lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <wxumqnq4u6c3m3oqycvryjghtrrfqn3nbgvrxv2goitprsttdd@i7lilfbyptye>
Date: Mon, 27 Oct 2025 11:14:55 +0100
From: Joel Granados <joel.granados@...nel.org>
To: kernel test robot <lkp@...el.com>
Cc: Kees Cook <kees@...nel.org>, Alexander Viro <viro@...iv.linux.org.uk>, 
	Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>, oe-kbuild-all@...ts.linux.dev, 
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH 7/7] sysctl: Wrap do_proc_douintvec with the public
 function proc_douintvec_conv

On Wed, Oct 22, 2025 at 05:18:51PM +0800, kernel test robot wrote:
> Hi Joel,
> 
> kernel test robot noticed the following build warnings:
> 
> [auto build test WARNING on 130e5390ba572bffa687f32ed212dac1105b654a]
> 
> url:    https://github.com/intel-lab-lkp/linux/commits/Joel-Granados/sysctl-Allow-custom-converters-from-outside-sysctl/20251017-163832
> base:   130e5390ba572bffa687f32ed212dac1105b654a
> patch link:    https://lore.kernel.org/r/20251017-jag-sysctl_jiffies-v1-7-175d81dfdf82%40kernel.org
> patch subject: [PATCH 7/7] sysctl: Wrap do_proc_douintvec with the public function proc_douintvec_conv
> config: i386-randconfig-063-20251022 (https://download.01.org/0day-ci/archive/20251022/202510221719.3ggn070M-lkp@intel.com/config)
> compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251022/202510221719.3ggn070M-lkp@intel.com/reproduce)
> 
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp@...el.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202510221719.3ggn070M-lkp@intel.com/
> 
> sparse warnings: (new ones prefixed by >>)
> >> kernel/kstack_erase.c:34:56: sparse: sparse: incorrect type in argument 3 (different address spaces) @@     expected void *buffer @@     got void [noderef] __user *buffer @@
>    kernel/kstack_erase.c:34:56: sparse:     expected void *buffer
>    kernel/kstack_erase.c:34:56: sparse:     got void [noderef] __user *buffer
This is probably a false positive where the warning was already there
but it moved up in the output (probably due to the function moving up in
the header?)

This made me look a bit more into the issue and I believe that it does
show an issue. Not with the current series, but with commit 0df8bdd5e3b3
("stackleak: move stack_erasing sysctl to stackleak.c"). In this commit
the buffer argument was changed frim void* to void __user*
but in 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler")
the "__user" was removed. I'll post another patch to fix this up.


Best

>    kernel/kstack_erase.c:54:35: sparse: sparse: incorrect type in initializer (incompatible argument 3 (different address spaces)) @@     expected int ( [usertype] *proc_handler )( ... ) @@     got int ( * )( ... ) @@
>    kernel/kstack_erase.c:54:35: sparse:     expected int ( [usertype] *proc_handler )( ... )
>    kernel/kstack_erase.c:54:35: sparse:     got int ( * )( ... )
> 
> vim +34 kernel/kstack_erase.c
> 
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  23  
> 0df8bdd5e3b3e5 kernel/stackleak.c Xiaoming Ni      2022-01-21  24  #ifdef CONFIG_SYSCTL
> 78eb4ea25cd5fd kernel/stackleak.c Joel Granados    2024-07-24  25  static int stack_erasing_sysctl(const struct ctl_table *table, int write,
> 0df8bdd5e3b3e5 kernel/stackleak.c Xiaoming Ni      2022-01-21  26  			void __user *buffer, size_t *lenp, loff_t *ppos)
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  27  {
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  28  	int ret = 0;
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  29  	int state = !static_branch_unlikely(&stack_erasing_bypass);
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  30  	int prev_state = state;
> 0e148d3cca0dc1 kernel/stackleak.c Thomas Weißschuh 2024-05-03  31  	struct ctl_table table_copy = *table;
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  32  
> 0e148d3cca0dc1 kernel/stackleak.c Thomas Weißschuh 2024-05-03  33  	table_copy.data = &state;
> 0e148d3cca0dc1 kernel/stackleak.c Thomas Weißschuh 2024-05-03 @34  	ret = proc_dointvec_minmax(&table_copy, write, buffer, lenp, ppos);
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  35  	state = !!state;
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  36  	if (ret || !write || state == prev_state)
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  37  		return ret;
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  38  
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  39  	if (state)
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  40  		static_branch_disable(&stack_erasing_bypass);
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  41  	else
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  42  		static_branch_enable(&stack_erasing_bypass);
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  43  
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  44  	pr_warn("stackleak: kernel stack erasing is %s\n",
> 62e9c1e8ecee87 kernel/stackleak.c Thorsten Blum    2024-12-22  45  					str_enabled_disabled(state));
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  46  	return ret;
> 964c9dff009189 kernel/stackleak.c Alexander Popov  2018-08-17  47  }
> 1751f872cc97f9 kernel/stackleak.c Joel Granados    2025-01-28  48  static const struct ctl_table stackleak_sysctls[] = {
> 0df8bdd5e3b3e5 kernel/stackleak.c Xiaoming Ni      2022-01-21  49  	{
> 0df8bdd5e3b3e5 kernel/stackleak.c Xiaoming Ni      2022-01-21  50  		.procname	= "stack_erasing",
> 0df8bdd5e3b3e5 kernel/stackleak.c Xiaoming Ni      2022-01-21  51  		.data		= NULL,
> 0df8bdd5e3b3e5 kernel/stackleak.c Xiaoming Ni      2022-01-21  52  		.maxlen		= sizeof(int),
> 0df8bdd5e3b3e5 kernel/stackleak.c Xiaoming Ni      2022-01-21  53  		.mode		= 0600,
> 0df8bdd5e3b3e5 kernel/stackleak.c Xiaoming Ni      2022-01-21  54  		.proc_handler	= stack_erasing_sysctl,
> 0df8bdd5e3b3e5 kernel/stackleak.c Xiaoming Ni      2022-01-21  55  		.extra1		= SYSCTL_ZERO,
> 0df8bdd5e3b3e5 kernel/stackleak.c Xiaoming Ni      2022-01-21  56  		.extra2		= SYSCTL_ONE,
> 0df8bdd5e3b3e5 kernel/stackleak.c Xiaoming Ni      2022-01-21  57  	},
> 0df8bdd5e3b3e5 kernel/stackleak.c Xiaoming Ni      2022-01-21  58  };
> 0df8bdd5e3b3e5 kernel/stackleak.c Xiaoming Ni      2022-01-21  59  
> 
> -- 
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki

-- 

Joel Granados

Download attachment "signature.asc" of type "application/pgp-signature" (660 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ