lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202103100856.wRZhKLUZ-lkp@intel.com>
Date:   Wed, 10 Mar 2021 08:09:02 +0800
From:   kernel test robot <lkp@...el.com>
To:     Shuo Liu <shuo.a.liu@...el.com>
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Zhi Wang <zhi.a.wang@...el.com>,
        Reinette Chatre <reinette.chatre@...el.com>
Subject: drivers/virt/acrn/hsm.c:333:50: sparse: sparse: incorrect type in
 argument 2 (different address spaces)

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   4b3d9f9cf108ebf2c48fbbbf30a8d1346d9cc7d6
commit: 3d679d5aec648f50e645702929890b9611998a0b virt: acrn: Introduce interfaces to query C-states and P-states allowed by hypervisor
date:   4 weeks ago
config: x86_64-randconfig-s022-20210310 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce:
        # apt-get install sparse
        # sparse version: v0.6.3-262-g5e674421-dirty
        # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3d679d5aec648f50e645702929890b9611998a0b
        git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
        git fetch --no-tags linus master
        git checkout 3d679d5aec648f50e645702929890b9611998a0b
        # save the attached .config to linux build tree
        make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=x86_64 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>


"sparse warnings: (new ones prefixed by >>)"
>> drivers/virt/acrn/hsm.c:333:50: sparse: sparse: incorrect type in argument 2 (different address spaces) @@     expected void const [noderef] __user *from @@     got void * @@
   drivers/virt/acrn/hsm.c:333:50: sparse:     expected void const [noderef] __user *from
   drivers/virt/acrn/hsm.c:333:50: sparse:     got void *

vim +333 drivers/virt/acrn/hsm.c

   101	
   102	/*
   103	 * HSM relies on hypercall layer of the ACRN hypervisor to do the
   104	 * sanity check against the input parameters.
   105	 */
   106	static long acrn_dev_ioctl(struct file *filp, unsigned int cmd,
   107				   unsigned long ioctl_param)
   108	{
   109		struct acrn_vm *vm = filp->private_data;
   110		struct acrn_vm_creation *vm_param;
   111		struct acrn_vcpu_regs *cpu_regs;
   112		struct acrn_ioreq_notify notify;
   113		struct acrn_ptdev_irq *irq_info;
   114		struct acrn_vm_memmap memmap;
   115		struct acrn_msi_entry *msi;
   116		struct acrn_pcidev *pcidev;
   117		struct page *page;
   118		u64 cstate_cmd;
   119		int i, ret = 0;
   120	
   121		if (vm->vmid == ACRN_INVALID_VMID && cmd != ACRN_IOCTL_CREATE_VM) {
   122			dev_dbg(acrn_dev.this_device,
   123				"ioctl 0x%x: Invalid VM state!\n", cmd);
   124			return -EINVAL;
   125		}
   126	
   127		switch (cmd) {
   128		case ACRN_IOCTL_CREATE_VM:
   129			vm_param = memdup_user((void __user *)ioctl_param,
   130					       sizeof(struct acrn_vm_creation));
   131			if (IS_ERR(vm_param))
   132				return PTR_ERR(vm_param);
   133	
   134			if ((vm_param->reserved0 | vm_param->reserved1) != 0)
   135				return -EINVAL;
   136	
   137			vm = acrn_vm_create(vm, vm_param);
   138			if (!vm) {
   139				ret = -EINVAL;
   140				kfree(vm_param);
   141				break;
   142			}
   143	
   144			if (copy_to_user((void __user *)ioctl_param, vm_param,
   145					 sizeof(struct acrn_vm_creation))) {
   146				acrn_vm_destroy(vm);
   147				ret = -EFAULT;
   148			}
   149	
   150			kfree(vm_param);
   151			break;
   152		case ACRN_IOCTL_START_VM:
   153			ret = hcall_start_vm(vm->vmid);
   154			if (ret < 0)
   155				dev_dbg(acrn_dev.this_device,
   156					"Failed to start VM %u!\n", vm->vmid);
   157			break;
   158		case ACRN_IOCTL_PAUSE_VM:
   159			ret = hcall_pause_vm(vm->vmid);
   160			if (ret < 0)
   161				dev_dbg(acrn_dev.this_device,
   162					"Failed to pause VM %u!\n", vm->vmid);
   163			break;
   164		case ACRN_IOCTL_RESET_VM:
   165			ret = hcall_reset_vm(vm->vmid);
   166			if (ret < 0)
   167				dev_dbg(acrn_dev.this_device,
   168					"Failed to restart VM %u!\n", vm->vmid);
   169			break;
   170		case ACRN_IOCTL_DESTROY_VM:
   171			ret = acrn_vm_destroy(vm);
   172			break;
   173		case ACRN_IOCTL_SET_VCPU_REGS:
   174			cpu_regs = memdup_user((void __user *)ioctl_param,
   175					       sizeof(struct acrn_vcpu_regs));
   176			if (IS_ERR(cpu_regs))
   177				return PTR_ERR(cpu_regs);
   178	
   179			for (i = 0; i < ARRAY_SIZE(cpu_regs->reserved); i++)
   180				if (cpu_regs->reserved[i])
   181					return -EINVAL;
   182	
   183			for (i = 0; i < ARRAY_SIZE(cpu_regs->vcpu_regs.reserved_32); i++)
   184				if (cpu_regs->vcpu_regs.reserved_32[i])
   185					return -EINVAL;
   186	
   187			for (i = 0; i < ARRAY_SIZE(cpu_regs->vcpu_regs.reserved_64); i++)
   188				if (cpu_regs->vcpu_regs.reserved_64[i])
   189					return -EINVAL;
   190	
   191			for (i = 0; i < ARRAY_SIZE(cpu_regs->vcpu_regs.gdt.reserved); i++)
   192				if (cpu_regs->vcpu_regs.gdt.reserved[i] |
   193				    cpu_regs->vcpu_regs.idt.reserved[i])
   194					return -EINVAL;
   195	
   196			ret = hcall_set_vcpu_regs(vm->vmid, virt_to_phys(cpu_regs));
   197			if (ret < 0)
   198				dev_dbg(acrn_dev.this_device,
   199					"Failed to set regs state of VM%u!\n",
   200					vm->vmid);
   201			kfree(cpu_regs);
   202			break;
   203		case ACRN_IOCTL_SET_MEMSEG:
   204			if (copy_from_user(&memmap, (void __user *)ioctl_param,
   205					   sizeof(memmap)))
   206				return -EFAULT;
   207	
   208			ret = acrn_vm_memseg_map(vm, &memmap);
   209			break;
   210		case ACRN_IOCTL_UNSET_MEMSEG:
   211			if (copy_from_user(&memmap, (void __user *)ioctl_param,
   212					   sizeof(memmap)))
   213				return -EFAULT;
   214	
   215			ret = acrn_vm_memseg_unmap(vm, &memmap);
   216			break;
   217		case ACRN_IOCTL_ASSIGN_PCIDEV:
   218			pcidev = memdup_user((void __user *)ioctl_param,
   219					     sizeof(struct acrn_pcidev));
   220			if (IS_ERR(pcidev))
   221				return PTR_ERR(pcidev);
   222	
   223			ret = hcall_assign_pcidev(vm->vmid, virt_to_phys(pcidev));
   224			if (ret < 0)
   225				dev_dbg(acrn_dev.this_device,
   226					"Failed to assign pci device!\n");
   227			kfree(pcidev);
   228			break;
   229		case ACRN_IOCTL_DEASSIGN_PCIDEV:
   230			pcidev = memdup_user((void __user *)ioctl_param,
   231					     sizeof(struct acrn_pcidev));
   232			if (IS_ERR(pcidev))
   233				return PTR_ERR(pcidev);
   234	
   235			ret = hcall_deassign_pcidev(vm->vmid, virt_to_phys(pcidev));
   236			if (ret < 0)
   237				dev_dbg(acrn_dev.this_device,
   238					"Failed to deassign pci device!\n");
   239			kfree(pcidev);
   240			break;
   241		case ACRN_IOCTL_SET_PTDEV_INTR:
   242			irq_info = memdup_user((void __user *)ioctl_param,
   243					       sizeof(struct acrn_ptdev_irq));
   244			if (IS_ERR(irq_info))
   245				return PTR_ERR(irq_info);
   246	
   247			ret = hcall_set_ptdev_intr(vm->vmid, virt_to_phys(irq_info));
   248			if (ret < 0)
   249				dev_dbg(acrn_dev.this_device,
   250					"Failed to configure intr for ptdev!\n");
   251			kfree(irq_info);
   252			break;
   253		case ACRN_IOCTL_RESET_PTDEV_INTR:
   254			irq_info = memdup_user((void __user *)ioctl_param,
   255					       sizeof(struct acrn_ptdev_irq));
   256			if (IS_ERR(irq_info))
   257				return PTR_ERR(irq_info);
   258	
   259			ret = hcall_reset_ptdev_intr(vm->vmid, virt_to_phys(irq_info));
   260			if (ret < 0)
   261				dev_dbg(acrn_dev.this_device,
   262					"Failed to reset intr for ptdev!\n");
   263			kfree(irq_info);
   264			break;
   265		case ACRN_IOCTL_SET_IRQLINE:
   266			ret = hcall_set_irqline(vm->vmid, ioctl_param);
   267			if (ret < 0)
   268				dev_dbg(acrn_dev.this_device,
   269					"Failed to set interrupt line!\n");
   270			break;
   271		case ACRN_IOCTL_INJECT_MSI:
   272			msi = memdup_user((void __user *)ioctl_param,
   273					  sizeof(struct acrn_msi_entry));
   274			if (IS_ERR(msi))
   275				return PTR_ERR(msi);
   276	
   277			ret = hcall_inject_msi(vm->vmid, virt_to_phys(msi));
   278			if (ret < 0)
   279				dev_dbg(acrn_dev.this_device,
   280					"Failed to inject MSI!\n");
   281			kfree(msi);
   282			break;
   283		case ACRN_IOCTL_VM_INTR_MONITOR:
   284			ret = pin_user_pages_fast(ioctl_param, 1,
   285						  FOLL_WRITE | FOLL_LONGTERM, &page);
   286			if (unlikely(ret != 1)) {
   287				dev_dbg(acrn_dev.this_device,
   288					"Failed to pin intr hdr buffer!\n");
   289				return -EFAULT;
   290			}
   291	
   292			ret = hcall_vm_intr_monitor(vm->vmid, page_to_phys(page));
   293			if (ret < 0) {
   294				unpin_user_page(page);
   295				dev_dbg(acrn_dev.this_device,
   296					"Failed to monitor intr data!\n");
   297				return ret;
   298			}
   299			if (vm->monitor_page)
   300				unpin_user_page(vm->monitor_page);
   301			vm->monitor_page = page;
   302			break;
   303		case ACRN_IOCTL_CREATE_IOREQ_CLIENT:
   304			if (vm->default_client)
   305				return -EEXIST;
   306			if (!acrn_ioreq_client_create(vm, NULL, NULL, true, "acrndm"))
   307				ret = -EINVAL;
   308			break;
   309		case ACRN_IOCTL_DESTROY_IOREQ_CLIENT:
   310			if (vm->default_client)
   311				acrn_ioreq_client_destroy(vm->default_client);
   312			break;
   313		case ACRN_IOCTL_ATTACH_IOREQ_CLIENT:
   314			if (vm->default_client)
   315				ret = acrn_ioreq_client_wait(vm->default_client);
   316			else
   317				ret = -ENODEV;
   318			break;
   319		case ACRN_IOCTL_NOTIFY_REQUEST_FINISH:
   320			if (copy_from_user(&notify, (void __user *)ioctl_param,
   321					   sizeof(struct acrn_ioreq_notify)))
   322				return -EFAULT;
   323	
   324			if (notify.reserved != 0)
   325				return -EINVAL;
   326	
   327			ret = acrn_ioreq_request_default_complete(vm, notify.vcpu);
   328			break;
   329		case ACRN_IOCTL_CLEAR_VM_IOREQ:
   330			acrn_ioreq_request_clear(vm);
   331			break;
   332		case ACRN_IOCTL_PM_GET_CPU_STATE:
 > 333			if (copy_from_user(&cstate_cmd, (void *)ioctl_param,
   334					   sizeof(cstate_cmd)))
   335				return -EFAULT;
   336	
   337			ret = pmcmd_ioctl(cstate_cmd, (void __user *)ioctl_param);
   338			break;
   339		default:
   340			dev_dbg(acrn_dev.this_device, "Unknown IOCTL 0x%x!\n", cmd);
   341			ret = -ENOTTY;
   342		}
   343	
   344		return ret;
   345	}
   346	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (34228 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ