tree: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git tty-next head: 660beb0ffdc9fc0695321dde5e115cd8cc384c94 commit: 07edff9265204e15c9fc8d07cc69e38c4c484e15 [16/72] vt: keyboard, reorder user buffer handling in vt_do_kdgkb_ioctl config: sh-randconfig-s031-20201109 (attached as .config) compiler: sh4-linux-gcc (GCC) 9.3.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # apt-get install sparse # sparse version: v0.6.3-123-g626c4742-dirty # https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git/commit/?id=07edff9265204e15c9fc8d07cc69e38c4c484e15 git remote add tty https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty.git git fetch --no-tags tty tty-next git checkout 07edff9265204e15c9fc8d07cc69e38c4c484e15 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=sh If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@xxxxxxxxx> "sparse warnings: (new ones prefixed by >>)" drivers/tty/vt/keyboard.c:1745:21: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected unsigned int const *__gu_addr @@ got unsigned int [noderef] __user * @@ drivers/tty/vt/keyboard.c:1745:21: sparse: expected unsigned int const *__gu_addr drivers/tty/vt/keyboard.c:1745:21: sparse: got unsigned int [noderef] __user * drivers/tty/vt/keyboard.c:1745:21: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const volatile [noderef] __user *ptr @@ got unsigned int const *__gu_addr @@ drivers/tty/vt/keyboard.c:1745:21: sparse: expected void const volatile [noderef] __user *ptr drivers/tty/vt/keyboard.c:1745:21: sparse: got unsigned int const *__gu_addr drivers/tty/vt/keyboard.c:1783:21: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected unsigned int const *__gu_addr @@ got unsigned int [noderef] __user * @@ drivers/tty/vt/keyboard.c:1783:21: sparse: expected unsigned int const *__gu_addr drivers/tty/vt/keyboard.c:1783:21: sparse: got unsigned int [noderef] __user * drivers/tty/vt/keyboard.c:1783:21: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const volatile [noderef] __user *ptr @@ got unsigned int const *__gu_addr @@ drivers/tty/vt/keyboard.c:1783:21: sparse: expected void const volatile [noderef] __user *ptr drivers/tty/vt/keyboard.c:1783:21: sparse: got unsigned int const *__gu_addr >> drivers/tty/vt/keyboard.c:2037:13: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected unsigned char const *__gu_addr @@ got unsigned char [noderef] __user * @@ >> drivers/tty/vt/keyboard.c:2037:13: sparse: expected unsigned char const *__gu_addr >> drivers/tty/vt/keyboard.c:2037:13: sparse: got unsigned char [noderef] __user * >> drivers/tty/vt/keyboard.c:2037:13: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void const volatile [noderef] __user *ptr @@ got unsigned char const *__gu_addr @@ drivers/tty/vt/keyboard.c:2037:13: sparse: expected void const volatile [noderef] __user *ptr >> drivers/tty/vt/keyboard.c:2037:13: sparse: got unsigned char const *__gu_addr vim +2037 drivers/tty/vt/keyboard.c 2020 2021 /* FIXME: This one needs untangling */ 2022 int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) 2023 { 2024 char *kbs; 2025 u_char *q; 2026 int sz, fnw_sz; 2027 int delta; 2028 char *first_free, *fj, *fnw; 2029 int j, k; 2030 int ret; 2031 unsigned long flags; 2032 unsigned char kb_func; 2033 2034 if (!capable(CAP_SYS_TTY_CONFIG)) 2035 perm = 0; 2036 > 2037 if (get_user(kb_func, &user_kdgkb->kb_func)) 2038 return -EFAULT; 2039 2040 kb_func = array_index_nospec(kb_func, MAX_NR_FUNC); 2041 2042 switch (cmd) { 2043 case KDGKBSENT: { 2044 /* size should have been a struct member */ 2045 ssize_t len = sizeof(user_kdgkb->kb_string); 2046 2047 kbs = kmalloc(len, GFP_KERNEL); 2048 if (!kbs) 2049 return -ENOMEM; 2050 2051 spin_lock_irqsave(&func_buf_lock, flags); 2052 len = strlcpy(kbs, func_table[kb_func] ? : "", len); 2053 spin_unlock_irqrestore(&func_buf_lock, flags); 2054 2055 ret = copy_to_user(user_kdgkb->kb_string, kbs, len + 1) ? 2056 -EFAULT : 0; 2057 2058 goto reterr; 2059 } 2060 case KDSKBSENT: 2061 if (!perm) 2062 return -EPERM; 2063 2064 kbs = strndup_user(user_kdgkb->kb_string, 2065 sizeof(user_kdgkb->kb_string)); 2066 if (IS_ERR(kbs)) 2067 return PTR_ERR(kbs); 2068 2069 fnw = NULL; 2070 fnw_sz = 0; 2071 /* race aginst other writers */ 2072 again: 2073 spin_lock_irqsave(&func_buf_lock, flags); 2074 q = func_table[kb_func]; 2075 2076 /* fj pointer to next entry after 'q' */ 2077 first_free = funcbufptr + (funcbufsize - funcbufleft); 2078 for (j = kb_func + 1; j < MAX_NR_FUNC && !func_table[j]; j++) 2079 ; 2080 if (j < MAX_NR_FUNC) 2081 fj = func_table[j]; 2082 else 2083 fj = first_free; 2084 /* buffer usage increase by new entry */ 2085 delta = (q ? -strlen(q) : 1) + strlen(kbs); 2086 2087 if (delta <= funcbufleft) { /* it fits in current buf */ 2088 if (j < MAX_NR_FUNC) { 2089 /* make enough space for new entry at 'fj' */ 2090 memmove(fj + delta, fj, first_free - fj); 2091 for (k = j; k < MAX_NR_FUNC; k++) 2092 if (func_table[k]) 2093 func_table[k] += delta; 2094 } 2095 if (!q) 2096 func_table[kb_func] = fj; 2097 funcbufleft -= delta; 2098 } else { /* allocate a larger buffer */ 2099 sz = 256; 2100 while (sz < funcbufsize - funcbufleft + delta) 2101 sz <<= 1; 2102 if (fnw_sz != sz) { 2103 spin_unlock_irqrestore(&func_buf_lock, flags); 2104 kfree(fnw); 2105 fnw = kmalloc(sz, GFP_KERNEL); 2106 fnw_sz = sz; 2107 if (!fnw) { 2108 ret = -ENOMEM; 2109 goto reterr; 2110 } 2111 goto again; 2112 } 2113 2114 if (!q) 2115 func_table[kb_func] = fj; 2116 /* copy data before insertion point to new location */ 2117 if (fj > funcbufptr) 2118 memmove(fnw, funcbufptr, fj - funcbufptr); 2119 for (k = 0; k < j; k++) 2120 if (func_table[k]) 2121 func_table[k] = fnw + (func_table[k] - funcbufptr); 2122 2123 /* copy data after insertion point to new location */ 2124 if (first_free > fj) { 2125 memmove(fnw + (fj - funcbufptr) + delta, fj, first_free - fj); 2126 for (k = j; k < MAX_NR_FUNC; k++) 2127 if (func_table[k]) 2128 func_table[k] = fnw + (func_table[k] - funcbufptr) + delta; 2129 } 2130 if (funcbufptr != func_buf) 2131 kfree(funcbufptr); 2132 funcbufptr = fnw; 2133 funcbufleft = funcbufleft - delta + sz - funcbufsize; 2134 funcbufsize = sz; 2135 } 2136 /* finally insert item itself */ 2137 strcpy(func_table[kb_func], kbs); 2138 spin_unlock_irqrestore(&func_buf_lock, flags); 2139 break; 2140 } 2141 ret = 0; 2142 reterr: 2143 kfree(kbs); 2144 return ret; 2145 } 2146 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx
Attachment:
.config.gz
Description: application/gzip