lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <201705280516.bAHdBQAm%fengguang.wu@intel.com>
Date:   Sun, 28 May 2017 05:57:01 +0800
From:   kbuild test robot <lkp@...el.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     kbuild-all@...org, linux-kernel@...r.kernel.org,
        Andrew Morton <akpm@...ux-foundation.org>,
        David Windsor <dwindsor@...il.com>,
        Kees Cook <keescook@...omium.org>,
        Hans Liljestrand <ishkamiel@...il.com>,
        Elena Reshetova <elena.reshetova@...el.com>,
        Davidlohr Bueso <dave@...olabs.net>,
        Manfred Spraul <manfred@...orfullife.com>,
        Mauro Carvalho Chehab <mchehab@...nel.org>,
        Bjorn Helgaas <bhelgaas@...gle.com>,
        Michal Hocko <mhocko@...e.com>
Subject: Re: [PATCH] ipc: Convert kern_ipc_perm.refcount to refcount_t

Hi Elena,

[auto build test ERROR on next-20170526]
[cannot apply to linus/master linux/master kees/for-next/pstore v4.9-rc8 v4.9-rc7 v4.9-rc6 v4.12-rc2]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Kees-Cook/ipc-Convert-kern_ipc_perm-refcount-to-refcount_t/20170528-040601
config: m32r-m32104ut_defconfig (attached as .config)
compiler: m32r-linux-gcc (GCC) 6.2.0
reproduce:
        wget https://raw.githubusercontent.com/01org/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        make.cross ARCH=m32r 

All errors (new ones prefixed by >>):

   In file included from include/uapi/linux/shm.h:4:0,
                    from include/linux/shm.h:6,
                    from ipc/util.c:44:
   include/linux/ipc.h:25:2: error: unknown type name 'refcount_t'
     refcount_t refcount;
     ^~~~~~~~~~
   ipc/util.c: In function 'ipc_addid':
>> ipc/util.c:235:15: error: passing argument 1 of 'refcount_set' from incompatible pointer type [-Werror=incompatible-pointer-types]
     refcount_set(&new->refcount, 1);
                  ^
   In file included from include/linux/key.h:26:0,
                    from include/linux/security.h:26,
                    from ipc/util.c:52:
   include/linux/refcount.h:28:20: note: expected 'refcount_t * {aka struct refcount_struct *}' but argument is of type 'int *'
    static inline void refcount_set(refcount_t *r, unsigned int n)
                       ^~~~~~~~~~~~
   ipc/util.c: In function 'ipc_rcu_getref':
>> ipc/util.c:400:31: error: passing argument 1 of 'refcount_inc_not_zero' from incompatible pointer type [-Werror=incompatible-pointer-types]
     return refcount_inc_not_zero(&ptr->refcount);
                                  ^
   In file included from include/linux/key.h:26:0,
                    from include/linux/security.h:26,
                    from ipc/util.c:52:
   include/linux/refcount.h:47:26: note: expected 'refcount_t * {aka struct refcount_struct *}' but argument is of type 'int *'
    extern __must_check bool refcount_inc_not_zero(refcount_t *r);
                             ^~~~~~~~~~~~~~~~~~~~~
   ipc/util.c: In function 'ipc_rcu_putref':
>> ipc/util.c:406:29: error: passing argument 1 of 'refcount_dec_and_test' from incompatible pointer type [-Werror=incompatible-pointer-types]
     if (!refcount_dec_and_test(&ptr->refcount))
                                ^
   In file included from include/linux/key.h:26:0,
                    from include/linux/security.h:26,
                    from ipc/util.c:52:
   include/linux/refcount.h:53:26: note: expected 'refcount_t * {aka struct refcount_struct *}' but argument is of type 'int *'
    extern __must_check bool refcount_dec_and_test(refcount_t *r);
                             ^~~~~~~~~~~~~~~~~~~~~
   cc1: some warnings being treated as errors

vim +/refcount_set +235 ipc/util.c

    38	 *
    39	 *  Note that sems have a special fast path that avoids kern_ipc_perm.lock -
    40	 *  see sem_lock().
    41	 */
    42	
    43	#include <linux/mm.h>
  > 44	#include <linux/shm.h>
    45	#include <linux/init.h>
    46	#include <linux/msg.h>
    47	#include <linux/vmalloc.h>
    48	#include <linux/slab.h>
    49	#include <linux/notifier.h>
    50	#include <linux/capability.h>
    51	#include <linux/highuid.h>
  > 52	#include <linux/security.h>
    53	#include <linux/rcupdate.h>
    54	#include <linux/workqueue.h>
    55	#include <linux/seq_file.h>
    56	#include <linux/proc_fs.h>
    57	#include <linux/audit.h>
    58	#include <linux/nsproxy.h>
    59	#include <linux/rwsem.h>
    60	#include <linux/memory.h>
    61	#include <linux/ipc_namespace.h>
    62	
    63	#include <asm/unistd.h>
    64	
    65	#include "util.h"
    66	
    67	struct ipc_proc_iface {
    68		const char *path;
    69		const char *header;
    70		int ids;
    71		int (*show)(struct seq_file *, void *);
    72	};
    73	
    74	/**
    75	 * ipc_init - initialise ipc subsystem
    76	 *
    77	 * The various sysv ipc resources (semaphores, messages and shared
    78	 * memory) are initialised.
    79	 *
    80	 * A callback routine is registered into the memory hotplug notifier
    81	 * chain: since msgmni scales to lowmem this callback routine will be
    82	 * called upon successful memory add / remove to recompute msmgni.
    83	 */
    84	static int __init ipc_init(void)
    85	{
    86		sem_init();
    87		msg_init();
    88		shm_init();
    89		return 0;
    90	}
    91	device_initcall(ipc_init);
    92	
    93	/**
    94	 * ipc_init_ids	- initialise ipc identifiers
    95	 * @ids: ipc identifier set
    96	 *
    97	 * Set up the sequence range to use for the ipc identifier range (limited
    98	 * below IPCMNI) then initialise the ids idr.
    99	 */
   100	void ipc_init_ids(struct ipc_ids *ids)
   101	{
   102		ids->in_use = 0;
   103		ids->seq = 0;
   104		ids->next_id = -1;
   105		init_rwsem(&ids->rwsem);
   106		idr_init(&ids->ipcs_idr);
   107	}
   108	
   109	#ifdef CONFIG_PROC_FS
   110	static const struct file_operations sysvipc_proc_fops;
   111	/**
   112	 * ipc_init_proc_interface -  create a proc interface for sysipc types using a seq_file interface.
   113	 * @path: Path in procfs
   114	 * @header: Banner to be printed at the beginning of the file.
   115	 * @ids: ipc id table to iterate.
   116	 * @show: show routine.
   117	 */
   118	void __init ipc_init_proc_interface(const char *path, const char *header,
   119			int ids, int (*show)(struct seq_file *, void *))
   120	{
   121		struct proc_dir_entry *pde;
   122		struct ipc_proc_iface *iface;
   123	
   124		iface = kmalloc(sizeof(*iface), GFP_KERNEL);
   125		if (!iface)
   126			return;
   127		iface->path	= path;
   128		iface->header	= header;
   129		iface->ids	= ids;
   130		iface->show	= show;
   131	
   132		pde = proc_create_data(path,
   133				       S_IRUGO,        /* world readable */
   134				       NULL,           /* parent dir */
   135				       &sysvipc_proc_fops,
   136				       iface);
   137		if (!pde)
   138			kfree(iface);
   139	}
   140	#endif
   141	
   142	/**
   143	 * ipc_findkey	- find a key in an ipc identifier set
   144	 * @ids: ipc identifier set
   145	 * @key: key to find
   146	 *
   147	 * Returns the locked pointer to the ipc structure if found or NULL
   148	 * otherwise. If key is found ipc points to the owning ipc structure
   149	 *
   150	 * Called with ipc_ids.rwsem held.
   151	 */
   152	static struct kern_ipc_perm *ipc_findkey(struct ipc_ids *ids, key_t key)
   153	{
   154		struct kern_ipc_perm *ipc;
   155		int next_id;
   156		int total;
   157	
   158		for (total = 0, next_id = 0; total < ids->in_use; next_id++) {
   159			ipc = idr_find(&ids->ipcs_idr, next_id);
   160	
   161			if (ipc == NULL)
   162				continue;
   163	
   164			if (ipc->key != key) {
   165				total++;
   166				continue;
   167			}
   168	
   169			rcu_read_lock();
   170			ipc_lock_object(ipc);
   171			return ipc;
   172		}
   173	
   174		return NULL;
   175	}
   176	
   177	/**
   178	 * ipc_get_maxid - get the last assigned id
   179	 * @ids: ipc identifier set
   180	 *
   181	 * Called with ipc_ids.rwsem held.
   182	 */
   183	int ipc_get_maxid(struct ipc_ids *ids)
   184	{
   185		struct kern_ipc_perm *ipc;
   186		int max_id = -1;
   187		int total, id;
   188	
   189		if (ids->in_use == 0)
   190			return -1;
   191	
   192		if (ids->in_use == IPCMNI)
   193			return IPCMNI - 1;
   194	
   195		/* Look for the last assigned id */
   196		total = 0;
   197		for (id = 0; id < IPCMNI && total < ids->in_use; id++) {
   198			ipc = idr_find(&ids->ipcs_idr, id);
   199			if (ipc != NULL) {
   200				max_id = id;
   201				total++;
   202			}
   203		}
   204		return max_id;
   205	}
   206	
   207	/**
   208	 * ipc_addid - add an ipc identifier
   209	 * @ids: ipc identifier set
   210	 * @new: new ipc permission set
   211	 * @size: limit for the number of used ids
   212	 *
   213	 * Add an entry 'new' to the ipc ids idr. The permissions object is
   214	 * initialised and the first free entry is set up and the id assigned
   215	 * is returned. The 'new' entry is returned in a locked state on success.
   216	 * On failure the entry is not locked and a negative err-code is returned.
   217	 *
   218	 * Called with writer ipc_ids.rwsem held.
   219	 */
   220	int ipc_addid(struct ipc_ids *ids, struct kern_ipc_perm *new, int size)
   221	{
   222		kuid_t euid;
   223		kgid_t egid;
   224		int id;
   225		int next_id = ids->next_id;
   226	
   227		if (size > IPCMNI)
   228			size = IPCMNI;
   229	
   230		if (ids->in_use >= size)
   231			return -ENOSPC;
   232	
   233		idr_preload(GFP_KERNEL);
   234	
 > 235		refcount_set(&new->refcount, 1);
   236		spin_lock_init(&new->lock);
   237		new->deleted = false;
   238		rcu_read_lock();
   239		spin_lock(&new->lock);
   240	
   241		current_euid_egid(&euid, &egid);
   242		new->cuid = new->uid = euid;
   243		new->gid = new->cgid = egid;
   244	
   245		id = idr_alloc(&ids->ipcs_idr, new,
   246			       (next_id < 0) ? 0 : ipcid_to_idx(next_id), 0,
   247			       GFP_NOWAIT);
   248		idr_preload_end();
   249		if (id < 0) {
   250			spin_unlock(&new->lock);
   251			rcu_read_unlock();
   252			return id;
   253		}
   254	
   255		ids->in_use++;
   256	
   257		if (next_id < 0) {
   258			new->seq = ids->seq++;
   259			if (ids->seq > IPCID_SEQ_MAX)
   260				ids->seq = 0;
   261		} else {
   262			new->seq = ipcid_to_seqx(next_id);
   263			ids->next_id = -1;
   264		}
   265	
   266		new->id = ipc_buildid(id, new->seq);
   267		return id;
   268	}
   269	
   270	/**
   271	 * ipcget_new -	create a new ipc object
   272	 * @ns: ipc namespace
   273	 * @ids: ipc identifier set
   274	 * @ops: the actual creation routine to call
   275	 * @params: its parameters
   276	 *
   277	 * This routine is called by sys_msgget, sys_semget() and sys_shmget()
   278	 * when the key is IPC_PRIVATE.
   279	 */
   280	static int ipcget_new(struct ipc_namespace *ns, struct ipc_ids *ids,
   281			const struct ipc_ops *ops, struct ipc_params *params)
   282	{
   283		int err;
   284	
   285		down_write(&ids->rwsem);
   286		err = ops->getnew(ns, params);
   287		up_write(&ids->rwsem);
   288		return err;
   289	}
   290	
   291	/**
   292	 * ipc_check_perms - check security and permissions for an ipc object
   293	 * @ns: ipc namespace
   294	 * @ipcp: ipc permission set
   295	 * @ops: the actual security routine to call
   296	 * @params: its parameters
   297	 *
   298	 * This routine is called by sys_msgget(), sys_semget() and sys_shmget()
   299	 * when the key is not IPC_PRIVATE and that key already exists in the
   300	 * ds IDR.
   301	 *
   302	 * On success, the ipc id is returned.
   303	 *
   304	 * It is called with ipc_ids.rwsem and ipcp->lock held.
   305	 */
   306	static int ipc_check_perms(struct ipc_namespace *ns,
   307				   struct kern_ipc_perm *ipcp,
   308				   const struct ipc_ops *ops,
   309				   struct ipc_params *params)
   310	{
   311		int err;
   312	
   313		if (ipcperms(ns, ipcp, params->flg))
   314			err = -EACCES;
   315		else {
   316			err = ops->associate(ipcp, params->flg);
   317			if (!err)
   318				err = ipcp->id;
   319		}
   320	
   321		return err;
   322	}
   323	
   324	/**
   325	 * ipcget_public - get an ipc object or create a new one
   326	 * @ns: ipc namespace
   327	 * @ids: ipc identifier set
   328	 * @ops: the actual creation routine to call
   329	 * @params: its parameters
   330	 *
   331	 * This routine is called by sys_msgget, sys_semget() and sys_shmget()
   332	 * when the key is not IPC_PRIVATE.
   333	 * It adds a new entry if the key is not found and does some permission
   334	 * / security checkings if the key is found.
   335	 *
   336	 * On success, the ipc id is returned.
   337	 */
   338	static int ipcget_public(struct ipc_namespace *ns, struct ipc_ids *ids,
   339			const struct ipc_ops *ops, struct ipc_params *params)
   340	{
   341		struct kern_ipc_perm *ipcp;
   342		int flg = params->flg;
   343		int err;
   344	
   345		/*
   346		 * Take the lock as a writer since we are potentially going to add
   347		 * a new entry + read locks are not "upgradable"
   348		 */
   349		down_write(&ids->rwsem);
   350		ipcp = ipc_findkey(ids, params->key);
   351		if (ipcp == NULL) {
   352			/* key not used */
   353			if (!(flg & IPC_CREAT))
   354				err = -ENOENT;
   355			else
   356				err = ops->getnew(ns, params);
   357		} else {
   358			/* ipc object has been locked by ipc_findkey() */
   359	
   360			if (flg & IPC_CREAT && flg & IPC_EXCL)
   361				err = -EEXIST;
   362			else {
   363				err = 0;
   364				if (ops->more_checks)
   365					err = ops->more_checks(ipcp, params);
   366				if (!err)
   367					/*
   368					 * ipc_check_perms returns the IPC id on
   369					 * success
   370					 */
   371					err = ipc_check_perms(ns, ipcp, ops, params);
   372			}
   373			ipc_unlock(ipcp);
   374		}
   375		up_write(&ids->rwsem);
   376	
   377		return err;
   378	}
   379	
   380	
   381	/**
   382	 * ipc_rmid - remove an ipc identifier
   383	 * @ids: ipc identifier set
   384	 * @ipcp: ipc perm structure containing the identifier to remove
   385	 *
   386	 * ipc_ids.rwsem (as a writer) and the spinlock for this ID are held
   387	 * before this function is called, and remain locked on the exit.
   388	 */
   389	void ipc_rmid(struct ipc_ids *ids, struct kern_ipc_perm *ipcp)
   390	{
   391		int lid = ipcid_to_idx(ipcp->id);
   392	
   393		idr_remove(&ids->ipcs_idr, lid);
   394		ids->in_use--;
   395		ipcp->deleted = true;
   396	}
   397	
   398	int ipc_rcu_getref(struct kern_ipc_perm *ptr)
   399	{
 > 400		return refcount_inc_not_zero(&ptr->refcount);
   401	}
   402	
   403	void ipc_rcu_putref(struct kern_ipc_perm *ptr,
   404				void (*func)(struct rcu_head *head))
   405	{
 > 406		if (!refcount_dec_and_test(&ptr->refcount))
   407			return;
   408	
   409		call_rcu(&ptr->rcu, func);

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

Download attachment ".config.gz" of type "application/gzip" (11266 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ