Re: [PATCH] acpi: fix a potential inconsistency caused by double-fetch
From: kbuild test robot
Date: Tue Dec 25 2018 - 17:22:07 EST
Hi Kangjie,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on pm/linux-next]
[also build test ERROR on v4.20 next-20181224]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Kangjie-Lu/acpi-fix-a-potential-inconsistency-caused-by-double-fetch/20181226-054721
base: https://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm.git linux-next
config: x86_64-randconfig-x019-201851 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-1) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All error/warnings (new ones prefixed by >>):
In file included from include/linux/uaccess.h:14:0,
from drivers//acpi/custom_method.c:8:
drivers//acpi/custom_method.c: In function 'cm_write':
>> drivers//acpi/custom_method.c:36:42: error: request for member 'length' in something not a structure or union
&(struct acpi_table_header *)user_buf->length))
^
arch/x86/include/asm/uaccess.h:138:41: note: in definition of macro '__inttype'
__typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
^
>> drivers//acpi/custom_method.c:35:7: note: in expansion of macro 'get_user'
if (get_user(max_size,
^~~~~~~~
arch/x86/include/asm/uaccess.h:138:12: error: first argument to '__builtin_choose_expr' not a constant
__typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
^
arch/x86/include/asm/uaccess.h:174:11: note: in expansion of macro '__inttype'
register __inttype(*(ptr)) __val_gu asm("%"_ASM_DX); \
^~~~~~~~~
>> drivers//acpi/custom_method.c:35:7: note: in expansion of macro 'get_user'
if (get_user(max_size,
^~~~~~~~
>> drivers//acpi/custom_method.c:36:42: error: request for member 'length' in something not a structure or union
&(struct acpi_table_header *)user_buf->length))
^
arch/x86/include/asm/uaccess.h:180:15: note: in definition of macro 'get_user'
: "0" (ptr), "i" (sizeof(*(ptr)))); \
^~~
>> drivers//acpi/custom_method.c:36:42: error: request for member 'length' in something not a structure or union
&(struct acpi_table_header *)user_buf->length))
^
arch/x86/include/asm/uaccess.h:180:35: note: in definition of macro 'get_user'
: "0" (ptr), "i" (sizeof(*(ptr)))); \
^~~
>> drivers//acpi/custom_method.c:36:42: error: request for member 'length' in something not a structure or union
&(struct acpi_table_header *)user_buf->length))
^
arch/x86/include/asm/uaccess.h:181:30: note: in definition of macro 'get_user'
(x) = (__force __typeof__(*(ptr))) __val_gu; \
^~~
drivers//acpi/custom_method.c:59:45: error: request for member 'length' in something not a structure or union
(struct acpi_table_header *)(buf + (*ppos))->length = max_size;
^~
vim +/get_user +35 drivers//acpi/custom_method.c
> 8 #include <linux/uaccess.h>
9 #include <linux/debugfs.h>
10 #include <linux/acpi.h>
11
12 #include "internal.h"
13
14 #define _COMPONENT ACPI_SYSTEM_COMPONENT
15 ACPI_MODULE_NAME("custom_method");
16 MODULE_LICENSE("GPL");
17
18 static struct dentry *cm_dentry;
19
20 /* /sys/kernel/debug/acpi/custom_method */
21
22 static ssize_t cm_write(struct file *file, const char __user * user_buf,
23 size_t count, loff_t *ppos)
24 {
25 static char *buf;
26 static u32 max_size;
27 static u32 uncopied_bytes;
28
29 acpi_status status;
30
31 if (!(*ppos)) {
32 /* parse the table header to get the table length */
33 if (count <= sizeof(struct acpi_table_header))
34 return -EINVAL;
> 35 if (get_user(max_size,
> 36 &(struct acpi_table_header *)user_buf->length))
37 return -EFAULT;
38 uncopied_bytes = max_size;
39 buf = kzalloc(max_size, GFP_KERNEL);
40 if (!buf)
41 return -ENOMEM;
42 }
43
44 if (buf == NULL)
45 return -EINVAL;
46
47 if ((*ppos > max_size) ||
48 (*ppos + count > max_size) ||
49 (*ppos + count < count) ||
50 (count > uncopied_bytes))
51 return -EINVAL;
52
53 if (copy_from_user(buf + (*ppos), user_buf, count)) {
54 kfree(buf);
55 buf = NULL;
56 return -EFAULT;
57 }
58 /* Ensure table length is not changed in the second copy */
59 (struct acpi_table_header *)(buf + (*ppos))->length = max_size;
60
61 uncopied_bytes -= count;
62 *ppos += count;
63
64 if (!uncopied_bytes) {
65 status = acpi_install_method(buf);
66 kfree(buf);
67 buf = NULL;
68 if (ACPI_FAILURE(status))
69 return -EINVAL;
70 add_taint(TAINT_OVERRIDDEN_ACPI_TABLE, LOCKDEP_NOW_UNRELIABLE);
71 }
72
73 return count;
74 }
75
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
Attachment:
.config.gz
Description: application/gzip