a bunch of compat a bunch of ioctl that use ptr to stored ints ipc/shm.c:1355 ipc/shm.c:1566 mm/process_vm_access.c:178:20 mm/process_vm_access.c:180:19 substraction => harmless mm/process_vm_access.c:221:4 ? mm/memory.c:4679:14 should be __user pointer fs/fuse/file.c:1256:9 ? kernel/kthread.c:73:9 ? mm/migrate.c:1586:10 mm/migrate.c:1660:24 lib/iov_iter.c ??? kernel/futex.c:502 uses user addr as key kernel/futex.c:730 gup, fixed lib/strncpy_from_user.c:110:13 fixed? lib/strnlen_user.c:112 fixed? fs/readdir.c:369 ??? On Thu, Jun 28, 2018 at 9:30 PM, Andrey Konovalov <andreyknvl@xxxxxxxxxx> wrote: > On Wed, Jun 27, 2018 at 5:05 PM, Andrey Konovalov <andreyknvl@xxxxxxxxxx> wrote: >> On Tue, Jun 26, 2018 at 7:29 PM, Catalin Marinas >> <catalin.marinas@xxxxxxx> wrote: >>> While I support this work, as a maintainer I'd like to understand >>> whether we'd be in a continuous chase of ABI breaks with every kernel >>> release or we have a better way to identify potential issues. Is there >>> any way to statically analyse conversions from __user ptr to long for >>> example? Or, could we get the compiler to do this for us? >> >> >> OK, got it, I'll try to figure out a way to find these conversions. > > I've prototyped a checker on top of clang static analyzer (initially > looked at sparse, but couldn't find any documentation or examples). > The results are here [1], search for "warning: user pointer cast". > Sharing in case anybody wants to take a look, will look at them myself > tomorrow. > > [1] https://gist.github.com/xairy/433edd5c86456a64026247cb2fef2115