lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <C0FCB07A-EE48-4ABB-96A7-470C53C86A38@cam.ac.uk>
Date:	Mon, 20 Aug 2007 01:27:13 +0100
From:	Anton Altaparmakov <aia21@....ac.uk>
To:	Al Viro <viro@....linux.org.uk>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	dbrownell@...rs.sourceforge.net, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ptrdiff_t is not uintptr_t, damnit

On 19 Aug 2007, at 23:55, Al Viro wrote:
> Use of ptrdiff_t in
>
> -                       if (!access_ok(VERIFY_WRITE, u_tmp->rx_buf,  
> u_tmp->len))
> +                       if (!access_ok(VERIFY_WRITE, (u8 __user *)
> +                                               (ptrdiff_t) u_tmp- 
> >rx_buf,
> +                                               u_tmp->len))
>
> is wrong; for one thing, it's a bad C (it's what uintptr_t is for;  
> in general
> we are not even promised that ptrdiff_t is large enough to hold a  
> pointer,
> just enough to hold a difference between two pointers within the  
> same object).
> For another, it confuses the fsck out of sparse.
>
> Use unsigned long or uintptr_t instead.  There are several places  
> misusing
> ptrdiff_t (one - in a very odd way; WTF did that cast to __user  
> ptrdiff_t
> in ntfs expect to happen, anyway?)   Fixed...

My current NTFS code has this already fixed.  I used unsigned long  
instead of uintptr_t though...  Feel free to apply this though as I  
have no idea when I will have time/permission to push an update  
upstream...

And what the cast was doing I can't remember.  I may well have just  
copied it from the VFS or I was perhaps trying to silence a warning  
and this happened to work...  But yes I noticed that more recent  
versions of sparse complained about it and fixed it with an unsigned  
long cast.

Best regards,

	Anton

>
> Signed-off-by: Al Viro <viro@...iv.linux.org.uk>
> ---
> diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/ 
> commctrl.c
> index 72b0393..1e6d7a9 100644
> --- a/drivers/scsi/aacraid/commctrl.c
> +++ b/drivers/scsi/aacraid/commctrl.c
> @@ -391,7 +391,7 @@ static int close_getadapter_fib(struct aac_dev  
> * dev, void __user *arg)
>  		/*
>  		 *	Extract the fibctx from the input parameters
>  		 */
> -		if (fibctx->unique == (u32)(ptrdiff_t)arg) /* We found a winner */
> +		if (fibctx->unique == (u32)(uintptr_t)arg) /* We found a winner */
>  			break;
>  		entry = entry->next;
>  		fibctx = NULL;
> @@ -590,7 +590,7 @@ static int aac_send_raw_srb(struct aac_dev*  
> dev, void __user * arg)
>  				}
>  				addr = (u64)upsg->sg[i].addr[0];
>  				addr += ((u64)upsg->sg[i].addr[1]) << 32;
> -				sg_user[i] = (void __user *)(ptrdiff_t)addr;
> +				sg_user[i] = (void __user *)(uintptr_t)addr;
>  				sg_list[i] = p; // save so we can clean up later
>  				sg_indx = i;
>
> @@ -633,7 +633,7 @@ static int aac_send_raw_srb(struct aac_dev*  
> dev, void __user * arg)
>  					rcode = -ENOMEM;
>  					goto cleanup;
>  				}
> -				sg_user[i] = (void __user *)(ptrdiff_t)usg->sg[i].addr;
> +				sg_user[i] = (void __user *)(uintptr_t)usg->sg[i].addr;
>  				sg_list[i] = p; // save so we can clean up later
>  				sg_indx = i;
>
> @@ -664,7 +664,7 @@ static int aac_send_raw_srb(struct aac_dev*  
> dev, void __user * arg)
>  		if (actual_fibsize64 == fibsize) {
>  			struct user_sgmap64* usg = (struct user_sgmap64 *)upsg;
>  			for (i = 0; i < upsg->count; i++) {
> -				u64 addr;
> +				uintptr_t addr;
>  				void* p;
>  				/* Does this really need to be GFP_DMA? */
>  				p = kmalloc(usg->sg[i].count,GFP_KERNEL|__GFP_DMA);
> @@ -676,7 +676,7 @@ static int aac_send_raw_srb(struct aac_dev*  
> dev, void __user * arg)
>  				}
>  				addr = (u64)usg->sg[i].addr[0];
>  				addr += ((u64)usg->sg[i].addr[1]) << 32;
> -				sg_user[i] = (void __user *)(ptrdiff_t)addr;
> +				sg_user[i] = (void __user *)addr;
>  				sg_list[i] = p; // save so we can clean up later
>  				sg_indx = i;
>
> @@ -704,7 +704,7 @@ static int aac_send_raw_srb(struct aac_dev*  
> dev, void __user * arg)
>  					rcode = -ENOMEM;
>  					goto cleanup;
>  				}
> -				sg_user[i] = (void __user *)(ptrdiff_t)upsg->sg[i].addr;
> +				sg_user[i] = (void __user *)(uintptr_t)upsg->sg[i].addr;
>  				sg_list[i] = p; // save so we can clean up later
>  				sg_indx = i;
>
> diff --git a/drivers/scsi/aacraid/comminit.c b/drivers/scsi/aacraid/ 
> comminit.c
> index 3009ad8..8736813 100644
> --- a/drivers/scsi/aacraid/comminit.c
> +++ b/drivers/scsi/aacraid/comminit.c
> @@ -110,7 +110,7 @@ static int aac_alloc_comm(struct aac_dev *dev,  
> void **commaddr, unsigned long co
>  	/*
>  	 *	Align the beginning of Headers to commalign
>  	 */
> -	align = (commalign - ((ptrdiff_t)(base) & (commalign - 1)));
> +	align = (commalign - ((uintptr_t)(base) & (commalign - 1)));
>  	base = base + align;
>  	phys = phys + align;
>  	/*
> diff --git a/drivers/scsi/aacraid/dpcsup.c b/drivers/scsi/aacraid/ 
> dpcsup.c
> index fcd25f7..e6032ff 100644
> --- a/drivers/scsi/aacraid/dpcsup.c
> +++ b/drivers/scsi/aacraid/dpcsup.c
> @@ -254,7 +254,7 @@ unsigned int aac_intr_normal(struct aac_dev *  
> dev, u32 Index)
>  			kfree (fib);
>  			return 1;
>  		}
> -		memcpy(hw_fib, (struct hw_fib *)(((ptrdiff_t)(dev->regs.sa)) +
> +		memcpy(hw_fib, (struct hw_fib *)(((uintptr_t)(dev->regs.sa)) +
>  		  (index & ~0x00000002L)), sizeof(struct hw_fib));
>  		INIT_LIST_HEAD(&fib->fiblink);
>  		fib->type = FSAFS_NTC_FIB_CONTEXT;
> diff --git a/drivers/spi/spidev.c b/drivers/spi/spidev.c
> index c55459c..b3518ca 100644
> --- a/drivers/spi/spidev.c
> +++ b/drivers/spi/spidev.c
> @@ -184,14 +184,14 @@ static int spidev_message(struct spidev_data  
> *spidev,
>  		if (u_tmp->rx_buf) {
>  			k_tmp->rx_buf = buf;
>  			if (!access_ok(VERIFY_WRITE, (u8 __user *)
> -						(ptrdiff_t) u_tmp->rx_buf,
> +						(uintptr_t) u_tmp->rx_buf,
>  						u_tmp->len))
>  				goto done;
>  		}
>  		if (u_tmp->tx_buf) {
>  			k_tmp->tx_buf = buf;
>  			if (copy_from_user(buf, (const u8 __user *)
> -						(ptrdiff_t) u_tmp->tx_buf,
> +						(uintptr_t) u_tmp->tx_buf,
>  					u_tmp->len))
>  				goto done;
>  		}
> @@ -224,7 +224,7 @@ static int spidev_message(struct spidev_data  
> *spidev,
>  	for (n = n_xfers, u_tmp = u_xfers; n; n--, u_tmp++) {
>  		if (u_tmp->rx_buf) {
>  			if (__copy_to_user((u8 __user *)
> -					(ptrdiff_t) u_tmp->rx_buf, buf,
> +					(uintptr_t) u_tmp->rx_buf, buf,
>  					u_tmp->len)) {
>  				status = -EFAULT;
>  				goto done;
> diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c
> index ffcc504..a9103ce 100644
> --- a/fs/ntfs/file.c
> +++ b/fs/ntfs/file.c
> @@ -362,7 +362,7 @@ static inline void ntfs_fault_in_pages_readable 
> (const char __user *uaddr,
>  	volatile char c;
>
>  	/* Set @end to the first byte outside the last page we care  
> about. */
> -	end = (const char __user*)PAGE_ALIGN((ptrdiff_t __user)uaddr +  
> bytes);
> +	end = (const char __user*)PAGE_ALIGN((uintptr_t)uaddr + bytes);
>
>  	while (!__get_user(c, uaddr) && (uaddr += PAGE_SIZE, uaddr < end))
>  		;
> diff --git a/include/linux/types.h b/include/linux/types.h
> index 0351bf2..efdec19 100644
> --- a/include/linux/types.h
> +++ b/include/linux/types.h
> @@ -40,6 +40,8 @@ typedef __kernel_gid32_t	gid_t;
>  typedef __kernel_uid16_t        uid16_t;
>  typedef __kernel_gid16_t        gid16_t;
>
> +typedef unsigned long		uintptr_t;
> +
>  #ifdef CONFIG_UID16
>  /* This is defined by include/asm-{arch}/posix_types.h */
>  typedef __kernel_old_uid_t	old_uid_t;
> -
> To unsubscribe from this list: send the line "unsubscribe linux- 
> kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

Best regards,

	Anton
-- 
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Unix Support, Computing Service, University of Cambridge, CB2 3QH, UK
Linux NTFS maintainer, http://www.linux-ntfs.org/


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ