| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202008110401.7p08JA2g%lkp@intel.com>
Date: Tue, 11 Aug 2020 04:46:07 +0800
From: kernel test robot <lkp@...el.com>
To: Luc Van Oostenryck <luc.vanoostenryck@...il.com>
Cc: kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org
Subject: fs/notify/fanotify/fanotify_user.c:296:24: sparse: sparse: incorrect
type in argument 1 (different address spaces)
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: fc80c51fd4b23ec007e88d4c688f2cac1b8648e7
commit: 670d0a4b10704667765f7d18f7592993d02783aa sparse: use identifiers to define address spaces
date: 8 weeks ago
config: m68k-randconfig-s031-20200811 (attached as .config)
compiler: m68k-linux-gcc (GCC) 9.3.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# apt-get install sparse
# sparse version: v0.6.2-141-g19506bc2-dirty
git checkout 670d0a4b10704667765f7d18f7592993d02783aa
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=m68k
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
sparse warnings: (new ones prefixed by >>)
fs/notify/fanotify/fanotify_user.c:135:63: sparse: sparse: restricted fmode_t degrades to integer
>> fs/notify/fanotify/fanotify_user.c:296:24: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected void *to @@ got char [noderef] __user *[assigned] buf @@
fs/notify/fanotify/fanotify_user.c:296:24: sparse: expected void *to
fs/notify/fanotify/fanotify_user.c:296:24: sparse: got char [noderef] __user *[assigned] buf
fs/notify/fanotify/fanotify_user.c:877:28: sparse: sparse: restricted fmode_t degrades to integer
vim +296 fs/notify/fanotify/fanotify_user.c
b2d879096ac7997 Eric Paris 2009-12-17 219
44d705b0370b1d5 Amir Goldstein 2020-03-19 220 static int copy_info_to_user(__kernel_fsid_t *fsid, struct fanotify_fh *fh,
44d705b0370b1d5 Amir Goldstein 2020-03-19 221 const char *name, size_t name_len,
44d705b0370b1d5 Amir Goldstein 2020-03-19 222 char __user *buf, size_t count)
5e469c830fdb5a1 Amir Goldstein 2019-01-10 223 {
5e469c830fdb5a1 Amir Goldstein 2019-01-10 224 struct fanotify_event_info_fid info = { };
5e469c830fdb5a1 Amir Goldstein 2019-01-10 225 struct file_handle handle = { };
afc894c784c84cb Jan Kara 2020-03-24 226 unsigned char bounce[FANOTIFY_INLINE_FH_LEN], *fh_buf;
cacfb956d46edc5 Amir Goldstein 2020-03-19 227 size_t fh_len = fh ? fh->len : 0;
44d705b0370b1d5 Amir Goldstein 2020-03-19 228 size_t info_len = fanotify_fid_info_len(fh_len, name_len);
44d705b0370b1d5 Amir Goldstein 2020-03-19 229 size_t len = info_len;
5e469c830fdb5a1 Amir Goldstein 2019-01-10 230
44d705b0370b1d5 Amir Goldstein 2020-03-19 231 pr_debug("%s: fh_len=%zu name_len=%zu, info_len=%zu, count=%zu\n",
44d705b0370b1d5 Amir Goldstein 2020-03-19 232 __func__, fh_len, name_len, info_len, count);
44d705b0370b1d5 Amir Goldstein 2020-03-19 233
44d705b0370b1d5 Amir Goldstein 2020-03-19 234 if (!fh_len || (name && !name_len))
5e469c830fdb5a1 Amir Goldstein 2019-01-10 235 return 0;
5e469c830fdb5a1 Amir Goldstein 2019-01-10 236
44d705b0370b1d5 Amir Goldstein 2020-03-19 237 if (WARN_ON_ONCE(len < sizeof(info) || len > count))
5e469c830fdb5a1 Amir Goldstein 2019-01-10 238 return -EFAULT;
5e469c830fdb5a1 Amir Goldstein 2019-01-10 239
44d705b0370b1d5 Amir Goldstein 2020-03-19 240 /*
44d705b0370b1d5 Amir Goldstein 2020-03-19 241 * Copy event info fid header followed by variable sized file handle
44d705b0370b1d5 Amir Goldstein 2020-03-19 242 * and optionally followed by variable sized filename.
44d705b0370b1d5 Amir Goldstein 2020-03-19 243 */
44d705b0370b1d5 Amir Goldstein 2020-03-19 244 info.hdr.info_type = name_len ? FAN_EVENT_INFO_TYPE_DFID_NAME :
44d705b0370b1d5 Amir Goldstein 2020-03-19 245 FAN_EVENT_INFO_TYPE_FID;
5e469c830fdb5a1 Amir Goldstein 2019-01-10 246 info.hdr.len = len;
d766b553615ce67 Amir Goldstein 2020-03-19 247 info.fsid = *fsid;
5e469c830fdb5a1 Amir Goldstein 2019-01-10 248 if (copy_to_user(buf, &info, sizeof(info)))
5e469c830fdb5a1 Amir Goldstein 2019-01-10 249 return -EFAULT;
5e469c830fdb5a1 Amir Goldstein 2019-01-10 250
5e469c830fdb5a1 Amir Goldstein 2019-01-10 251 buf += sizeof(info);
5e469c830fdb5a1 Amir Goldstein 2019-01-10 252 len -= sizeof(info);
44d705b0370b1d5 Amir Goldstein 2020-03-19 253 if (WARN_ON_ONCE(len < sizeof(handle)))
44d705b0370b1d5 Amir Goldstein 2020-03-19 254 return -EFAULT;
44d705b0370b1d5 Amir Goldstein 2020-03-19 255
afc894c784c84cb Jan Kara 2020-03-24 256 handle.handle_type = fh->type;
5e469c830fdb5a1 Amir Goldstein 2019-01-10 257 handle.handle_bytes = fh_len;
5e469c830fdb5a1 Amir Goldstein 2019-01-10 258 if (copy_to_user(buf, &handle, sizeof(handle)))
5e469c830fdb5a1 Amir Goldstein 2019-01-10 259 return -EFAULT;
5e469c830fdb5a1 Amir Goldstein 2019-01-10 260
5e469c830fdb5a1 Amir Goldstein 2019-01-10 261 buf += sizeof(handle);
5e469c830fdb5a1 Amir Goldstein 2019-01-10 262 len -= sizeof(handle);
44d705b0370b1d5 Amir Goldstein 2020-03-19 263 if (WARN_ON_ONCE(len < fh_len))
44d705b0370b1d5 Amir Goldstein 2020-03-19 264 return -EFAULT;
44d705b0370b1d5 Amir Goldstein 2020-03-19 265
b2d22b6bb33aac1 Jan Kara 2019-03-12 266 /*
44d705b0370b1d5 Amir Goldstein 2020-03-19 267 * For an inline fh and inline file name, copy through stack to exclude
44d705b0370b1d5 Amir Goldstein 2020-03-19 268 * the copy from usercopy hardening protections.
b2d22b6bb33aac1 Jan Kara 2019-03-12 269 */
afc894c784c84cb Jan Kara 2020-03-24 270 fh_buf = fanotify_fh_buf(fh);
b2d22b6bb33aac1 Jan Kara 2019-03-12 271 if (fh_len <= FANOTIFY_INLINE_FH_LEN) {
afc894c784c84cb Jan Kara 2020-03-24 272 memcpy(bounce, fh_buf, fh_len);
afc894c784c84cb Jan Kara 2020-03-24 273 fh_buf = bounce;
b2d22b6bb33aac1 Jan Kara 2019-03-12 274 }
afc894c784c84cb Jan Kara 2020-03-24 275 if (copy_to_user(buf, fh_buf, fh_len))
5e469c830fdb5a1 Amir Goldstein 2019-01-10 276 return -EFAULT;
5e469c830fdb5a1 Amir Goldstein 2019-01-10 277
5e469c830fdb5a1 Amir Goldstein 2019-01-10 278 buf += fh_len;
5e469c830fdb5a1 Amir Goldstein 2019-01-10 279 len -= fh_len;
44d705b0370b1d5 Amir Goldstein 2020-03-19 280
44d705b0370b1d5 Amir Goldstein 2020-03-19 281 if (name_len) {
44d705b0370b1d5 Amir Goldstein 2020-03-19 282 /* Copy the filename with terminating null */
44d705b0370b1d5 Amir Goldstein 2020-03-19 283 name_len++;
44d705b0370b1d5 Amir Goldstein 2020-03-19 284 if (WARN_ON_ONCE(len < name_len))
44d705b0370b1d5 Amir Goldstein 2020-03-19 285 return -EFAULT;
44d705b0370b1d5 Amir Goldstein 2020-03-19 286
44d705b0370b1d5 Amir Goldstein 2020-03-19 287 if (copy_to_user(buf, name, name_len))
44d705b0370b1d5 Amir Goldstein 2020-03-19 288 return -EFAULT;
44d705b0370b1d5 Amir Goldstein 2020-03-19 289
44d705b0370b1d5 Amir Goldstein 2020-03-19 290 buf += name_len;
44d705b0370b1d5 Amir Goldstein 2020-03-19 291 len -= name_len;
44d705b0370b1d5 Amir Goldstein 2020-03-19 292 }
44d705b0370b1d5 Amir Goldstein 2020-03-19 293
44d705b0370b1d5 Amir Goldstein 2020-03-19 294 /* Pad with 0's */
5e469c830fdb5a1 Amir Goldstein 2019-01-10 295 WARN_ON_ONCE(len < 0 || len >= FANOTIFY_EVENT_ALIGN);
5e469c830fdb5a1 Amir Goldstein 2019-01-10 @296 if (len > 0 && clear_user(buf, len))
5e469c830fdb5a1 Amir Goldstein 2019-01-10 297 return -EFAULT;
5e469c830fdb5a1 Amir Goldstein 2019-01-10 298
44d705b0370b1d5 Amir Goldstein 2020-03-19 299 return info_len;
5e469c830fdb5a1 Amir Goldstein 2019-01-10 300 }
5e469c830fdb5a1 Amir Goldstein 2019-01-10 301
:::::: The code at line 296 was first introduced by commit
:::::: 5e469c830fdb5a1ebaa69b375b87f583326fd296 fanotify: copy event fid info to user
:::::: TO: Amir Goldstein <amir73il@...il.com>
:::::: CC: Jan Kara <jack@...e.cz>
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (21433 bytes)
Powered by blists - more mailing lists