| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Jun 2023 12:57:10 -0500
From: "Serge E. Hallyn" <serge@...lyn.com>
To: Ben Dooks <ben.dooks@...ethink.co.uk>
Cc: linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, serge@...lyn.com,
Paul Moore <paul@...l-moore.com>
Subject: Re: [PATCH] capabilities: fix sparse warning about __user access
On Mon, Jun 19, 2023 at 01:35:35PM +0100, Ben Dooks wrote:
> The two syscalls for capget and capset are producing sparse warnings
> as sparse is thinking that the "struct __user_cap_data_struct" is marked
> user, which seems to be down to the declaration and typedef at the same
> time.
>
> Fix the following warnings by splutting the struct declaration and then
> the user typedef into two:
I'm not a fan of making code changes to work around scanners'
shortcomings, mainly because eventually I assume the scanners
will learn to deal with it.
However, I don't like the all-in-one typedef+struct definition
either, so let's go with it :)
Paul, do you mind picking this up?
thanks,
-serge
> kernel/capability.c:191:35: warning: incorrect type in argument 2 (different address spaces)
> kernel/capability.c:191:35: expected void const *from
> kernel/capability.c:191:35: got struct __user_cap_data_struct [noderef] __user *
> kernel/capability.c:168:14: warning: dereference of noderef expression
> kernel/capability.c:168:45: warning: dereference of noderef expression
> kernel/capability.c:169:14: warning: dereference of noderef expression
> kernel/capability.c:169:45: warning: dereference of noderef expression
> kernel/capability.c:170:14: warning: dereference of noderef expression
> kernel/capability.c:170:45: warning: dereference of noderef expression
> kernel/capability.c:244:29: warning: incorrect type in argument 1 (different address spaces)
> kernel/capability.c:244:29: expected void *to
> kernel/capability.c:244:29: got struct __user_cap_data_struct [noderef] __user ( * )[2]
> kernel/capability.c:247:42: warning: dereference of noderef expression
> kernel/capability.c:247:64: warning: dereference of noderef expression
> kernel/capability.c:248:42: warning: dereference of noderef expression
> kernel/capability.c:248:64: warning: dereference of noderef expression
> kernel/capability.c:249:42: warning: dereference of noderef expression
> kernel/capability.c:249:64: warning: dereference of noderef expression
>
> Signed-off-by: Ben Dooks <ben.dooks@...ethink.co.uk>
Reviewed-by: Serge Hallyn <serge@...lyn.com>
> ---
> include/uapi/linux/capability.h | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
> index 3d61a0ae055d..5bb906098697 100644
> --- a/include/uapi/linux/capability.h
> +++ b/include/uapi/linux/capability.h
> @@ -41,11 +41,12 @@ typedef struct __user_cap_header_struct {
> int pid;
> } __user *cap_user_header_t;
>
> -typedef struct __user_cap_data_struct {
> +struct __user_cap_data_struct {
> __u32 effective;
> __u32 permitted;
> __u32 inheritable;
> -} __user *cap_user_data_t;
> +};
> +typedef struct __user_cap_data_struct __user *cap_user_data_t;
>
>
> #define VFS_CAP_REVISION_MASK 0xFF000000
> --
> 2.39.2
Powered by blists - more mailing lists