lib/test_hmm.c:928 dmirror_fops_unlocked_ioctl() warn: comparison of a potentially tagged address (dmirror_fops_unlocked_ioctl, -2, cmd.addr)
From: kernel test robot
Date: Sat Mar 13 2021 - 12:43:50 EST
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: f296bfd5cd04cbb49b8fc9585adc280ab2b58624
commit: b2ef9f5a5cb37643ca5def3516c546457074b882 mm/hmm/test: add selftest driver for HMM
date: 10 months ago
config: arm64-randconfig-m031-20210312 (attached as .config)
compiler: aarch64-linux-gcc (GCC) 9.3.0
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>
New smatch warnings:
lib/test_hmm.c:928 dmirror_fops_unlocked_ioctl() warn: comparison of a potentially tagged address (dmirror_fops_unlocked_ioctl, -2, cmd.addr)
Old smatch warnings:
lib/test_hmm.c:523 dmirror_allocate_chunk() error: we previously assumed 'devmem' could be null (see line 478)
lib/test_hmm.c:523 dmirror_allocate_chunk() error: dereferencing freed memory 'devmem'
vim +928 lib/test_hmm.c
911
912 static long dmirror_fops_unlocked_ioctl(struct file *filp,
913 unsigned int command,
914 unsigned long arg)
915 {
916 void __user *uarg = (void __user *)arg;
917 struct hmm_dmirror_cmd cmd;
918 struct dmirror *dmirror;
919 int ret;
920
921 dmirror = filp->private_data;
922 if (!dmirror)
923 return -EINVAL;
924
925 if (copy_from_user(&cmd, uarg, sizeof(cmd)))
926 return -EFAULT;
927
> 928 if (cmd.addr & ~PAGE_MASK)
929 return -EINVAL;
930 if (cmd.addr >= (cmd.addr + (cmd.npages << PAGE_SHIFT)))
931 return -EINVAL;
932
933 cmd.cpages = 0;
934 cmd.faults = 0;
935
936 switch (command) {
937 case HMM_DMIRROR_READ:
938 ret = dmirror_read(dmirror, &cmd);
939 break;
940
941 case HMM_DMIRROR_WRITE:
942 ret = dmirror_write(dmirror, &cmd);
943 break;
944
945 case HMM_DMIRROR_MIGRATE:
946 ret = dmirror_migrate(dmirror, &cmd);
947 break;
948
949 case HMM_DMIRROR_SNAPSHOT:
950 ret = dmirror_snapshot(dmirror, &cmd);
951 break;
952
953 default:
954 return -EINVAL;
955 }
956 if (ret)
957 return ret;
958
959 if (copy_to_user(uarg, &cmd, sizeof(cmd)))
960 return -EFAULT;
961
962 return 0;
963 }
964
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx
Attachment:
.config.gz
Description: application/gzip