tree: https://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git uaccess.x86 head: 032e2f0b697e4fd89f9050b9730815207fdc6082 commit: 1a370b3bfc64ad1810e81802ffc962bba6a10ce1 [11/12] x86: switch to RAW_COPY_USER config: x86_64-lkp (attached as .config) compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901 reproduce: git checkout 1a370b3bfc64ad1810e81802ffc962bba6a10ce1 # save the attached .config to linux build tree make ARCH=x86_64 Note: the vfs/uaccess.x86 HEAD 032e2f0b697e4fd89f9050b9730815207fdc6082 builds fine. It only hurts bisectibility. All errors (new ones prefixed by >>): In file included from include/linux/crypto.h:26:0, from arch/x86/kernel/asm-offsets.c:8: >> include/linux/uaccess.h:185:1: error: conflicting types for '__copy_in_user' __copy_in_user(void __user *to, const void *from, unsigned long n) ^~~~~~~~~~~~~~ In file included from arch/x86/include/asm/uaccess.h:682:0, from include/linux/uaccess.h:13, from include/linux/crypto.h:26, from arch/x86/kernel/asm-offsets.c:8: arch/x86/include/asm/uaccess_64.h:168:5: note: previous definition of '__copy_in_user' was here int __copy_in_user(void __user *dst, const void __user *src, unsigned size) ^~~~~~~~~~~~~~ In file included from include/linux/crypto.h:26:0, from arch/x86/kernel/asm-offsets.c:8: include/linux/uaccess.h: In function '__copy_in_user': >> include/linux/uaccess.h:188:9: error: implicit declaration of function 'raw_copy_in_user' [-Werror=implicit-function-declaration] return raw_copy_in_user(to, from, n); ^~~~~~~~~~~~~~~~ include/linux/uaccess.h: At top level: >> include/linux/uaccess.h:191:1: error: conflicting types for 'copy_in_user' copy_in_user(void __user *to, const void *from, unsigned long n) ^~~~~~~~~~~~ In file included from arch/x86/include/asm/uaccess.h:682:0, from include/linux/uaccess.h:13, from include/linux/crypto.h:26, from arch/x86/kernel/asm-offsets.c:8: arch/x86/include/asm/uaccess_64.h:49:1: note: previous declaration of 'copy_in_user' was here copy_in_user(void __user *to, const void __user *from, unsigned len); ^~~~~~~~~~~~ cc1: some warnings being treated as errors make[2]: *** [arch/x86/kernel/asm-offsets.s] Error 1 make[2]: Target '__build' not remade because of errors. make[1]: *** [prepare0] Error 2 make[1]: Target 'prepare' not remade because of errors. make: *** [sub-make] Error 2 vim +/__copy_in_user +185 include/linux/uaccess.h 5e6039d8 Al Viro 2016-12-27 7 5e6039d8 Al Viro 2016-12-27 8 #define VERIFY_READ 0 5e6039d8 Al Viro 2016-12-27 9 #define VERIFY_WRITE 1 5e6039d8 Al Viro 2016-12-27 10 db68ce10 Al Viro 2017-03-20 11 #define uaccess_kernel() segment_eq(get_fs(), KERNEL_DS) db68ce10 Al Viro 2017-03-20 12 c22ce143 Hiro Yoshioka 2006-06-23 @13 #include <asm/uaccess.h> c22ce143 Hiro Yoshioka 2006-06-23 14 d597580d Al Viro 2017-03-20 15 #ifdef CONFIG_ARCH_HAS_RAW_COPY_USER d597580d Al Viro 2017-03-20 16 /* d597580d Al Viro 2017-03-20 17 * Architectures should provide two primitives (raw_copy_{to,from}_user()) d597580d Al Viro 2017-03-20 18 * select ARCH_HAS_RAW_COPY_FROM_USER and get rid of their private instances d597580d Al Viro 2017-03-20 19 * of copy_{to,from}_user() and __copy_{to,from}_user{,_inatomic}(). Once d597580d Al Viro 2017-03-20 20 * all of them switch, this part of linux/uaccess.h will become unconditional. d597580d Al Viro 2017-03-20 21 * d597580d Al Viro 2017-03-20 22 * raw_copy_{to,from}_user(to, from, size) should copy up to size bytes and d597580d Al Viro 2017-03-20 23 * return the amount left to copy. They should assume that access_ok() has d597580d Al Viro 2017-03-20 24 * already been checked (and succeeded); they should *not* zero-pad anything. d597580d Al Viro 2017-03-20 25 * No KASAN or object size checks either - those belong here. d597580d Al Viro 2017-03-20 26 * d597580d Al Viro 2017-03-20 27 * Both of these functions should attempt to copy size bytes starting at from d597580d Al Viro 2017-03-20 28 * into the area starting at to. They must not fetch or store anything d597580d Al Viro 2017-03-20 29 * outside of those areas. Return value must be between 0 (everything d597580d Al Viro 2017-03-20 30 * copied successfully) and size (nothing copied). d597580d Al Viro 2017-03-20 31 * d597580d Al Viro 2017-03-20 32 * If raw_copy_{to,from}_user(to, from, size) returns N, size - N bytes starting d597580d Al Viro 2017-03-20 33 * at to must become equal to the bytes fetched from the corresponding area d597580d Al Viro 2017-03-20 34 * starting at from. All data past to + size - N must be left unmodified. d597580d Al Viro 2017-03-20 35 * d597580d Al Viro 2017-03-20 36 * If copying succeeds, the return value must be 0. If some data cannot be d597580d Al Viro 2017-03-20 37 * fetched, it is permitted to copy less than had been fetched; the only d597580d Al Viro 2017-03-20 38 * hard requirement is that not storing anything at all (i.e. returning size) d597580d Al Viro 2017-03-20 39 * should happen only when nothing could be copied. In other words, you don't d597580d Al Viro 2017-03-20 40 * have to squeeze as much as possible - it is allowed, but not necessary. d597580d Al Viro 2017-03-20 41 * d597580d Al Viro 2017-03-20 42 * For raw_copy_from_user() to always points to kernel memory and no faults d597580d Al Viro 2017-03-20 43 * on store should happen. Interpretation of from is affected by set_fs(). d597580d Al Viro 2017-03-20 44 * For raw_copy_to_user() it's the other way round. d597580d Al Viro 2017-03-20 45 * d597580d Al Viro 2017-03-20 46 * Both can be inlined - it's up to architectures whether it wants to bother d597580d Al Viro 2017-03-20 47 * with that. They should not be used directly; they are used to implement d597580d Al Viro 2017-03-20 48 * the 6 functions (copy_{to,from}_user(), __copy_{to,from}_user_inatomic()) d597580d Al Viro 2017-03-20 49 * that are used instead. Out of those, __... ones are inlined. Plain d597580d Al Viro 2017-03-20 50 * copy_{to,from}_user() might or might not be inlined. If you want them d597580d Al Viro 2017-03-20 51 * inlined, have asm/uaccess.h define INLINE_COPY_{TO,FROM}_USER. d597580d Al Viro 2017-03-20 52 * d597580d Al Viro 2017-03-20 53 * NOTE: only copy_from_user() zero-pads the destination in case of short copy. d597580d Al Viro 2017-03-20 54 * Neither __copy_from_user() nor __copy_from_user_inatomic() zero anything d597580d Al Viro 2017-03-20 55 * at all; their callers absolutely must check the return value. d597580d Al Viro 2017-03-20 56 * d597580d Al Viro 2017-03-20 57 * Biarch ones should also provide raw_copy_in_user() - similar to the above, d597580d Al Viro 2017-03-20 58 * but both source and destination are __user pointers (affected by set_fs() d597580d Al Viro 2017-03-20 59 * as usual) and both source and destination can trigger faults. d597580d Al Viro 2017-03-20 60 */ d597580d Al Viro 2017-03-20 61 d597580d Al Viro 2017-03-20 62 static __always_inline unsigned long d597580d Al Viro 2017-03-20 63 __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) d597580d Al Viro 2017-03-20 64 { d597580d Al Viro 2017-03-20 65 kasan_check_write(to, n); d597580d Al Viro 2017-03-20 66 check_object_size(to, n, false); d597580d Al Viro 2017-03-20 67 return raw_copy_from_user(to, from, n); d597580d Al Viro 2017-03-20 68 } d597580d Al Viro 2017-03-20 69 d597580d Al Viro 2017-03-20 70 static __always_inline unsigned long d597580d Al Viro 2017-03-20 71 __copy_from_user(void *to, const void __user *from, unsigned long n) d597580d Al Viro 2017-03-20 72 { d597580d Al Viro 2017-03-20 73 might_fault(); d597580d Al Viro 2017-03-20 74 kasan_check_write(to, n); d597580d Al Viro 2017-03-20 75 check_object_size(to, n, false); d597580d Al Viro 2017-03-20 76 return raw_copy_from_user(to, from, n); d597580d Al Viro 2017-03-20 77 } d597580d Al Viro 2017-03-20 78 d597580d Al Viro 2017-03-20 79 /** d597580d Al Viro 2017-03-20 80 * __copy_to_user_inatomic: - Copy a block of data into user space, with less checking. d597580d Al Viro 2017-03-20 81 * @to: Destination address, in user space. d597580d Al Viro 2017-03-20 82 * @from: Source address, in kernel space. d597580d Al Viro 2017-03-20 83 * @n: Number of bytes to copy. d597580d Al Viro 2017-03-20 84 * d597580d Al Viro 2017-03-20 85 * Context: User context only. d597580d Al Viro 2017-03-20 86 * d597580d Al Viro 2017-03-20 87 * Copy data from kernel space to user space. Caller must check d597580d Al Viro 2017-03-20 88 * the specified block with access_ok() before calling this function. d597580d Al Viro 2017-03-20 89 * The caller should also make sure he pins the user space address d597580d Al Viro 2017-03-20 90 * so that we don't result in page fault and sleep. d597580d Al Viro 2017-03-20 91 */ d597580d Al Viro 2017-03-20 92 static __always_inline unsigned long d597580d Al Viro 2017-03-20 93 __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) d597580d Al Viro 2017-03-20 94 { d597580d Al Viro 2017-03-20 95 kasan_check_read(from, n); d597580d Al Viro 2017-03-20 96 check_object_size(from, n, true); d597580d Al Viro 2017-03-20 97 return raw_copy_to_user(to, from, n); d597580d Al Viro 2017-03-20 98 } d597580d Al Viro 2017-03-20 99 d597580d Al Viro 2017-03-20 100 static __always_inline unsigned long d597580d Al Viro 2017-03-20 101 __copy_to_user(void __user *to, const void *from, unsigned long n) d597580d Al Viro 2017-03-20 102 { d597580d Al Viro 2017-03-20 103 might_fault(); d597580d Al Viro 2017-03-20 104 kasan_check_read(from, n); d597580d Al Viro 2017-03-20 105 check_object_size(from, n, true); d597580d Al Viro 2017-03-20 106 return raw_copy_to_user(to, from, n); d597580d Al Viro 2017-03-20 107 } d597580d Al Viro 2017-03-20 108 d597580d Al Viro 2017-03-20 109 #ifdef INLINE_COPY_FROM_USER d597580d Al Viro 2017-03-20 110 static inline unsigned long d597580d Al Viro 2017-03-20 111 _copy_from_user(void *to, const void __user *from, unsigned long n) d597580d Al Viro 2017-03-20 112 { d597580d Al Viro 2017-03-20 113 unsigned long res = n; d597580d Al Viro 2017-03-20 114 if (likely(access_ok(VERIFY_READ, from, n))) d597580d Al Viro 2017-03-20 115 res = raw_copy_from_user(to, from, n); d597580d Al Viro 2017-03-20 116 if (unlikely(res)) d597580d Al Viro 2017-03-20 117 memset(to + (n - res), 0, res); d597580d Al Viro 2017-03-20 118 return res; d597580d Al Viro 2017-03-20 119 } d597580d Al Viro 2017-03-20 120 #else d597580d Al Viro 2017-03-20 121 extern unsigned long d597580d Al Viro 2017-03-20 122 _copy_from_user(void *, const void __user *, unsigned long); d597580d Al Viro 2017-03-20 123 #endif d597580d Al Viro 2017-03-20 124 d597580d Al Viro 2017-03-20 125 #ifdef INLINE_COPY_TO_USER d597580d Al Viro 2017-03-20 126 static inline unsigned long d597580d Al Viro 2017-03-20 127 _copy_to_user(void __user *to, const void *from, unsigned long n) d597580d Al Viro 2017-03-20 128 { d597580d Al Viro 2017-03-20 129 if (access_ok(VERIFY_WRITE, to, n)) d597580d Al Viro 2017-03-20 130 n = raw_copy_to_user(to, from, n); d597580d Al Viro 2017-03-20 131 return n; d597580d Al Viro 2017-03-20 132 } d597580d Al Viro 2017-03-20 133 #else d597580d Al Viro 2017-03-20 134 extern unsigned long d597580d Al Viro 2017-03-20 135 _copy_to_user(void __user *, const void *, unsigned long); d597580d Al Viro 2017-03-20 136 #endif d597580d Al Viro 2017-03-20 137 d597580d Al Viro 2017-03-20 138 extern void __compiletime_error("usercopy buffer size is too small") d597580d Al Viro 2017-03-20 139 __bad_copy_user(void); d597580d Al Viro 2017-03-20 140 d597580d Al Viro 2017-03-20 141 static inline void copy_user_overflow(int size, unsigned long count) d597580d Al Viro 2017-03-20 142 { d597580d Al Viro 2017-03-20 143 WARN(1, "Buffer overflow detected (%d < %lu)!\n", size, count); d597580d Al Viro 2017-03-20 144 } d597580d Al Viro 2017-03-20 145 d597580d Al Viro 2017-03-20 146 static __always_inline unsigned long __must_check d597580d Al Viro 2017-03-20 147 copy_from_user(void *to, const void __user *from, unsigned long n) d597580d Al Viro 2017-03-20 148 { d597580d Al Viro 2017-03-20 149 int sz = __compiletime_object_size(to); d597580d Al Viro 2017-03-20 150 d597580d Al Viro 2017-03-20 151 might_fault(); d597580d Al Viro 2017-03-20 152 kasan_check_write(to, n); d597580d Al Viro 2017-03-20 153 d597580d Al Viro 2017-03-20 154 if (likely(sz < 0 || sz >= n)) { d597580d Al Viro 2017-03-20 155 check_object_size(to, n, false); d597580d Al Viro 2017-03-20 156 n = _copy_from_user(to, from, n); d597580d Al Viro 2017-03-20 157 } else if (!__builtin_constant_p(n)) d597580d Al Viro 2017-03-20 158 copy_user_overflow(sz, n); d597580d Al Viro 2017-03-20 159 else d597580d Al Viro 2017-03-20 160 __bad_copy_user(); d597580d Al Viro 2017-03-20 161 d597580d Al Viro 2017-03-20 162 return n; d597580d Al Viro 2017-03-20 163 } d597580d Al Viro 2017-03-20 164 d597580d Al Viro 2017-03-20 165 static __always_inline unsigned long __must_check d597580d Al Viro 2017-03-20 166 copy_to_user(void __user *to, const void *from, unsigned long n) d597580d Al Viro 2017-03-20 167 { d597580d Al Viro 2017-03-20 168 int sz = __compiletime_object_size(from); d597580d Al Viro 2017-03-20 169 d597580d Al Viro 2017-03-20 170 kasan_check_read(from, n); d597580d Al Viro 2017-03-20 171 might_fault(); d597580d Al Viro 2017-03-20 172 d597580d Al Viro 2017-03-20 173 if (likely(sz < 0 || sz >= n)) { d597580d Al Viro 2017-03-20 174 check_object_size(from, n, true); d597580d Al Viro 2017-03-20 175 n = _copy_to_user(to, from, n); d597580d Al Viro 2017-03-20 176 } else if (!__builtin_constant_p(n)) d597580d Al Viro 2017-03-20 177 copy_user_overflow(sz, n); d597580d Al Viro 2017-03-20 178 else d597580d Al Viro 2017-03-20 179 __bad_copy_user(); d597580d Al Viro 2017-03-20 180 d597580d Al Viro 2017-03-20 181 return n; d597580d Al Viro 2017-03-20 182 } d597580d Al Viro 2017-03-20 183 #ifdef CONFIG_COMPAT d597580d Al Viro 2017-03-20 184 static __always_inline unsigned long __must_check d597580d Al Viro 2017-03-20 @185 __copy_in_user(void __user *to, const void *from, unsigned long n) d597580d Al Viro 2017-03-20 186 { d597580d Al Viro 2017-03-20 187 might_fault(); d597580d Al Viro 2017-03-20 @188 return raw_copy_in_user(to, from, n); d597580d Al Viro 2017-03-20 189 } d597580d Al Viro 2017-03-20 190 static __always_inline unsigned long __must_check d597580d Al Viro 2017-03-20 @191 copy_in_user(void __user *to, const void *from, unsigned long n) d597580d Al Viro 2017-03-20 192 { d597580d Al Viro 2017-03-20 193 might_fault(); d597580d Al Viro 2017-03-20 194 if (access_ok(VERIFY_WRITE, to, n) && access_ok(VERIFY_READ, from, n)) :::::: The code at line 185 was first introduced by commit :::::: d597580d373774b1bdab84b3d26ff0b55162b916 generic ...copy_..._user primitives :::::: TO: Al Viro <viro@xxxxxxxxxxxxxxxxxx> :::::: CC: Al Viro <viro@xxxxxxxxxxxxxxxxxx> --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation
Attachment:
.config.gz
Description: application/gzip
