Re: [PATCH v6 28/28] ntsync: No longer depend on BROKEN.
From: Arnd Bergmann
Date: Thu Dec 12 2024 - 02:19:29 EST
On Thu, Dec 12, 2024, at 05:52, kernel test robot wrote:
> Hi Elizabeth,
>
> kernel test robot noticed the following build errors:
>
> [auto build test ERROR on cdd30ebb1b9f36159d66f088b61aee264e649d7a]
>
> url:
> https://github.com/intel-lab-lkp/linux/commits/Elizabeth-Figura/ntsync-Introduce-NTSYNC_IOC_WAIT_ANY/20241210-031155
> base: cdd30ebb1b9f36159d66f088b61aee264e649d7a
> All errors (new ones prefixed by >>):
>
> In file included from include/linux/spinlock.h:60,
> from include/linux/wait.h:9,
> from include/linux/wait_bit.h:8,
> from include/linux/fs.h:6,
> from drivers/misc/ntsync.c:11:
> In function 'check_copy_size',
> inlined from 'copy_from_user' at include/linux/uaccess.h:207:7,
> inlined from 'setup_wait' at drivers/misc/ntsync.c:903:6:
>>> include/linux/thread_info.h:259:25: error: call to '__bad_copy_to' declared with attribute error: copy destination size is too small
> 259 | __bad_copy_to();
> | ^~~~~~~~~~~~~~~
I looked up the function from the github URL above and found
int fds[NTSYNC_MAX_WAIT_COUNT + 1];
const __u32 count = args->count;
struct ntsync_q *q;
__u32 total_count;
__u32 i, j;
if (args->pad || (args->flags & ~NTSYNC_WAIT_REALTIME))
return -EINVAL;
if (args->count > NTSYNC_MAX_WAIT_COUNT)
return -EINVAL;
total_count = count;
if (args->alert)
total_count++;
if (copy_from_user(fds, u64_to_user_ptr(args->objs),
array_size(count, sizeof(*fds))))
return -EFAULT;
which looks correct to me, as it has appropriate
range checking on args->count, but I can see how
the warning may be a result of checking 'args->count'
instead of 'count'.
Arnd