lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260113121040.GC831050@noisy.programming.kicks-ass.net>
Date: Tue, 13 Jan 2026 13:10:40 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Cc: kernel test robot <lkp@...el.com>, oe-kbuild-all@...ts.linux.dev,
	linux-kernel@...r.kernel.org
Subject: Re: kernel/futex/core.c:505:38: sparse: sparse: cast removes address
 space '__user' of expression

On Tue, Jan 13, 2026 at 12:59:46PM +0100, Sebastian Andrzej Siewior wrote:
> On 2026-01-13 19:22:40 [+0800], kernel test robot wrote:
> > tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> > head:   b71e635feefc852405b14620a7fc58c4c80c0f73
> > commit: cec199c5e39bde7191a08087cc3d002ccfab31ff futex: Implement FUTEX2_NUMA
> > date:   9 months ago
> > config: arm64-randconfig-r123-20260113 (https://download.01.org/0day-ci/archive/20260113/202601131901.j7WJ9OeZ-lkp@intel.com/config)
> > compiler: clang version 16.0.6 (https://github.com/llvm/llvm-project 7cbf1a2591520c2491aa35339f227775f4d3adf6)
> > reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260113/202601131901.j7WJ9OeZ-lkp@intel.com/reproduce)
> …
> >sparse warnings: (new ones prefixed by >>)
> >>> kernel/futex/core.c:505:38: sparse: sparse: cast removes address space '__user' of expression
> >>> kernel/futex/core.c:505:51: sparse: sparse: incorrect type in initializer (different address spaces) @@     expected unsigned int [noderef] [usertype] __user *naddr @@     got void * @@
> >   kernel/futex/core.c:505:51: sparse:     expected unsigned int [noderef] [usertype] __user *naddr
> >   kernel/futex/core.c:505:51: sparse:     got void *
> >   kernel/futex/core.c:894:9: sparse: sparse: context imbalance in 'futex_q_lockptr_lock' - wrong count at exit
> …
> >  > 505			u32 __user *naddr = (void *)uaddr + size / 2;
> 
> [ ] I (PeterZ) have it fixed, will post soon
>  [ ] Fix it for me, I'm saving the world atm
> [ ] Ignore it because of $reasonable_reason

Lol :-)

Its here and a few lines down with the same thing I think. The cast is
to get byte pointer math, instead of u32 sized pointer math. Both the
original uaddr and naddr have the __user thing on, but that intermediate
cast trips it up.

Does this work?

---
 kernel/futex/core.c  | 6 +++---
 kernel/futex/futex.h | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/kernel/futex/core.c b/kernel/futex/core.c
index cf7e610eac42..3961d256c79c 100644
--- a/kernel/futex/core.c
+++ b/kernel/futex/core.c
@@ -545,7 +545,7 @@ static u64 get_inode_sequence_number(struct inode *inode)
  *
  * lock_page() might sleep, the caller should not hold a spinlock.
  */
-int get_futex_key(u32 __user *uaddr, unsigned int flags, union futex_key *key,
+int get_futex_key(void __user *uaddr, unsigned int flags, union futex_key *key,
 		  enum futex_access rw)
 {
 	unsigned long address = (unsigned long)uaddr;
@@ -579,7 +579,7 @@ int get_futex_key(u32 __user *uaddr, unsigned int flags, union futex_key *key,
 	node = FUTEX_NO_NODE;
 
 	if (flags & FLAGS_NUMA) {
-		u32 __user *naddr = (void *)uaddr + size / 2;
+		u32 __user *naddr = uaddr + size / 2;
 
 		if (get_user_inline(node, naddr))
 			return -EFAULT;
@@ -595,7 +595,7 @@ int get_futex_key(u32 __user *uaddr, unsigned int flags, union futex_key *key,
 	}
 
 	if (flags & FLAGS_NUMA) {
-		u32 __user *naddr = (void *)uaddr + size / 2;
+		u32 __user *naddr = uaddr + size / 2;
 
 		if (node == FUTEX_NO_NODE) {
 			node = numa_node_id();
diff --git a/kernel/futex/futex.h b/kernel/futex/futex.h
index 30c2afa03889..99595742c994 100644
--- a/kernel/futex/futex.h
+++ b/kernel/futex/futex.h
@@ -215,7 +215,7 @@ enum futex_access {
 	FUTEX_WRITE
 };
 
-extern int get_futex_key(u32 __user *uaddr, unsigned int flags, union futex_key *key,
+extern int get_futex_key(void __user *uaddr, unsigned int flags, union futex_key *key,
 			 enum futex_access rw);
 extern void futex_q_lockptr_lock(struct futex_q *q);
 extern struct hrtimer_sleeper *

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ