lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ADE657CA350FB648AAC2C43247A983F001F39DBB8425@AUSP01VMBX24.collaborationhost.net>
Date:	Fri, 23 Sep 2011 14:02:27 -0500
From:	H Hartley Sweeten <hartleys@...ionengravers.com>
To:	Joe Perches <joe@...ches.com>
CC:	Linux Kernel <linux-kernel@...r.kernel.org>,
	"linux-btrfs@...r.kernel.org" <linux-btrfs@...r.kernel.org>,
	"chris.mason@...cle.com" <chris.mason@...cle.com>
Subject: RE: [PATCH] btrfs/ioctl.c: quiet sparse warnings

On Friday, September 23, 2011 11:16 AM, Joe Perches wrote:
> On Fri, 2011-09-23 at 11:07 -0700, H Hartley Sweeten wrote:
>> Quiet the following sparse warnings:
> []
>> diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
> []
>> @@ -2705,7 +2705,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
>>  		up_read(&info->groups_sem);
>>  	}
>>  
>> -	user_dest = (struct btrfs_ioctl_space_info *)
>> +	user_dest = (struct btrfs_ioctl_space_info __user *)
>>                 (arg + sizeof(struct btrfs_ioctl_space_args));
>
>	user_dest = arg;
>	user_dest++;
>
> ?

That produces a new sparse warning:

fs/btrfs/ioctl.c: In function ‘btrfs_ioctl_space_info’:
fs/btrfs/ioctl.c:2708: warning: ‘user_dest’ may be used uninitialized in this function

I guess user_dest could be set at the start of the function.  This would
also remove the cast of arg in the first copy_from_user.

Something like this:

------

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 970977a..9e7e5dc 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2599,13 +2599,13 @@ static void get_block_group_info(struct list_head *groups_list,
        }
 }
 
-long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
 {
        struct btrfs_ioctl_space_args space_args;
        struct btrfs_ioctl_space_info space;
        struct btrfs_ioctl_space_info *dest;
        struct btrfs_ioctl_space_info *dest_orig;
-       struct btrfs_ioctl_space_info __user *user_dest;
+       struct btrfs_ioctl_space_info __user *user_dest = arg;
        struct btrfs_space_info *info;
        u64 types[] = {BTRFS_BLOCK_GROUP_DATA,
                       BTRFS_BLOCK_GROUP_SYSTEM,
@@ -2617,9 +2617,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
        u64 slot_count = 0;
        int i, c;
 
-       if (copy_from_user(&space_args,
-                          (struct btrfs_ioctl_space_args __user *)arg,
-                          sizeof(space_args)))
+       if (copy_from_user(&space_args, user_dest, sizeof(space_args)))
                return -EFAULT;
 
        for (i = 0; i < num_types; i++) {
@@ -2705,8 +2703,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
                up_read(&info->groups_sem);
        }
 
-       user_dest = (struct btrfs_ioctl_space_info *)
-               (arg + sizeof(struct btrfs_ioctl_space_args));
+       user_dest++;
 
        if (copy_to_user(user_dest, dest_orig, alloc_size))
                ret = -EFAULT;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ