[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <201809111843.9NgAUN89%fengguang.wu@intel.com>
Date: Tue, 11 Sep 2018 18:25:51 +0800
From: kbuild test robot <lkp@...el.com>
To: Tycho Andersen <tycho@...ho.ws>
Cc: kbuild-all@...org, Kees Cook <keescook@...omium.org>,
linux-kernel@...r.kernel.org,
containers@...ts.linux-foundation.org, linux-api@...r.kernel.org,
Andy Lutomirski <luto@...capital.net>,
Oleg Nesterov <oleg@...hat.com>,
"Eric W . Biederman" <ebiederm@...ssion.com>,
"Serge E . Hallyn" <serge@...lyn.com>,
Christian Brauner <christian.brauner@...ntu.com>,
Tyler Hicks <tyhicks@...onical.com>,
Akihiro Suda <suda.akihiro@....ntt.co.jp>,
Jann Horn <jannh@...gle.com>, Tycho Andersen <tycho@...ho.ws>
Subject: Re: [PATCH v6 2/5] seccomp: make get_nth_filter available outside of
CHECKPOINT_RESTORE
Hi Tycho,
I love your patch! Yet something to improve:
[auto build test ERROR on linus/master]
[also build test ERROR on v4.19-rc3]
[cannot apply to next-20180910]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Tycho-Andersen/seccomp-trap-to-userspace/20180907-130604
config: sparc64-allyesconfig (attached as .config)
compiler: sparc64-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
GCC_VERSION=7.2.0 make.cross ARCH=sparc64
All errors (new ones prefixed by >>):
kernel/seccomp.c: In function 'get_nth_filter':
>> kernel/seccomp.c:1211:2: error: implicit declaration of function '__get_seccomp_filter'; did you mean 'get_seccomp_filter'? [-Werror=implicit-function-declaration]
__get_seccomp_filter(orig);
^~~~~~~~~~~~~~~~~~~~
get_seccomp_filter
>> kernel/seccomp.c:1215:45: error: dereferencing pointer to incomplete type 'struct seccomp_filter'
for (filter = orig; filter; filter = filter->prev)
^~
>> kernel/seccomp.c:1235:2: error: implicit declaration of function '__put_seccomp_filter'; did you mean 'put_seccomp_filter'? [-Werror=implicit-function-declaration]
__put_seccomp_filter(orig);
^~~~~~~~~~~~~~~~~~~~
put_seccomp_filter
kernel/seccomp.c: At top level:
>> kernel/seccomp.c:1240:6: error: redefinition of 'seccomp_get_filter'
long seccomp_get_filter(struct task_struct *task, unsigned long filter_off,
^~~~~~~~~~~~~~~~~~
In file included from include/linux/sched.h:21:0,
from include/linux/audit.h:26,
from kernel/seccomp.c:18:
include/linux/seccomp.h:103:20: note: previous definition of 'seccomp_get_filter' was here
static inline long seccomp_get_filter(struct task_struct *task,
^~~~~~~~~~~~~~~~~~
kernel/seccomp.c: In function 'seccomp_get_filter':
>> kernel/seccomp.c:1266:13: error: dereferencing pointer to incomplete type 'struct sock_fprog_kern'
ret = fprog->len;
^~
>> kernel/seccomp.c:1270:40: error: implicit declaration of function 'bpf_classic_proglen' [-Werror=implicit-function-declaration]
if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog)))
^~~~~~~~~~~~~~~~~~~
kernel/seccomp.c: At top level:
>> kernel/seccomp.c:1278:6: error: redefinition of 'seccomp_get_metadata'
long seccomp_get_metadata(struct task_struct *task,
^~~~~~~~~~~~~~~~~~~~
In file included from include/linux/sched.h:21:0,
from include/linux/audit.h:26,
from kernel/seccomp.c:18:
include/linux/seccomp.h:108:20: note: previous definition of 'seccomp_get_metadata' was here
static inline long seccomp_get_metadata(struct task_struct *task,
^~~~~~~~~~~~~~~~~~~~
kernel/seccomp.c:1791:21: warning: 'init_listener' defined but not used [-Wunused-function]
static struct file *init_listener(struct task_struct *task,
^~~~~~~~~~~~~
cc1: some warnings being treated as errors
vim +1211 kernel/seccomp.c
f8e529ed Tycho Andersen 2015-10-27 1190
4f037b54 Tycho Andersen 2018-09-06 1191 #if defined(CONFIG_CHECKPOINT_RESTORE) || \
4f037b54 Tycho Andersen 2018-09-06 1192 defined(CONFIG_SECCOMP_USER_NOTIFICATION)
f06eae83 Tycho Andersen 2017-10-11 1193 static struct seccomp_filter *get_nth_filter(struct task_struct *task,
f06eae83 Tycho Andersen 2017-10-11 1194 unsigned long filter_off)
f8e529ed Tycho Andersen 2015-10-27 1195 {
f06eae83 Tycho Andersen 2017-10-11 1196 struct seccomp_filter *orig, *filter;
f06eae83 Tycho Andersen 2017-10-11 1197 unsigned long count;
f8e529ed Tycho Andersen 2015-10-27 1198
f06eae83 Tycho Andersen 2017-10-11 1199 /*
f06eae83 Tycho Andersen 2017-10-11 1200 * Note: this is only correct because the caller should be the (ptrace)
f06eae83 Tycho Andersen 2017-10-11 1201 * tracer of the task, otherwise lock_task_sighand is needed.
f06eae83 Tycho Andersen 2017-10-11 1202 */
f8e529ed Tycho Andersen 2015-10-27 1203 spin_lock_irq(&task->sighand->siglock);
f06eae83 Tycho Andersen 2017-10-11 1204
f8e529ed Tycho Andersen 2015-10-27 1205 if (task->seccomp.mode != SECCOMP_MODE_FILTER) {
f06eae83 Tycho Andersen 2017-10-11 1206 spin_unlock_irq(&task->sighand->siglock);
f06eae83 Tycho Andersen 2017-10-11 1207 return ERR_PTR(-EINVAL);
f8e529ed Tycho Andersen 2015-10-27 1208 }
f8e529ed Tycho Andersen 2015-10-27 1209
f06eae83 Tycho Andersen 2017-10-11 1210 orig = task->seccomp.filter;
f06eae83 Tycho Andersen 2017-10-11 @1211 __get_seccomp_filter(orig);
f06eae83 Tycho Andersen 2017-10-11 1212 spin_unlock_irq(&task->sighand->siglock);
f06eae83 Tycho Andersen 2017-10-11 1213
f06eae83 Tycho Andersen 2017-10-11 1214 count = 0;
f06eae83 Tycho Andersen 2017-10-11 @1215 for (filter = orig; filter; filter = filter->prev)
f8e529ed Tycho Andersen 2015-10-27 1216 count++;
f8e529ed Tycho Andersen 2015-10-27 1217
f8e529ed Tycho Andersen 2015-10-27 1218 if (filter_off >= count) {
f06eae83 Tycho Andersen 2017-10-11 1219 filter = ERR_PTR(-ENOENT);
f8e529ed Tycho Andersen 2015-10-27 1220 goto out;
f8e529ed Tycho Andersen 2015-10-27 1221 }
f8e529ed Tycho Andersen 2015-10-27 1222
f06eae83 Tycho Andersen 2017-10-11 1223 count -= filter_off;
f06eae83 Tycho Andersen 2017-10-11 1224 for (filter = orig; filter && count > 1; filter = filter->prev)
f8e529ed Tycho Andersen 2015-10-27 1225 count--;
f8e529ed Tycho Andersen 2015-10-27 1226
f8e529ed Tycho Andersen 2015-10-27 1227 if (WARN_ON(count != 1 || !filter)) {
f06eae83 Tycho Andersen 2017-10-11 1228 filter = ERR_PTR(-ENOENT);
f8e529ed Tycho Andersen 2015-10-27 1229 goto out;
f8e529ed Tycho Andersen 2015-10-27 1230 }
f8e529ed Tycho Andersen 2015-10-27 1231
f06eae83 Tycho Andersen 2017-10-11 1232 __get_seccomp_filter(filter);
f06eae83 Tycho Andersen 2017-10-11 1233
f06eae83 Tycho Andersen 2017-10-11 1234 out:
f06eae83 Tycho Andersen 2017-10-11 @1235 __put_seccomp_filter(orig);
f06eae83 Tycho Andersen 2017-10-11 1236 return filter;
f06eae83 Tycho Andersen 2017-10-11 1237 }
f06eae83 Tycho Andersen 2017-10-11 1238
4f037b54 Tycho Andersen 2018-09-06 1239 #if defined(CONFIG_CHECKPOINT_RESTORE)
f06eae83 Tycho Andersen 2017-10-11 @1240 long seccomp_get_filter(struct task_struct *task, unsigned long filter_off,
f06eae83 Tycho Andersen 2017-10-11 1241 void __user *data)
f06eae83 Tycho Andersen 2017-10-11 1242 {
f06eae83 Tycho Andersen 2017-10-11 1243 struct seccomp_filter *filter;
f06eae83 Tycho Andersen 2017-10-11 1244 struct sock_fprog_kern *fprog;
f06eae83 Tycho Andersen 2017-10-11 1245 long ret;
f06eae83 Tycho Andersen 2017-10-11 1246
f06eae83 Tycho Andersen 2017-10-11 1247 if (!capable(CAP_SYS_ADMIN) ||
f06eae83 Tycho Andersen 2017-10-11 1248 current->seccomp.mode != SECCOMP_MODE_DISABLED) {
f06eae83 Tycho Andersen 2017-10-11 1249 return -EACCES;
f06eae83 Tycho Andersen 2017-10-11 1250 }
f06eae83 Tycho Andersen 2017-10-11 1251
f06eae83 Tycho Andersen 2017-10-11 1252 filter = get_nth_filter(task, filter_off);
f06eae83 Tycho Andersen 2017-10-11 1253 if (IS_ERR(filter))
f06eae83 Tycho Andersen 2017-10-11 1254 return PTR_ERR(filter);
f06eae83 Tycho Andersen 2017-10-11 1255
f8e529ed Tycho Andersen 2015-10-27 1256 fprog = filter->prog->orig_prog;
f8e529ed Tycho Andersen 2015-10-27 1257 if (!fprog) {
470bf1f2 Mickaël Salaün 2016-03-24 1258 /* This must be a new non-cBPF filter, since we save
f8e529ed Tycho Andersen 2015-10-27 1259 * every cBPF filter's orig_prog above when
f8e529ed Tycho Andersen 2015-10-27 1260 * CONFIG_CHECKPOINT_RESTORE is enabled.
f8e529ed Tycho Andersen 2015-10-27 1261 */
f8e529ed Tycho Andersen 2015-10-27 1262 ret = -EMEDIUMTYPE;
f8e529ed Tycho Andersen 2015-10-27 1263 goto out;
f8e529ed Tycho Andersen 2015-10-27 1264 }
f8e529ed Tycho Andersen 2015-10-27 1265
f8e529ed Tycho Andersen 2015-10-27 @1266 ret = fprog->len;
f8e529ed Tycho Andersen 2015-10-27 1267 if (!data)
f8e529ed Tycho Andersen 2015-10-27 1268 goto out;
f8e529ed Tycho Andersen 2015-10-27 1269
f8e529ed Tycho Andersen 2015-10-27 @1270 if (copy_to_user(data, fprog->filter, bpf_classic_proglen(fprog)))
f8e529ed Tycho Andersen 2015-10-27 1271 ret = -EFAULT;
f8e529ed Tycho Andersen 2015-10-27 1272
f8e529ed Tycho Andersen 2015-10-27 1273 out:
66a733ea Oleg Nesterov 2017-09-27 1274 __put_seccomp_filter(filter);
f8e529ed Tycho Andersen 2015-10-27 1275 return ret;
f8e529ed Tycho Andersen 2015-10-27 1276 }
f8e529ed Tycho Andersen 2015-10-27 1277
26500475 Tycho Andersen 2017-10-11 @1278 long seccomp_get_metadata(struct task_struct *task,
26500475 Tycho Andersen 2017-10-11 1279 unsigned long size, void __user *data)
26500475 Tycho Andersen 2017-10-11 1280 {
26500475 Tycho Andersen 2017-10-11 1281 long ret;
26500475 Tycho Andersen 2017-10-11 1282 struct seccomp_filter *filter;
26500475 Tycho Andersen 2017-10-11 1283 struct seccomp_metadata kmd = {};
26500475 Tycho Andersen 2017-10-11 1284
26500475 Tycho Andersen 2017-10-11 1285 if (!capable(CAP_SYS_ADMIN) ||
26500475 Tycho Andersen 2017-10-11 1286 current->seccomp.mode != SECCOMP_MODE_DISABLED) {
26500475 Tycho Andersen 2017-10-11 1287 return -EACCES;
26500475 Tycho Andersen 2017-10-11 1288 }
26500475 Tycho Andersen 2017-10-11 1289
26500475 Tycho Andersen 2017-10-11 1290 size = min_t(unsigned long, size, sizeof(kmd));
26500475 Tycho Andersen 2017-10-11 1291
63bb0045 Tycho Andersen 2018-02-20 1292 if (size < sizeof(kmd.filter_off))
63bb0045 Tycho Andersen 2018-02-20 1293 return -EINVAL;
63bb0045 Tycho Andersen 2018-02-20 1294
63bb0045 Tycho Andersen 2018-02-20 1295 if (copy_from_user(&kmd.filter_off, data, sizeof(kmd.filter_off)))
26500475 Tycho Andersen 2017-10-11 1296 return -EFAULT;
26500475 Tycho Andersen 2017-10-11 1297
26500475 Tycho Andersen 2017-10-11 1298 filter = get_nth_filter(task, kmd.filter_off);
26500475 Tycho Andersen 2017-10-11 1299 if (IS_ERR(filter))
26500475 Tycho Andersen 2017-10-11 1300 return PTR_ERR(filter);
26500475 Tycho Andersen 2017-10-11 1301
26500475 Tycho Andersen 2017-10-11 1302 if (filter->log)
26500475 Tycho Andersen 2017-10-11 1303 kmd.flags |= SECCOMP_FILTER_FLAG_LOG;
26500475 Tycho Andersen 2017-10-11 1304
26500475 Tycho Andersen 2017-10-11 1305 ret = size;
26500475 Tycho Andersen 2017-10-11 1306 if (copy_to_user(data, &kmd, size))
26500475 Tycho Andersen 2017-10-11 1307 ret = -EFAULT;
26500475 Tycho Andersen 2017-10-11 1308
26500475 Tycho Andersen 2017-10-11 1309 __put_seccomp_filter(filter);
f8e529ed Tycho Andersen 2015-10-27 1310 return ret;
f8e529ed Tycho Andersen 2015-10-27 1311 }
4f037b54 Tycho Andersen 2018-09-06 1312 #endif /* CONFIG_CHECKPOINT_RESTORE */
4f037b54 Tycho Andersen 2018-09-06 1313 #endif /* CONFIG_SECCOMP_FILTER */
8e5f1ad1 Tyler Hicks 2017-08-11 1314
:::::: The code at line 1211 was first introduced by commit
:::::: f06eae831f0c1fc5b982ea200daf552810e1dd55 seccomp: hoist out filter resolving logic
:::::: TO: Tycho Andersen <tycho@...ker.com>
:::::: CC: Kees Cook <keescook@...omium.org>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
Download attachment ".config.gz" of type "application/gzip" (55342 bytes)
Powered by blists - more mailing lists