buf @@ >> drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: expected char const [noderef] __user *_gu_addr >> drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: got char const *buf >> >> The buffer buf is a failsafe buffer in kernel space, it's not user >> memory hence doesn't deserve the use of get_user() or put_user(). >> >> Access 'buf' content directly. >> >> Reported-by: kernel test robot <lkp@intel.com> >> Link: https://lore.kernel.org/lkml/202111190526.K5vb7NWC-lkp@intel.com/T/ >> Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> >> --- >> v2: Use sysfs_emit() and kstrtobool() >> --- >> drivers/w1/slaves/w1_ds28e04.c | 25 +++---------------------- >> 1 file changed, 3 insertions(+), 22 deletions(-) >> >> diff --git a/drivers/w1/slaves/w1_ds28e04.c b/drivers/w1/slaves/w1_ds28e04.c >> index e4f336111edc..98f80f412cfd 100644 >> --- a/drivers/w1/slaves/w1_ds28e04.c >> +++ b/drivers/w1/slaves/w1_ds28e04.c >> @@ -32,7 +32,7 @@ static int w1_strong_pullup = 1; >> module_param_named(strong_pullup, w1_strong_pullup, int, 0); >> >> /* enable/disable CRC checking on DS28E04-100 memory accesses */ >> -static char w1_enable_crccheck = 1; >> +static bool w1_enable_crccheck = true; >> >> #define W1_EEPROM_SIZE 512 >> #define W1_PAGE_COUNT 16 >> @@ -339,32 +339,13 @@ static BIN_ATTR_RW(pio, 1); >> static ssize_t crccheck_show(struct device *dev, struct device_attribute *attr, >> char *buf) >> { >> - if (put_user(w1_enable_crccheck + 0x30, buf)) >> - return -EFAULT; >> - >> - return sizeof(w1_enable_crccheck); >> + return sysfs_emit(buf, "%d\n", w1_enable_crccheck); >> } >> >> static ssize_t crccheck_store(struct device *dev, struct device_attribute *attr, >> const char *buf, size_t count) >> { >> - char val; >> - >> - if (count != 1 || !buf) >> - return -EINVAL; >> - >> - if (get_user(val, buf)) >> - return -EFAULT; >> - >> - /* convert to decimal */ >> - val = val - 0x30; >> - if (val != 0 && val != 1) >> - return -EINVAL; >> - >> - /* set the new value */ >> - w1_enable_crccheck = val; >> - >> - return sizeof(w1_enable_crccheck); >> + return kstrtobool(buf, &w1_enable_crccheck) ? : count; > > Please spell this line out, using ? : is unreadable at times. > You prefer something like: int err = kstrtobool(buf, &w1_enable_crccheck); return err ? err : count; Or int err = kstrtobool(buf, &w1_enable_crccheck); if (err) return err; return count; ?
On Fri, Nov 26, 2021 at 05:57:58PM +0100, Christophe Leroy wrote: > > > Le 26/11/2021 à 17:54, Greg Kroah-Hartman a écrit : > > On Fri, Nov 26, 2021 at 05:47:58PM +0100, Christophe Leroy wrote: > > > sparse warnings: (new ones prefixed by >>) > > > > > drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected char [noderef] __user *_pu_addr @@ got char *buf @@ > > > drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: expected char [noderef] __user *_pu_addr > > > drivers/w1/slaves/w1_ds28e04.c:342:13: sparse: got char *buf > > > > > drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected char const [noderef] __user *_gu_addr @@ got char const *buf @@ > > > drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: expected char const [noderef] __user *_gu_addr > > > drivers/w1/slaves/w1_ds28e04.c:356:13: sparse: got char const *buf > > > > > > The buffer buf is a failsafe buffer in kernel space, it's not user > > > memory hence doesn't deserve the use of get_user() or put_user(). > > > > > > Access 'buf' content directly. > > > > > > Reported-by: kernel test robot <lkp@intel.com> > > > Link: https://lore.kernel.org/lkml/202111190526.K5vb7NWC-lkp@intel.com/T/ > > > Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> > > > --- > > > v2: Use sysfs_emit() and kstrtobool() > > > --- > > > drivers/w1/slaves/w1_ds28e04.c | 25 +++---------------------- > > > 1 file changed, 3 insertions(+), 22 deletions(-) > > > > > > diff --git a/drivers/w1/slaves/w1_ds28e04.c b/drivers/w1/slaves/w1_ds28e04.c > > > index e4f336111edc..98f80f412cfd 100644 > > > --- a/drivers/w1/slaves/w1_ds28e04.c > > > +++ b/drivers/w1/slaves/w1_ds28e04.c > > > @@ -32,7 +32,7 @@ static int w1_strong_pullup = 1; > > > module_param_named(strong_pullup, w1_strong_pullup, int, 0); > > > /* enable/disable CRC checking on DS28E04-100 memory accesses */ > > > -static char w1_enable_crccheck = 1; > > > +static bool w1_enable_crccheck = true; > > > #define W1_EEPROM_SIZE 512 > > > #define W1_PAGE_COUNT 16 > > > @@ -339,32 +339,13 @@ static BIN_ATTR_RW(pio, 1); > > > static ssize_t crccheck_show(struct device *dev, struct device_attribute *attr, > > > char *buf) > > > { > > > - if (put_user(w1_enable_crccheck + 0x30, buf)) > > > - return -EFAULT; > > > - > > > - return sizeof(w1_enable_crccheck); > > > + return sysfs_emit(buf, "%d\n", w1_enable_crccheck); > > > } > > > static ssize_t crccheck_store(struct device *dev, struct device_attribute *attr, > > > const char *buf, size_t count) > > > { > > > - char val; > > > - > > > - if (count != 1 || !buf) > > > - return -EINVAL; > > > - > > > - if (get_user(val, buf)) > > > - return -EFAULT; > > > - > > > - /* convert to decimal */ > > > - val = val - 0x30; > > > - if (val != 0 && val != 1) > > > - return -EINVAL; > > > - > > > - /* set the new value */ > > > - w1_enable_crccheck = val; > > > - > > > - return sizeof(w1_enable_crccheck); > > > + return kstrtobool(buf, &w1_enable_crccheck) ? : count; > > > > Please spell this line out, using ? : is unreadable at times. > > > > You prefer something like: > > int err = kstrtobool(buf, &w1_enable_crccheck); > > return err ? err : count; > > > Or > > int err = kstrtobool(buf, &w1_enable_crccheck); > > if (err) > return err; > > return count; This one. Write code for people to read first, compiler second. thanks, greg k-h
diff --git a/drivers/w1/slaves/w1_ds28e04.c b/drivers/w1/slaves/w1_ds28e04.c index e4f336111edc..98f80f412cfd 100644 --- a/drivers/w1/slaves/w1_ds28e04.c +++ b/drivers/w1/slaves/w1_ds28e04.c @@ -32,7 +32,7 @@ static int w1_strong_pullup = 1; module_param_named(strong_pullup, w1_strong_pullup, int, 0); /* enable/disable CRC checking on DS28E04-100 memory accesses */ -static char w1_enable_crccheck = 1; +static bool w1_enable_crccheck = true; #define W1_EEPROM_SIZE 512 #define W1_PAGE_COUNT 16 @@ -339,32 +339,13 @@ static BIN_ATTR_RW(pio, 1); static ssize_t crccheck_show(struct device *dev, struct device_attribute *attr, char *buf) { - if (put_user(w1_enable_crccheck + 0x30, buf)) - return -EFAULT; - - return sizeof(w1_enable_crccheck); + return sysfs_emit(buf, "%d\n", w1_enable_crccheck); } static ssize_t crccheck_store(struct device *dev, struct device_attribute *attr, const char *buf, size_t count) { - char val; - - if (count != 1 || !buf) - return -EINVAL; - - if (get_user(val, buf)) - return -EFAULT; - - /* convert to decimal */ - val = val - 0x30; - if (val != 0 && val != 1) - return -EINVAL; - - /* set the new value */ - w1_enable_crccheck = val; - - return sizeof(w1_enable_crccheck); + return kstrtobool(buf, &w1_enable_crccheck) ? : count; } static DEVICE_ATTR_RW(crccheck);