lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Sep 2022 23:56:00 +0800 From: kernel test robot <lkp@...el.com> To: "Jason A. Donenfeld" <zx2c4@...nel.org> Cc: kbuild-all@...ts.01.org, linux-kernel@...r.kernel.org, Jakub Kicinski <kuba@...nel.org> Subject: kernel/kexec_file.c:320:1: sparse: sparse: Using plain integer as NULL pointer Hi Jason, First bad commit (maybe != root cause): tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 53e99dcff61e1523ec1c3628b2d564ba15d32eb7 commit: b7133757da4c4c17d625970f6da3d76af12a8867 crypto: s390 - do not depend on CRYPTO_HW for SIMD implementations date: 9 weeks ago config: s390-randconfig-s051-20220906 (https://download.01.org/0day-ci/archive/20220906/202209062300.3X2vOEnE-lkp@intel.com/config) compiler: s390-linux-gcc (GCC) 12.1.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # apt-get install sparse # sparse version: v0.6.4-39-gce1a6720-dirty # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b7133757da4c4c17d625970f6da3d76af12a8867 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout b7133757da4c4c17d625970f6da3d76af12a8867 # save the config file mkdir build_dir && cp config build_dir/.config COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=s390 SHELL=/bin/bash If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <lkp@...el.com> sparse warnings: (new ones prefixed by >>) >> kernel/kexec_file.c:320:1: sparse: sparse: Using plain integer as NULL pointer >> kernel/kexec_file.c:320:1: sparse: sparse: Using plain integer as NULL pointer vim +320 kernel/kexec_file.c a43cac0d9dc207 Dave Young 2015-09-09 319 a43cac0d9dc207 Dave Young 2015-09-09 @320 SYSCALL_DEFINE5(kexec_file_load, int, kernel_fd, int, initrd_fd, a43cac0d9dc207 Dave Young 2015-09-09 321 unsigned long, cmdline_len, const char __user *, cmdline_ptr, a43cac0d9dc207 Dave Young 2015-09-09 322 unsigned long, flags) a43cac0d9dc207 Dave Young 2015-09-09 323 { a43cac0d9dc207 Dave Young 2015-09-09 324 int ret = 0, i; a43cac0d9dc207 Dave Young 2015-09-09 325 struct kimage **dest_image, *image; a43cac0d9dc207 Dave Young 2015-09-09 326 a43cac0d9dc207 Dave Young 2015-09-09 327 /* We only trust the superuser with rebooting the system. */ a43cac0d9dc207 Dave Young 2015-09-09 328 if (!capable(CAP_SYS_BOOT) || kexec_load_disabled) a43cac0d9dc207 Dave Young 2015-09-09 329 return -EPERM; a43cac0d9dc207 Dave Young 2015-09-09 330 a43cac0d9dc207 Dave Young 2015-09-09 331 /* Make sure we have a legal set of flags */ a43cac0d9dc207 Dave Young 2015-09-09 332 if (flags != (flags & KEXEC_FILE_FLAGS)) a43cac0d9dc207 Dave Young 2015-09-09 333 return -EINVAL; a43cac0d9dc207 Dave Young 2015-09-09 334 a43cac0d9dc207 Dave Young 2015-09-09 335 image = NULL; a43cac0d9dc207 Dave Young 2015-09-09 336 a43cac0d9dc207 Dave Young 2015-09-09 337 if (!mutex_trylock(&kexec_mutex)) a43cac0d9dc207 Dave Young 2015-09-09 338 return -EBUSY; a43cac0d9dc207 Dave Young 2015-09-09 339 a43cac0d9dc207 Dave Young 2015-09-09 340 dest_image = &kexec_image; 9b492cf58077a0 Xunlei Pang 2016-05-23 341 if (flags & KEXEC_FILE_ON_CRASH) { a43cac0d9dc207 Dave Young 2015-09-09 342 dest_image = &kexec_crash_image; 9b492cf58077a0 Xunlei Pang 2016-05-23 343 if (kexec_crash_image) 9b492cf58077a0 Xunlei Pang 2016-05-23 344 arch_kexec_unprotect_crashkres(); 9b492cf58077a0 Xunlei Pang 2016-05-23 345 } a43cac0d9dc207 Dave Young 2015-09-09 346 a43cac0d9dc207 Dave Young 2015-09-09 347 if (flags & KEXEC_FILE_UNLOAD) a43cac0d9dc207 Dave Young 2015-09-09 348 goto exchange; a43cac0d9dc207 Dave Young 2015-09-09 349 a43cac0d9dc207 Dave Young 2015-09-09 350 /* a43cac0d9dc207 Dave Young 2015-09-09 351 * In case of crash, new kernel gets loaded in reserved region. It is a43cac0d9dc207 Dave Young 2015-09-09 352 * same memory where old crash kernel might be loaded. Free any a43cac0d9dc207 Dave Young 2015-09-09 353 * current crash dump kernel before we corrupt it. a43cac0d9dc207 Dave Young 2015-09-09 354 */ a43cac0d9dc207 Dave Young 2015-09-09 355 if (flags & KEXEC_FILE_ON_CRASH) a43cac0d9dc207 Dave Young 2015-09-09 356 kimage_free(xchg(&kexec_crash_image, NULL)); a43cac0d9dc207 Dave Young 2015-09-09 357 a43cac0d9dc207 Dave Young 2015-09-09 358 ret = kimage_file_alloc_init(&image, kernel_fd, initrd_fd, cmdline_ptr, a43cac0d9dc207 Dave Young 2015-09-09 359 cmdline_len, flags); a43cac0d9dc207 Dave Young 2015-09-09 360 if (ret) a43cac0d9dc207 Dave Young 2015-09-09 361 goto out; a43cac0d9dc207 Dave Young 2015-09-09 362 a43cac0d9dc207 Dave Young 2015-09-09 363 ret = machine_kexec_prepare(image); a43cac0d9dc207 Dave Young 2015-09-09 364 if (ret) a43cac0d9dc207 Dave Young 2015-09-09 365 goto out; a43cac0d9dc207 Dave Young 2015-09-09 366 1229384f5b856d Xunlei Pang 2017-07-12 367 /* 1229384f5b856d Xunlei Pang 2017-07-12 368 * Some architecture(like S390) may touch the crash memory before 1229384f5b856d Xunlei Pang 2017-07-12 369 * machine_kexec_prepare(), we must copy vmcoreinfo data after it. 1229384f5b856d Xunlei Pang 2017-07-12 370 */ 1229384f5b856d Xunlei Pang 2017-07-12 371 ret = kimage_crash_copy_vmcoreinfo(image); 1229384f5b856d Xunlei Pang 2017-07-12 372 if (ret) 1229384f5b856d Xunlei Pang 2017-07-12 373 goto out; 1229384f5b856d Xunlei Pang 2017-07-12 374 a43cac0d9dc207 Dave Young 2015-09-09 375 ret = kexec_calculate_store_digests(image); a43cac0d9dc207 Dave Young 2015-09-09 376 if (ret) a43cac0d9dc207 Dave Young 2015-09-09 377 goto out; a43cac0d9dc207 Dave Young 2015-09-09 378 a43cac0d9dc207 Dave Young 2015-09-09 379 for (i = 0; i < image->nr_segments; i++) { a43cac0d9dc207 Dave Young 2015-09-09 380 struct kexec_segment *ksegment; a43cac0d9dc207 Dave Young 2015-09-09 381 a43cac0d9dc207 Dave Young 2015-09-09 382 ksegment = &image->segment[i]; a43cac0d9dc207 Dave Young 2015-09-09 383 pr_debug("Loading segment %d: buf=0x%p bufsz=0x%zx mem=0x%lx memsz=0x%zx\n", a43cac0d9dc207 Dave Young 2015-09-09 384 i, ksegment->buf, ksegment->bufsz, ksegment->mem, a43cac0d9dc207 Dave Young 2015-09-09 385 ksegment->memsz); a43cac0d9dc207 Dave Young 2015-09-09 386 a43cac0d9dc207 Dave Young 2015-09-09 387 ret = kimage_load_segment(image, &image->segment[i]); a43cac0d9dc207 Dave Young 2015-09-09 388 if (ret) a43cac0d9dc207 Dave Young 2015-09-09 389 goto out; a43cac0d9dc207 Dave Young 2015-09-09 390 } a43cac0d9dc207 Dave Young 2015-09-09 391 a43cac0d9dc207 Dave Young 2015-09-09 392 kimage_terminate(image); a43cac0d9dc207 Dave Young 2015-09-09 393 de68e4daea9084 Pavel Tatashin 2019-12-04 394 ret = machine_kexec_post_load(image); de68e4daea9084 Pavel Tatashin 2019-12-04 395 if (ret) de68e4daea9084 Pavel Tatashin 2019-12-04 396 goto out; de68e4daea9084 Pavel Tatashin 2019-12-04 397 a43cac0d9dc207 Dave Young 2015-09-09 398 /* a43cac0d9dc207 Dave Young 2015-09-09 399 * Free up any temporary buffers allocated which are not needed a43cac0d9dc207 Dave Young 2015-09-09 400 * after image has been loaded a43cac0d9dc207 Dave Young 2015-09-09 401 */ a43cac0d9dc207 Dave Young 2015-09-09 402 kimage_file_post_load_cleanup(image); a43cac0d9dc207 Dave Young 2015-09-09 403 exchange: a43cac0d9dc207 Dave Young 2015-09-09 404 image = xchg(dest_image, image); a43cac0d9dc207 Dave Young 2015-09-09 405 out: 9b492cf58077a0 Xunlei Pang 2016-05-23 406 if ((flags & KEXEC_FILE_ON_CRASH) && kexec_crash_image) 9b492cf58077a0 Xunlei Pang 2016-05-23 407 arch_kexec_protect_crashkres(); 9b492cf58077a0 Xunlei Pang 2016-05-23 408 a43cac0d9dc207 Dave Young 2015-09-09 409 mutex_unlock(&kexec_mutex); a43cac0d9dc207 Dave Young 2015-09-09 410 kimage_free(image); a43cac0d9dc207 Dave Young 2015-09-09 411 return ret; a43cac0d9dc207 Dave Young 2015-09-09 412 } a43cac0d9dc207 Dave Young 2015-09-09 413 :::::: The code at line 320 was first introduced by commit :::::: a43cac0d9dc2073ff2245a171429ddbe1accece7 kexec: split kexec_file syscall code to kexec_file.c :::::: TO: Dave Young <dyoung@...hat.com> :::::: CC: Linus Torvalds <torvalds@...ux-foundation.org> -- 0-DAY CI Kernel Test Service https://01.org/lkp
Powered by blists - more mailing lists