On Mon, Sep 30, 2019 at 12:33:19PM +0200, Arnd Bergmann wrote: > On Wed, Aug 28, 2019 at 7:38 PM Kees Cook <[email protected]> wrote: > > > > The usercopy implementation comments describe that callers of the > > copy_*_user() family of functions must always have their return values > > checked. This can be enforced at compile time with __must_check, so add > > it where needed. > > > > Signed-off-by: Kees Cook <[email protected]> > > I can't find any other reports, so I'd point out here that this found what > looks like a bug in the x86 math-emu code:
Oh interesting! > arch/x86/math-emu/reg_ld_str.c:88:2: error: ignoring return value of > function declared with 'warn_unused_result' attribute > [-Werror,-Wunused-result] > __copy_from_user(sti_ptr, s, 10); > ^~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~ > arch/x86/math-emu/reg_ld_str.c:1129:2: error: ignoring return value of > function declared with 'warn_unused_result' attribute > [-Werror,-Wunused-result] > __copy_from_user(register_base + offset, s, other); > ^~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > arch/x86/math-emu/reg_ld_str.c:1131:3: error: ignoring return value of > function declared with 'warn_unused_result' attribute > [-Werror,-Wunused-result] > __copy_from_user(register_base, s + other, offset); > ^~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ What was the CONFIG for this? I didn't hit these in my build tests. > Moreover, the same code also ignores the return value from most > get_user()/put_user()/FPU_get_user()/FPU_put_user() calls, > which have no warn_unused_result annotation (they are macros, > but I think something could be done if we want to have that > annotation to catch some of the other such users). It would certainly make sense to mark those as __must_check too... now tracking this here for anyone that wants to take a stab at it: https://github.com/KSPP/linux/issues/16 -- Kees Cook
