Hi Cyrill, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on linux/master] [also build test WARNING on v5.15] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/Cyrill-Gorcunov/prctl-PR_SET_MM-unify-copying-of-user-s-auvx/20210929-123259 base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5816b3e6577eaa676ceb00a848f0fd65fe2adc29 config: parisc-randconfig-s032-20210929 (attached as .config) compiler: hppa-linux-gcc (GCC) 11.2.0 reproduce: wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # apt-get install sparse # sparse version: v0.6.4-dirty # https://github.com/0day-ci/linux/commit/37297835c68662e1781118a01b7a271277e965d0 git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Cyrill-Gorcunov/prctl-PR_SET_MM-unify-copying-of-user-s-auvx/20210929-123259 git checkout 37297835c68662e1781118a01b7a271277e965d0 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=parisc If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot sparse warnings: (new ones prefixed by >>) >> kernel/sys.c:1997:58: sparse: sparse: incorrect type in argument 3 (different address spaces) @@ expected void const [noderef] __user *addr @@ got unsigned long long [usertype] *[addressable] auxv @@ kernel/sys.c:1997:58: sparse: expected void const [noderef] __user *addr kernel/sys.c:1997:58: sparse: got unsigned long long [usertype] *[addressable] auxv kernel/sys.c:1068:32: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct task_struct *p1 @@ got struct task_struct [noderef] __rcu *real_parent @@ kernel/sys.c:1068:32: sparse: expected struct task_struct *p1 kernel/sys.c:1068:32: sparse: got struct task_struct [noderef] __rcu *real_parent kernel/sys.c: note: in included file (through include/linux/rcuwait.h, include/linux/percpu-rwsem.h, include/linux/fs.h, ...): include/linux/sched/signal.h:710:37: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@ include/linux/sched/signal.h:710:37: sparse: expected struct spinlock [usertype] *lock include/linux/sched/signal.h:710:37: sparse: got struct spinlock [noderef] __rcu * vim +1997 kernel/sys.c 1968 1969 #ifdef CONFIG_CHECKPOINT_RESTORE 1970 static int prctl_set_mm_map(int opt, const void __user *addr, unsigned long data_size) 1971 { 1972 struct prctl_mm_map prctl_map = { .exe_fd = (u32)-1, }; 1973 unsigned long user_auxv[AT_VECTOR_SIZE]; 1974 struct mm_struct *mm = current->mm; 1975 int error; 1976 1977 BUILD_BUG_ON(sizeof(user_auxv) != sizeof(mm->saved_auxv)); 1978 BUILD_BUG_ON(sizeof(struct prctl_mm_map) > 256); 1979 1980 if (opt == PR_SET_MM_MAP_SIZE) 1981 return put_user((unsigned int)sizeof(prctl_map), 1982 (unsigned int __user *)addr); 1983 1984 if (data_size != sizeof(prctl_map)) 1985 return -EINVAL; 1986 1987 if (copy_from_user(&prctl_map, addr, sizeof(prctl_map))) 1988 return -EFAULT; 1989 1990 error = validate_prctl_map_addr(&prctl_map); 1991 if (error) 1992 return error; 1993 1994 if (prctl_map.auxv_size) { 1995 int error = copy_auxv_from_user(user_auxv, 1996 sizeof(user_auxv), > 1997 prctl_map.auxv, 1998 prctl_map.auxv_size); 1999 if (error) 2000 return error; 2001 } 2002 2003 if (prctl_map.exe_fd != (u32)-1) { 2004 /* 2005 * Check if the current user is checkpoint/restore capable. 2006 * At the time of this writing, it checks for CAP_SYS_ADMIN 2007 * or CAP_CHECKPOINT_RESTORE. 2008 * Note that a user with access to ptrace can masquerade an 2009 * arbitrary program as any executable, even setuid ones. 2010 * This may have implications in the tomoyo subsystem. 2011 */ 2012 if (!checkpoint_restore_ns_capable(current_user_ns())) 2013 return -EPERM; 2014 2015 error = prctl_set_mm_exe_file(mm, prctl_map.exe_fd); 2016 if (error) 2017 return error; 2018 } 2019 2020 /* 2021 * arg_lock protects concurrent updates but we still need mmap_lock for 2022 * read to exclude races with sys_brk. 2023 */ 2024 mmap_read_lock(mm); 2025 2026 /* 2027 * We don't validate if these members are pointing to 2028 * real present VMAs because application may have correspond 2029 * VMAs already unmapped and kernel uses these members for statistics 2030 * output in procfs mostly, except 2031 * 2032 * - @start_brk/@brk which are used in do_brk_flags but kernel lookups 2033 * for VMAs when updating these members so anything wrong written 2034 * here cause kernel to swear at userspace program but won't lead 2035 * to any problem in kernel itself 2036 */ 2037 2038 spin_lock(&mm->arg_lock); 2039 mm->start_code = prctl_map.start_code; 2040 mm->end_code = prctl_map.end_code; 2041 mm->start_data = prctl_map.start_data; 2042 mm->end_data = prctl_map.end_data; 2043 mm->start_brk = prctl_map.start_brk; 2044 mm->brk = prctl_map.brk; 2045 mm->start_stack = prctl_map.start_stack; 2046 mm->arg_start = prctl_map.arg_start; 2047 mm->arg_end = prctl_map.arg_end; 2048 mm->env_start = prctl_map.env_start; 2049 mm->env_end = prctl_map.env_end; 2050 spin_unlock(&mm->arg_lock); 2051 2052 /* 2053 * Note this update of @saved_auxv is lockless thus 2054 * if someone reads this member in procfs while we're 2055 * updating -- it may get partly updated results. It's 2056 * known and acceptable trade off: we leave it as is to 2057 * not introduce additional locks here making the kernel 2058 * more complex. 2059 */ 2060 if (prctl_map.auxv_size) 2061 memcpy(mm->saved_auxv, user_auxv, sizeof(user_auxv)); 2062 2063 mmap_read_unlock(mm); 2064 return 0; 2065 } 2066 #endif /* CONFIG_CHECKPOINT_RESTORE */ 2067 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org