Hello Arnd Bergmann,
The patch f3ee6e63a9df: "compat_ioctl: move CDROM_SEND_PACKET
handling into scsi" from Nov 28, 2019, leads to the following static
checker warning:
block/scsi_ioctl.c:703 scsi_put_cdrom_generic_arg()
warn: check that 'cgc32' doesn't leak information (struct has a hole after 'data_direction')
block/scsi_ioctl.c
686 static int scsi_put_cdrom_generic_arg(const struct cdrom_generic_command *cgc,
687 void __user *arg)
688 {
689 #ifdef CONFIG_COMPAT
690 if (in_compat_syscall()) {
691 struct compat_cdrom_generic_command cgc32 = {
692 .buffer = (uintptr_t)(cgc->buffer),
693 .buflen = cgc->buflen,
694 .stat = cgc->stat,
695 .sense = (uintptr_t)(cgc->sense),
696 .data_direction = cgc->data_direction,
697 .quiet = cgc->quiet,
698 .timeout = cgc->timeout,
699 .reserved[0] = (uintptr_t)(cgc->reserved[0]),
700 };
It's possible that initializations like this don't clear out the struct
hole but I haven't seen a compiler which is affected. So maybe it's
fine?
701 memcpy(&cgc32.cmd, &cgc->cmd, CDROM_PACKET_SIZE);
702
703 if (copy_to_user(arg, &cgc32, sizeof(cgc32)))
704 return -EFAULT;
705
706 return 0;
707 }
708 #endif
709 if (copy_to_user(arg, cgc, sizeof(*cgc)))
710 return -EFAULT;
711
712 return 0;
713 }
See also:
drivers/media/v4l2-core/v4l2-ioctl.c:3140 video_put_user() warn: check that 'ev32' doesn't leak information (struct has a hole after 'type')
drivers/media/v4l2-core/v4l2-ioctl.c:3165 video_put_user() warn: check that 'vb32' doesn't leak information (struct has a hole after 'memory')
regards,
dan carpenter
