| Message ID | 471895ee06633a624e934cf501c7a460755fe4a4.1385501822.git.ydroneaud@opteya.com (mailing list archive) |
|---|---|
| State | Superseded, archived |
| Headers | show |
On 27/11/2013 12:02 AM, Yann Droneaud wrote: > Currently, INIT_UDATA() does an implicit cast to a pointer, > so that 'response' address, eg. output buffer, can be used > as is to initialize a struct ib_udata: > > do { \ > (udata)->inbuf = (void __user *) (ibuf); \ > (udata)->outbuf = (void __user *) (obuf); \ > (udata)->inlen = (ilen); \ > (udata)->outlen = (olen); \ > } while (0) > > ... > > INIT_UDATA(&udata, buf + sizeof cmd, > (unsigned long) cmd.response + sizeof resp, > in_len - sizeof cmd, out_len - sizeof resp); > > ... > > Hidding the integer to pointer conversion is prone to error > that won't be catched by compiler/static analyzer is some case. > > In the other hand, sparse reports an error if literal 0 is used > to initialize inbuf or outbuf, for example in: > > INIT_UDATA(&ucore, > (hdr.in_words) ? buf : 0, > (unsigned long)ex_hdr.response, > hdr.in_words * 8, > hdr.out_words * 8); > > It was reported by kbuild test robot in message[1]: > > From: kbuild test robot <fengguang.wu@intel.com> > Subject: "drivers/infiniband/core/uverbs_main.c:683:17: > sparse: Using plain integer as NULL pointer", > Message-Id: <528b3984.SVGs20ZWpcuR/Jls%fengguang.wu@intel.com> > > This patch fixes the warnings reported by sparse and allows the compiler > to report a warning in case a plain integer get used to initialize > a udata pointer. > > This patch requires struct ib_udata to be modified to have a > const void __user *inbuf field[2], otherwise compiler will report warnings > regarding const to non const conversion: > > drivers/infiniband/core/uverbs_main.c: In function ‘ib_uverbs_write’: > drivers/infiniband/core/uverbs_main.c:682:24: attention : assignment discards ‘const’ qualifier from pointer target type [enabled by default] > drivers/infiniband/core/uverbs_main.c:688:22: attention : assignment discards ‘const’ qualifier from pointer target type [enabled by default] > drivers/infiniband/core/uverbs_cmd.c: In function ‘ib_uverbs_get_context’: > drivers/infiniband/core/uverbs_cmd.c:307:23: attention : assignment discards ‘const’ qualifier from pointer target type [enabled by default] > drivers/infiniband/core/uverbs_cmd.c: In function ‘ib_uverbs_alloc_pd’: > drivers/infiniband/core/uverbs_cmd.c:516:23: attention : assignment discards ‘const’ qualifier from pointer target type [enabled by default] > ... > > [1] https://lists.01.org/pipermail/kbuild-all/2013-November/002120.html > > [2] https://patchwork.kernel.org/patch/2846202/ > http://marc.info/?i=3050a98379b4342ea59d59aeaf1ce162171df928.1376847403.git.ydroneaud@opteya.com > > Link: http://marc.info/?i=cover.1385501822.git.ydroneaud@opteya.com > Signed-off-by: Yann Droneaud <ydroneaud@opteya.com> > --- > drivers/infiniband/core/uverbs.h | 12 ++++++------ > drivers/infiniband/core/uverbs_cmd.c | 20 ++++++++++---------- > drivers/infiniband/core/uverbs_main.c | 13 ++++++++----- > 3 files changed, 24 insertions(+), 21 deletions(-) > > diff --git a/drivers/infiniband/core/uverbs.h b/drivers/infiniband/core/uverbs.h > index 9879568aed8c..0dca1975d59d 100644 > --- a/drivers/infiniband/core/uverbs.h > +++ b/drivers/infiniband/core/uverbs.h > @@ -47,12 +47,12 @@ > #include <rdma/ib_umem.h> > #include <rdma/ib_user_verbs.h> > > -#define INIT_UDATA(udata, ibuf, obuf, ilen, olen) \ > - do { \ > - (udata)->inbuf = (const void __user *) (ibuf); \ > - (udata)->outbuf = (void __user *) (obuf); \ > - (udata)->inlen = (ilen); \ > - (udata)->outlen = (olen); \ > +#define INIT_UDATA(udata, ibuf, obuf, ilen, olen) \ > + do { \ > + (udata)->inbuf = (ibuf); \ > + (udata)->outbuf = (obuf); \ > + (udata)->inlen = (ilen); \ > + (udata)->outlen = (olen); \ > } while (0) > > /* > diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c > index 65f6e7dc380c..d9d91c412628 100644 > --- a/drivers/infiniband/core/uverbs_cmd.c > +++ b/drivers/infiniband/core/uverbs_cmd.c > @@ -305,7 +305,7 @@ ssize_t ib_uverbs_get_context(struct ib_uverbs_file *file, > } > > INIT_UDATA(&udata, buf + sizeof cmd, > - (unsigned long) cmd.response + sizeof resp, > + (void __user *)(unsigned long)cmd.response + sizeof resp, The response field is already __u64 and casting to (void __user *) should match the machine's pointer type size. Why do we have to cast to (unsigned long) and then cast to (void __user *) ? > in_len - sizeof cmd, out_len - sizeof resp); > > ucontext = ibdev->alloc_ucontext(ibdev, &udata); > @@ -514,7 +514,7 @@ ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file, > return -EFAULT; > > INIT_UDATA(&udata, buf + sizeof cmd, > - (unsigned long) cmd.response + sizeof resp, > + (void __user *)(unsigned long)cmd.response + sizeof resp, > in_len - sizeof cmd, out_len - sizeof resp); > > uobj = kmalloc(sizeof *uobj, GFP_KERNEL); > @@ -711,7 +711,7 @@ ssize_t ib_uverbs_open_xrcd(struct ib_uverbs_file *file, > return -EFAULT; > > INIT_UDATA(&udata, buf + sizeof cmd, > - (unsigned long) cmd.response + sizeof resp, > + (void __user *)(unsigned long)cmd.response + sizeof resp, > in_len - sizeof cmd, out_len - sizeof resp); > > mutex_lock(&file->device->xrcd_tree_mutex); > @@ -923,7 +923,7 @@ ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file, > return -EFAULT; > > INIT_UDATA(&udata, buf + sizeof cmd, > - (unsigned long) cmd.response + sizeof resp, > + (void __user *)(unsigned long)cmd.response + sizeof resp, > in_len - sizeof cmd, out_len - sizeof resp); > > if ((cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK)) > @@ -1215,7 +1215,7 @@ ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file, > return -EFAULT; > > INIT_UDATA(&udata, buf + sizeof cmd, > - (unsigned long) cmd.response + sizeof resp, > + (void __user *)(unsigned long)cmd.response + sizeof resp, > in_len - sizeof cmd, out_len - sizeof resp); > > if (cmd.comp_vector >= file->device->num_comp_vectors) > @@ -1311,7 +1311,7 @@ ssize_t ib_uverbs_resize_cq(struct ib_uverbs_file *file, > return -EFAULT; > > INIT_UDATA(&udata, buf + sizeof cmd, > - (unsigned long) cmd.response + sizeof resp, > + (void __user *)(unsigned long)cmd.response + sizeof resp, > in_len - sizeof cmd, out_len - sizeof resp); > > cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0); > @@ -1513,7 +1513,7 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file, > return -EPERM; > > INIT_UDATA(&udata, buf + sizeof cmd, > - (unsigned long) cmd.response + sizeof resp, > + (void __user *)(unsigned long)cmd.response + sizeof resp, > in_len - sizeof cmd, out_len - sizeof resp); > > obj = kzalloc(sizeof *obj, GFP_KERNEL); > @@ -1700,7 +1700,7 @@ ssize_t ib_uverbs_open_qp(struct ib_uverbs_file *file, > return -EFAULT; > > INIT_UDATA(&udata, buf + sizeof cmd, > - (unsigned long) cmd.response + sizeof resp, > + (void __user *)(unsigned long)cmd.response + sizeof resp, > in_len - sizeof cmd, out_len - sizeof resp); > > obj = kmalloc(sizeof *obj, GFP_KERNEL); > @@ -2976,7 +2976,7 @@ ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file, > xcmd.srq_limit = cmd.srq_limit; > > INIT_UDATA(&udata, buf + sizeof cmd, > - (unsigned long) cmd.response + sizeof resp, > + (void __user *)(unsigned long)cmd.response + sizeof resp, > in_len - sizeof cmd, out_len - sizeof resp); > > ret = __uverbs_create_xsrq(file, &xcmd, &udata); > @@ -3001,7 +3001,7 @@ ssize_t ib_uverbs_create_xsrq(struct ib_uverbs_file *file, > return -EFAULT; > > INIT_UDATA(&udata, buf + sizeof cmd, > - (unsigned long) cmd.response + sizeof resp, > + (void __user *)(unsigned long)cmd.response + sizeof resp, > in_len - sizeof cmd, out_len - sizeof resp); > > ret = __uverbs_create_xsrq(file, &cmd, &udata); > diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c > index 34386943ebcf..14d864371050 100644 > --- a/drivers/infiniband/core/uverbs_main.c > +++ b/drivers/infiniband/core/uverbs_main.c > @@ -635,6 +635,7 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf, > __u32 command; > > struct ib_uverbs_ex_cmd_hdr ex_hdr; > + char __user *response; > struct ib_udata ucore; > struct ib_udata uhw; > int err; > @@ -668,7 +669,9 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf, > if ((hdr.in_words + ex_hdr.provider_in_words) * 8 != count) > return -EINVAL; > > - if (ex_hdr.response) { > + response = (char __user *)(unsigned long)ex_hdr.response; > + > + if (response) { > if (!hdr.out_words && !ex_hdr.provider_out_words) > return -EINVAL; > } else { > @@ -677,14 +680,14 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf, > } > > INIT_UDATA(&ucore, > - (hdr.in_words) ? buf : 0, > - (unsigned long)ex_hdr.response, > + (hdr.in_words) ? buf : NULL, > + response, > hdr.in_words * 8, > hdr.out_words * 8); > > INIT_UDATA(&uhw, > - (ex_hdr.provider_in_words) ? buf + ucore.inlen : 0, > - (ex_hdr.provider_out_words) ? (unsigned long)ex_hdr.response + ucore.outlen : 0, > + (ex_hdr.provider_in_words) ? buf + ucore.inlen : NULL, > + (ex_hdr.provider_out_words) ? response + ucore.outlen : NULL, > ex_hdr.provider_in_words * 8, > ex_hdr.provider_out_words * 8); > > Best regards, Matan -- To unsubscribe from this list: send the line "unsubscribe linux-rdma" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi Matan, Le mercredi 27 novembre 2013 à 10:21 +0200, Matan Barak a écrit : > On 27/11/2013 12:02 AM, Yann Droneaud wrote: ... > > INIT_UDATA(&udata, buf + sizeof cmd, > > - (unsigned long) cmd.response + sizeof resp, > > + (void __user *)(unsigned long)cmd.response + sizeof resp, > > The response field is already __u64 and casting to (void __user *) > should match the machine's pointer type size. Why do we have to cast to > (unsigned long) and then cast to (void __user *) ? > On 32bit ABI, u64 is not matching the size of the pointer. Without the cast to unsigned long, GCC complains with: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast] So the cast is required on 32bit platforms. Regards.
diff --git a/drivers/infiniband/core/uverbs.h b/drivers/infiniband/core/uverbs.h index 9879568aed8c..0dca1975d59d 100644 --- a/drivers/infiniband/core/uverbs.h +++ b/drivers/infiniband/core/uverbs.h @@ -47,12 +47,12 @@ #include <rdma/ib_umem.h> #include <rdma/ib_user_verbs.h> -#define INIT_UDATA(udata, ibuf, obuf, ilen, olen) \ - do { \ - (udata)->inbuf = (const void __user *) (ibuf); \ - (udata)->outbuf = (void __user *) (obuf); \ - (udata)->inlen = (ilen); \ - (udata)->outlen = (olen); \ +#define INIT_UDATA(udata, ibuf, obuf, ilen, olen) \ + do { \ + (udata)->inbuf = (ibuf); \ + (udata)->outbuf = (obuf); \ + (udata)->inlen = (ilen); \ + (udata)->outlen = (olen); \ } while (0) /* diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c index 65f6e7dc380c..d9d91c412628 100644 --- a/drivers/infiniband/core/uverbs_cmd.c +++ b/drivers/infiniband/core/uverbs_cmd.c @@ -305,7 +305,7 @@ ssize_t ib_uverbs_get_context(struct ib_uverbs_file *file, } INIT_UDATA(&udata, buf + sizeof cmd, - (unsigned long) cmd.response + sizeof resp, + (void __user *)(unsigned long)cmd.response + sizeof resp, in_len - sizeof cmd, out_len - sizeof resp); ucontext = ibdev->alloc_ucontext(ibdev, &udata); @@ -514,7 +514,7 @@ ssize_t ib_uverbs_alloc_pd(struct ib_uverbs_file *file, return -EFAULT; INIT_UDATA(&udata, buf + sizeof cmd, - (unsigned long) cmd.response + sizeof resp, + (void __user *)(unsigned long)cmd.response + sizeof resp, in_len - sizeof cmd, out_len - sizeof resp); uobj = kmalloc(sizeof *uobj, GFP_KERNEL); @@ -711,7 +711,7 @@ ssize_t ib_uverbs_open_xrcd(struct ib_uverbs_file *file, return -EFAULT; INIT_UDATA(&udata, buf + sizeof cmd, - (unsigned long) cmd.response + sizeof resp, + (void __user *)(unsigned long)cmd.response + sizeof resp, in_len - sizeof cmd, out_len - sizeof resp); mutex_lock(&file->device->xrcd_tree_mutex); @@ -923,7 +923,7 @@ ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file, return -EFAULT; INIT_UDATA(&udata, buf + sizeof cmd, - (unsigned long) cmd.response + sizeof resp, + (void __user *)(unsigned long)cmd.response + sizeof resp, in_len - sizeof cmd, out_len - sizeof resp); if ((cmd.start & ~PAGE_MASK) != (cmd.hca_va & ~PAGE_MASK)) @@ -1215,7 +1215,7 @@ ssize_t ib_uverbs_create_cq(struct ib_uverbs_file *file, return -EFAULT; INIT_UDATA(&udata, buf + sizeof cmd, - (unsigned long) cmd.response + sizeof resp, + (void __user *)(unsigned long)cmd.response + sizeof resp, in_len - sizeof cmd, out_len - sizeof resp); if (cmd.comp_vector >= file->device->num_comp_vectors) @@ -1311,7 +1311,7 @@ ssize_t ib_uverbs_resize_cq(struct ib_uverbs_file *file, return -EFAULT; INIT_UDATA(&udata, buf + sizeof cmd, - (unsigned long) cmd.response + sizeof resp, + (void __user *)(unsigned long)cmd.response + sizeof resp, in_len - sizeof cmd, out_len - sizeof resp); cq = idr_read_cq(cmd.cq_handle, file->ucontext, 0); @@ -1513,7 +1513,7 @@ ssize_t ib_uverbs_create_qp(struct ib_uverbs_file *file, return -EPERM; INIT_UDATA(&udata, buf + sizeof cmd, - (unsigned long) cmd.response + sizeof resp, + (void __user *)(unsigned long)cmd.response + sizeof resp, in_len - sizeof cmd, out_len - sizeof resp); obj = kzalloc(sizeof *obj, GFP_KERNEL); @@ -1700,7 +1700,7 @@ ssize_t ib_uverbs_open_qp(struct ib_uverbs_file *file, return -EFAULT; INIT_UDATA(&udata, buf + sizeof cmd, - (unsigned long) cmd.response + sizeof resp, + (void __user *)(unsigned long)cmd.response + sizeof resp, in_len - sizeof cmd, out_len - sizeof resp); obj = kmalloc(sizeof *obj, GFP_KERNEL); @@ -2976,7 +2976,7 @@ ssize_t ib_uverbs_create_srq(struct ib_uverbs_file *file, xcmd.srq_limit = cmd.srq_limit; INIT_UDATA(&udata, buf + sizeof cmd, - (unsigned long) cmd.response + sizeof resp, + (void __user *)(unsigned long)cmd.response + sizeof resp, in_len - sizeof cmd, out_len - sizeof resp); ret = __uverbs_create_xsrq(file, &xcmd, &udata); @@ -3001,7 +3001,7 @@ ssize_t ib_uverbs_create_xsrq(struct ib_uverbs_file *file, return -EFAULT; INIT_UDATA(&udata, buf + sizeof cmd, - (unsigned long) cmd.response + sizeof resp, + (void __user *)(unsigned long)cmd.response + sizeof resp, in_len - sizeof cmd, out_len - sizeof resp); ret = __uverbs_create_xsrq(file, &cmd, &udata); diff --git a/drivers/infiniband/core/uverbs_main.c b/drivers/infiniband/core/uverbs_main.c index 34386943ebcf..14d864371050 100644 --- a/drivers/infiniband/core/uverbs_main.c +++ b/drivers/infiniband/core/uverbs_main.c @@ -635,6 +635,7 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf, __u32 command; struct ib_uverbs_ex_cmd_hdr ex_hdr; + char __user *response; struct ib_udata ucore; struct ib_udata uhw; int err; @@ -668,7 +669,9 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf, if ((hdr.in_words + ex_hdr.provider_in_words) * 8 != count) return -EINVAL; - if (ex_hdr.response) { + response = (char __user *)(unsigned long)ex_hdr.response; + + if (response) { if (!hdr.out_words && !ex_hdr.provider_out_words) return -EINVAL; } else { @@ -677,14 +680,14 @@ static ssize_t ib_uverbs_write(struct file *filp, const char __user *buf, } INIT_UDATA(&ucore, - (hdr.in_words) ? buf : 0, - (unsigned long)ex_hdr.response, + (hdr.in_words) ? buf : NULL, + response, hdr.in_words * 8, hdr.out_words * 8); INIT_UDATA(&uhw, - (ex_hdr.provider_in_words) ? buf + ucore.inlen : 0, - (ex_hdr.provider_out_words) ? (unsigned long)ex_hdr.response + ucore.outlen : 0, + (ex_hdr.provider_in_words) ? buf + ucore.inlen : NULL, + (ex_hdr.provider_out_words) ? response + ucore.outlen : NULL, ex_hdr.provider_in_words * 8, ex_hdr.provider_out_words * 8);
Currently, INIT_UDATA() does an implicit cast to a pointer, so that 'response' address, eg. output buffer, can be used as is to initialize a struct ib_udata: do { \ (udata)->inbuf = (void __user *) (ibuf); \ (udata)->outbuf = (void __user *) (obuf); \ (udata)->inlen = (ilen); \ (udata)->outlen = (olen); \ } while (0) ... INIT_UDATA(&udata, buf + sizeof cmd, (unsigned long) cmd.response + sizeof resp, in_len - sizeof cmd, out_len - sizeof resp); ... Hidding the integer to pointer conversion is prone to error that won't be catched by compiler/static analyzer is some case. In the other hand, sparse reports an error if literal 0 is used to initialize inbuf or outbuf, for example in: INIT_UDATA(&ucore, (hdr.in_words) ? buf : 0, (unsigned long)ex_hdr.response, hdr.in_words * 8, hdr.out_words * 8); It was reported by kbuild test robot in message[1]: From: kbuild test robot <fengguang.wu@intel.com> Subject: "drivers/infiniband/core/uverbs_main.c:683:17: sparse: Using plain integer as NULL pointer", Message-Id: <528b3984.SVGs20ZWpcuR/Jls%fengguang.wu@intel.com> This patch fixes the warnings reported by sparse and allows the compiler to report a warning in case a plain integer get used to initialize a udata pointer. This patch requires struct ib_udata to be modified to have a const void __user *inbuf field[2], otherwise compiler will report warnings regarding const to non const conversion: drivers/infiniband/core/uverbs_main.c: In function ‘ib_uverbs_write’: drivers/infiniband/core/uverbs_main.c:682:24: attention : assignment discards ‘const’ qualifier from pointer target type [enabled by default] drivers/infiniband/core/uverbs_main.c:688:22: attention : assignment discards ‘const’ qualifier from pointer target type [enabled by default] drivers/infiniband/core/uverbs_cmd.c: In function ‘ib_uverbs_get_context’: drivers/infiniband/core/uverbs_cmd.c:307:23: attention : assignment discards ‘const’ qualifier from pointer target type [enabled by default] drivers/infiniband/core/uverbs_cmd.c: In function ‘ib_uverbs_alloc_pd’: drivers/infiniband/core/uverbs_cmd.c:516:23: attention : assignment discards ‘const’ qualifier from pointer target type [enabled by default] ... [1] https://lists.01.org/pipermail/kbuild-all/2013-November/002120.html [2] https://patchwork.kernel.org/patch/2846202/ http://marc.info/?i=3050a98379b4342ea59d59aeaf1ce162171df928.1376847403.git.ydroneaud@opteya.com Link: http://marc.info/?i=cover.1385501822.git.ydroneaud@opteya.com Signed-off-by: Yann Droneaud <ydroneaud@opteya.com> --- drivers/infiniband/core/uverbs.h | 12 ++++++------ drivers/infiniband/core/uverbs_cmd.c | 20 ++++++++++---------- drivers/infiniband/core/uverbs_main.c | 13 ++++++++----- 3 files changed, 24 insertions(+), 21 deletions(-)