lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 23 Apr 2024 11:16:58 +0800
From: kernel test robot <lkp@...el.com>
To: zijianzhang@...edance.com, netdev@...r.kernel.org
Cc: oe-kbuild-all@...ts.linux.dev, edumazet@...gle.com,
	willemdebruijn.kernel@...il.com, davem@...emloft.net,
	kuba@...nel.org, cong.wang@...edance.com, xiaochun.lu@...edance.com,
	Zijian Zhang <zijianzhang@...edance.com>
Subject: Re: [PATCH net-next v2 2/3] sock: add MSG_ZEROCOPY notification
 mechanism based on msg_control

Hi,

kernel test robot noticed the following build warnings:

[auto build test WARNING on net-next/main]

url:    https://github.com/intel-lab-lkp/linux/commits/zijianzhang-bytedance-com/selftests-fix-OOM-problem-in-msg_zerocopy-selftest/20240420-055035
base:   net-next/main
patch link:    https://lore.kernel.org/r/20240419214819.671536-3-zijianzhang%40bytedance.com
patch subject: [PATCH net-next v2 2/3] sock: add MSG_ZEROCOPY notification mechanism based on msg_control
config: i386-randconfig-061-20240423 (https://download.01.org/0day-ci/archive/20240423/202404231145.7NfmE7Hn-lkp@intel.com/config)
compiler: gcc-13 (Ubuntu 13.2.0-4ubuntu3) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240423/202404231145.7NfmE7Hn-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202404231145.7NfmE7Hn-lkp@intel.com/

sparse warnings: (new ones prefixed by >>)
>> net/core/sock.c:2864:26: sparse: sparse: incorrect type in assignment (different address spaces) @@     expected void [noderef] __user *usr_addr @@     got void * @@
   net/core/sock.c:2864:26: sparse:     expected void [noderef] __user *usr_addr
   net/core/sock.c:2864:26: sparse:     got void *
   net/core/sock.c:2393:9: sparse: sparse: context imbalance in 'sk_clone_lock' - wrong count at exit
   net/core/sock.c:2397:6: sparse: sparse: context imbalance in 'sk_free_unlock_clone' - unexpected unlock
   net/core/sock.c:4103:13: sparse: sparse: context imbalance in 'proto_seq_start' - wrong count at exit
   net/core/sock.c:4115:13: sparse: sparse: context imbalance in 'proto_seq_stop' - wrong count at exit

vim +2864 net/core/sock.c

  2807	
  2808	int __sock_cmsg_send(struct sock *sk, struct cmsghdr *cmsg,
  2809			     struct sockcm_cookie *sockc)
  2810	{
  2811		u32 tsflags;
  2812		int ret, zc_info_size, i = 0;
  2813		unsigned long flags;
  2814		struct sk_buff_head *q, local_q;
  2815		struct sk_buff *skb, *tmp;
  2816		struct sock_exterr_skb *serr;
  2817		struct zc_info_usr *zc_info_usr_p, *zc_info_kern_p;
  2818		void __user	*usr_addr;
  2819	
  2820		switch (cmsg->cmsg_type) {
  2821		case SO_MARK:
  2822			if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
  2823			    !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
  2824				return -EPERM;
  2825			if (cmsg->cmsg_len != CMSG_LEN(sizeof(u32)))
  2826				return -EINVAL;
  2827			sockc->mark = *(u32 *)CMSG_DATA(cmsg);
  2828			break;
  2829		case SO_TIMESTAMPING_OLD:
  2830		case SO_TIMESTAMPING_NEW:
  2831			if (cmsg->cmsg_len != CMSG_LEN(sizeof(u32)))
  2832				return -EINVAL;
  2833	
  2834			tsflags = *(u32 *)CMSG_DATA(cmsg);
  2835			if (tsflags & ~SOF_TIMESTAMPING_TX_RECORD_MASK)
  2836				return -EINVAL;
  2837	
  2838			sockc->tsflags &= ~SOF_TIMESTAMPING_TX_RECORD_MASK;
  2839			sockc->tsflags |= tsflags;
  2840			break;
  2841		case SCM_TXTIME:
  2842			if (!sock_flag(sk, SOCK_TXTIME))
  2843				return -EINVAL;
  2844			if (cmsg->cmsg_len != CMSG_LEN(sizeof(u64)))
  2845				return -EINVAL;
  2846			sockc->transmit_time = get_unaligned((u64 *)CMSG_DATA(cmsg));
  2847			break;
  2848		/* SCM_RIGHTS and SCM_CREDENTIALS are semantically in SOL_UNIX. */
  2849		case SCM_RIGHTS:
  2850		case SCM_CREDENTIALS:
  2851			break;
  2852		case SO_ZC_NOTIFICATION:
  2853			if (!sock_flag(sk, SOCK_ZEROCOPY) || sk->sk_family == PF_RDS)
  2854				return -EINVAL;
  2855	
  2856			zc_info_usr_p = (struct zc_info_usr *)CMSG_DATA(cmsg);
  2857			if (zc_info_usr_p->length <= 0 || zc_info_usr_p->length > SOCK_ZC_INFO_MAX)
  2858				return -EINVAL;
  2859	
  2860			zc_info_size = struct_size(zc_info_usr_p, info, zc_info_usr_p->length);
  2861			if (cmsg->cmsg_len != CMSG_LEN(zc_info_size))
  2862				return -EINVAL;
  2863	
> 2864			usr_addr = (void *)(uintptr_t)(zc_info_usr_p->usr_addr);
  2865			if (!access_ok(usr_addr, zc_info_size))
  2866				return -EFAULT;
  2867	
  2868			zc_info_kern_p = kmalloc(zc_info_size, GFP_KERNEL);
  2869			if (!zc_info_kern_p)
  2870				return -ENOMEM;
  2871	
  2872			q = &sk->sk_error_queue;
  2873			skb_queue_head_init(&local_q);
  2874			spin_lock_irqsave(&q->lock, flags);
  2875			skb = skb_peek(q);
  2876			while (skb && i < zc_info_usr_p->length) {
  2877				struct sk_buff *skb_next = skb_peek_next(skb, q);
  2878	
  2879				serr = SKB_EXT_ERR(skb);
  2880				if (serr->ee.ee_errno == 0 &&
  2881				    serr->ee.ee_origin == SO_EE_ORIGIN_ZEROCOPY) {
  2882					zc_info_kern_p->info[i].hi = serr->ee.ee_data;
  2883					zc_info_kern_p->info[i].lo = serr->ee.ee_info;
  2884					zc_info_kern_p->info[i].zerocopy = !(serr->ee.ee_code
  2885									& SO_EE_CODE_ZEROCOPY_COPIED);
  2886					__skb_unlink(skb, q);
  2887					__skb_queue_tail(&local_q, skb);
  2888					i++;
  2889				}
  2890				skb = skb_next;
  2891			}
  2892			spin_unlock_irqrestore(&q->lock, flags);
  2893	
  2894			zc_info_kern_p->usr_addr = zc_info_usr_p->usr_addr;
  2895			zc_info_kern_p->length = i;
  2896	
  2897			ret = copy_to_user(usr_addr,
  2898					   zc_info_kern_p,
  2899						struct_size(zc_info_kern_p, info, i));
  2900			kfree(zc_info_kern_p);
  2901	
  2902			if (unlikely(ret)) {
  2903				spin_lock_irqsave(&q->lock, flags);
  2904				skb_queue_reverse_walk_safe(&local_q, skb, tmp) {
  2905					__skb_unlink(skb, &local_q);
  2906					__skb_queue_head(q, skb);
  2907				}
  2908				spin_unlock_irqrestore(&q->lock, flags);
  2909				return -EFAULT;
  2910			}
  2911	
  2912			while ((skb = __skb_dequeue(&local_q)))
  2913				consume_skb(skb);
  2914			break;
  2915		default:
  2916			return -EINVAL;
  2917		}
  2918		return 0;
  2919	}
  2920	EXPORT_SYMBOL(__sock_cmsg_send);
  2921	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ