| Message ID | fba6bec696dfd6582f952c50ca5298b90b6b9c88.1523538149.git.mchehab@s-opensource.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Em Thu, 12 Apr 2018 09:02:34 -0400 Mauro Carvalho Chehab <mchehab@s-opensource.com> escreveu: > Smatch report several issues with bad __user annotations: Please ignore this one. Sent to early. > > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:447:21: warning: incorrect type in argument 1 (different address spaces) > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:447:21: expected void [noderef] <asn:1>*uptr > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:447:21: got void *<noident> > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:621:21: warning: incorrect type in argument 1 (different address spaces) > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:621:21: expected void const volatile [noderef] <asn:1>*<noident> > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:621:21: got struct v4l2_plane [noderef] <asn:1>**<noident> > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:693:13: warning: incorrect type in argument 1 (different address spaces) > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:693:13: expected void [noderef] <asn:1>*uptr > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:693:13: got void *[assigned] base > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:871:13: warning: incorrect type in assignment (different address spaces) > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:871:13: expected struct v4l2_ext_control [noderef] <asn:1>*kcontrols > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:871:13: got struct v4l2_ext_control *<noident> > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:957:13: warning: incorrect type in assignment (different address spaces) > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:957:13: expected unsigned char [usertype] *__pu_val > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:957:13: got void [noderef] <asn:1>* > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:973:13: warning: incorrect type in argument 1 (different address spaces) > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:973:13: expected void [noderef] <asn:1>*uptr > drivers/media/v4l2-core/v4l2-compat-ioctl32.c:973:13: got void *[assigned] edid > > Fix them. > > Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com> > --- > drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 35 +++++++++++++++------------ > 1 file changed, 20 insertions(+), 15 deletions(-) > > diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c > index d03a44d89649..1c25dbaaf636 100644 > --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c > +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c > @@ -443,8 +443,8 @@ static int put_v4l2_plane32(struct v4l2_plane __user *up, > return -EFAULT; > break; > case V4L2_MEMORY_USERPTR: > - if (get_user(p, &up->m.userptr) || > - put_user((compat_ulong_t)ptr_to_compat((__force void *)p), > + if (get_user(p, &up->m.userptr)|| > + put_user((compat_ulong_t)ptr_to_compat((void __user *)p), > &up32->m.userptr)) > return -EFAULT; > break; > @@ -587,7 +587,7 @@ static int put_v4l2_buffer32(struct v4l2_buffer __user *kp, > u32 length; > enum v4l2_memory memory; > struct v4l2_plane32 __user *uplane32; > - struct v4l2_plane __user *uplane; > + struct v4l2_plane *uplane; > compat_caddr_t p; > int ret; > > @@ -618,14 +618,15 @@ static int put_v4l2_buffer32(struct v4l2_buffer __user *kp, > if (num_planes == 0) > return 0; > > - if (get_user(uplane, ((__force struct v4l2_plane __user **)&kp->m.planes))) > + if (get_user(uplane, (__force void __user *)&kp->m.planes)) > return -EFAULT; > if (get_user(p, &up->m.planes)) > return -EFAULT; > uplane32 = compat_ptr(p); > > while (num_planes--) { > - ret = put_v4l2_plane32(uplane, uplane32, memory); > + ret = put_v4l2_plane32((void __user *)uplane, > + uplane32, memory); > if (ret) > return ret; > ++uplane; > @@ -675,7 +676,7 @@ static int get_v4l2_framebuffer32(struct v4l2_framebuffer __user *kp, > > if (!access_ok(VERIFY_READ, up, sizeof(*up)) || > get_user(tmp, &up->base) || > - put_user((__force void *)compat_ptr(tmp), &kp->base) || > + put_user((void __force *)compat_ptr(tmp), &kp->base) || > assign_in_user(&kp->capability, &up->capability) || > assign_in_user(&kp->flags, &up->flags) || > copy_in_user(&kp->fmt, &up->fmt, sizeof(kp->fmt))) > @@ -690,7 +691,7 @@ static int put_v4l2_framebuffer32(struct v4l2_framebuffer __user *kp, > > if (!access_ok(VERIFY_WRITE, up, sizeof(*up)) || > get_user(base, &kp->base) || > - put_user(ptr_to_compat(base), &up->base) || > + put_user(ptr_to_compat((void __user *)base), &up->base) || > assign_in_user(&up->capability, &kp->capability) || > assign_in_user(&up->flags, &kp->flags) || > copy_in_user(&up->fmt, &kp->fmt, sizeof(kp->fmt))) > @@ -857,7 +858,7 @@ static int put_v4l2_ext_controls32(struct file *file, > struct v4l2_ext_controls32 __user *up) > { > struct v4l2_ext_control32 __user *ucontrols; > - struct v4l2_ext_control __user *kcontrols; > + struct v4l2_ext_control *kcontrols; > u32 count; > u32 n; > compat_caddr_t p; > @@ -883,10 +884,12 @@ static int put_v4l2_ext_controls32(struct file *file, > unsigned int size = sizeof(*ucontrols); > u32 id; > > - if (get_user(id, &kcontrols->id) || > + if (get_user(id, (unsigned int __user *)&kcontrols->id) || > put_user(id, &ucontrols->id) || > - assign_in_user(&ucontrols->size, &kcontrols->size) || > - copy_in_user(&ucontrols->reserved2, &kcontrols->reserved2, > + assign_in_user(&ucontrols->size, > + (unsigned int __user *)&kcontrols->size) || > + copy_in_user(&ucontrols->reserved2, > + (unsigned int __user *)&kcontrols->reserved2, > sizeof(ucontrols->reserved2))) > return -EFAULT; > > @@ -898,7 +901,8 @@ static int put_v4l2_ext_controls32(struct file *file, > if (ctrl_is_pointer(file, id)) > size -= sizeof(ucontrols->value64); > > - if (copy_in_user(ucontrols, kcontrols, size)) > + if (copy_in_user(ucontrols, > + (unsigned int __user *)kcontrols, size)) > return -EFAULT; > > ucontrols++; > @@ -952,9 +956,10 @@ static int get_v4l2_edid32(struct v4l2_edid __user *kp, > if (!access_ok(VERIFY_READ, up, sizeof(*up)) || > assign_in_user(&kp->pad, &up->pad) || > assign_in_user(&kp->start_block, &up->start_block) || > - assign_in_user(&kp->blocks, &up->blocks) || > + assign_in_user(&kp->blocks, > + (unsigned char __user *)&up->blocks) || > get_user(tmp, &up->edid) || > - put_user(compat_ptr(tmp), &kp->edid) || > + put_user((void __force *)compat_ptr(tmp), &kp->edid) || > copy_in_user(kp->reserved, up->reserved, sizeof(kp->reserved))) > return -EFAULT; > return 0; > @@ -970,7 +975,7 @@ static int put_v4l2_edid32(struct v4l2_edid __user *kp, > assign_in_user(&up->start_block, &kp->start_block) || > assign_in_user(&up->blocks, &kp->blocks) || > get_user(edid, &kp->edid) || > - put_user(ptr_to_compat(edid), &up->edid) || > + put_user(ptr_to_compat((void __user *)edid), &up->edid) || > copy_in_user(up->reserved, kp->reserved, sizeof(up->reserved))) > return -EFAULT; > return 0; Thanks, Mauro
Hi Mauro,
I love your patch! Yet something to improve:
[auto build test ERROR on linuxtv-media/master]
[also build test ERROR on v4.16 next-20180413]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Mauro-Carvalho-Chehab/media-v4l2-compat-ioctl32-fix-several-__user-annotations/20180414-001705
base: git://linuxtv.org/media_tree.git master
config: x86_64-randconfig-x006-201814 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All error/warnings (new ones prefixed by >>):
In file included from include/linux/uaccess.h:14:0,
from include/linux/compat.h:20,
from drivers/media/v4l2-core/v4l2-compat-ioctl32.c:16:
drivers/media/v4l2-core/v4l2-compat-ioctl32.c: In function 'put_v4l2_buffer32':
>> arch/x86/include/asm/uaccess.h:181:6: error: void value not ignored as it ought to be
(x) = (__force __typeof__(*(ptr))) __val_gu; \
^
>> drivers/media/v4l2-core/v4l2-compat-ioctl32.c:619:7: note: in expansion of macro 'get_user'
if (get_user(uplane, (__force void __user *)&kp->m.planes))
^~~~~~~~
--
In file included from include/linux/uaccess.h:14:0,
from include/linux/compat.h:20,
from drivers/media//v4l2-core/v4l2-compat-ioctl32.c:16:
drivers/media//v4l2-core/v4l2-compat-ioctl32.c: In function 'put_v4l2_buffer32':
>> arch/x86/include/asm/uaccess.h:181:6: error: void value not ignored as it ought to be
(x) = (__force __typeof__(*(ptr))) __val_gu; \
^
drivers/media//v4l2-core/v4l2-compat-ioctl32.c:619:7: note: in expansion of macro 'get_user'
if (get_user(uplane, (__force void __user *)&kp->m.planes))
^~~~~~~~
vim +/get_user +619 drivers/media/v4l2-core/v4l2-compat-ioctl32.c
580
581 static int put_v4l2_buffer32(struct v4l2_buffer __user *kp,
582 struct v4l2_buffer32 __user *up)
583 {
584 u32 type;
585 u32 length;
586 enum v4l2_memory memory;
587 struct v4l2_plane32 __user *uplane32;
588 struct v4l2_plane *uplane;
589 compat_caddr_t p;
590 int ret;
591
592 if (!access_ok(VERIFY_WRITE, up, sizeof(*up)) ||
593 assign_in_user(&up->index, &kp->index) ||
594 get_user(type, &kp->type) ||
595 put_user(type, &up->type) ||
596 assign_in_user(&up->flags, &kp->flags) ||
597 get_user(memory, &kp->memory) ||
598 put_user(memory, &up->memory))
599 return -EFAULT;
600
601 if (assign_in_user(&up->bytesused, &kp->bytesused) ||
602 assign_in_user(&up->field, &kp->field) ||
603 assign_in_user(&up->timestamp.tv_sec, &kp->timestamp.tv_sec) ||
604 assign_in_user(&up->timestamp.tv_usec, &kp->timestamp.tv_usec) ||
605 copy_in_user(&up->timecode, &kp->timecode, sizeof(kp->timecode)) ||
606 assign_in_user(&up->sequence, &kp->sequence) ||
607 assign_in_user(&up->reserved2, &kp->reserved2) ||
608 assign_in_user(&up->reserved, &kp->reserved) ||
609 get_user(length, &kp->length) ||
610 put_user(length, &up->length))
611 return -EFAULT;
612
613 if (V4L2_TYPE_IS_MULTIPLANAR(type)) {
614 u32 num_planes = length;
615
616 if (num_planes == 0)
617 return 0;
618
> 619 if (get_user(uplane, (__force void __user *)&kp->m.planes))
620 return -EFAULT;
621 if (get_user(p, &up->m.planes))
622 return -EFAULT;
623 uplane32 = compat_ptr(p);
624
625 while (num_planes--) {
626 ret = put_v4l2_plane32((void __user *)uplane,
627 uplane32, memory);
628 if (ret)
629 return ret;
630 ++uplane;
631 ++uplane32;
632 }
633 } else {
634 switch (memory) {
635 case V4L2_MEMORY_MMAP:
636 case V4L2_MEMORY_OVERLAY:
637 if (assign_in_user(&up->m.offset, &kp->m.offset))
638 return -EFAULT;
639 break;
640 case V4L2_MEMORY_USERPTR:
641 if (assign_in_user(&up->m.userptr, &kp->m.userptr))
642 return -EFAULT;
643 break;
644 case V4L2_MEMORY_DMABUF:
645 if (assign_in_user(&up->m.fd, &kp->m.fd))
646 return -EFAULT;
647 break;
648 }
649 }
650
651 return 0;
652 }
653
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
Hi Mauro,
I love your patch! Yet something to improve:
[auto build test ERROR on linuxtv-media/master]
[also build test ERROR on v4.16 next-20180413]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Mauro-Carvalho-Chehab/media-v4l2-compat-ioctl32-fix-several-__user-annotations/20180414-001705
base: git://linuxtv.org/media_tree.git master
config: arm64-defconfig (attached as .config)
compiler: aarch64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=arm64
All error/warnings (new ones prefixed by >>):
In file included from include/linux/uaccess.h:14:0,
from include/linux/compat.h:20,
from drivers/media/v4l2-core/v4l2-compat-ioctl32.c:16:
drivers/media/v4l2-core/v4l2-compat-ioctl32.c: In function 'put_v4l2_buffer32':
>> arch/arm64/include/asm/uaccess.h:306:6: error: void value not ignored as it ought to be
(x) = (__force __typeof__(*(ptr)))__gu_val; \
^
>> arch/arm64/include/asm/uaccess.h:315:3: note: in expansion of macro '__get_user_err'
__get_user_err((x), __p, (err)); \
^~~~~~~~~~~~~~
>> arch/arm64/include/asm/uaccess.h:330:2: note: in expansion of macro '__get_user_check'
__get_user_check((x), (ptr), __gu_err); \
^~~~~~~~~~~~~~~~
>> arch/arm64/include/asm/uaccess.h:334:18: note: in expansion of macro '__get_user'
#define get_user __get_user
^~~~~~~~~~
drivers/media/v4l2-core/v4l2-compat-ioctl32.c:619:7: note: in expansion of macro 'get_user'
if (get_user(uplane, (__force void __user *)&kp->m.planes))
^~~~~~~~
--
In file included from include/linux/uaccess.h:14:0,
from include/linux/compat.h:20,
from drivers/media//v4l2-core/v4l2-compat-ioctl32.c:16:
drivers/media//v4l2-core/v4l2-compat-ioctl32.c: In function 'put_v4l2_buffer32':
>> arch/arm64/include/asm/uaccess.h:306:6: error: void value not ignored as it ought to be
(x) = (__force __typeof__(*(ptr)))__gu_val; \
^
>> arch/arm64/include/asm/uaccess.h:315:3: note: in expansion of macro '__get_user_err'
__get_user_err((x), __p, (err)); \
^~~~~~~~~~~~~~
>> arch/arm64/include/asm/uaccess.h:330:2: note: in expansion of macro '__get_user_check'
__get_user_check((x), (ptr), __gu_err); \
^~~~~~~~~~~~~~~~
>> arch/arm64/include/asm/uaccess.h:334:18: note: in expansion of macro '__get_user'
#define get_user __get_user
^~~~~~~~~~
drivers/media//v4l2-core/v4l2-compat-ioctl32.c:619:7: note: in expansion of macro 'get_user'
if (get_user(uplane, (__force void __user *)&kp->m.planes))
^~~~~~~~
vim +306 arch/arm64/include/asm/uaccess.h
4d8efc2d Robin Murphy 2018-02-05 256
4d8efc2d Robin Murphy 2018-02-05 257 /*
0aea86a2 Catalin Marinas 2012-03-05 258 * The "__xxx" versions of the user access functions do not verify the address
0aea86a2 Catalin Marinas 2012-03-05 259 * space - it must have been done previously with a separate "access_ok()"
0aea86a2 Catalin Marinas 2012-03-05 260 * call.
0aea86a2 Catalin Marinas 2012-03-05 261 *
0aea86a2 Catalin Marinas 2012-03-05 262 * The "__xxx_error" versions set the third argument to -EFAULT if an error
0aea86a2 Catalin Marinas 2012-03-05 263 * occurs, and leave it unchanged on success.
0aea86a2 Catalin Marinas 2012-03-05 264 */
57f4959b James Morse 2016-02-05 265 #define __get_user_asm(instr, alt_instr, reg, x, addr, err, feature) \
0aea86a2 Catalin Marinas 2012-03-05 266 asm volatile( \
57f4959b James Morse 2016-02-05 267 "1:"ALTERNATIVE(instr " " reg "1, [%2]\n", \
57f4959b James Morse 2016-02-05 268 alt_instr " " reg "1, [%2]\n", feature) \
0aea86a2 Catalin Marinas 2012-03-05 269 "2:\n" \
0aea86a2 Catalin Marinas 2012-03-05 270 " .section .fixup, \"ax\"\n" \
0aea86a2 Catalin Marinas 2012-03-05 271 " .align 2\n" \
0aea86a2 Catalin Marinas 2012-03-05 272 "3: mov %w0, %3\n" \
0aea86a2 Catalin Marinas 2012-03-05 273 " mov %1, #0\n" \
0aea86a2 Catalin Marinas 2012-03-05 274 " b 2b\n" \
0aea86a2 Catalin Marinas 2012-03-05 275 " .previous\n" \
6c94f27a Ard Biesheuvel 2016-01-01 276 _ASM_EXTABLE(1b, 3b) \
0aea86a2 Catalin Marinas 2012-03-05 277 : "+r" (err), "=&r" (x) \
0aea86a2 Catalin Marinas 2012-03-05 278 : "r" (addr), "i" (-EFAULT))
0aea86a2 Catalin Marinas 2012-03-05 279
0aea86a2 Catalin Marinas 2012-03-05 280 #define __get_user_err(x, ptr, err) \
0aea86a2 Catalin Marinas 2012-03-05 281 do { \
0aea86a2 Catalin Marinas 2012-03-05 282 unsigned long __gu_val; \
0aea86a2 Catalin Marinas 2012-03-05 283 __chk_user_ptr(ptr); \
bd38967d Catalin Marinas 2016-07-01 284 uaccess_enable_not_uao(); \
0aea86a2 Catalin Marinas 2012-03-05 285 switch (sizeof(*(ptr))) { \
0aea86a2 Catalin Marinas 2012-03-05 286 case 1: \
57f4959b James Morse 2016-02-05 287 __get_user_asm("ldrb", "ldtrb", "%w", __gu_val, (ptr), \
57f4959b James Morse 2016-02-05 288 (err), ARM64_HAS_UAO); \
0aea86a2 Catalin Marinas 2012-03-05 289 break; \
0aea86a2 Catalin Marinas 2012-03-05 290 case 2: \
57f4959b James Morse 2016-02-05 291 __get_user_asm("ldrh", "ldtrh", "%w", __gu_val, (ptr), \
57f4959b James Morse 2016-02-05 292 (err), ARM64_HAS_UAO); \
0aea86a2 Catalin Marinas 2012-03-05 293 break; \
0aea86a2 Catalin Marinas 2012-03-05 294 case 4: \
57f4959b James Morse 2016-02-05 295 __get_user_asm("ldr", "ldtr", "%w", __gu_val, (ptr), \
57f4959b James Morse 2016-02-05 296 (err), ARM64_HAS_UAO); \
0aea86a2 Catalin Marinas 2012-03-05 297 break; \
0aea86a2 Catalin Marinas 2012-03-05 298 case 8: \
d135b8b5 Mark Rutland 2017-05-03 299 __get_user_asm("ldr", "ldtr", "%x", __gu_val, (ptr), \
57f4959b James Morse 2016-02-05 300 (err), ARM64_HAS_UAO); \
0aea86a2 Catalin Marinas 2012-03-05 301 break; \
0aea86a2 Catalin Marinas 2012-03-05 302 default: \
0aea86a2 Catalin Marinas 2012-03-05 303 BUILD_BUG(); \
0aea86a2 Catalin Marinas 2012-03-05 304 } \
bd38967d Catalin Marinas 2016-07-01 305 uaccess_disable_not_uao(); \
58fff517 Michael S. Tsirkin 2014-12-12 @306 (x) = (__force __typeof__(*(ptr)))__gu_val; \
0aea86a2 Catalin Marinas 2012-03-05 307 } while (0)
0aea86a2 Catalin Marinas 2012-03-05 308
84624087 Will Deacon 2018-02-05 309 #define __get_user_check(x, ptr, err) \
0aea86a2 Catalin Marinas 2012-03-05 310 ({ \
84624087 Will Deacon 2018-02-05 311 __typeof__(*(ptr)) __user *__p = (ptr); \
84624087 Will Deacon 2018-02-05 312 might_fault(); \
84624087 Will Deacon 2018-02-05 313 if (access_ok(VERIFY_READ, __p, sizeof(*__p))) { \
84624087 Will Deacon 2018-02-05 314 __p = uaccess_mask_ptr(__p); \
84624087 Will Deacon 2018-02-05 @315 __get_user_err((x), __p, (err)); \
84624087 Will Deacon 2018-02-05 316 } else { \
84624087 Will Deacon 2018-02-05 317 (x) = 0; (err) = -EFAULT; \
84624087 Will Deacon 2018-02-05 318 } \
0aea86a2 Catalin Marinas 2012-03-05 319 })
0aea86a2 Catalin Marinas 2012-03-05 320
0aea86a2 Catalin Marinas 2012-03-05 321 #define __get_user_error(x, ptr, err) \
0aea86a2 Catalin Marinas 2012-03-05 322 ({ \
84624087 Will Deacon 2018-02-05 323 __get_user_check((x), (ptr), (err)); \
0aea86a2 Catalin Marinas 2012-03-05 324 (void)0; \
0aea86a2 Catalin Marinas 2012-03-05 325 })
0aea86a2 Catalin Marinas 2012-03-05 326
84624087 Will Deacon 2018-02-05 327 #define __get_user(x, ptr) \
0aea86a2 Catalin Marinas 2012-03-05 328 ({ \
84624087 Will Deacon 2018-02-05 329 int __gu_err = 0; \
84624087 Will Deacon 2018-02-05 @330 __get_user_check((x), (ptr), __gu_err); \
84624087 Will Deacon 2018-02-05 331 __gu_err; \
0aea86a2 Catalin Marinas 2012-03-05 332 })
0aea86a2 Catalin Marinas 2012-03-05 333
84624087 Will Deacon 2018-02-05 @334 #define get_user __get_user
84624087 Will Deacon 2018-02-05 335
:::::: The code at line 306 was first introduced by commit
:::::: 58fff51784cb5e1bcc06a1417be26eec4288507c arm64/uaccess: fix sparse errors
:::::: TO: Michael S. Tsirkin <mst@redhat.com>
:::::: CC: Michael S. Tsirkin <mst@redhat.com>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index d03a44d89649..1c25dbaaf636 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -443,8 +443,8 @@ static int put_v4l2_plane32(struct v4l2_plane __user *up, return -EFAULT; break; case V4L2_MEMORY_USERPTR: - if (get_user(p, &up->m.userptr) || - put_user((compat_ulong_t)ptr_to_compat((__force void *)p), + if (get_user(p, &up->m.userptr)|| + put_user((compat_ulong_t)ptr_to_compat((void __user *)p), &up32->m.userptr)) return -EFAULT; break; @@ -587,7 +587,7 @@ static int put_v4l2_buffer32(struct v4l2_buffer __user *kp, u32 length; enum v4l2_memory memory; struct v4l2_plane32 __user *uplane32; - struct v4l2_plane __user *uplane; + struct v4l2_plane *uplane; compat_caddr_t p; int ret; @@ -618,14 +618,15 @@ static int put_v4l2_buffer32(struct v4l2_buffer __user *kp, if (num_planes == 0) return 0; - if (get_user(uplane, ((__force struct v4l2_plane __user **)&kp->m.planes))) + if (get_user(uplane, (__force void __user *)&kp->m.planes)) return -EFAULT; if (get_user(p, &up->m.planes)) return -EFAULT; uplane32 = compat_ptr(p); while (num_planes--) { - ret = put_v4l2_plane32(uplane, uplane32, memory); + ret = put_v4l2_plane32((void __user *)uplane, + uplane32, memory); if (ret) return ret; ++uplane; @@ -675,7 +676,7 @@ static int get_v4l2_framebuffer32(struct v4l2_framebuffer __user *kp, if (!access_ok(VERIFY_READ, up, sizeof(*up)) || get_user(tmp, &up->base) || - put_user((__force void *)compat_ptr(tmp), &kp->base) || + put_user((void __force *)compat_ptr(tmp), &kp->base) || assign_in_user(&kp->capability, &up->capability) || assign_in_user(&kp->flags, &up->flags) || copy_in_user(&kp->fmt, &up->fmt, sizeof(kp->fmt))) @@ -690,7 +691,7 @@ static int put_v4l2_framebuffer32(struct v4l2_framebuffer __user *kp, if (!access_ok(VERIFY_WRITE, up, sizeof(*up)) || get_user(base, &kp->base) || - put_user(ptr_to_compat(base), &up->base) || + put_user(ptr_to_compat((void __user *)base), &up->base) || assign_in_user(&up->capability, &kp->capability) || assign_in_user(&up->flags, &kp->flags) || copy_in_user(&up->fmt, &kp->fmt, sizeof(kp->fmt))) @@ -857,7 +858,7 @@ static int put_v4l2_ext_controls32(struct file *file, struct v4l2_ext_controls32 __user *up) { struct v4l2_ext_control32 __user *ucontrols; - struct v4l2_ext_control __user *kcontrols; + struct v4l2_ext_control *kcontrols; u32 count; u32 n; compat_caddr_t p; @@ -883,10 +884,12 @@ static int put_v4l2_ext_controls32(struct file *file, unsigned int size = sizeof(*ucontrols); u32 id; - if (get_user(id, &kcontrols->id) || + if (get_user(id, (unsigned int __user *)&kcontrols->id) || put_user(id, &ucontrols->id) || - assign_in_user(&ucontrols->size, &kcontrols->size) || - copy_in_user(&ucontrols->reserved2, &kcontrols->reserved2, + assign_in_user(&ucontrols->size, + (unsigned int __user *)&kcontrols->size) || + copy_in_user(&ucontrols->reserved2, + (unsigned int __user *)&kcontrols->reserved2, sizeof(ucontrols->reserved2))) return -EFAULT; @@ -898,7 +901,8 @@ static int put_v4l2_ext_controls32(struct file *file, if (ctrl_is_pointer(file, id)) size -= sizeof(ucontrols->value64); - if (copy_in_user(ucontrols, kcontrols, size)) + if (copy_in_user(ucontrols, + (unsigned int __user *)kcontrols, size)) return -EFAULT; ucontrols++; @@ -952,9 +956,10 @@ static int get_v4l2_edid32(struct v4l2_edid __user *kp, if (!access_ok(VERIFY_READ, up, sizeof(*up)) || assign_in_user(&kp->pad, &up->pad) || assign_in_user(&kp->start_block, &up->start_block) || - assign_in_user(&kp->blocks, &up->blocks) || + assign_in_user(&kp->blocks, + (unsigned char __user *)&up->blocks) || get_user(tmp, &up->edid) || - put_user(compat_ptr(tmp), &kp->edid) || + put_user((void __force *)compat_ptr(tmp), &kp->edid) || copy_in_user(kp->reserved, up->reserved, sizeof(kp->reserved))) return -EFAULT; return 0; @@ -970,7 +975,7 @@ static int put_v4l2_edid32(struct v4l2_edid __user *kp, assign_in_user(&up->start_block, &kp->start_block) || assign_in_user(&up->blocks, &kp->blocks) || get_user(edid, &kp->edid) || - put_user(ptr_to_compat(edid), &up->edid) || + put_user(ptr_to_compat((void __user *)edid), &up->edid) || copy_in_user(up->reserved, kp->reserved, sizeof(up->reserved))) return -EFAULT; return 0;
Smatch report several issues with bad __user annotations: drivers/media/v4l2-core/v4l2-compat-ioctl32.c:447:21: warning: incorrect type in argument 1 (different address spaces) drivers/media/v4l2-core/v4l2-compat-ioctl32.c:447:21: expected void [noderef] <asn:1>*uptr drivers/media/v4l2-core/v4l2-compat-ioctl32.c:447:21: got void *<noident> drivers/media/v4l2-core/v4l2-compat-ioctl32.c:621:21: warning: incorrect type in argument 1 (different address spaces) drivers/media/v4l2-core/v4l2-compat-ioctl32.c:621:21: expected void const volatile [noderef] <asn:1>*<noident> drivers/media/v4l2-core/v4l2-compat-ioctl32.c:621:21: got struct v4l2_plane [noderef] <asn:1>**<noident> drivers/media/v4l2-core/v4l2-compat-ioctl32.c:693:13: warning: incorrect type in argument 1 (different address spaces) drivers/media/v4l2-core/v4l2-compat-ioctl32.c:693:13: expected void [noderef] <asn:1>*uptr drivers/media/v4l2-core/v4l2-compat-ioctl32.c:693:13: got void *[assigned] base drivers/media/v4l2-core/v4l2-compat-ioctl32.c:871:13: warning: incorrect type in assignment (different address spaces) drivers/media/v4l2-core/v4l2-compat-ioctl32.c:871:13: expected struct v4l2_ext_control [noderef] <asn:1>*kcontrols drivers/media/v4l2-core/v4l2-compat-ioctl32.c:871:13: got struct v4l2_ext_control *<noident> drivers/media/v4l2-core/v4l2-compat-ioctl32.c:957:13: warning: incorrect type in assignment (different address spaces) drivers/media/v4l2-core/v4l2-compat-ioctl32.c:957:13: expected unsigned char [usertype] *__pu_val drivers/media/v4l2-core/v4l2-compat-ioctl32.c:957:13: got void [noderef] <asn:1>* drivers/media/v4l2-core/v4l2-compat-ioctl32.c:973:13: warning: incorrect type in argument 1 (different address spaces) drivers/media/v4l2-core/v4l2-compat-ioctl32.c:973:13: expected void [noderef] <asn:1>*uptr drivers/media/v4l2-core/v4l2-compat-ioctl32.c:973:13: got void *[assigned] edid Fix them. Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com> --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 35 +++++++++++++++------------ 1 file changed, 20 insertions(+), 15 deletions(-)