[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202111130136.0gaNhor3-lkp@intel.com>
Date: Sat, 13 Nov 2021 01:21:52 +0800
From: kernel test robot <lkp@...el.com>
To: Cyrill Gorcunov <gorcunov@...il.com>,
LKML <linux-kernel@...r.kernel.org>
Cc: kbuild-all@...ts.01.org, Alexey Dobriyan <adobriyan@...il.com>,
Oleg Nesterov <oleg@...hat.com>,
Andrey Vagin <avagin@...il.com>,
Dmitry Safonov <0x7f454c46@...il.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Linux Memory Management List <linux-mm@...ck.org>
Subject: Re: [PATCH v2] prctl: PR_SET_MM - unify copying of user's auvx
Hi Cyrill,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on linux/master]
[also build test WARNING on v5.15]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Cyrill-Gorcunov/prctl-PR_SET_MM-unify-copying-of-user-s-auvx/20210929-123259
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5816b3e6577eaa676ceb00a848f0fd65fe2adc29
config: parisc-randconfig-s032-20210929 (attached as .config)
compiler: hppa-linux-gcc (GCC) 11.2.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# apt-get install sparse
# sparse version: v0.6.4-dirty
# https://github.com/0day-ci/linux/commit/37297835c68662e1781118a01b7a271277e965d0
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Cyrill-Gorcunov/prctl-PR_SET_MM-unify-copying-of-user-s-auvx/20210929-123259
git checkout 37297835c68662e1781118a01b7a271277e965d0
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=parisc
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
sparse warnings: (new ones prefixed by >>)
>> kernel/sys.c:1997:58: sparse: sparse: incorrect type in argument 3 (different address spaces) @@ expected void const [noderef] __user *addr @@ got unsigned long long [usertype] *[addressable] auxv @@
kernel/sys.c:1997:58: sparse: expected void const [noderef] __user *addr
kernel/sys.c:1997:58: sparse: got unsigned long long [usertype] *[addressable] auxv
kernel/sys.c:1068:32: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct task_struct *p1 @@ got struct task_struct [noderef] __rcu *real_parent @@
kernel/sys.c:1068:32: sparse: expected struct task_struct *p1
kernel/sys.c:1068:32: sparse: got struct task_struct [noderef] __rcu *real_parent
kernel/sys.c: note: in included file (through include/linux/rcuwait.h, include/linux/percpu-rwsem.h, include/linux/fs.h, ...):
include/linux/sched/signal.h:710:37: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
include/linux/sched/signal.h:710:37: sparse: expected struct spinlock [usertype] *lock
include/linux/sched/signal.h:710:37: sparse: got struct spinlock [noderef] __rcu *
vim +1997 kernel/sys.c
1968
1969 #ifdef CONFIG_CHECKPOINT_RESTORE
1970 static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data_size)
1971 {
1972 struct prctl_mm_map prctl_map = { .exe_fd = (u32)-1, };
1973 unsigned long user_auxv[AT_VECTOR_SIZE];
1974 struct mm_struct *mm = current->mm;
1975 int error;
1976
1977 BUILD_BUG_ON(sizeof(user_auxv) != sizeof(mm->saved_auxv));
1978 BUILD_BUG_ON(sizeof(struct prctl_mm_map) > 256);
1979
1980 if (opt == PR_SET_MM_MAP_SIZE)
1981 return put_user((unsigned int)sizeof(prctl_map),
1982 (unsigned int __user *)addr);
1983
1984 if (data_size != sizeof(prctl_map))
1985 return -EINVAL;
1986
1987 if (copy_from_user(&prctl_map, addr, sizeof(prctl_map)))
1988 return -EFAULT;
1989
1990 error = validate_prctl_map_addr(&prctl_map);
1991 if (error)
1992 return error;
1993
1994 if (prctl_map.auxv_size) {
1995 int error = copy_auxv_from_user(user_auxv,
1996 sizeof(user_auxv),
> 1997 prctl_map.auxv,
1998 prctl_map.auxv_size);
1999 if (error)
2000 return error;
2001 }
2002
2003 if (prctl_map.exe_fd != (u32)-1) {
2004 /*
2005 * Check if the current user is checkpoint/restore capable.
2006 * At the time of this writing, it checks for CAP_SYS_ADMIN
2007 * or CAP_CHECKPOINT_RESTORE.
2008 * Note that a user with access to ptrace can masquerade an
2009 * arbitrary program as any executable, even setuid ones.
2010 * This may have implications in the tomoyo subsystem.
2011 */
2012 if (!checkpoint_restore_ns_capable(current_user_ns()))
2013 return -EPERM;
2014
2015 error = prctl_set_mm_exe_file(mm, prctl_map.exe_fd);
2016 if (error)
2017 return error;
2018 }
2019
2020 /*
2021 * arg_lock protects concurrent updates but we still need mmap_lock for
2022 * read to exclude races with sys_brk.
2023 */
2024 mmap_read_lock(mm);
2025
2026 /*
2027 * We don't validate if these members are pointing to
2028 * real present VMAs because application may have correspond
2029 * VMAs already unmapped and kernel uses these members for statistics
2030 * output in procfs mostly, except
2031 *
2032 * - @start_brk/@brk which are used in do_brk_flags but kernel lookups
2033 * for VMAs when updating these members so anything wrong written
2034 * here cause kernel to swear at userspace program but won't lead
2035 * to any problem in kernel itself
2036 */
2037
2038 spin_lock(&mm->arg_lock);
2039 mm->start_code = prctl_map.start_code;
2040 mm->end_code = prctl_map.end_code;
2041 mm->start_data = prctl_map.start_data;
2042 mm->end_data = prctl_map.end_data;
2043 mm->start_brk = prctl_map.start_brk;
2044 mm->brk = prctl_map.brk;
2045 mm->start_stack = prctl_map.start_stack;
2046 mm->arg_start = prctl_map.arg_start;
2047 mm->arg_end = prctl_map.arg_end;
2048 mm->env_start = prctl_map.env_start;
2049 mm->env_end = prctl_map.env_end;
2050 spin_unlock(&mm->arg_lock);
2051
2052 /*
2053 * Note this update of @saved_auxv is lockless thus
2054 * if someone reads this member in procfs while we're
2055 * updating -- it may get partly updated results. It's
2056 * known and acceptable trade off: we leave it as is to
2057 * not introduce additional locks here making the kernel
2058 * more complex.
2059 */
2060 if (prctl_map.auxv_size)
2061 memcpy(mm->saved_auxv, user_auxv, sizeof(user_auxv));
2062
2063 mmap_read_unlock(mm);
2064 return 0;
2065 }
2066 #endif /* CONFIG_CHECKPOINT_RESTORE */
2067
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (28805 bytes)
Powered by blists - more mailing lists