driverdev-devel.linuxdriverproject.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] staging: vc04_services: Fixed address type mismatch in vchiq_arm.c
@ 2021-02-18  9:10 Pritthijit Nath
  2021-02-18  9:39 ` Greg KH
  0 siblings, 1 reply; 3+ messages in thread
From: Pritthijit Nath @ 2021-02-18  9:10 UTC (permalink / raw)
  To: nsaenzjulienne, arnd, dan.carpenter, amarjargal16, phil, gregkh
  Cc: devel, Pritthijit Nath, linux-kernel, bcm-kernel-feedback-list,
	linux-rpi-kernel, linux-arm-kernel

This change fixes a sparse address type mismatch warning "incorrect type
in assignment (different address spaces)".

Signed-off-by: Pritthijit Nath <pritthijit.nath@icloud.com>
---
 .../staging/vc04_services/interface/vchiq_arm/vchiq_arm.c   | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
index 59e45dc03a97..3c715b926a57 100644
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
@@ -1214,11 +1214,7 @@ static int vchiq_ioc_await_completion(struct vchiq_instance *instance,
 		    !instance->use_close_delivered)
 			unlock_service(service);
 
-		/*
-		 * FIXME: address space mismatch, does bulk_userdata
-		 * actually point to user or kernel memory?
-		 */
-		user_completion.bulk_userdata = completion->bulk_userdata;
+		user_completion.bulk_userdata = (void __user *)completion->bulk_userdata;
 
 		if (vchiq_put_completion(args->buf, &user_completion, ret)) {
 			if (ret == 0)
-- 
2.25.1

_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] staging: vc04_services: Fixed address type mismatch in vchiq_arm.c
  2021-02-18  9:10 [PATCH] staging: vc04_services: Fixed address type mismatch in vchiq_arm.c Pritthijit Nath
@ 2021-02-18  9:39 ` Greg KH
  2021-02-18 17:10   ` Arnd Bergmann
  0 siblings, 1 reply; 3+ messages in thread
From: Greg KH @ 2021-02-18  9:39 UTC (permalink / raw)
  To: Pritthijit Nath
  Cc: devel, arnd, linux-arm-kernel, linux-kernel,
	bcm-kernel-feedback-list, nsaenzjulienne, amarjargal16, phil,
	dan.carpenter, linux-rpi-kernel

On Thu, Feb 18, 2021 at 02:40:15PM +0530, Pritthijit Nath wrote:
> This change fixes a sparse address type mismatch warning "incorrect type
> in assignment (different address spaces)".
> 
> Signed-off-by: Pritthijit Nath <pritthijit.nath@icloud.com>
> ---
>  .../staging/vc04_services/interface/vchiq_arm/vchiq_arm.c   | 6 +-----
>  1 file changed, 1 insertion(+), 5 deletions(-)
> 
> diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
> index 59e45dc03a97..3c715b926a57 100644
> --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
> +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
> @@ -1214,11 +1214,7 @@ static int vchiq_ioc_await_completion(struct vchiq_instance *instance,
>  		    !instance->use_close_delivered)
>  			unlock_service(service);
>  
> -		/*
> -		 * FIXME: address space mismatch, does bulk_userdata
> -		 * actually point to user or kernel memory?
> -		 */
> -		user_completion.bulk_userdata = completion->bulk_userdata;
> +		user_completion.bulk_userdata = (void __user *)completion->bulk_userdata;

So, this pointer really is user memory?

How did you determine that?

If so, why isn't this a __user * in the first place?

You can't just paper over the FIXME by doing a cast without doing the
real work here, otherwise someone wouldn't have written the FIXME :)

thanks,

greg k-h
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] staging: vc04_services: Fixed address type mismatch in vchiq_arm.c
  2021-02-18  9:39 ` Greg KH
@ 2021-02-18 17:10   ` Arnd Bergmann
  0 siblings, 0 replies; 3+ messages in thread
From: Arnd Bergmann @ 2021-02-18 17:10 UTC (permalink / raw)
  To: Greg KH
  Cc: driverdevel, Pritthijit Nath, Arnd Bergmann, Linux ARM,
	linux-kernel, bcm-kernel-feedback-list, Nicolas Saenz Julienne,
	Amarjargal Gundjalam, Phil Elwell, Dan Carpenter,
	moderated list:BROADCOM BCM2835 ARM ARCHITECTURE

On Thu, Feb 18, 2021 at 10:39 AM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Thu, Feb 18, 2021 at 02:40:15PM +0530, Pritthijit Nath wrote:
> > This change fixes a sparse address type mismatch warning "incorrect type
> > in assignment (different address spaces)".
> >
> > Signed-off-by: Pritthijit Nath <pritthijit.nath@icloud.com>
> > ---
> >  .../staging/vc04_services/interface/vchiq_arm/vchiq_arm.c   | 6 +-----
> >  1 file changed, 1 insertion(+), 5 deletions(-)
> >
> > diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
> > index 59e45dc03a97..3c715b926a57 100644
> > --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
> > +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
> > @@ -1214,11 +1214,7 @@ static int vchiq_ioc_await_completion(struct vchiq_instance *instance,
> >                   !instance->use_close_delivered)
> >                       unlock_service(service);
> >
> > -             /*
> > -              * FIXME: address space mismatch, does bulk_userdata
> > -              * actually point to user or kernel memory?
> > -              */
> > -             user_completion.bulk_userdata = completion->bulk_userdata;
> > +             user_completion.bulk_userdata = (void __user *)completion->bulk_userdata;
>
> So, this pointer really is user memory?
>
> How did you determine that?
>
> If so, why isn't this a __user * in the first place?
>
> You can't just paper over the FIXME by doing a cast without doing the
> real work here, otherwise someone wouldn't have written the FIXME :)

Agreed. I added the FIXME as part of a cleanup work I did last year.
The obvious step is to mark the corresponding field in
vchiq_completion_data_kernel as a __user pointer, and then check
all assignments *to* that members to ensure they all refer to __user
pointers as well.

At some point I gave up here, as far as I recall there were certain
assignments that were clearly kernel data, in particular the
vchiq_service_params_kernel->callback() argument seems to
sometimes come from kmalloc() and must not be passed down
to user space.

The alternative would be to look at the user space side to figure
out how the returned data is actually used. If user space doesn't
rely on it, it can simply get set to NULL, and if it does use it,
then the question is which code path in the kernel correctly
assigns it.

        Arnd
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-02-18 17:11 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-18  9:10 [PATCH] staging: vc04_services: Fixed address type mismatch in vchiq_arm.c Pritthijit Nath
2021-02-18  9:39 ` Greg KH
2021-02-18 17:10   ` Arnd Bergmann

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).