Hi Thomas,

On Wed, May 3, 2023 at 4:30 PM Thomas Zimmermann [off-list ref] wrote:

Am 03.05.23 um 11:51 schrieb Geert Uytterhoeven:

quoted

On Fri, Apr 28, 2023 at 2:26 PM Thomas Zimmermann [off-list ref] wrote:

quoted

Push the test for info->screen_base from fb_read() and fb_write() into
the implementations of struct fb_ops.{fb_read,fb_write}. In cases where
the driver operates on info->screen_buffer, test this field instead.

While bothi fields, screen_base and screen_buffer, are stored in the

both

quoted

same location, they refer to different address spaces. For correctness,
we want to test each field in exactly the code that uses it.

Not a direct comment for this patch: and later the union can be split
in two separate fields, to protect against misuse?

No idea. Currently we have sparse that warns about mismatching address
spaces if the fields are mixed up. That's good enough, as far I'm concerned.

The potential issue that is still present is that an fbdev driver uses
fb_info.screen_base, and configures the use of drawing ops that use
fb_info.screen_buffer (or vice-versa), which will happily use the wrong
type of pointer.  Sparse doesn't protect against that.

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds