CC: llvm(a)lists.linux.dev CC: kbuild-all(a)lists.01.org CC: linux-kernel(a)vger.kernel.org TO: Alexey Gladkov CC: "Eric W. Biederman" tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 64b4fc45bea6f4faa843d2f97ff51665280efee1 commit: 21d1c5e386bc751f1953b371d72cd5b7d9c9e270 Reimplement RLIMIT_NPROC on top of ucounts date: 4 months ago :::::: branch date: 21 hours ago :::::: commit date: 4 months ago config: riscv-randconfig-c006-20210828 (attached as .config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 4e1a164d7bd53653f79decc121afe784d2fde0a7) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install riscv cross compiling tool for clang build # apt-get install binutils-riscv64-linux-gnu # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=21d1c5e386bc751f1953b371d72cd5b7d9c9e270 git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 21d1c5e386bc751f1953b371d72cd5b7d9c9e270 # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot clang-analyzer warnings: (new ones prefixed by >>) mm/mmap.c:2880:7: note: 'error' is 0 if (error) ^~~~~ mm/mmap.c:2880:3: note: Taking false branch if (error) ^ mm/mmap.c:2887:6: note: Assuming field 'locked_vm' is not equal to 0 if (mm->locked_vm) { ^~~~~~~~~~~~~ mm/mmap.c:2887:2: note: Taking true branch if (mm->locked_vm) { ^ mm/mmap.c:2889:10: note: Assuming pointer value is null while (tmp && tmp->vm_start < end) { ^~~ mm/mmap.c:2889:10: note: Assuming 'tmp' is null while (tmp && tmp->vm_start < end) { ^~~ mm/mmap.c:2889:14: note: Left side of '&&' is false while (tmp && tmp->vm_start < end) { ^ mm/mmap.c:2900:38: note: Passing null pointer value via 2nd parameter 'vma' if (!detach_vmas_to_be_unmapped(mm, vma, prev, end)) ^~~ mm/mmap.c:2900:7: note: Calling 'detach_vmas_to_be_unmapped' if (!detach_vmas_to_be_unmapped(mm, vma, prev, end)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mm/mmap.c:2691:21: note: 'prev' is non-null insertion_point = (prev ? &prev->vm_next : &mm->mmap); ^~~~ mm/mmap.c:2691:21: note: '?' condition is true mm/mmap.c:2692:15: note: Access to field 'vm_prev' results in a dereference of a null pointer (loaded from variable 'vma') vma->vm_prev = NULL; ~~~ ^ mm/mmap.c:3293:3: warning: Value stored to 'faulted_in_anon_vma' is never read [clang-analyzer-deadcode.DeadStores] faulted_in_anon_vma = false; ^ ~~~~~ mm/mmap.c:3293:3: note: Value stored to 'faulted_in_anon_vma' is never read faulted_in_anon_vma = false; ^ ~~~~~ mm/mmap.c:3739:2: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores] ret = percpu_counter_init(&vm_committed_as, 0, GFP_KERNEL); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mm/mmap.c:3739:2: note: Value stored to 'ret' is never read ret = percpu_counter_init(&vm_committed_as, 0, GFP_KERNEL); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Suppressed 4 warnings (4 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 4 warnings generated. drivers/misc/enclosure.c:186:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(name, "enclosure_device:"); ^~~~~~ drivers/misc/enclosure.c:186:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(name, "enclosure_device:"); ^~~~~~ drivers/misc/enclosure.c:187:2: warning: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcat(name, dev_name(&cdev->cdev)); ^~~~~~ drivers/misc/enclosure.c:187:2: note: Call to function 'strcat' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcat'. CWE-119 strcat(name, dev_name(&cdev->cdev)); ^~~~~~ Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 3 warnings generated. >> kernel/cred.c:363:22: warning: Access to field 'ucounts' results in a dereference of a null pointer [clang-analyzer-core.NullDereference] inc_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1); ^ include/linux/cred.h:375:29: note: expanded from macro 'task_ucounts' #define task_ucounts(task) (task_cred_xxx((task), ucounts)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/cred.h:368:11: note: expanded from macro 'task_cred_xxx' ___val = __task_cred((task))->xxx; \ ^~~~~~~~~~~~~~~~~~~~~~~~ include/linux/cred.h:322:2: note: expanded from macro '__task_cred' rcu_dereference((task)->real_cred) ^ include/linux/rcupdate.h:571:28: note: expanded from macro 'rcu_dereference' #define rcu_dereference(p) rcu_dereference_check(p, 0) ^ include/linux/rcupdate.h:513:2: note: expanded from macro 'rcu_dereference_check' __rcu_dereference_check((p), (c) || rcu_read_lock_held(), __rcu) ^ include/linux/rcupdate.h:371:46: note: expanded from macro '__rcu_dereference_check' #define __rcu_dereference_check(p, c, space) \ ^ kernel/cred.c:355:3: note: Assuming the condition is true clone_flags & CLONE_THREAD ^~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/cred.c:351:2: note: Taking true branch if ( ^ kernel/cred.c:360:3: note: Taking false branch kdebug("share_creds(%p{%d,%d})", ^ kernel/cred.c:27:2: note: expanded from macro 'kdebug' if (0) \ ^ kernel/cred.c:360:3: note: Loop condition is false. Exiting loop kdebug("share_creds(%p{%d,%d})", ^ kernel/cred.c:25:31: note: expanded from macro 'kdebug' #define kdebug(FMT, ...) \ ^ kernel/cred.c:363:22: note: Left side of '||' is false inc_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1); ^ include/linux/cred.h:375:29: note: expanded from macro 'task_ucounts' #define task_ucounts(task) (task_cred_xxx((task), ucounts)) ^ include/linux/cred.h:368:11: note: expanded from macro 'task_cred_xxx' ___val = __task_cred((task))->xxx; \ ^ include/linux/cred.h:322:2: note: expanded from macro '__task_cred' rcu_dereference((task)->real_cred) ^ note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:282:3: note: expanded from macro '__native_word' (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \ ^ kernel/cred.c:363:22: note: Left side of '||' is false inc_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1); ^ include/linux/cred.h:375:29: note: expanded from macro 'task_ucounts' #define task_ucounts(task) (task_cred_xxx((task), ucounts)) ^ include/linux/cred.h:368:11: note: expanded from macro 'task_cred_xxx' ___val = __task_cred((task))->xxx; \ ^ include/linux/cred.h:322:2: note: expanded from macro '__task_cred' rcu_dereference((task)->real_cred) ^ note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ ^ include/linux/compiler_types.h:282:3: note: expanded from macro '__native_word' (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \ ^ kernel/cred.c:363:22: note: Left side of '||' is true inc_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1); ^ include/linux/cred.h:375:29: note: expanded from macro 'task_ucounts' #define task_ucounts(task) (task_cred_xxx((task), ucounts)) ^ include/linux/cred.h:368:11: note: expanded from macro 'task_cred_xxx' ___val = __task_cred((task))->xxx; \ ^ include/linux/cred.h:322:2: note: expanded from macro '__task_cred' rcu_dereference((task)->real_cred) ^ note: (skipping 3 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) include/asm-generic/rwonce.h:49:2: note: expanded from macro 'READ_ONCE' compiletime_assert_rwonce_type(x); \ ^ include/asm-generic/rwonce.h:36:21: note: expanded from macro 'compiletime_assert_rwonce_type' compiletime_assert(__native_word(t) || sizeof(t) == sizeof(long long), \ vim +/ucounts +363 kernel/cred.c 7743c48e54ee9b David Howells 2019-06-19 350 d84f4f992cbd76 David Howells 2008-11-14 351 if ( d84f4f992cbd76 David Howells 2008-11-14 352 #ifdef CONFIG_KEYS d84f4f992cbd76 David Howells 2008-11-14 353 !p->cred->thread_keyring && d84f4f992cbd76 David Howells 2008-11-14 354 #endif d84f4f992cbd76 David Howells 2008-11-14 355 clone_flags & CLONE_THREAD d84f4f992cbd76 David Howells 2008-11-14 356 ) { 3b11a1decef07c David Howells 2008-11-14 357 p->real_cred = get_cred(p->cred); d84f4f992cbd76 David Howells 2008-11-14 358 get_cred(p->cred); e0e817392b9acf David Howells 2009-09-02 359 alter_cred_subscribers(p->cred, 2); e0e817392b9acf David Howells 2009-09-02 360 kdebug("share_creds(%p{%d,%d})", e0e817392b9acf David Howells 2009-09-02 361 p->cred, atomic_read(&p->cred->usage), e0e817392b9acf David Howells 2009-09-02 362 read_cred_subscribers(p->cred)); 21d1c5e386bc75 Alexey Gladkov 2021-04-22 @363 inc_rlimit_ucounts(task_ucounts(p), UCOUNT_RLIMIT_NPROC, 1); d84f4f992cbd76 David Howells 2008-11-14 364 return 0; d84f4f992cbd76 David Howells 2008-11-14 365 } d84f4f992cbd76 David Howells 2008-11-14 366 d84f4f992cbd76 David Howells 2008-11-14 367 new = prepare_creds(); d84f4f992cbd76 David Howells 2008-11-14 368 if (!new) f1752eec6145c9 David Howells 2008-11-14 369 return -ENOMEM; f1752eec6145c9 David Howells 2008-11-14 370 18b6e0414e42d9 Serge Hallyn 2008-10-15 371 if (clone_flags & CLONE_NEWUSER) { 18b6e0414e42d9 Serge Hallyn 2008-10-15 372 ret = create_user_ns(new); 18b6e0414e42d9 Serge Hallyn 2008-10-15 373 if (ret < 0) 18b6e0414e42d9 Serge Hallyn 2008-10-15 374 goto error_put; 905ae01c4ae2ae Alexey Gladkov 2021-04-22 375 if (set_cred_ucounts(new) < 0) 905ae01c4ae2ae Alexey Gladkov 2021-04-22 376 goto error_put; 18b6e0414e42d9 Serge Hallyn 2008-10-15 377 } 18b6e0414e42d9 Serge Hallyn 2008-10-15 378 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org