lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180628232119.5jaavhewv5nb6ufb@ltop.local>
Date:   Fri, 29 Jun 2018 01:21:20 +0200
From:   Luc Van Oostenryck <luc.vanoostenryck@...il.com>
To:     Catalin Marinas <catalin.marinas@....com>
Cc:     Mark Rutland <Mark.Rutland@....com>,
        Kate Stewart <kstewart@...uxfoundation.org>,
        "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>,
        Will Deacon <Will.Deacon@....com>,
        Kostya Serebryany <kcc@...gle.com>,
        "linux-kselftest@...r.kernel.org" <linux-kselftest@...r.kernel.org>,
        Chintan Pandya <cpandya@...eaurora.org>,
        Shuah Khan <shuah@...nel.org>, Ingo Molnar <mingo@...nel.org>,
        "linux-arch@...r.kernel.org" <linux-arch@...r.kernel.org>,
        Jacob Bramley <Jacob.Bramley@....com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Evgeniy Stepanov <eugenis@...gle.com>,
        Kees Cook <keescook@...omium.org>,
        Ruben Ayrapetyan <Ruben.Ayrapetyan@....com>,
        Andrey Konovalov <andreyknvl@...gle.com>,
        Lee Smith <Lee.Smith@....com>,
        Al Viro <viro@...iv.linux.org.uk>, nd <nd@....com>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        Linux Memory Management List <linux-mm@...ck.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Ramana Radhakrishnan <ramana.radhakrishnan@....com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Robin Murphy <Robin.Murphy@....com>,
        "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
        linux-sparse@...r.kernel.org
Subject: [PATCH] sparse: stricter warning for explicit cast to ulong

sparse issues a warning when user pointers are casted to integer
types except to unsigned longs which are explicitly allowed.
However it may happen that we would like to also be warned
on casts to unsigned long.

Fix this by adding a new warning flag: -Wcast-from-as (to mirrors
-Wcast-to-as) which extends -Waddress-space to all casts that
remove an address space attribute (without using __force).

References: https://lore.kernel.org/lkml/20180628102741.vk6vphfinlj3lvhv@armageddon.cambridge.arm.com/
Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@...il.com>
---

This patch is available in the Git repository at:
  git://github.com/lucvoo/sparse-dev.git warn-cast-from-as

----------------------------------------------------------------
Luc Van Oostenryck (1):
      stricter warning for explicit cast to ulong

 evaluate.c                         |  4 +--
 lib.c                              |  2 ++
 lib.h                              |  1 +
 sparse.1                           |  9 ++++++
 validation/Waddress-space-strict.c | 56 ++++++++++++++++++++++++++++++++++++++
 5 files changed, 70 insertions(+), 2 deletions(-)
 create mode 100644 validation/Waddress-space-strict.c

diff --git a/evaluate.c b/evaluate.c
index 194b97218..64e1067ce 100644
--- a/evaluate.c
+++ b/evaluate.c
@@ -2998,14 +2998,14 @@ static struct symbol *evaluate_cast(struct expression *expr)
 		}
 	}
 
-	if (ttype == &ulong_ctype)
+	if (ttype == &ulong_ctype && !Wcast_from_as)
 		tas = -1;
 	else if (tclass == TYPE_PTR) {
 		examine_pointer_target(ttype);
 		tas = ttype->ctype.as;
 	}
 
-	if (stype == &ulong_ctype)
+	if (stype == &ulong_ctype && !Wcast_from_as)
 		sas = -1;
 	else if (sclass == TYPE_PTR) {
 		examine_pointer_target(stype);
diff --git a/lib.c b/lib.c
index 308f8f699..0bb5232ab 100644
--- a/lib.c
+++ b/lib.c
@@ -248,6 +248,7 @@ static struct token *pre_buffer_end = NULL;
 int Waddress = 0;
 int Waddress_space = 1;
 int Wbitwise = 1;
+int Wcast_from_as = 0;
 int Wcast_to_as = 0;
 int Wcast_truncate = 1;
 int Wconstexpr_not_const = 0;
@@ -678,6 +679,7 @@ static const struct flag warnings[] = {
 	{ "address", &Waddress },
 	{ "address-space", &Waddress_space },
 	{ "bitwise", &Wbitwise },
+	{ "cast-from-as", &Wcast_from_as },
 	{ "cast-to-as", &Wcast_to_as },
 	{ "cast-truncate", &Wcast_truncate },
 	{ "constexpr-not-const", &Wconstexpr_not_const},
diff --git a/lib.h b/lib.h
index b0453bb6e..46e685421 100644
--- a/lib.h
+++ b/lib.h
@@ -137,6 +137,7 @@ extern int preprocess_only;
 extern int Waddress;
 extern int Waddress_space;
 extern int Wbitwise;
+extern int Wcast_from_as;
 extern int Wcast_to_as;
 extern int Wcast_truncate;
 extern int Wconstexpr_not_const;
diff --git a/sparse.1 b/sparse.1
index 806fb0cf0..62956f18b 100644
--- a/sparse.1
+++ b/sparse.1
@@ -77,6 +77,15 @@ Sparse issues these warnings by default.  To turn them off, use
 \fB\-Wno\-bitwise\fR.
 .
 .TP
+.B \-Wcast\-from\-as
+Warn about which remove an address space to a pointer type.
+
+This is similar to \fB\-Waddress\-space\fR but will also warn
+on casts to \fBunsigned long\fR.
+
+Sparse does not issues these warnings by default.
+.
+.TP
 .B \-Wcast\-to\-as
 Warn about casts which add an address space to a pointer type.
 
diff --git a/validation/Waddress-space-strict.c b/validation/Waddress-space-strict.c
new file mode 100644
index 000000000..ad23f74ae
--- /dev/null
+++ b/validation/Waddress-space-strict.c
@@ -0,0 +1,56 @@
+#define __user __attribute__((address_space(1)))
+
+typedef unsigned long ulong;
+typedef long long llong;
+typedef struct s obj_t;
+
+static void expl(int i, ulong u, llong l, void *v, obj_t *o, obj_t __user *p)
+{
+	(obj_t*)(i);
+	(obj_t __user*)(i);
+
+	(obj_t*)(u);
+	(obj_t __user*)(u);
+
+	(obj_t*)(l);
+	(obj_t __user*)(l);
+
+	(obj_t*)(v);
+	(obj_t __user*)(v);
+
+	(int)(o);
+	(ulong)(o);
+	(llong)(o);
+	(void *)(o);
+	(obj_t*)(o);
+	(obj_t __user*)(o);
+
+	(int)(p);		// w
+	(ulong)(p);		// w!
+	(llong)(p);		// w
+	(void *)(p);		// w
+	(obj_t*)(p);		// w
+	(obj_t __user*)(p);	// ok
+}
+
+/*
+ * check-name: Waddress-space-strict
+ * check-command: sparse -Wcast-from-as -Wcast-to-as $file
+ *
+ * check-error-start
+Waddress-space-strict.c:10:10: warning: cast adds address space to expression (<asn:1>)
+Waddress-space-strict.c:13:10: warning: cast adds address space to expression (<asn:1>)
+Waddress-space-strict.c:16:10: warning: cast adds address space to expression (<asn:1>)
+Waddress-space-strict.c:19:10: warning: cast adds address space to expression (<asn:1>)
+Waddress-space-strict.c:26:10: warning: cast adds address space to expression (<asn:1>)
+Waddress-space-strict.c:28:10: warning: cast removes address space of expression
+Waddress-space-strict.c:29:10: warning: cast removes address space of expression
+Waddress-space-strict.c:30:10: warning: cast removes address space of expression
+Waddress-space-strict.c:31:10: warning: cast removes address space of expression
+Waddress-space-strict.c:32:10: warning: cast removes address space of expression
+Waddress-space-strict.c:9:10: warning: non size-preserving integer to pointer cast
+Waddress-space-strict.c:10:10: warning: non size-preserving integer to pointer cast
+Waddress-space-strict.c:21:10: warning: non size-preserving pointer to integer cast
+Waddress-space-strict.c:28:10: warning: non size-preserving pointer to integer cast
+ * check-error-end
+ */
-- 
2.18.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ