| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z7P0Di/nCSVdjifN@xsang-OptiPlex-9020>
Date: Tue, 18 Feb 2025 10:44:30 +0800
From: Oliver Sang <oliver.sang@...el.com>
To: Arnd Bergmann <arnd@...db.de>
CC: Philip Li <philip.li@...el.com>, Elizabeth Figura
<zfigura@...eweavers.com>, kernel test robot <lkp@...el.com>,
<oe-kbuild-all@...ts.linux.dev>, <linux-kernel@...r.kernel.org>,
<oliver.sang@...el.com>
Subject: Re: include/linux/thread_info.h:259:25: error: call to
'__bad_copy_to' declared with attribute error: copy destination size is too
small
hi, Arnd,
On Fri, Feb 14, 2025 at 12:22:33PM +0100, Arnd Bergmann wrote:
>
>
> On Fri, Feb 14, 2025, at 09:44, Philip Li wrote:
> > On Mon, Feb 10, 2025 at 02:39:46PM -0600, Elizabeth Figura wrote:
> >> On Friday, 7 February 2025 06:11:47 CST kernel test robot wrote:
> >> > In file included from include/linux/spinlock.h:60,
> >> > from include/linux/wait.h:9,
> >> > from include/linux/wait_bit.h:8,
> >> > from include/linux/fs.h:6,
> >> > from drivers/misc/ntsync.c:11:
> >> > In function 'check_copy_size',
> >> > inlined from 'copy_from_user' at include/linux/uaccess.h:207:7,
> >> > inlined from 'setup_wait' at drivers/misc/ntsync.c:888:6:
> >> > >> include/linux/thread_info.h:259:25: error: call to '__bad_copy_to' declared with attribute error: copy destination size is too small
> >> > 259 | __bad_copy_to();
> >> > | ^~~~~~~~~~~~~~~
> >>
> >> This was caught before and mentioned in [1]. The suggestion there of changing "args->count" to "count" doesn't help.
> >>
> >> Somehow gcc 12 thinks that the array_size(count, sizeof(*fds)) parameter is constant, although it's finnicky and depends on exactly where __builtin_constant_p() is evaluated.
> >>
> >> The bug goes away with gcc 13. Is this worth trying to work around? I don't have any ideas for how to do so.
> >
> > Thanks for the info, at bot side, we will ignore this error to
> > avoid further reporting on old gcc.
>
> gcc-12 isn't really "old", we support gcc-5 through gcc-14 at the moment.
>
> Maybe the change below would address it? (Not sure I handled the
> "+1" right here, but something like that should make it obvious
> to the compiler what the check is).
yes, below change fixed the build error we reported. thanks
Tested-by: kernel test robot <oliver.sang@...el.com>
>
> Arnd
>
> diff --git a/drivers/misc/ntsync.c b/drivers/misc/ntsync.c
> index 055395cde42b..ae13aae9194b 100644
> --- a/drivers/misc/ntsync.c
> +++ b/drivers/misc/ntsync.c
> @@ -873,6 +873,7 @@ static int setup_wait(struct ntsync_device *dev,
> {
> int fds[NTSYNC_MAX_WAIT_COUNT + 1];
> const __u32 count = args->count;
> + size_t size = count * sizeof(fds[0]);
> struct ntsync_q *q;
> __u32 total_count;
> __u32 i, j;
> @@ -880,15 +881,14 @@ static int setup_wait(struct ntsync_device *dev,
> if (args->pad || (args->flags & ~NTSYNC_WAIT_REALTIME))
> return -EINVAL;
>
> - if (args->count > NTSYNC_MAX_WAIT_COUNT)
> + if (size >= sizeof(fds))
> return -EINVAL;
>
> total_count = count;
> if (args->alert)
> total_count++;
>
> - if (copy_from_user(fds, u64_to_user_ptr(args->objs),
> - array_size(count, sizeof(*fds))))
> + if (copy_from_user(fds, u64_to_user_ptr(args->objs), size))
> return -EFAULT;
> if (args->alert)
> fds[count] = args->alert;
Powered by blists - more mailing lists