| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Aug 2021 03:56:40 +0800
From: kernel test robot <lkp@...el.com>
To: Jonathon Reinhart <jonathon.reinhart@...il.com>
Cc: clang-built-linux@...glegroups.com, kbuild-all@...ts.01.org,
linux-kernel@...r.kernel.org
Subject: net/sysctl_net.c:146:4: warning: Value stored to 'where' is never
read [clang-analyzer-deadcode.DeadStores]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 6e764bcd1cf72a2846c0e53d3975a09b242c04c9
commit: 31c4d2f160eb7b17cbead24dc6efed06505a3fee net: Ensure net namespace isolation of sysctls
date: 4 months ago
config: arm-randconfig-c002-20210824 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project d26000e4cc2bc65e207a84fa26cb6e374d60aa12)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31c4d2f160eb7b17cbead24dc6efed06505a3fee
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout 31c4d2f160eb7b17cbead24dc6efed06505a3fee
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
clang-analyzer warnings: (new ones prefixed by >>)
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
drivers/of/property.c:902:19: warning: Access to field 'full_name' results in a dereference of a null pointer [clang-analyzer-core.NullDereference]
return kbasename(to_of_node(fwnode)->full_name);
^
include/linux/of.h:161:2: note: expanded from macro 'to_of_node'
({ \
^
drivers/of/property.c:902:19: note: '?' condition is false
return kbasename(to_of_node(fwnode)->full_name);
^
include/linux/of.h:164:3: note: expanded from macro 'to_of_node'
is_of_node(__to_of_node_fwnode) ? \
^
drivers/of/property.c:902:19: note: Access to field 'full_name' results in a dereference of a null pointer
return kbasename(to_of_node(fwnode)->full_name);
^
include/linux/of.h:161:2: note: expanded from macro 'to_of_node'
({ \
^
drivers/of/property.c:908:7: warning: Access to field 'parent' results in a dereference of a null pointer [clang-analyzer-core.NullDereference]
if (!to_of_node(fwnode)->parent)
^
include/linux/of.h:161:2: note: expanded from macro 'to_of_node'
({ \
^
drivers/of/property.c:908:7: note: '?' condition is false
if (!to_of_node(fwnode)->parent)
^
include/linux/of.h:164:3: note: expanded from macro 'to_of_node'
is_of_node(__to_of_node_fwnode) ? \
^
drivers/of/property.c:908:7: note: Access to field 'parent' results in a dereference of a null pointer
if (!to_of_node(fwnode)->parent)
^
include/linux/of.h:161:2: note: expanded from macro 'to_of_node'
({ \
^
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
drivers/base/power/main.c:469:3: warning: Value stored to 'usecs' is never read [clang-analyzer-deadcode.DeadStores]
usecs = 1;
^ ~
drivers/base/power/main.c:469:3: note: Value stored to 'usecs' is never read
usecs = 1;
^ ~
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
>> net/sysctl_net.c:146:4: warning: Value stored to 'where' is never read [clang-analyzer-deadcode.DeadStores]
where = "module";
^ ~~~~~~~~
net/sysctl_net.c:146:4: note: Value stored to 'where' is never read
where = "module";
^ ~~~~~~~~
net/sysctl_net.c:148:4: warning: Value stored to 'where' is never read [clang-analyzer-deadcode.DeadStores]
where = "kernel";
^ ~~~~~~~~
net/sysctl_net.c:148:4: note: Value stored to 'where' is never read
where = "kernel";
^ ~~~~~~~~
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
1 warning generated.
Suppressed 1 warnings (1 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
4 warnings generated.
net/core/net-sysfs.c:1719:2: warning: Value stored to 'txq' is never read [clang-analyzer-deadcode.DeadStores]
txq = real_tx;
^ ~~~~~~~
net/core/net-sysfs.c:1719:2: note: Value stored to 'txq' is never read
txq = real_tx;
^ ~~~~~~~
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
2 warnings generated.
Suppressed 2 warnings (2 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
3 warnings generated.
Suppressed 3 warnings (3 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
5 warnings generated.
net/bluetooth/msft.c:372:2: warning: Value stored to 'rp' is never read [clang-analyzer-deadcode.DeadStores]
rp = (struct msft_rp_le_cancel_monitor_advertisement *)skb->data;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/bluetooth/msft.c:372:2: note: Value stored to 'rp' is never read
rp = (struct msft_rp_le_cancel_monitor_advertisement *)skb->data;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
net/bluetooth/msft.c:422:2: warning: Value stored to 'rp' is never read [clang-analyzer-deadcode.DeadStores]
rp = (struct msft_rp_le_set_advertisement_filter_enable *)skb->data;
vim +/where +146 net/sysctl_net.c
117
118 /* Verify that sysctls for non-init netns are safe by either:
119 * 1) being read-only, or
120 * 2) having a data pointer which points outside of the global kernel/module
121 * data segment, and rather into the heap where a per-net object was
122 * allocated.
123 */
124 static void ensure_safe_net_sysctl(struct net *net, const char *path,
125 struct ctl_table *table)
126 {
127 struct ctl_table *ent;
128
129 pr_debug("Registering net sysctl (net %p): %s\n", net, path);
130 for (ent = table; ent->procname; ent++) {
131 unsigned long addr;
132 const char *where;
133
134 pr_debug(" procname=%s mode=%o proc_handler=%ps data=%p\n",
135 ent->procname, ent->mode, ent->proc_handler, ent->data);
136
137 /* If it's not writable inside the netns, then it can't hurt. */
138 if ((ent->mode & 0222) == 0) {
139 pr_debug(" Not writable by anyone\n");
140 continue;
141 }
142
143 /* Where does data point? */
144 addr = (unsigned long)ent->data;
145 if (is_module_address(addr))
> 146 where = "module";
147 else if (core_kernel_data(addr))
148 where = "kernel";
149 else
150 continue;
151
152 /* If it is writable and points to kernel/module global
153 * data, then it's probably a netns leak.
154 */
155 WARN(1, "sysctl %s/%s: data points to %s global data: %ps\n",
156 path, ent->procname, where, ent->data);
157
158 /* Make it "safe" by dropping writable perms */
159 ent->mode &= ~0222;
160 }
161 }
162
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (30536 bytes)
Powered by blists - more mailing lists