Re: [PATCH] staging: wlan-ng: Fixed incorrect type warning in p80211netdev.c
From: Pritthijit Nath
Date: Wed Feb 17 2021 - 11:29:08 EST
On 17/02/21 9:23 pm, Greg KH wrote:
> On Wed, Feb 17, 2021 at 09:12:55PM +0530, Pritthijit Nath wrote:
>> This change fixes a sparse warning "incorrect type in argument 1
>> (different address spaces)".
>>
>> Signed-off-by: Pritthijit Nath <pritthijit.nath@xxxxxxxxxx>
>> ---
>> drivers/staging/wlan-ng/p80211netdev.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/staging/wlan-ng/p80211netdev.c b/drivers/staging/wlan-ng/p80211netdev.c
>> index 6f9666dc0277..70570e8a5ad2 100644
>> --- a/drivers/staging/wlan-ng/p80211netdev.c
>> +++ b/drivers/staging/wlan-ng/p80211netdev.c
>> @@ -569,7 +569,7 @@ static int p80211knetdev_do_ioctl(struct net_device *dev,
>> goto bail;
>> }
>>
>> - msgbuf = memdup_user(req->data, req->len);
>> + msgbuf = memdup_user((void __user *)req->data, req->len);
>
> Odd. Why isn't data tagged as a __user pointer to start with?
>
> thanks,
>
> greg k-h
>
In lines 540-548 ->
...
static int p80211knetdev_do_ioctl(struct net_device *dev,
struct ifreq *ifr, int cmd)
{
int result = 0;
struct p80211ioctl_req *req = (struct p80211ioctl_req *)ifr;
struct wlandevice *wlandev = dev->ml_priv;
u8 *msgbuf;
netdev_dbg(dev, "rx'd ioctl, cmd=%d, len=%d\n", cmd, req->len);
...
it can be seen that *req is essentially coming from an explicit cast of *ifr. ifr->data itself is of char* type. So, imo, an explicit __user pointer cast is required.
The patch above was based on the __user pointer cast done in lines 580-586 ->
...
if (result == 0) {
if (copy_to_user
((void __user *)req->data, msgbuf, req->len)) {
result = -EFAULT;
}
}
kfree(msgbuf);
...
and lines 550-556 ->
#ifdef SIOCETHTOOL
if (cmd == SIOCETHTOOL) {
result =
p80211netdev_ethtool(wlandev, (void __user *)ifr->ifr_data);
goto bail;
}
#endif