lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <202301150709.9EC6UKBT-lkp@intel.com>
Date:   Sun, 15 Jan 2023 08:02:04 +0800
From:   kernel test robot <lkp@...el.com>
To:     Mateusz Guzik <mjguzik@...il.com>, viro@...iv.linux.org.uk
Cc:     oe-kbuild-all@...ts.linux.dev, serge@...lyn.com,
        torvalds@...ux-foundation.org, linux-fsdevel@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        Mateusz Guzik <mjguzik@...il.com>
Subject: Re: [PATCH 2/2] vfs: avoid duplicating creds in faccessat if possible

Hi Mateusz,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on viro-vfs/for-next]
[also build test WARNING on linus/master v6.2-rc3 next-20230113]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/Mateusz-Guzik/vfs-avoid-duplicating-creds-in-faccessat-if-possible/20230115-020359
base:   https://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git for-next
patch link:    https://lore.kernel.org/r/20230114180224.1777699-2-mjguzik%40gmail.com
patch subject: [PATCH 2/2] vfs: avoid duplicating creds in faccessat if possible
config: ia64-randconfig-s051-20230115
compiler: ia64-linux-gcc (GCC) 12.1.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # apt-get install sparse
        # sparse version: v0.6.4-39-gce1a6720-dirty
        # https://github.com/intel-lab-lkp/linux/commit/66a936fbf1bdfa33fa679f2906b306c426b7d0da
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Mateusz-Guzik/vfs-avoid-duplicating-creds-in-faccessat-if-possible/20230115-020359
        git checkout 66a936fbf1bdfa33fa679f2906b306c426b7d0da
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=ia64 olddefconfig
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-12.1.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=ia64 SHELL=/bin/bash

If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@...el.com>

sparse warnings: (new ones prefixed by >>)
>> fs/open.c:381:14: sparse: sparse: incorrect type in assignment (different address spaces) @@     expected struct cred const *cred @@     got struct cred const [noderef] __rcu *cred @@
   fs/open.c:381:14: sparse:     expected struct cred const *cred
   fs/open.c:381:14: sparse:     got struct cred const [noderef] __rcu *cred
   fs/open.c:1151:21: sparse: sparse: restricted fmode_t degrades to integer

vim +381 fs/open.c

   365	
   366	/*
   367	 * access() needs to use the real uid/gid, not the effective uid/gid.
   368	 * We do this by temporarily clearing all FS-related capabilities and
   369	 * switching the fsuid/fsgid around to the real ones.
   370	 *
   371	 * Creating new credentials is expensive, so we try to skip doing it,
   372	 * which we can if the result would match what we already got.
   373	 */
   374	static bool access_need_override_creds(int flags)
   375	{
   376		const struct cred *cred;
   377	
   378		if (flags & AT_EACCESS)
   379			return false;
   380	
 > 381		cred = current->cred;
   382		if (!uid_eq(cred->fsuid, cred->uid) ||
   383		    !gid_eq(cred->fsgid, cred->gid))
   384			return true;
   385	
   386		if (!issecure(SECURE_NO_SETUID_FIXUP)) {
   387			kuid_t root_uid = make_kuid(cred->user_ns, 0);
   388			if (!uid_eq(cred->uid, root_uid)) {
   389				if (!cap_isclear(cred->cap_effective))
   390					return true;
   391			} else {
   392				if (!cap_isidentical(cred->cap_effective,
   393				    cred->cap_permitted))
   394					return true;
   395			}
   396		}
   397	
   398		return false;
   399	}
   400	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests

View attachment "config" of type "text/plain" (141192 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ