lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <ADDB187A-B65D-400D-9FFE-6808863D7903@oracle.com>
Date:   Wed, 23 Sep 2020 11:43:45 -0400
From:   Chuck Lever <chuck.lever@...cle.com>
To:     kernel test robot <lkp@...el.com>
Cc:     Frank van der Linden <fllinden@...zon.com>,
        kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org
Subject: Re: fs/nfsd/nfs4xdr.c:4683:24: sparse: sparse: incorrect type in
 return expression (different base types)



> On Sep 23, 2020, at 11:42 AM, kernel test robot <lkp@...el.com> wrote:
> 
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> head:   805c6d3c19210c90c109107d189744e960eae025
> commit: 23e50fe3a5e6045a573c69d4b0e3d78aa6183323 nfsd: implement the xattr functions and en/decode logic
> date:   2 months ago
> config: m68k-randconfig-s032-20200923 (attached as .config)
> compiler: m68k-linux-gcc (GCC) 9.3.0
> reproduce:
>        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
>        chmod +x ~/bin/make.cross
>        # apt-get install sparse
>        # sparse version: v0.6.2-201-g24bdaac6-dirty
>        git checkout 23e50fe3a5e6045a573c69d4b0e3d78aa6183323
>        # save the attached .config to linux build tree
>        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=m68k 
> 
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@...el.com>

I believe both of these robot reports are addressed by
patches I have sent to Bruce for v5.10.


> sparse warnings: (new ones prefixed by >>)
> 
>   fs/nfsd/nfs4xdr.c:1860:16: sparse: sparse: incorrect type in assignment (different base types) @@     expected int status @@     got restricted __be32 @@
>   fs/nfsd/nfs4xdr.c:1860:16: sparse:     expected int status
>   fs/nfsd/nfs4xdr.c:1860:16: sparse:     got restricted __be32
>   fs/nfsd/nfs4xdr.c:1862:24: sparse: sparse: incorrect type in return expression (different base types) @@     expected restricted __be32 @@     got int status @@
>   fs/nfsd/nfs4xdr.c:1862:24: sparse:     expected restricted __be32
>   fs/nfsd/nfs4xdr.c:1862:24: sparse:     got int status
>>> fs/nfsd/nfs4xdr.c:4683:24: sparse: sparse: incorrect type in return expression (different base types) @@     expected int @@     got restricted __be32 [usertype] @@
>>> fs/nfsd/nfs4xdr.c:4683:24: sparse:     expected int
>>> fs/nfsd/nfs4xdr.c:4683:24: sparse:     got restricted __be32 [usertype]
>   fs/nfsd/nfs4xdr.c:4693:32: sparse: sparse: incorrect type in return expression (different base types) @@     expected int @@     got restricted __be32 [usertype] @@
>   fs/nfsd/nfs4xdr.c:4693:32: sparse:     expected int
>   fs/nfsd/nfs4xdr.c:4693:32: sparse:     got restricted __be32 [usertype]
>>> fs/nfsd/nfs4xdr.c:4730:13: sparse: sparse: incorrect type in assignment (different base types) @@     expected restricted __be32 [usertype] err @@     got int @@
>>> fs/nfsd/nfs4xdr.c:4730:13: sparse:     expected restricted __be32 [usertype] err
>>> fs/nfsd/nfs4xdr.c:4730:13: sparse:     got int
>>> fs/nfsd/nfs4xdr.c:4882:15: sparse: sparse: incorrect type in assignment (different base types) @@     expected unsigned int [assigned] [usertype] count @@     got restricted __be32 [usertype] @@
>>> fs/nfsd/nfs4xdr.c:4882:15: sparse:     expected unsigned int [assigned] [usertype] count
>   fs/nfsd/nfs4xdr.c:4882:15: sparse:     got restricted __be32 [usertype]
> 
> # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=23e50fe3a5e6045a573c69d4b0e3d78aa6183323
> git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
> git fetch --no-tags linus master
> git checkout 23e50fe3a5e6045a573c69d4b0e3d78aa6183323
> vim +4683 fs/nfsd/nfs4xdr.c
> 
>  4669	
>  4670	/*
>  4671	 * Encode kmalloc-ed buffer in to XDR stream.
>  4672	 */
>  4673	static int
>  4674	nfsd4_vbuf_to_stream(struct xdr_stream *xdr, char *buf, u32 buflen)
>  4675	{
>  4676		u32 cplen;
>  4677		__be32 *p;
>  4678	
>  4679		cplen = min_t(unsigned long, buflen,
>  4680			      ((void *)xdr->end - (void *)xdr->p));
>  4681		p = xdr_reserve_space(xdr, cplen);
>  4682		if (!p)
>> 4683			return nfserr_resource;
>  4684	
>  4685		memcpy(p, buf, cplen);
>  4686		buf += cplen;
>  4687		buflen -= cplen;
>  4688	
>  4689		while (buflen) {
>  4690			cplen = min_t(u32, buflen, PAGE_SIZE);
>  4691			p = xdr_reserve_space(xdr, cplen);
>  4692			if (!p)
>  4693				return nfserr_resource;
>  4694	
>  4695			memcpy(p, buf, cplen);
>  4696	
>  4697			if (cplen < PAGE_SIZE) {
>  4698				/*
>  4699				 * We're done, with a length that wasn't page
>  4700				 * aligned, so possibly not word aligned. Pad
>  4701				 * any trailing bytes with 0.
>  4702				 */
>  4703				xdr_encode_opaque_fixed(p, NULL, cplen);
>  4704				break;
>  4705			}
>  4706	
>  4707			buflen -= PAGE_SIZE;
>  4708			buf += PAGE_SIZE;
>  4709		}
>  4710	
>  4711		return 0;
>  4712	}
>  4713	
>  4714	static __be32
>  4715	nfsd4_encode_getxattr(struct nfsd4_compoundres *resp, __be32 nfserr,
>  4716			      struct nfsd4_getxattr *getxattr)
>  4717	{
>  4718		struct xdr_stream *xdr = &resp->xdr;
>  4719		__be32 *p, err;
>  4720	
>  4721		p = xdr_reserve_space(xdr, 4);
>  4722		if (!p)
>  4723			return nfserr_resource;
>  4724	
>  4725		*p = cpu_to_be32(getxattr->getxa_len);
>  4726	
>  4727		if (getxattr->getxa_len == 0)
>  4728			return 0;
>  4729	
>> 4730		err = nfsd4_vbuf_to_stream(xdr, getxattr->getxa_buf,
>  4731					    getxattr->getxa_len);
>  4732	
>  4733		kvfree(getxattr->getxa_buf);
>  4734	
>  4735		return err;
>  4736	}
>  4737	
>  4738	static __be32
>  4739	nfsd4_encode_setxattr(struct nfsd4_compoundres *resp, __be32 nfserr,
>  4740			      struct nfsd4_setxattr *setxattr)
>  4741	{
>  4742		struct xdr_stream *xdr = &resp->xdr;
>  4743		__be32 *p;
>  4744	
>  4745		p = xdr_reserve_space(xdr, 20);
>  4746		if (!p)
>  4747			return nfserr_resource;
>  4748	
>  4749		encode_cinfo(p, &setxattr->setxa_cinfo);
>  4750	
>  4751		return 0;
>  4752	}
>  4753	
>  4754	/*
>  4755	 * See if there are cookie values that can be rejected outright.
>  4756	 */
>  4757	static __be32
>  4758	nfsd4_listxattr_validate_cookie(struct nfsd4_listxattrs *listxattrs,
>  4759					u32 *offsetp)
>  4760	{
>  4761		u64 cookie = listxattrs->lsxa_cookie;
>  4762	
>  4763		/*
>  4764		 * If the cookie is larger than the maximum number we can fit
>  4765		 * in either the buffer we just got back from vfs_listxattr, or,
>  4766		 * XDR-encoded, in the return buffer, it's invalid.
>  4767		 */
>  4768		if (cookie > (listxattrs->lsxa_len) / (XATTR_USER_PREFIX_LEN + 2))
>  4769			return nfserr_badcookie;
>  4770	
>  4771		if (cookie > (listxattrs->lsxa_maxcount /
>  4772			      (XDR_QUADLEN(XATTR_USER_PREFIX_LEN + 2) + 4)))
>  4773			return nfserr_badcookie;
>  4774	
>  4775		*offsetp = (u32)cookie;
>  4776		return 0;
>  4777	}
>  4778	
>  4779	static __be32
>  4780	nfsd4_encode_listxattrs(struct nfsd4_compoundres *resp, __be32 nfserr,
>  4781				struct nfsd4_listxattrs *listxattrs)
>  4782	{
>  4783		struct xdr_stream *xdr = &resp->xdr;
>  4784		u32 cookie_offset, count_offset, eof;
>  4785		u32 left, xdrleft, slen, count;
>  4786		u32 xdrlen, offset;
>  4787		u64 cookie;
>  4788		char *sp;
>  4789		__be32 status;
>  4790		__be32 *p;
>  4791		u32 nuser;
>  4792	
>  4793		eof = 1;
>  4794	
>  4795		status = nfsd4_listxattr_validate_cookie(listxattrs, &offset);
>  4796		if (status)
>  4797			goto out;
>  4798	
>  4799		/*
>  4800		 * Reserve space for the cookie and the name array count. Record
>  4801		 * the offsets to save them later.
>  4802		 */
>  4803		cookie_offset = xdr->buf->len;
>  4804		count_offset = cookie_offset + 8;
>  4805		p = xdr_reserve_space(xdr, 12);
>  4806		if (!p) {
>  4807			status = nfserr_resource;
>  4808			goto out;
>  4809		}
>  4810	
>  4811		count = 0;
>  4812		left = listxattrs->lsxa_len;
>  4813		sp = listxattrs->lsxa_buf;
>  4814		nuser = 0;
>  4815	
>  4816		xdrleft = listxattrs->lsxa_maxcount;
>  4817	
>  4818		while (left > 0 && xdrleft > 0) {
>  4819			slen = strlen(sp);
>  4820	
>  4821			/*
>  4822			 * Check if this a user. attribute, skip it if not.
>  4823			 */
>  4824			if (strncmp(sp, XATTR_USER_PREFIX, XATTR_USER_PREFIX_LEN))
>  4825				goto contloop;
>  4826	
>  4827			slen -= XATTR_USER_PREFIX_LEN;
>  4828			xdrlen = 4 + ((slen + 3) & ~3);
>  4829			if (xdrlen > xdrleft) {
>  4830				if (count == 0) {
>  4831					/*
>  4832					 * Can't even fit the first attribute name.
>  4833					 */
>  4834					status = nfserr_toosmall;
>  4835					goto out;
>  4836				}
>  4837				eof = 0;
>  4838				goto wreof;
>  4839			}
>  4840	
>  4841			left -= XATTR_USER_PREFIX_LEN;
>  4842			sp += XATTR_USER_PREFIX_LEN;
>  4843			if (nuser++ < offset)
>  4844				goto contloop;
>  4845	
>  4846	
>  4847			p = xdr_reserve_space(xdr, xdrlen);
>  4848			if (!p) {
>  4849				status = nfserr_resource;
>  4850				goto out;
>  4851			}
>  4852	
>  4853			p = xdr_encode_opaque(p, sp, slen);
>  4854	
>  4855			xdrleft -= xdrlen;
>  4856			count++;
>  4857	contloop:
>  4858			sp += slen + 1;
>  4859			left -= slen + 1;
>  4860		}
>  4861	
>  4862		/*
>  4863		 * If there were user attributes to copy, but we didn't copy
>  4864		 * any, the offset was too large (e.g. the cookie was invalid).
>  4865		 */
>  4866		if (nuser > 0 && count == 0) {
>  4867			status = nfserr_badcookie;
>  4868			goto out;
>  4869		}
>  4870	
>  4871	wreof:
>  4872		p = xdr_reserve_space(xdr, 4);
>  4873		if (!p) {
>  4874			status = nfserr_resource;
>  4875			goto out;
>  4876		}
>  4877		*p = cpu_to_be32(eof);
>  4878	
>  4879		cookie = offset + count;
>  4880	
>  4881		write_bytes_to_xdr_buf(xdr->buf, cookie_offset, &cookie, 8);
>> 4882		count = htonl(count);
>  4883		write_bytes_to_xdr_buf(xdr->buf, count_offset, &count, 4);
>  4884	out:
>  4885		if (listxattrs->lsxa_len)
>  4886			kvfree(listxattrs->lsxa_buf);
>  4887		return status;
>  4888	}
>  4889	
> 
> ---
> 0-DAY CI Kernel Test Service, Intel Corporation
> https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
> <.config.gz>

--
Chuck Lever



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ