| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Feb 2018 12:30:42 +0800
From: kbuild test robot <lkp@...el.com>
To: Kees Cook <keescook@...omium.org>
Cc: kbuild-all@...org,
syzbot+e2d6cfb305e9f3911dea@...kaller.appspotmail.com,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
Eric Biggers <ebiggers3@...il.com>, james.morse@....com,
keun-o.park@...kmatter.ae, labbott@...hat.com, linux-mm@...ck.org,
mingo@...nel.org
Subject: Re: [PATCH] socket: Provide bounce buffer for constant sized
put_cmsg()
Hi Kees,
I love your patch! Yet something to improve:
[auto build test ERROR on linus/master]
[also build test ERROR on v4.15 next-20180201]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Kees-Cook/socket-Provide-bounce-buffer-for-constant-sized-put_cmsg/20180202-113637
config: i386-randconfig-s0-201804 (attached as .config)
compiler: gcc-6 (Debian 6.4.0-9) 6.4.0 20171026
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All error/warnings (new ones prefixed by >>):
In file included from include/linux/skbuff.h:23:0,
from include/linux/if_ether.h:23,
from include/uapi/linux/ethtool.h:19,
from include/linux/ethtool.h:18,
from include/linux/netdevice.h:41,
from include/net/sock.h:51,
from include/net/bluetooth/bluetooth.h:29,
from net/bluetooth/hci_sock.c:32:
net/bluetooth/hci_sock.c: In function 'hci_sock_cmsg':
>> include/linux/socket.h:355:19: error: variable or field '_val' declared void
typeof(*(_ptr)) _val = *(_ptr); \
^
>> net/bluetooth/hci_sock.c:1406:3: note: in expansion of macro 'put_cmsg'
put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
^~~~~~~~
>> include/linux/socket.h:355:26: warning: dereferencing 'void *' pointer
typeof(*(_ptr)) _val = *(_ptr); \
^~~~~~~
>> net/bluetooth/hci_sock.c:1406:3: note: in expansion of macro 'put_cmsg'
put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
^~~~~~~~
>> include/linux/socket.h:355:26: error: void value not ignored as it ought to be
typeof(*(_ptr)) _val = *(_ptr); \
^
>> net/bluetooth/hci_sock.c:1406:3: note: in expansion of macro 'put_cmsg'
put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
^~~~~~~~
--
In file included from include/linux/kernel.h:10:0,
from include/linux/list.h:9,
from include/linux/random.h:10,
from include/linux/net.h:22,
from net/rxrpc/recvmsg.c:14:
In function 'rxrpc_recvmsg_new_call',
inlined from 'rxrpc_recvmsg' at net/rxrpc/recvmsg.c:539:7:
>> include/linux/compiler.h:330:38: error: call to '__compiletime_assert_119' declared with attribute error: BUILD_BUG_ON failed: sizeof(_val) != (0)
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^
include/linux/compiler.h:310:4: note: in definition of macro '__compiletime_assert'
prefix ## suffix(); \
^~~~~~
include/linux/compiler.h:330:2: note: in expansion of macro '_compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:47:37: note: in expansion of macro 'compiletime_assert'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:71:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^~~~~~~~~~~~~~~~
>> include/linux/socket.h:356:3: note: in expansion of macro 'BUILD_BUG_ON'
BUILD_BUG_ON(sizeof(_val) != (_len)); \
^~~~~~~~~~~~
>> net/rxrpc/recvmsg.c:119:8: note: in expansion of macro 'put_cmsg'
ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NEW_CALL, 0, &tmp);
^~~~~~~~
In function 'rxrpc_recvmsg_term',
inlined from 'rxrpc_recvmsg' at net/rxrpc/recvmsg.c:562:7:
include/linux/compiler.h:330:38: error: call to '__compiletime_assert_77' declared with attribute error: BUILD_BUG_ON failed: sizeof(_val) != (0)
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^
include/linux/compiler.h:310:4: note: in definition of macro '__compiletime_assert'
prefix ## suffix(); \
^~~~~~
include/linux/compiler.h:330:2: note: in expansion of macro '_compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:47:37: note: in expansion of macro 'compiletime_assert'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:71:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^~~~~~~~~~~~~~~~
>> include/linux/socket.h:356:3: note: in expansion of macro 'BUILD_BUG_ON'
BUILD_BUG_ON(sizeof(_val) != (_len)); \
^~~~~~~~~~~~
net/rxrpc/recvmsg.c:77:10: note: in expansion of macro 'put_cmsg'
ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ACK, 0, &tmp);
^~~~~~~~
--
In file included from arch/x86/include/asm/atomic.h:5:0,
from include/linux/atomic.h:5,
from include/linux/rhashtable.h:20,
from net/tipc/socket.c:37:
net/tipc/socket.c: In function 'tipc_sk_anc_data_recv':
include/linux/compiler.h:330:38: error: call to '__compiletime_assert_1565' declared with attribute error: BUILD_BUG_ON failed: sizeof(_val) != (8)
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^
include/linux/compiler.h:310:4: note: in definition of macro '__compiletime_assert'
prefix ## suffix(); \
^~~~~~
include/linux/compiler.h:330:2: note: in expansion of macro '_compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:47:37: note: in expansion of macro 'compiletime_assert'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:71:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^~~~~~~~~~~~~~~~
>> include/linux/socket.h:356:3: note: in expansion of macro 'BUILD_BUG_ON'
BUILD_BUG_ON(sizeof(_val) != (_len)); \
^~~~~~~~~~~~
>> net/tipc/socket.c:1565:9: note: in expansion of macro 'put_cmsg'
res = put_cmsg(m, SOL_TIPC, TIPC_ERRINFO, 8, anc_data);
^~~~~~~~
include/linux/compiler.h:330:38: error: call to '__compiletime_assert_1601' declared with attribute error: BUILD_BUG_ON failed: sizeof(_val) != (12)
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^
include/linux/compiler.h:310:4: note: in definition of macro '__compiletime_assert'
prefix ## suffix(); \
^~~~~~
include/linux/compiler.h:330:2: note: in expansion of macro '_compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:47:37: note: in expansion of macro 'compiletime_assert'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:71:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^~~~~~~~~~~~~~~~
>> include/linux/socket.h:356:3: note: in expansion of macro 'BUILD_BUG_ON'
BUILD_BUG_ON(sizeof(_val) != (_len)); \
^~~~~~~~~~~~
net/tipc/socket.c:1601:9: note: in expansion of macro 'put_cmsg'
res = put_cmsg(m, SOL_TIPC, TIPC_DESTNAME, 12, anc_data);
^~~~~~~~
--
In file included from include/linux/skbuff.h:23:0,
from include/linux/if_ether.h:23,
from include/uapi/linux/ethtool.h:19,
from include/linux/ethtool.h:18,
from include/linux/netdevice.h:41,
from include/net/sock.h:51,
from include/net/bluetooth/bluetooth.h:29,
from net//bluetooth/hci_sock.c:32:
net//bluetooth/hci_sock.c: In function 'hci_sock_cmsg':
>> include/linux/socket.h:355:19: error: variable or field '_val' declared void
typeof(*(_ptr)) _val = *(_ptr); \
^
net//bluetooth/hci_sock.c:1406:3: note: in expansion of macro 'put_cmsg'
put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
^~~~~~~~
>> include/linux/socket.h:355:26: warning: dereferencing 'void *' pointer
typeof(*(_ptr)) _val = *(_ptr); \
^~~~~~~
net//bluetooth/hci_sock.c:1406:3: note: in expansion of macro 'put_cmsg'
put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
^~~~~~~~
>> include/linux/socket.h:355:26: error: void value not ignored as it ought to be
typeof(*(_ptr)) _val = *(_ptr); \
^
net//bluetooth/hci_sock.c:1406:3: note: in expansion of macro 'put_cmsg'
put_cmsg(msg, SOL_HCI, HCI_CMSG_TSTAMP, len, data);
^~~~~~~~
--
In file included from include/linux/kernel.h:10:0,
from include/linux/list.h:9,
from include/linux/random.h:10,
from include/linux/net.h:22,
from net//rxrpc/recvmsg.c:14:
In function 'rxrpc_recvmsg_new_call',
inlined from 'rxrpc_recvmsg' at net//rxrpc/recvmsg.c:539:7:
>> include/linux/compiler.h:330:38: error: call to '__compiletime_assert_119' declared with attribute error: BUILD_BUG_ON failed: sizeof(_val) != (0)
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^
include/linux/compiler.h:310:4: note: in definition of macro '__compiletime_assert'
prefix ## suffix(); \
^~~~~~
include/linux/compiler.h:330:2: note: in expansion of macro '_compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:47:37: note: in expansion of macro 'compiletime_assert'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:71:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^~~~~~~~~~~~~~~~
>> include/linux/socket.h:356:3: note: in expansion of macro 'BUILD_BUG_ON'
BUILD_BUG_ON(sizeof(_val) != (_len)); \
^~~~~~~~~~~~
net//rxrpc/recvmsg.c:119:8: note: in expansion of macro 'put_cmsg'
ret = put_cmsg(msg, SOL_RXRPC, RXRPC_NEW_CALL, 0, &tmp);
^~~~~~~~
In function 'rxrpc_recvmsg_term',
inlined from 'rxrpc_recvmsg' at net//rxrpc/recvmsg.c:562:7:
include/linux/compiler.h:330:38: error: call to '__compiletime_assert_77' declared with attribute error: BUILD_BUG_ON failed: sizeof(_val) != (0)
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^
include/linux/compiler.h:310:4: note: in definition of macro '__compiletime_assert'
prefix ## suffix(); \
^~~~~~
include/linux/compiler.h:330:2: note: in expansion of macro '_compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:47:37: note: in expansion of macro 'compiletime_assert'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:71:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^~~~~~~~~~~~~~~~
>> include/linux/socket.h:356:3: note: in expansion of macro 'BUILD_BUG_ON'
BUILD_BUG_ON(sizeof(_val) != (_len)); \
^~~~~~~~~~~~
net//rxrpc/recvmsg.c:77:10: note: in expansion of macro 'put_cmsg'
ret = put_cmsg(msg, SOL_RXRPC, RXRPC_ACK, 0, &tmp);
^~~~~~~~
--
In file included from arch/x86/include/asm/atomic.h:5:0,
from include/linux/atomic.h:5,
from include/linux/rhashtable.h:20,
from net//tipc/socket.c:37:
net//tipc/socket.c: In function 'tipc_sk_anc_data_recv':
include/linux/compiler.h:330:38: error: call to '__compiletime_assert_1565' declared with attribute error: BUILD_BUG_ON failed: sizeof(_val) != (8)
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^
include/linux/compiler.h:310:4: note: in definition of macro '__compiletime_assert'
prefix ## suffix(); \
^~~~~~
include/linux/compiler.h:330:2: note: in expansion of macro '_compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:47:37: note: in expansion of macro 'compiletime_assert'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:71:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^~~~~~~~~~~~~~~~
>> include/linux/socket.h:356:3: note: in expansion of macro 'BUILD_BUG_ON'
BUILD_BUG_ON(sizeof(_val) != (_len)); \
^~~~~~~~~~~~
net//tipc/socket.c:1565:9: note: in expansion of macro 'put_cmsg'
res = put_cmsg(m, SOL_TIPC, TIPC_ERRINFO, 8, anc_data);
^~~~~~~~
include/linux/compiler.h:330:38: error: call to '__compiletime_assert_1601' declared with attribute error: BUILD_BUG_ON failed: sizeof(_val) != (12)
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^
include/linux/compiler.h:310:4: note: in definition of macro '__compiletime_assert'
prefix ## suffix(); \
^~~~~~
include/linux/compiler.h:330:2: note: in expansion of macro '_compiletime_assert'
_compiletime_assert(condition, msg, __compiletime_assert_, __LINE__)
^~~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:47:37: note: in expansion of macro 'compiletime_assert'
#define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg)
^~~~~~~~~~~~~~~~~~
include/linux/build_bug.h:71:2: note: in expansion of macro 'BUILD_BUG_ON_MSG'
BUILD_BUG_ON_MSG(condition, "BUILD_BUG_ON failed: " #condition)
^~~~~~~~~~~~~~~~
>> include/linux/socket.h:356:3: note: in expansion of macro 'BUILD_BUG_ON'
BUILD_BUG_ON(sizeof(_val) != (_len)); \
^~~~~~~~~~~~
net//tipc/socket.c:1601:9: note: in expansion of macro 'put_cmsg'
res = put_cmsg(m, SOL_TIPC, TIPC_DESTNAME, 12, anc_data);
^~~~~~~~
vim +/_val +355 include/linux/socket.h
343
344 extern int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr_storage *kaddr);
345 extern int __put_cmsg(struct msghdr*, int level, int type, int len, void *data);
346 /*
347 * Provide a bounce buffer for copying cmsg data to userspace when the size
348 * is constant. Without this, hardened usercopy will see the dynamic size
349 * calculation in __put_cmsg and try to block it. Constant sized copies
350 * should not trigger hardened usercopy checks.
351 */
352 #define put_cmsg(_msg, _level, _type, _len, _ptr) ({ \
353 int _rc; \
354 if (__builtin_constant_p(_len)) { \
> 355 typeof(*(_ptr)) _val = *(_ptr); \
> 356 BUILD_BUG_ON(sizeof(_val) != (_len)); \
357 _rc = __put_cmsg(_msg, _level, _type, sizeof(_val), &_val); \
358 } else { \
359 _rc = __put_cmsg(_msg, _level, _type, _len, _ptr); \
360 } \
361 _rc;})
362
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
Download attachment ".config.gz" of type "application/gzip" (30983 bytes)
Powered by blists - more mailing lists