linux-unionfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: kernel test robot <lkp@intel.com>
To: Miklos Szeredi <mszeredi@redhat.com>,
	"Eric W . Biederman" <ebiederm@xmission.com>
Cc: kbuild-all@lists.01.org, linux-fsdevel@vger.kernel.org,
	linux-unionfs@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	"Serge E . Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH 2/2] security.capability: fix conversions on getxattr
Date: Thu, 21 Jan 2021 03:37:40 +0800	[thread overview]
Message-ID: <202101210338.CfDbwXUh-lkp@intel.com> (raw)
In-Reply-To: <20210119162204.2081137-3-mszeredi@redhat.com>

[-- Attachment #1: Type: text/plain, Size: 8937 bytes --]

Hi Miklos,

I love your patch! Perhaps something to improve:

[auto build test WARNING on security/next-testing]
[also build test WARNING on linux/master linus/master v5.11-rc4 next-20210120]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Miklos-Szeredi/capability-conversion-fixes/20210120-152933
base:   https://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-testing
config: xtensa-randconfig-s032-20210120 (attached as .config)
compiler: xtensa-linux-gcc (GCC) 9.3.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # apt-get install sparse
        # sparse version: v0.6.3-208-g46a52ca4-dirty
        # https://github.com/0day-ci/linux/commit/bcf70adf8bcc3e52cb1b262ae2e1d9154da75097
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Miklos-Szeredi/capability-conversion-fixes/20210120-152933
        git checkout bcf70adf8bcc3e52cb1b262ae2e1d9154da75097
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' ARCH=xtensa 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>


"sparse warnings: (new ones prefixed by >>)"
   security/commoncap.c:424:41: sparse: sparse: incorrect type in assignment (different base types) @@     expected restricted __le32 [usertype] nsmagic @@     got int @@
   security/commoncap.c:424:41: sparse:     expected restricted __le32 [usertype] nsmagic
   security/commoncap.c:424:41: sparse:     got int
>> security/commoncap.c:425:39: sparse: sparse: incorrect type in assignment (different base types) @@     expected restricted __le32 [usertype] magic @@     got unsigned int @@
   security/commoncap.c:425:39: sparse:     expected restricted __le32 [usertype] magic
   security/commoncap.c:425:39: sparse:     got unsigned int
   security/commoncap.c:426:37: sparse: sparse: restricted __le32 degrades to integer
   security/commoncap.c:427:49: sparse: sparse: invalid assignment: |=
   security/commoncap.c:427:49: sparse:    left side has type restricted __le32
   security/commoncap.c:427:49: sparse:    right side has type int
   security/commoncap.c:429:52: sparse: sparse: cast from restricted __le32
>> security/commoncap.c:429:52: sparse: sparse: incorrect type in argument 1 (different base types) @@     expected unsigned int [usertype] val @@     got restricted __le32 [usertype] nsmagic @@
   security/commoncap.c:429:52: sparse:     expected unsigned int [usertype] val
   security/commoncap.c:429:52: sparse:     got restricted __le32 [usertype] nsmagic
   security/commoncap.c:429:52: sparse: sparse: cast from restricted __le32
   security/commoncap.c:429:52: sparse: sparse: cast from restricted __le32
   security/commoncap.c:429:52: sparse: sparse: cast from restricted __le32
   security/commoncap.c:429:52: sparse: sparse: cast from restricted __le32
   security/commoncap.c:455:31: sparse: sparse: incorrect type in assignment (different base types) @@     expected restricted __le32 [usertype] magic @@     got int @@
   security/commoncap.c:455:31: sparse:     expected restricted __le32 [usertype] magic
   security/commoncap.c:455:31: sparse:     got int
   security/commoncap.c:456:33: sparse: sparse: incorrect type in assignment (different base types) @@     expected restricted __le32 [usertype] nsmagic @@     got unsigned int @@
   security/commoncap.c:456:33: sparse:     expected restricted __le32 [usertype] nsmagic
   security/commoncap.c:456:33: sparse:     got unsigned int
   security/commoncap.c:457:29: sparse: sparse: restricted __le32 degrades to integer
   security/commoncap.c:458:39: sparse: sparse: invalid assignment: |=
   security/commoncap.c:458:39: sparse:    left side has type restricted __le32
   security/commoncap.c:458:39: sparse:    right side has type int
   security/commoncap.c:460:42: sparse: sparse: cast from restricted __le32
   security/commoncap.c:460:42: sparse: sparse: incorrect type in argument 1 (different base types) @@     expected unsigned int [usertype] val @@     got restricted __le32 [usertype] magic @@
   security/commoncap.c:460:42: sparse:     expected unsigned int [usertype] val
   security/commoncap.c:460:42: sparse:     got restricted __le32 [usertype] magic
   security/commoncap.c:460:42: sparse: sparse: cast from restricted __le32
   security/commoncap.c:460:42: sparse: sparse: cast from restricted __le32
   security/commoncap.c:460:42: sparse: sparse: cast from restricted __le32
   security/commoncap.c:460:42: sparse: sparse: cast from restricted __le32
   security/commoncap.c:1281:41: sparse: sparse: dubious: !x | y

vim +425 security/commoncap.c

   357	
   358	/*
   359	 * getsecurity: We are called for security.* before any attempt to read the
   360	 * xattr from the inode itself.
   361	 *
   362	 * This gives us a chance to read the on-disk value and convert it.  If we
   363	 * return -EOPNOTSUPP, then vfs_getxattr() will call the i_op handler.
   364	 *
   365	 * Note we are not called by vfs_getxattr_alloc(), but that is only called
   366	 * by the integrity subsystem, which really wants the unconverted values -
   367	 * so that's good.
   368	 */
   369	int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
   370				  bool alloc)
   371	{
   372		int size, ret;
   373		kuid_t kroot;
   374		__le32 nsmagic, magic;
   375		uid_t root, mappedroot;
   376		char *tmpbuf = NULL;
   377		struct vfs_cap_data *cap;
   378		struct vfs_ns_cap_data *nscap = NULL;
   379		struct dentry *dentry;
   380		struct user_namespace *fs_ns;
   381	
   382		if (strcmp(name, "capability") != 0)
   383			return -EOPNOTSUPP;
   384	
   385		dentry = d_find_any_alias(inode);
   386		if (!dentry)
   387			return -EINVAL;
   388	
   389		size = sizeof(struct vfs_ns_cap_data);
   390		ret = (int) vfs_getxattr_alloc(dentry, XATTR_NAME_CAPS,
   391					 &tmpbuf, size, GFP_NOFS);
   392		dput(dentry);
   393	
   394		if (ret < 0)
   395			return ret;
   396	
   397		fs_ns = inode->i_sb->s_user_ns;
   398		cap = (struct vfs_cap_data *) tmpbuf;
   399		if (is_v2header((size_t) ret, cap)) {
   400			root = 0;
   401		} else if (is_v3header((size_t) ret, cap)) {
   402			nscap = (struct vfs_ns_cap_data *) tmpbuf;
   403			root = le32_to_cpu(nscap->rootid);
   404		} else {
   405			size = -EINVAL;
   406			goto out_free;
   407		}
   408	
   409		kroot = make_kuid(fs_ns, root);
   410	
   411		/* If the root kuid maps to a valid uid in current ns, then return
   412		 * this as a nscap. */
   413		mappedroot = from_kuid(current_user_ns(), kroot);
   414		if (mappedroot != (uid_t)-1 && mappedroot != (uid_t)0) {
   415			size = sizeof(struct vfs_ns_cap_data);
   416			if (alloc) {
   417				if (!nscap) {
   418					/* v2 -> v3 conversion */
   419					nscap = kzalloc(size, GFP_ATOMIC);
   420					if (!nscap) {
   421						size = -ENOMEM;
   422						goto out_free;
   423					}
   424					nsmagic = VFS_CAP_REVISION_3;
 > 425					magic = le32_to_cpu(cap->magic_etc);
   426					if (magic & VFS_CAP_FLAGS_EFFECTIVE)
   427						nsmagic |= VFS_CAP_FLAGS_EFFECTIVE;
   428					memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32);
 > 429					nscap->magic_etc = cpu_to_le32(nsmagic);
   430				} else {
   431					/* use allocated v3 buffer */
   432					tmpbuf = NULL;
   433				}
   434				nscap->rootid = cpu_to_le32(mappedroot);
   435				*buffer = nscap;
   436			}
   437			goto out_free;
   438		}
   439	
   440		if (!rootid_owns_currentns(kroot)) {
   441			size = -EOVERFLOW;
   442			goto out_free;
   443		}
   444	
   445		/* This comes from a parent namespace.  Return as a v2 capability */
   446		size = sizeof(struct vfs_cap_data);
   447		if (alloc) {
   448			if (nscap) {
   449				/* v3 -> v2 conversion */
   450				cap = kzalloc(size, GFP_ATOMIC);
   451				if (!cap) {
   452					size = -ENOMEM;
   453					goto out_free;
   454				}
   455				magic = VFS_CAP_REVISION_2;
   456				nsmagic = le32_to_cpu(nscap->magic_etc);
   457				if (nsmagic & VFS_CAP_FLAGS_EFFECTIVE)
   458					magic |= VFS_CAP_FLAGS_EFFECTIVE;
   459				memcpy(&cap->data, &nscap->data, sizeof(__le32) * 2 * VFS_CAP_U32);
   460				cap->magic_etc = cpu_to_le32(magic);
   461			} else {
   462				/* use unconverted v2 */
   463				tmpbuf = NULL;
   464			}
   465			*buffer = cap;
   466		}
   467	out_free:
   468		kfree(tmpbuf);
   469		return size;
   470	}
   471	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 31313 bytes --]

  parent reply	other threads:[~2021-01-20 19:55 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-19 16:22 [PATCH 0/2] capability conversion fixes Miklos Szeredi
2021-01-19 16:22 ` [PATCH 1/2] ecryptfs: fix uid translation for setxattr on security.capability Miklos Szeredi
2021-01-19 21:06   ` Eric W. Biederman
2021-01-20  7:52     ` Miklos Szeredi
2021-01-22 16:04       ` Tyler Hicks
2021-01-22 18:31   ` Tyler Hicks
2021-01-25 13:25     ` Miklos Szeredi
2021-01-25 13:46       ` Miklos Szeredi
2021-01-26  1:52       ` Tyler Hicks
2021-01-19 16:22 ` [PATCH 2/2] security.capability: fix conversions on getxattr Miklos Szeredi
2021-01-20  1:34   ` Eric W. Biederman
2021-01-20  7:58     ` Miklos Szeredi
2021-01-28 16:58     ` Serge E. Hallyn
2021-01-28 20:19       ` Eric W. Biederman
2021-01-28 20:38         ` Miklos Szeredi
2021-01-28 20:49           ` Eric W. Biederman
     [not found]         ` <20210129154839.GC1130@mail.hallyn.com>
2021-01-29 22:55           ` Eric W. Biederman
2021-01-30  2:06             ` Serge E. Hallyn
2021-01-31 18:14               ` Eric W. Biederman
     [not found]       ` <CAJfpegt34fO8tUw8R2_ZxxKHBdBO_-quf+-f3N8aZmS=1oRdvQ@mail.gmail.com>
     [not found]         ` <20210129153807.GA1130@mail.hallyn.com>
2021-01-29 23:11           ` Eric W. Biederman
2021-01-30  2:04             ` Serge E. Hallyn
2021-01-20 19:37   ` kernel test robot [this message]
2021-01-20 21:08   ` kernel test robot
2021-01-19 21:10 ` [PATCH 0/2] capability conversion fixes Eric W. Biederman
2021-01-20  7:39   ` Miklos Szeredi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202101210338.CfDbwXUh-lkp@intel.com \
    --to=lkp@intel.com \
    --cc=ebiederm@xmission.com \
    --cc=kbuild-all@lists.01.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=linux-unionfs@vger.kernel.org \
    --cc=mszeredi@redhat.com \
    --cc=serge@hallyn.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).