fs/btrfs/ioctl.c:2204:29: sparse: incorrect type in argument 4 (different address spaces)

Commit Message

Gerhard Heift Nov. 6, 2014, 11:05 a.m. UTC

Hello,

I got a warning from the kbuild test robot for an invalid address
space cast, which was introduced by my patch for TREE_SEARCH_V2. Here
is a patch, which should fix the warning.

Regards,
  Gerhard

2014-11-06 10:48 GMT+01:00 kbuild test robot <fengguang.wu@intel.com>:
> tree:   git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> head:   20f3963d8f48ae8309fbc777ef6787fd0a3f53c2
> commit: cc68a8a5a4330a4bb72922d0c7a7044ae13ee692 btrfs: new ioctl TREE_SEARCH_V2
> date:   5 months ago
> reproduce:
>   # apt-get install sparse
>   git checkout cc68a8a5a4330a4bb72922d0c7a7044ae13ee692
>   make ARCH=x86_64 allmodconfig
>   make C=1 CF=-D__CHECK_ENDIAN__
>
>
> sparse warnings: (new ones prefixed by >>)
>
>    fs/btrfs/ioctl.c:2204:29: sparse: cast removes address space of expression
>>> fs/btrfs/ioctl.c:2204:29: sparse: incorrect type in argument 4 (different address spaces)
>    fs/btrfs/ioctl.c:2204:29:    expected char [noderef] <asn:1>*ubuf
>    fs/btrfs/ioctl.c:2204:29:    got char *<noident>
>    fs/btrfs/ioctl.c:2729:27: sparse: incorrect type in assignment (different base types)
>    fs/btrfs/ioctl.c:2729:27:    expected unsigned int [unsigned] [usertype] nodesize
>    fs/btrfs/ioctl.c:2729:27:    got restricted __le32 [usertype] nodesize
>    fs/btrfs/ioctl.c:2730:29: sparse: incorrect type in assignment (different base types)
>    fs/btrfs/ioctl.c:2730:29:    expected unsigned int [unsigned] [usertype] sectorsize
>    fs/btrfs/ioctl.c:2730:29:    got restricted __le32 [usertype] sectorsize
>    fs/btrfs/ioctl.c:2731:34: sparse: incorrect type in assignment (different base types)
>    fs/btrfs/ioctl.c:2731:34:    expected unsigned int [unsigned] [usertype] clone_alignment
>    fs/btrfs/ioctl.c:2731:34:    got restricted __le32 [usertype] sectorsize
>    fs/btrfs/ioctl.c:4275:29: sparse: incorrect type in argument 1 (different address spaces)
>    fs/btrfs/ioctl.c:4275:29:    expected void [noderef] <asn:1>*to
>    fs/btrfs/ioctl.c:4275:29:    got void *<noident>
>    fs/btrfs/ioctl.c:4350:29: sparse: incorrect type in argument 1 (different address spaces)
>    fs/btrfs/ioctl.c:4350:29:    expected void [noderef] <asn:1>*to
>    fs/btrfs/ioctl.c:4350:29:    got void *<noident>
>
> vim +2204 fs/btrfs/ioctl.c
>
>   2188          /* copy search header and buffer size */
>   2189          uarg = (struct btrfs_ioctl_search_args_v2 __user *)argp;
>   2190          if (copy_from_user(&args, uarg, sizeof(args)))
>   2191                  return -EFAULT;
>   2192
>   2193          buf_size = args.buf_size;
>   2194
>   2195          if (buf_size < sizeof(struct btrfs_ioctl_search_header))
>   2196                  return -EOVERFLOW;
>   2197
>   2198          /* limit result size to 16MB */
>   2199          if (buf_size > buf_limit)
>   2200                  buf_size = buf_limit;
>   2201
>   2202          inode = file_inode(file);
>   2203          ret = search_ioctl(inode, &args.key, &buf_size,
>> 2204                             (char *)(&uarg->buf[0]));
>   2205          if (ret == 0 && copy_to_user(&uarg->key, &args.key, sizeof(args.key)))
>   2206                  ret = -EFAULT;
>   2207          else if (ret == -EOVERFLOW &&
>   2208                  copy_to_user(&uarg->buf_size, &buf_size, sizeof(buf_size)))
>   2209                  ret = -EFAULT;
>   2210
>   2211          return ret;
>   2212  }
>
> ---
> 0-DAY kernel test infrastructure                Open Source Technology Center
> http://lists.01.org/mailman/listinfo/kbuild                 Intel Corporation

Patch

From 620ff16527bd711e7b6677ba7d5ecfb4467c231a Mon Sep 17 00:00:00 2001
From: Gerhard Heift <gerhard@heift.name>
Date: Thu, 6 Nov 2014 11:30:10 +0100
Subject: [PATCH] btrfs: fix address space cast in TREE_SEARCH_V2

This patches fixes an invalid cast of an user space address to kernel space,
but is still used as user space in the called function.

This cast would have not been necessary, if I had choosen the type of
(struct btrfs_ioctl_search_args_v2).buf as char[] and not as __u64[], which I
did for for unknown reasons.

Signed-off-by: Gerhard Heift <gerhard@heift.name>
---
 fs/btrfs/ioctl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 6ea1546..dbd577e 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -2201,7 +2201,7 @@  static noinline int btrfs_ioctl_tree_search_v2(struct file *file,
 
 	inode = file_inode(file);
 	ret = search_ioctl(inode, &args.key, &buf_size,
-			   (char *)(&uarg->buf[0]));
+			   (char __user *)(&uarg->buf[0]));
 	if (ret == 0 && copy_to_user(&uarg->key, &args.key, sizeof(args.key)))
 		ret = -EFAULT;
 	else if (ret == -EOVERFLOW &&
-- 
2.1.1