tree: https://chromium.googlesource.com/chromiumos/third_party/kernel chromeos-4.4 head: ad235969ab40f38366c40146b6b37379fa5aabaf commit: 4e4b3127abbd7874ec466747ddc28c8cd716731c [135/215] UPSTREAM: convert a bunch of open-coded instances of memdup_user_nul()
smatch warnings: fs/dlm/user.c:524 device_write() warn: passing a valid pointer to 'PTR_ERR' fs/dlm/user.c:526 device_write() error: 'kbuf' dereferencing possible ERR_PTR() git remote add chrome-os https://chromium.googlesource.com/chromiumos/third_party/kernel git remote update chrome-os git checkout 4e4b3127abbd7874ec466747ddc28c8cd716731c vim +/PTR_ERR +524 fs/dlm/user.c 597d0cae David Teigland 2006-07-12 479 597d0cae David Teigland 2006-07-12 480 /* 597d0cae David Teigland 2006-07-12 481 * device_write 597d0cae David Teigland 2006-07-12 482 * 597d0cae David Teigland 2006-07-12 483 * device_user_lock 597d0cae David Teigland 2006-07-12 484 * dlm_user_request -> request_lock 597d0cae David Teigland 2006-07-12 485 * dlm_user_convert -> convert_lock 597d0cae David Teigland 2006-07-12 486 * 597d0cae David Teigland 2006-07-12 487 * device_user_unlock 597d0cae David Teigland 2006-07-12 488 * dlm_user_unlock -> unlock_lock 597d0cae David Teigland 2006-07-12 489 * dlm_user_cancel -> cancel_lock 597d0cae David Teigland 2006-07-12 490 * 597d0cae David Teigland 2006-07-12 491 * device_create_lockspace 597d0cae David Teigland 2006-07-12 492 * dlm_new_lockspace 597d0cae David Teigland 2006-07-12 493 * 597d0cae David Teigland 2006-07-12 494 * device_remove_lockspace 597d0cae David Teigland 2006-07-12 495 * dlm_release_lockspace 597d0cae David Teigland 2006-07-12 496 */ 597d0cae David Teigland 2006-07-12 497 597d0cae David Teigland 2006-07-12 498 /* a write to a lockspace device is a lock or unlock request, a write 597d0cae David Teigland 2006-07-12 499 to the control device is to create/remove a lockspace */ 597d0cae David Teigland 2006-07-12 500 597d0cae David Teigland 2006-07-12 501 static ssize_t device_write(struct file *file, const char __user *buf, 597d0cae David Teigland 2006-07-12 502 size_t count, loff_t *ppos) 597d0cae David Teigland 2006-07-12 503 { 597d0cae David Teigland 2006-07-12 504 struct dlm_user_proc *proc = file->private_data; 597d0cae David Teigland 2006-07-12 505 struct dlm_write_request *kbuf; 597d0cae David Teigland 2006-07-12 506 int error; 597d0cae David Teigland 2006-07-12 507 597d0cae David Teigland 2006-07-12 508 #ifdef CONFIG_COMPAT 597d0cae David Teigland 2006-07-12 509 if (count < sizeof(struct dlm_write_request32)) 597d0cae David Teigland 2006-07-12 510 #else 597d0cae David Teigland 2006-07-12 511 if (count < sizeof(struct dlm_write_request)) 597d0cae David Teigland 2006-07-12 512 #endif 597d0cae David Teigland 2006-07-12 513 return -EINVAL; 597d0cae David Teigland 2006-07-12 514 d4b0bcf3 David Teigland 2013-02-04 515 /* d4b0bcf3 David Teigland 2013-02-04 516 * can't compare against COMPAT/dlm_write_request32 because d4b0bcf3 David Teigland 2013-02-04 517 * we don't yet know if is64bit is zero d4b0bcf3 David Teigland 2013-02-04 518 */ 2b75bc91 Sasha Levin 2012-09-09 519 if (count > sizeof(struct dlm_write_request) + DLM_RESNAME_MAXLEN) 2b75bc91 Sasha Levin 2012-09-09 520 return -EINVAL; 2b75bc91 Sasha Levin 2012-09-09 521 4e4b3127 Al Viro 2015-12-24 522 kbuf = memdup_user_nul(buf, count); 4e4b3127 Al Viro 2015-12-24 523 if (!IS_ERR(kbuf)) ^^^^^^^^^^^^^ This test is reversed. It's surprising this didnt' show up in testing. 4e4b3127 Al Viro 2015-12-24 @524 return PTR_ERR(kbuf); 597d0cae David Teigland 2006-07-12 525 597d0cae David Teigland 2006-07-12 @526 if (check_version(kbuf)) { 597d0cae David Teigland 2006-07-12 527 error = -EBADE; 597d0cae David Teigland 2006-07-12 528 goto out_free; 597d0cae David Teigland 2006-07-12 529 } 597d0cae David Teigland 2006-07-12 530 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation _______________________________________________ kbuild mailing list kbuild@lists.01.org https://lists.01.org/mailman/listinfo/kbuild