lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 16 Dec 2020 20:07:50 +0800
From:   kernel test robot <lkp@...el.com>
To:     Jiri Slaby <jslaby@...e.cz>
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: drivers/tty/vt/keyboard.c:2037:13: sparse: sparse: incorrect type in
 initializer (different address spaces)

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   d01e7f10dae29eba0f9ada82b65d24e035d5b2f9
commit: 07edff9265204e15c9fc8d07cc69e38c4c484e15 vt: keyboard, reorder user buffer handling in vt_do_kdgkb_ioctl
date:   6 weeks ago
config: sh-randconfig-s032-20201216 (attached as .config)
compiler: sh4-linux-gcc (GCC) 9.3.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # apt-get install sparse
        # sparse version: v0.6.3-184-g1b896707-dirty
        # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=07edff9265204e15c9fc8d07cc69e38c4c484e15
        git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
        git fetch --no-tags linus master
        git checkout 07edff9265204e15c9fc8d07cc69e38c4c484e15
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=sh 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>


"sparse warnings: (new ones prefixed by >>)"
   drivers/tty/vt/keyboard.c:1745:21: sparse: sparse: incorrect type in initializer (different address spaces) @@     expected unsigned int const *__gu_addr @@     got unsigned int [noderef] __user * @@
   drivers/tty/vt/keyboard.c:1745:21: sparse:     expected unsigned int const *__gu_addr
   drivers/tty/vt/keyboard.c:1745:21: sparse:     got unsigned int [noderef] __user *
   drivers/tty/vt/keyboard.c:1745:21: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected void const volatile [noderef] __user *ptr @@     got unsigned int const *__gu_addr @@
   drivers/tty/vt/keyboard.c:1745:21: sparse:     expected void const volatile [noderef] __user *ptr
   drivers/tty/vt/keyboard.c:1745:21: sparse:     got unsigned int const *__gu_addr
   drivers/tty/vt/keyboard.c:1783:21: sparse: sparse: incorrect type in initializer (different address spaces) @@     expected unsigned int const *__gu_addr @@     got unsigned int [noderef] __user * @@
   drivers/tty/vt/keyboard.c:1783:21: sparse:     expected unsigned int const *__gu_addr
   drivers/tty/vt/keyboard.c:1783:21: sparse:     got unsigned int [noderef] __user *
   drivers/tty/vt/keyboard.c:1783:21: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected void const volatile [noderef] __user *ptr @@     got unsigned int const *__gu_addr @@
   drivers/tty/vt/keyboard.c:1783:21: sparse:     expected void const volatile [noderef] __user *ptr
   drivers/tty/vt/keyboard.c:1783:21: sparse:     got unsigned int const *__gu_addr
>> drivers/tty/vt/keyboard.c:2037:13: sparse: sparse: incorrect type in initializer (different address spaces) @@     expected unsigned char const *__gu_addr @@     got unsigned char [noderef] __user * @@
   drivers/tty/vt/keyboard.c:2037:13: sparse:     expected unsigned char const *__gu_addr
   drivers/tty/vt/keyboard.c:2037:13: sparse:     got unsigned char [noderef] __user *
>> drivers/tty/vt/keyboard.c:2037:13: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected void const volatile [noderef] __user *ptr @@     got unsigned char const *__gu_addr @@
   drivers/tty/vt/keyboard.c:2037:13: sparse:     expected void const volatile [noderef] __user *ptr
   drivers/tty/vt/keyboard.c:2037:13: sparse:     got unsigned char const *__gu_addr

vim +2037 drivers/tty/vt/keyboard.c

  2020	
  2021	/* FIXME: This one needs untangling */
  2022	int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm)
  2023	{
  2024		char *kbs;
  2025		u_char *q;
  2026		int sz, fnw_sz;
  2027		int delta;
  2028		char *first_free, *fj, *fnw;
  2029		int j, k;
  2030		int ret;
  2031		unsigned long flags;
  2032		unsigned char kb_func;
  2033	
  2034		if (!capable(CAP_SYS_TTY_CONFIG))
  2035			perm = 0;
  2036	
> 2037		if (get_user(kb_func, &user_kdgkb->kb_func))
  2038			return -EFAULT;
  2039	
  2040		kb_func = array_index_nospec(kb_func, MAX_NR_FUNC);
  2041	
  2042		switch (cmd) {
  2043		case KDGKBSENT: {
  2044			/* size should have been a struct member */
  2045			ssize_t len = sizeof(user_kdgkb->kb_string);
  2046	
  2047			kbs = kmalloc(len, GFP_KERNEL);
  2048			if (!kbs)
  2049				return -ENOMEM;
  2050	
  2051			spin_lock_irqsave(&func_buf_lock, flags);
  2052			len = strlcpy(kbs, func_table[kb_func] ? : "", len);
  2053			spin_unlock_irqrestore(&func_buf_lock, flags);
  2054	
  2055			ret = copy_to_user(user_kdgkb->kb_string, kbs, len + 1) ?
  2056				-EFAULT : 0;
  2057	
  2058			goto reterr;
  2059		}
  2060		case KDSKBSENT:
  2061			if (!perm)
  2062				return -EPERM;
  2063	
  2064			kbs = strndup_user(user_kdgkb->kb_string,
  2065					sizeof(user_kdgkb->kb_string));
  2066			if (IS_ERR(kbs))
  2067				return PTR_ERR(kbs);
  2068	
  2069			fnw = NULL;
  2070			fnw_sz = 0;
  2071			/* race aginst other writers */
  2072			again:
  2073			spin_lock_irqsave(&func_buf_lock, flags);
  2074			q = func_table[kb_func];
  2075	
  2076			/* fj pointer to next entry after 'q' */
  2077			first_free = funcbufptr + (funcbufsize - funcbufleft);
  2078			for (j = kb_func + 1; j < MAX_NR_FUNC && !func_table[j]; j++)
  2079				;
  2080			if (j < MAX_NR_FUNC)
  2081				fj = func_table[j];
  2082			else
  2083				fj = first_free;
  2084			/* buffer usage increase by new entry */
  2085			delta = (q ? -strlen(q) : 1) + strlen(kbs);
  2086	
  2087			if (delta <= funcbufleft) { 	/* it fits in current buf */
  2088			    if (j < MAX_NR_FUNC) {
  2089				/* make enough space for new entry at 'fj' */
  2090				memmove(fj + delta, fj, first_free - fj);
  2091				for (k = j; k < MAX_NR_FUNC; k++)
  2092				    if (func_table[k])
  2093					func_table[k] += delta;
  2094			    }
  2095			    if (!q)
  2096			      func_table[kb_func] = fj;
  2097			    funcbufleft -= delta;
  2098			} else {			/* allocate a larger buffer */
  2099			    sz = 256;
  2100			    while (sz < funcbufsize - funcbufleft + delta)
  2101			      sz <<= 1;
  2102			    if (fnw_sz != sz) {
  2103			      spin_unlock_irqrestore(&func_buf_lock, flags);
  2104			      kfree(fnw);
  2105			      fnw = kmalloc(sz, GFP_KERNEL);
  2106			      fnw_sz = sz;
  2107			      if (!fnw) {
  2108				ret = -ENOMEM;
  2109				goto reterr;
  2110			      }
  2111			      goto again;
  2112			    }
  2113	
  2114			    if (!q)
  2115			      func_table[kb_func] = fj;
  2116			    /* copy data before insertion point to new location */
  2117			    if (fj > funcbufptr)
  2118				memmove(fnw, funcbufptr, fj - funcbufptr);
  2119			    for (k = 0; k < j; k++)
  2120			      if (func_table[k])
  2121				func_table[k] = fnw + (func_table[k] - funcbufptr);
  2122	
  2123			    /* copy data after insertion point to new location */
  2124			    if (first_free > fj) {
  2125				memmove(fnw + (fj - funcbufptr) + delta, fj, first_free - fj);
  2126				for (k = j; k < MAX_NR_FUNC; k++)
  2127				  if (func_table[k])
  2128				    func_table[k] = fnw + (func_table[k] - funcbufptr) + delta;
  2129			    }
  2130			    if (funcbufptr != func_buf)
  2131			      kfree(funcbufptr);
  2132			    funcbufptr = fnw;
  2133			    funcbufleft = funcbufleft - delta + sz - funcbufsize;
  2134			    funcbufsize = sz;
  2135			}
  2136			/* finally insert item itself */
  2137			strcpy(func_table[kb_func], kbs);
  2138			spin_unlock_irqrestore(&func_buf_lock, flags);
  2139			break;
  2140		}
  2141		ret = 0;
  2142	reterr:
  2143		kfree(kbs);
  2144		return ret;
  2145	}
  2146	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (30042 bytes)

Powered by blists - more mailing lists