lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202107121344.wu68hEPF-lkp@intel.com>
Date:   Mon, 12 Jul 2021 13:39:50 +0800
From:   kernel test robot <lkp@...el.com>
To:     Bernd Edlinger <bernd.edlinger@...mail.de>
Cc:     kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org,
        0day robot <lkp@...el.com>
Subject: kernel/ptrace.c:425:26: sparse: sparse: incorrect type in assignment
 (different address spaces)

tree:   https://github.com/0day-ci/linux/commits/UPDATE-20210712-014507/Bernd-Edlinger/exec-Fix-dead-lock-in-de_thread-with-ptrace_attach/20210617-202441
head:   ae9cda8edea122ace72b822fb40607a4ce52d3d6
commit: ae9cda8edea122ace72b822fb40607a4ce52d3d6 exec: Fix dead-lock in de_thread with ptrace_attach
date:   12 hours ago
config: i386-randconfig-s002-20210711 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce:
        # apt-get install sparse
        # sparse version: v0.6.3-341-g8af24329-dirty
        # https://github.com/0day-ci/linux/commit/ae9cda8edea122ace72b822fb40607a4ce52d3d6
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review UPDATE-20210712-014507/Bernd-Edlinger/exec-Fix-dead-lock-in-de_thread-with-ptrace_attach/20210617-202441
        git checkout ae9cda8edea122ace72b822fb40607a4ce52d3d6
        # save the attached .config to linux build tree
        make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=i386 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>


sparse warnings: (new ones prefixed by >>)
   kernel/ptrace.c:55:22: sparse: sparse: incompatible types in comparison expression (different address spaces):
   kernel/ptrace.c:55:22: sparse:    struct task_struct *
   kernel/ptrace.c:55:22: sparse:    struct task_struct [noderef] __rcu *
   kernel/ptrace.c:74:23: sparse: sparse: incorrect type in assignment (different address spaces) @@     expected struct task_struct [noderef] __rcu *parent @@     got struct task_struct *new_parent @@
   kernel/ptrace.c:74:23: sparse:     expected struct task_struct [noderef] __rcu *parent
   kernel/ptrace.c:74:23: sparse:     got struct task_struct *new_parent
   kernel/ptrace.c:75:29: sparse: sparse: incorrect type in assignment (different address spaces) @@     expected struct cred const [noderef] __rcu *ptracer_cred @@     got struct cred const * @@
   kernel/ptrace.c:75:29: sparse:     expected struct cred const [noderef] __rcu *ptracer_cred
   kernel/ptrace.c:75:29: sparse:     got struct cred const *
   kernel/ptrace.c:129:18: sparse: sparse: incorrect type in assignment (different address spaces) @@     expected struct cred const *old_cred @@     got struct cred const [noderef] __rcu *ptracer_cred @@
   kernel/ptrace.c:129:18: sparse:     expected struct cred const *old_cred
   kernel/ptrace.c:129:18: sparse:     got struct cred const [noderef] __rcu *ptracer_cred
   kernel/ptrace.c:133:25: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   kernel/ptrace.c:133:25: sparse:     expected struct spinlock [usertype] *lock
   kernel/ptrace.c:133:25: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:171:27: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   kernel/ptrace.c:171:27: sparse:     expected struct spinlock [usertype] *lock
   kernel/ptrace.c:171:27: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:198:28: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   kernel/ptrace.c:198:28: sparse:     expected struct spinlock [usertype] *lock
   kernel/ptrace.c:198:28: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:204:30: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   kernel/ptrace.c:204:30: sparse:     expected struct spinlock [usertype] *lock
   kernel/ptrace.c:204:30: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:214:9: sparse: sparse: incompatible types in comparison expression (different address spaces):
   kernel/ptrace.c:214:9: sparse:    struct task_struct [noderef] __rcu *
   kernel/ptrace.c:214:9: sparse:    struct task_struct *
   kernel/ptrace.c:259:44: sparse: sparse: incompatible types in comparison expression (different address spaces):
   kernel/ptrace.c:259:44: sparse:    struct task_struct [noderef] __rcu *
   kernel/ptrace.c:259:44: sparse:    struct task_struct *
>> kernel/ptrace.c:425:26: sparse: sparse: incorrect type in assignment (different address spaces) @@     expected struct cred const *old_cred @@     got struct cred const [noderef] __rcu *real_cred @@
   kernel/ptrace.c:425:26: sparse:     expected struct cred const *old_cred
   kernel/ptrace.c:425:26: sparse:     got struct cred const [noderef] __rcu *real_cred
   kernel/ptrace.c:455:24: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   kernel/ptrace.c:455:24: sparse:     expected struct spinlock [usertype] *lock
   kernel/ptrace.c:455:24: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:478:26: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   kernel/ptrace.c:478:26: sparse:     expected struct spinlock [usertype] *lock
   kernel/ptrace.c:478:26: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:522:54: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct task_struct *parent @@     got struct task_struct [noderef] __rcu *parent @@
   kernel/ptrace.c:522:54: sparse:     expected struct task_struct *parent
   kernel/ptrace.c:522:54: sparse:     got struct task_struct [noderef] __rcu *parent
   kernel/ptrace.c:530:53: sparse: sparse: incorrect type in argument 2 (different address spaces) @@     expected struct task_struct *new_parent @@     got struct task_struct [noderef] __rcu *real_parent @@
   kernel/ptrace.c:530:53: sparse:     expected struct task_struct *new_parent
   kernel/ptrace.c:530:53: sparse:     got struct task_struct [noderef] __rcu *real_parent
   kernel/ptrace.c:579:41: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct task_struct *p1 @@     got struct task_struct [noderef] __rcu *real_parent @@
   kernel/ptrace.c:579:41: sparse:     expected struct task_struct *p1
   kernel/ptrace.c:579:41: sparse:     got struct task_struct [noderef] __rcu *real_parent
   kernel/ptrace.c:581:50: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct sighand_struct *sigh @@     got struct sighand_struct [noderef] __rcu *sighand @@
   kernel/ptrace.c:581:50: sparse:     expected struct sighand_struct *sigh
   kernel/ptrace.c:581:50: sparse:     got struct sighand_struct [noderef] __rcu *sighand
   kernel/ptrace.c:783:37: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   kernel/ptrace.c:783:37: sparse:     expected struct spinlock [usertype] *lock
   kernel/ptrace.c:783:37: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:791:39: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   kernel/ptrace.c:791:39: sparse:     expected struct spinlock [usertype] *lock
   kernel/ptrace.c:791:39: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:914:37: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   kernel/ptrace.c:914:37: sparse:     expected struct spinlock [usertype] *lock
   kernel/ptrace.c:914:37: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:918:39: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   kernel/ptrace.c:918:39: sparse:     expected struct spinlock [usertype] *lock
   kernel/ptrace.c:918:39: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:1148:37: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   kernel/ptrace.c:1148:37: sparse:     expected struct spinlock [usertype] *lock
   kernel/ptrace.c:1148:37: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:1150:39: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   kernel/ptrace.c:1150:39: sparse:     expected struct spinlock [usertype] *lock
   kernel/ptrace.c:1150:39: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:528:38: sparse: sparse: dereference of noderef expression
   kernel/ptrace.c: note: in included file (through include/linux/rcuwait.h, include/linux/percpu-rwsem.h, include/linux/fs.h, ...):
   include/linux/sched/signal.h:727:37: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   include/linux/sched/signal.h:727:37: sparse:     expected struct spinlock [usertype] *lock
   include/linux/sched/signal.h:727:37: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:730:9: sparse: sparse: context imbalance in 'ptrace_getsiginfo' - different lock contexts for basic block
   include/linux/sched/signal.h:727:37: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   include/linux/sched/signal.h:727:37: sparse:     expected struct spinlock [usertype] *lock
   include/linux/sched/signal.h:727:37: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:746:9: sparse: sparse: context imbalance in 'ptrace_setsiginfo' - different lock contexts for basic block
   kernel/ptrace.c:920:9: sparse: sparse: context imbalance in 'ptrace_resume' - different lock contexts for basic block
   include/linux/sched/signal.h:727:37: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   include/linux/sched/signal.h:727:37: sparse:     expected struct spinlock [usertype] *lock
   include/linux/sched/signal.h:727:37: sparse:     got struct spinlock [noderef] __rcu *
   include/linux/sched/signal.h:727:37: sparse: sparse: incorrect type in argument 1 (different address spaces) @@     expected struct spinlock [usertype] *lock @@     got struct spinlock [noderef] __rcu * @@
   include/linux/sched/signal.h:727:37: sparse:     expected struct spinlock [usertype] *lock
   include/linux/sched/signal.h:727:37: sparse:     got struct spinlock [noderef] __rcu *
   kernel/ptrace.c:1302:9: sparse: sparse: context imbalance in 'ptrace_request' - different lock contexts for basic block

vim +425 kernel/ptrace.c

   374	
   375	static int ptrace_attach(struct task_struct *task, long request,
   376				 unsigned long addr,
   377				 unsigned long flags)
   378	{
   379		bool seize = (request == PTRACE_SEIZE);
   380		int retval;
   381	
   382		retval = -EIO;
   383		if (seize) {
   384			if (addr != 0)
   385				goto out;
   386			if (flags & ~(unsigned long)PTRACE_O_MASK)
   387				goto out;
   388			flags = PT_PTRACED | PT_SEIZED | (flags << PT_OPT_FLAG_SHIFT);
   389		} else {
   390			flags = PT_PTRACED;
   391		}
   392	
   393		audit_ptrace(task);
   394	
   395		retval = -EPERM;
   396		if (unlikely(task->flags & PF_KTHREAD))
   397			goto out;
   398		if (same_thread_group(task, current))
   399			goto out;
   400	
   401		/*
   402		 * Protect exec's credential calculations against our interference;
   403		 * SUID, SGID and LSM creds get determined differently
   404		 * under ptrace.
   405		 */
   406		retval = -ERESTARTNOINTR;
   407		if (mutex_lock_interruptible(&task->signal->cred_guard_mutex))
   408			goto out;
   409	
   410		task_lock(task);
   411		retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS);
   412		task_unlock(task);
   413		if (retval)
   414			goto unlock_creds;
   415	
   416		if (unlikely(task->in_execve)) {
   417			struct linux_binprm *bprm = task->signal->exec_bprm;
   418			const struct cred *old_cred;
   419			struct mm_struct *old_mm;
   420	
   421			retval = down_write_killable(&task->signal->exec_update_lock);
   422			if (retval)
   423				goto unlock_creds;
   424			task_lock(task);
 > 425			old_cred = task->real_cred;
   426			old_mm = task->mm;
   427			rcu_assign_pointer(task->real_cred, bprm->cred);
   428			task->mm = bprm->mm;
   429			retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH_REALCREDS);
   430			rcu_assign_pointer(task->real_cred, old_cred);
   431			task->mm = old_mm;
   432			task_unlock(task);
   433			up_write(&task->signal->exec_update_lock);
   434			if (retval)
   435				goto unlock_creds;
   436		}
   437	
   438		write_lock_irq(&tasklist_lock);
   439		retval = -EPERM;
   440		if (unlikely(task->exit_state))
   441			goto unlock_tasklist;
   442		if (task->ptrace)
   443			goto unlock_tasklist;
   444	
   445		if (seize)
   446			flags |= PT_SEIZED;
   447		task->ptrace = flags;
   448	
   449		ptrace_link(task, current);
   450	
   451		/* SEIZE doesn't trap tracee on attach */
   452		if (!seize)
   453			send_sig_info(SIGSTOP, SEND_SIG_PRIV, task);
   454	
   455		spin_lock(&task->sighand->siglock);
   456	
   457		/*
   458		 * If the task is already STOPPED, set JOBCTL_TRAP_STOP and
   459		 * TRAPPING, and kick it so that it transits to TRACED.  TRAPPING
   460		 * will be cleared if the child completes the transition or any
   461		 * event which clears the group stop states happens.  We'll wait
   462		 * for the transition to complete before returning from this
   463		 * function.
   464		 *
   465		 * This hides STOPPED -> RUNNING -> TRACED transition from the
   466		 * attaching thread but a different thread in the same group can
   467		 * still observe the transient RUNNING state.  IOW, if another
   468		 * thread's WNOHANG wait(2) on the stopped tracee races against
   469		 * ATTACH, the wait(2) may fail due to the transient RUNNING.
   470		 *
   471		 * The following task_is_stopped() test is safe as both transitions
   472		 * in and out of STOPPED are protected by siglock.
   473		 */
   474		if (task_is_stopped(task) &&
   475		    task_set_jobctl_pending(task, JOBCTL_TRAP_STOP | JOBCTL_TRAPPING))
   476			signal_wake_up_state(task, __TASK_STOPPED);
   477	
   478		spin_unlock(&task->sighand->siglock);
   479	
   480		retval = 0;
   481	unlock_tasklist:
   482		write_unlock_irq(&tasklist_lock);
   483	unlock_creds:
   484		mutex_unlock(&task->signal->cred_guard_mutex);
   485	out:
   486		if (!retval) {
   487			/*
   488			 * We do not bother to change retval or clear JOBCTL_TRAPPING
   489			 * if wait_on_bit() was interrupted by SIGKILL. The tracer will
   490			 * not return to user-mode, it will exit and clear this bit in
   491			 * __ptrace_unlink() if it wasn't already cleared by the tracee;
   492			 * and until then nobody can ptrace this task.
   493			 */
   494			wait_on_bit(&task->jobctl, JOBCTL_TRAPPING_BIT, TASK_KILLABLE);
   495			proc_ptrace_connector(task, PTRACE_ATTACH);
   496		}
   497	
   498		return retval;
   499	}
   500	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (44054 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ