lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <aPg0bprv3TDtPirU@rli9-mobl>
Date: Wed, 22 Oct 2025 09:33:34 +0800
From: kernel test robot <lkp@...el.com>
To: Nathan Chancellor <nathan@...nel.org>
CC: <oe-kbuild-all@...ts.linux.dev>, <linux-kernel@...r.kernel.org>, Kees Cook
	<kees@...nel.org>
Subject: mm/kmsan/hooks.c:267:14: sparse: sparse: cast removes address space
 '__user' of expression

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   6548d364a3e850326831799d7e3ea2d7bb97ba08
commit: 5ff8c11775c744dc5076ce126eb1b3adce0a70ae KMSAN: Remove tautological checks
date:   8 weeks ago
:::::: branch date: 20 hours ago
:::::: commit date: 8 weeks ago
config: s390-randconfig-r133-20251021 (https://download.01.org/0day-ci/archive/20251021/202510212353.1hEG4lJQ-lkp@intel.com/config)
compiler: clang version 16.0.6 (https://github.com/llvm/llvm-project 7cbf1a2591520c2491aa35339f227775f4d3adf6)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251021/202510212353.1hEG4lJQ-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/r/202510212353.1hEG4lJQ-lkp@intel.com/

sparse warnings: (new ones prefixed by >>)
>> mm/kmsan/hooks.c:267:14: sparse: sparse: cast removes address space '__user' of expression
   mm/kmsan/hooks.c:279:50: sparse: sparse: cast removes address space '__user' of expression

vim +/__user +267 mm/kmsan/hooks.c

b073d7f8aee4eb Alexander Potapenko 2022-09-15  245  
75cf0290271bf6 Alexander Potapenko 2022-09-15  246  void kmsan_copy_to_user(void __user *to, const void *from, size_t to_copy,
75cf0290271bf6 Alexander Potapenko 2022-09-15  247  			size_t left)
75cf0290271bf6 Alexander Potapenko 2022-09-15  248  {
75cf0290271bf6 Alexander Potapenko 2022-09-15  249  	unsigned long ua_flags;
75cf0290271bf6 Alexander Potapenko 2022-09-15  250  
75cf0290271bf6 Alexander Potapenko 2022-09-15  251  	if (!kmsan_enabled || kmsan_in_runtime())
75cf0290271bf6 Alexander Potapenko 2022-09-15  252  		return;
75cf0290271bf6 Alexander Potapenko 2022-09-15  253  	/*
75cf0290271bf6 Alexander Potapenko 2022-09-15  254  	 * At this point we've copied the memory already. It's hard to check it
75cf0290271bf6 Alexander Potapenko 2022-09-15  255  	 * before copying, as the size of actually copied buffer is unknown.
75cf0290271bf6 Alexander Potapenko 2022-09-15  256  	 */
75cf0290271bf6 Alexander Potapenko 2022-09-15  257  
75cf0290271bf6 Alexander Potapenko 2022-09-15  258  	/* copy_to_user() may copy zero bytes. No need to check. */
75cf0290271bf6 Alexander Potapenko 2022-09-15  259  	if (!to_copy)
75cf0290271bf6 Alexander Potapenko 2022-09-15  260  		return;
75cf0290271bf6 Alexander Potapenko 2022-09-15  261  	/* Or maybe copy_to_user() failed to copy anything. */
75cf0290271bf6 Alexander Potapenko 2022-09-15  262  	if (to_copy <= left)
75cf0290271bf6 Alexander Potapenko 2022-09-15  263  		return;
75cf0290271bf6 Alexander Potapenko 2022-09-15  264  
75cf0290271bf6 Alexander Potapenko 2022-09-15  265  	ua_flags = user_access_save();
f926e9326f3a79 Ilya Leoshkevich    2024-06-21  266  	if (!IS_ENABLED(CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE) ||
f926e9326f3a79 Ilya Leoshkevich    2024-06-21 @267  	    (u64)to < TASK_SIZE) {
75cf0290271bf6 Alexander Potapenko 2022-09-15  268  		/* This is a user memory access, check it. */
75cf0290271bf6 Alexander Potapenko 2022-09-15  269  		kmsan_internal_check_memory((void *)from, to_copy - left, to,
75cf0290271bf6 Alexander Potapenko 2022-09-15  270  					    REASON_COPY_TO_USER);
75cf0290271bf6 Alexander Potapenko 2022-09-15  271  	} else {
75cf0290271bf6 Alexander Potapenko 2022-09-15  272  		/* Otherwise this is a kernel memory access. This happens when a
75cf0290271bf6 Alexander Potapenko 2022-09-15  273  		 * compat syscall passes an argument allocated on the kernel
75cf0290271bf6 Alexander Potapenko 2022-09-15  274  		 * stack to a real syscall.
75cf0290271bf6 Alexander Potapenko 2022-09-15  275  		 * Don't check anything, just copy the shadow of the copied
75cf0290271bf6 Alexander Potapenko 2022-09-15  276  		 * bytes.
75cf0290271bf6 Alexander Potapenko 2022-09-15  277  		 */
e17c1f15b0ccfa Alexander Potapenko 2025-05-07  278  		kmsan_enter_runtime();
75cf0290271bf6 Alexander Potapenko 2022-09-15  279  		kmsan_internal_memmove_metadata((void *)to, (void *)from,
75cf0290271bf6 Alexander Potapenko 2022-09-15  280  						to_copy - left);
e17c1f15b0ccfa Alexander Potapenko 2025-05-07  281  		kmsan_leave_runtime();
75cf0290271bf6 Alexander Potapenko 2022-09-15  282  	}
75cf0290271bf6 Alexander Potapenko 2022-09-15  283  	user_access_restore(ua_flags);
75cf0290271bf6 Alexander Potapenko 2022-09-15  284  }
75cf0290271bf6 Alexander Potapenko 2022-09-15  285  EXPORT_SYMBOL(kmsan_copy_to_user);
75cf0290271bf6 Alexander Potapenko 2022-09-15  286  

:::::: The code at line 267 was first introduced by commit
:::::: f926e9326f3a79f7e01ac790e2361f44d8ca8320 kmsan: fix kmsan_copy_to_user() on arches with overlapping address spaces

:::::: TO: Ilya Leoshkevich <iii@...ux.ibm.com>
:::::: CC: Andrew Morton <akpm@...ux-foundation.org>

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ