From: Borislav P. <pet...@go...> - 2010-01-17 19:34:36
|
I'm also getting CC drivers/gpu/drm/radeon/radeon_state.o In file included from /home/boris/kernel/linux-2.6/arch/x86/include/asm/uaccess.h:571, from include/drm/drmP.h:63, from drivers/gpu/drm/radeon/radeon_state.c:30: In function ‘copy_from_user’, inlined from ‘radeon_cp_clear’ at drivers/gpu/drm/radeon/radeon_state.c:2145: /home/boris/kernel/linux-2.6/arch/x86/include/asm/uaccess_32.h:212: warning: call to ‘copy_from_user_overflow’ declared with attribute warning: copy_from_user() buffer size is not provably correct LD drivers/gpu/drm/radeon/radeon.o which is caused by the compile-time check in copy_from_user introduced in 4a312769: if (DRM_COPY_FROM_USER(&depth_boxes, clear->depth_boxes, sarea_priv->nbox * sizeof(depth_boxes[0]))) due to the sarea_priv->nbox being unknown at compile time, even though the code clamps its value earlier in case it might cause an overflow: if (sarea_priv->nbox > RADEON_NR_SAREA_CLIPRECTS) sarea_priv->nbox = RADEON_NR_SAREA_CLIPRECTS; Circumventing the check shuts up the warning but I'm not sure whether this is what we want to do in cases like this one: -- diff --git a/drivers/gpu/drm/radeon/radeon_state.c b/drivers/gpu/drm/radeon/radeon_state.c index 067167c..9b42598 100644 --- a/drivers/gpu/drm/radeon/radeon_state.c +++ b/drivers/gpu/drm/radeon/radeon_state.c @@ -2139,7 +2139,7 @@ static int radeon_cp_clear(struct drm_device *dev, void *data, struct drm_file * if (sarea_priv->nbox > RADEON_NR_SAREA_CLIPRECTS) sarea_priv->nbox = RADEON_NR_SAREA_CLIPRECTS; - if (DRM_COPY_FROM_USER(&depth_boxes, clear->depth_boxes, + if (_copy_from_user(&depth_boxes, clear->depth_boxes, sarea_priv->nbox * sizeof(depth_boxes[0]))) return -EFAULT; -- Regards/Gruss, Boris. |