| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Sep 2021 13:02:15 +0800
From: kernel test robot <lkp@...el.com>
To: André Almeida <andrealmeid@...labora.com>
Cc: kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org,
Peter Zijlstra <peterz@...radead.org>
Subject: [peterz-queue:locking/futex 4/8] kernel/futex/core.c:2804:37: error:
cast to pointer from integer of different size
tree: https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git locking/futex
head: 3e6fb0c7cd6f4839a2ac03396781247f7e902875
commit: 038e21d9eaa0a4bc011f9d4e8d006e8072a48422 [4/8] futex: Implement sys_futex_waitv()
config: microblaze-buildonly-randconfig-r005-20210915 (attached as .config)
compiler: microblaze-linux-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git/commit/?id=038e21d9eaa0a4bc011f9d4e8d006e8072a48422
git remote add peterz-queue https://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git
git fetch --no-tags peterz-queue locking/futex
git checkout 038e21d9eaa0a4bc011f9d4e8d006e8072a48422
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross ARCH=microblaze
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
All errors (new ones prefixed by >>):
kernel/futex/core.c: In function 'futex_wait_multiple_setup':
>> kernel/futex/core.c:2804:37: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast]
2804 | u32 __user *uaddr = (u32 __user *)vs[i].w.uaddr;
| ^
cc1: all warnings being treated as errors
vim +2804 kernel/futex/core.c
2750
2751 /**
2752 * futex_wait_multiple_setup - Prepare to wait and enqueue multiple futexes
2753 * @vs: The futex list to wait on
2754 * @count: The size of the list
2755 * @awaken: Index of the last awoken futex, if any. Used to notify the
2756 * caller that it can return this index to userspace (return parameter)
2757 *
2758 * Prepare multiple futexes in a single step and enqueue them. This may fail if
2759 * the futex list is invalid or if any futex was already awoken. On success the
2760 * task is ready to interruptible sleep.
2761 *
2762 * Return:
2763 * - 1 - One of the futexes was awaken by another thread
2764 * - 0 - Success
2765 * - <0 - -EFAULT, -EWOULDBLOCK or -EINVAL
2766 */
2767 static int futex_wait_multiple_setup(struct futex_vector *vs, int count, int *awaken)
2768 {
2769 struct futex_hash_bucket *hb;
2770 bool retry = false;
2771 int ret, i;
2772 u32 uval;
2773
2774 /*
2775 * Enqueuing multiple futexes is tricky, because we need to enqueue
2776 * each futex in the list before dealing with the next one to avoid
2777 * deadlocking on the hash bucket. But, before enqueuing, we need to
2778 * make sure that current->state is TASK_INTERRUPTIBLE, so we don't
2779 * absorb any awake events, which cannot be done before the
2780 * get_futex_key of the next key, because it calls get_user_pages,
2781 * which can sleep. Thus, we fetch the list of futexes keys in two
2782 * steps, by first pinning all the memory keys in the futex key, and
2783 * only then we read each key and queue the corresponding futex.
2784 *
2785 * Private futexes doesn't need to recalculate hash in retry, so skip
2786 * get_futex_key() when retrying.
2787 */
2788 retry:
2789 for (i = 0; i < count; i++) {
2790 if ((vs[i].w.flags & FUTEX_PRIVATE_FLAG) && retry)
2791 continue;
2792
2793 ret = get_futex_key(u64_to_user_ptr(vs[i].w.uaddr),
2794 !(vs[i].w.flags & FUTEX_PRIVATE_FLAG),
2795 &vs[i].q.key, FUTEX_READ);
2796
2797 if (unlikely(ret))
2798 return ret;
2799 }
2800
2801 set_current_state(TASK_INTERRUPTIBLE);
2802
2803 for (i = 0; i < count; i++) {
> 2804 u32 __user *uaddr = (u32 __user *)vs[i].w.uaddr;
2805 struct futex_q *q = &vs[i].q;
2806 u32 val = (u32)vs[i].w.val;
2807
2808 hb = queue_lock(q);
2809 ret = get_futex_value_locked(&uval, uaddr);
2810
2811 if (!ret && uval == val) {
2812 /*
2813 * The bucket lock can't be held while dealing with the
2814 * next futex. Queue each futex at this moment so hb can
2815 * be unlocked.
2816 */
2817 queue_me(q, hb);
2818 continue;
2819 }
2820
2821 queue_unlock(hb);
2822 __set_current_state(TASK_RUNNING);
2823
2824 /*
2825 * Even if something went wrong, if we find out that a futex
2826 * was awaken, we don't return error and return this index to
2827 * userspace
2828 */
2829 *awaken = unqueue_multiple(vs, i);
2830 if (*awaken >= 0)
2831 return 1;
2832
2833 if (uval != val)
2834 return -EWOULDBLOCK;
2835
2836 if (ret) {
2837 /*
2838 * If we need to handle a page fault, we need to do so
2839 * without any lock and any enqueued futex (otherwise
2840 * we could lose some wakeup). So we do it here, after
2841 * undoing all the work done so far. In success, we
2842 * retry all the work.
2843 */
2844 if (get_user(uval, uaddr))
2845 return -EFAULT;
2846
2847 retry = true;
2848 goto retry;
2849 }
2850 }
2851
2852 return 0;
2853 }
2854
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (36164 bytes)
Powered by blists - more mailing lists