[PATCH RFC v2 0/6] staging: comedi: fix user/kernel space access of cmd->chanlist

Dan Carpenter dan.carpenter at oracle.com
Tue Sep 18 19:41:17 UTC 2012


On Tue, Sep 18, 2012 at 10:12:36PM +0300, Dan Carpenter wrote:
> This introduces some new Sparse warnings in the compat code.
> 
>    CHECK   drivers/staging/comedi/comedi_compat32.c
> drivers/staging/comedi/comedi_compat32.c:212:16: warning: cast removes address space of expression
> drivers/staging/comedi/comedi_compat32.c:212:16: warning: cast removes address space of expression
> drivers/staging/comedi/comedi_compat32.c:212:16: warning: cast removes address space of expression
> drivers/staging/comedi/comedi_compat32.c:212:16: warning: cast removes address space of expression
>    CC [M]  drivers/staging/comedi/comedi_compat32.o
> 
>    210          err |= __put_user(temp.uint, &cmd->stop_arg);
>    211          err |= __get_user(temp.uptr, &cmd32->chanlist);
>    212          err |= __put_user(compat_ptr(temp.uptr), &cmd->chanlist);
>    213          err |= __get_user(temp.uint, &cmd32->chanlist_len);
>    214          err |= __put_user(temp.uint, &cmd->chanlist_len);
>    215          err |= __get_user(temp.uptr, &cmd32->data);
>    216          err |= __put_user(compat_ptr(temp.uptr), &cmd->data);
>    217          err |= __get_user(temp.uint, &cmd32->data_len);
> 
> I'm not sure how to cast away the warnings...

Perhaps something like this?

-       err |= __put_user(compat_ptr(temp.uptr), &cmd->chanlist);
+       err |= __put_user(compat_ptr(temp.uptr), (int __user * __user *)&cmd->chanlist);

That gets rid of the warning but I'm not sure it's correct.

regards,
dan carpenter




More information about the devel mailing list