| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202208221324.VmNeMI4S-lkp@intel.com>
Date: Mon, 22 Aug 2022 13:25:07 +0800
From: kernel test robot <lkp@...el.com>
To: Kirill Tkhai <tkhai@...ru>, netdev@...r.kernel.org
Cc: kbuild-all@...ts.01.org, Eric Dumazet <edumazet@...gle.com>,
Paolo Abeni <pabeni@...hat.com>, Kirill Tkhai <tkhai@...ru>
Subject: Re: [PATCH] af_unix: Add ioctl(SIOCUNIXGRABFDS) to grab files of
receive queue skbs
Hi Kirill,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on net/master]
[also build test WARNING on net-next/master linus/master horms-ipvs/master v6.0-rc2 next-20220819]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Kirill-Tkhai/af_unix-Add-ioctl-SIOCUNIXGRABFDS-to-grab-files-of-receive-queue-skbs/20220815-045608
base: https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git 777885673122b78b2abd2f1e428730961a786ff2
config: i386-randconfig-s003 (https://download.01.org/0day-ci/archive/20220822/202208221324.VmNeMI4S-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.3.0-5) 11.3.0
reproduce:
# apt-get install sparse
# sparse version: v0.6.4-39-gce1a6720-dirty
# https://github.com/intel-lab-lkp/linux/commit/0b4bc309fb3cdc6e470ee5c28e33f2909bfb8266
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Kirill-Tkhai/af_unix-Add-ioctl-SIOCUNIXGRABFDS-to-grab-files-of-receive-queue-skbs/20220815-045608
git checkout 0b4bc309fb3cdc6e470ee5c28e33f2909bfb8266
# save the config file
mkdir build_dir && cp config build_dir/.config
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=i386 SHELL=/bin/bash arch/x86/entry/ fs/cifs/ net/unix/
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@...el.com>
sparse warnings: (new ones prefixed by >>)
>> net/unix/af_unix.c:3130:69: sparse: sparse: incorrect type in argument 2 (different address spaces) @@ expected int [noderef] __user *ufd @@ got int * @@
net/unix/af_unix.c:3130:69: sparse: expected int [noderef] __user *ufd
net/unix/af_unix.c:3130:69: sparse: got int *
net/unix/af_unix.c:159:13: sparse: sparse: context imbalance in 'unix_table_double_lock' - wrong count at exit
net/unix/af_unix.c:178:28: sparse: sparse: context imbalance in 'unix_table_double_unlock' - unexpected unlock
net/unix/af_unix.c:1290:13: sparse: sparse: context imbalance in 'unix_state_double_lock' - wrong count at exit
net/unix/af_unix.c:1308:17: sparse: sparse: context imbalance in 'unix_state_double_unlock' - unexpected unlock
net/unix/af_unix.c:1609:18: sparse: sparse: context imbalance in 'unix_stream_connect' - different lock contexts for basic block
net/unix/af_unix.c:1972:25: sparse: sparse: context imbalance in 'unix_dgram_sendmsg' - unexpected unlock
net/unix/af_unix.c:3325:20: sparse: sparse: context imbalance in 'unix_get_first' - wrong count at exit
net/unix/af_unix.c:3356:34: sparse: sparse: context imbalance in 'unix_get_next' - unexpected unlock
net/unix/af_unix.c:3386:42: sparse: sparse: context imbalance in 'unix_seq_stop' - unexpected unlock
net/unix/af_unix.c:3489:34: sparse: sparse: context imbalance in 'bpf_iter_unix_hold_batch' - unexpected unlock
vim +3130 net/unix/af_unix.c
3081
3082 static int unix_ioc_grab_fds(struct sock *sk, struct unix_ioc_grab_fds __user *uarg)
3083 {
3084 int i, todo, skip, count, all, err, done = 0;
3085 struct unix_sock *u = unix_sk(sk);
3086 struct unix_ioc_grab_fds arg;
3087 struct sk_buff *skb = NULL;
3088 struct scm_fp_list *fp;
3089
3090 if (copy_from_user(&arg, uarg, sizeof(arg)))
3091 return -EFAULT;
3092
3093 skip = arg.in.nr_skip;
3094 todo = arg.in.nr_grab;
3095
3096 if (skip < 0 || todo <= 0)
3097 return -EINVAL;
3098 if (mutex_lock_interruptible(&u->iolock))
3099 return -EINTR;
3100
3101 all = atomic_read(&u->scm_stat.nr_fds);
3102 err = -EFAULT;
3103 /* Set uarg->out.nr_all before the first file is received. */
3104 if (put_user(all, &uarg->out.nr_all))
3105 goto unlock;
3106 err = 0;
3107 if (all <= skip)
3108 goto unlock;
3109 if (all - skip < todo)
3110 todo = all - skip;
3111 while (todo) {
3112 spin_lock(&sk->sk_receive_queue.lock);
3113 if (!skb)
3114 skb = skb_peek(&sk->sk_receive_queue);
3115 else
3116 skb = skb_peek_next(skb, &sk->sk_receive_queue);
3117 spin_unlock(&sk->sk_receive_queue.lock);
3118
3119 if (!skb)
3120 goto unlock;
3121
3122 fp = UNIXCB(skb).fp;
3123 count = fp->count;
3124 if (skip >= count) {
3125 skip -= count;
3126 continue;
3127 }
3128
3129 for (i = skip; i < count && todo; i++) {
> 3130 err = receive_fd_user(fp->fp[i], &arg.in.fds[done], 0);
3131 if (err < 0)
3132 goto unlock;
3133 done++;
3134 todo--;
3135 }
3136 skip = 0;
3137 }
3138 unlock:
3139 mutex_unlock(&u->iolock);
3140
3141 /* Return number of fds (non-error) if there is a received file. */
3142 if (done)
3143 return done;
3144 if (err < 0)
3145 return err;
3146 return 0;
3147 }
3148
--
0-DAY CI Kernel Test Service
https://01.org/lkp
Powered by blists - more mailing lists