* arch/x86/kernel/cpu/sgx/virt.c:295:36: sparse: sparse: cast removes address space '__user' of expression
@ 2022-02-22 0:42 kernel test robot
2022-02-22 10:27 ` David Laight
0 siblings, 1 reply; 5+ messages in thread
From: kernel test robot @ 2022-02-22 0:42 UTC (permalink / raw)
To: Sean Christopherson; +Cc: kbuild-all, linux-kernel, Borislav Petkov, Kai Huang
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 038101e6b2cd5c55f888f85db42ea2ad3aecb4b6
commit: d155030b1e7c0e448aab22a803f7a71ea2e117d7 x86/sgx: Add helpers to expose ECREATE and EINIT to KVM
date: 11 months ago
config: x86_64-allyesconfig (https://download.01.org/0day-ci/archive/20220222/202202220814.BN1x9yF4-lkp@intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce:
# apt-get install sparse
# sparse version: v0.6.4-dirty
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d155030b1e7c0e448aab22a803f7a71ea2e117d7
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout d155030b1e7c0e448aab22a803f7a71ea2e117d7
# save the config file to linux build tree
mkdir build_dir
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=x86_64 SHELL=/bin/bash arch/x86/hyperv/ arch/x86/kernel/cpu/sgx/ drivers/staging/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
sparse warnings: (new ones prefixed by >>)
arch/x86/kernel/cpu/sgx/virt.c:59:13: sparse: sparse: incorrect type in assignment (different base types) @@ expected int [assigned] ret @@ got restricted vm_fault_t @@
arch/x86/kernel/cpu/sgx/virt.c:59:13: sparse: expected int [assigned] ret
arch/x86/kernel/cpu/sgx/virt.c:59:13: sparse: got restricted vm_fault_t
arch/x86/kernel/cpu/sgx/virt.c:60:20: sparse: sparse: restricted vm_fault_t degrades to integer
arch/x86/kernel/cpu/sgx/virt.c:95:35: sparse: sparse: symbol 'sgx_vepc_vm_ops' was not declared. Should it be static?
>> arch/x86/kernel/cpu/sgx/virt.c:295:36: sparse: sparse: cast removes address space '__user' of expression
arch/x86/kernel/cpu/sgx/virt.c:326:24: sparse: sparse: cast removes address space '__user' of expression
arch/x86/kernel/cpu/sgx/virt.c:326:43: sparse: sparse: cast removes address space '__user' of expression
arch/x86/kernel/cpu/sgx/virt.c:326:58: sparse: sparse: cast removes address space '__user' of expression
vim +/__user +295 arch/x86/kernel/cpu/sgx/virt.c
260
261 /**
262 * sgx_virt_ecreate() - Run ECREATE on behalf of guest
263 * @pageinfo: Pointer to PAGEINFO structure
264 * @secs: Userspace pointer to SECS page
265 * @trapnr: trap number injected to guest in case of ECREATE error
266 *
267 * Run ECREATE on behalf of guest after KVM traps ECREATE for the purpose
268 * of enforcing policies of guest's enclaves, and return the trap number
269 * which should be injected to guest in case of any ECREATE error.
270 *
271 * Return:
272 * - 0: ECREATE was successful.
273 * - <0: on error.
274 */
275 int sgx_virt_ecreate(struct sgx_pageinfo *pageinfo, void __user *secs,
276 int *trapnr)
277 {
278 int ret;
279
280 /*
281 * @secs is an untrusted, userspace-provided address. It comes from
282 * KVM and is assumed to be a valid pointer which points somewhere in
283 * userspace. This can fault and call SGX or other fault handlers when
284 * userspace mapping @secs doesn't exist.
285 *
286 * Add a WARN() to make sure @secs is already valid userspace pointer
287 * from caller (KVM), who should already have handled invalid pointer
288 * case (for instance, made by malicious guest). All other checks,
289 * such as alignment of @secs, are deferred to ENCLS itself.
290 */
291 if (WARN_ON_ONCE(!access_ok(secs, PAGE_SIZE)))
292 return -EINVAL;
293
294 __uaccess_begin();
> 295 ret = __ecreate(pageinfo, (void *)secs);
296 __uaccess_end();
297
298 if (encls_faulted(ret)) {
299 *trapnr = ENCLS_TRAPNR(ret);
300 return -EFAULT;
301 }
302
303 /* ECREATE doesn't return an error code, it faults or succeeds. */
304 WARN_ON_ONCE(ret);
305 return 0;
306 }
307 EXPORT_SYMBOL_GPL(sgx_virt_ecreate);
308
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: arch/x86/kernel/cpu/sgx/virt.c:295:36: sparse: sparse: cast removes address space '__user' of expression
2022-02-22 0:42 arch/x86/kernel/cpu/sgx/virt.c:295:36: sparse: sparse: cast removes address space '__user' of expression kernel test robot
@ 2022-02-22 10:27 ` David Laight
0 siblings, 0 replies; 5+ messages in thread
From: David Laight @ 2022-02-22 10:27 UTC (permalink / raw)
To: 'kernel test robot', Sean Christopherson
Cc: kbuild-all, linux-kernel, Borislav Petkov, Kai Huang
From: kernel test robot
> Sent: 22 February 2022 00:43
...
> vim +/__user +295 arch/x86/kernel/cpu/sgx/virt.c
>
> 260
> 261 /**
> 262 * sgx_virt_ecreate() - Run ECREATE on behalf of guest
> 263 * @pageinfo: Pointer to PAGEINFO structure
> 264 * @secs: Userspace pointer to SECS page
> 265 * @trapnr: trap number injected to guest in case of ECREATE error
> 266 *
> 267 * Run ECREATE on behalf of guest after KVM traps ECREATE for the purpose
> 268 * of enforcing policies of guest's enclaves, and return the trap number
> 269 * which should be injected to guest in case of any ECREATE error.
> 270 *
> 271 * Return:
> 272 * - 0: ECREATE was successful.
> 273 * - <0: on error.
> 274 */
> 275 int sgx_virt_ecreate(struct sgx_pageinfo *pageinfo, void __user *secs,
> 276 int *trapnr)
> 277 {
> 278 int ret;
> 279
> 280 /*
> 281 * @secs is an untrusted, userspace-provided address. It comes from
> 282 * KVM and is assumed to be a valid pointer which points somewhere in
> 283 * userspace. This can fault and call SGX or other fault handlers when
> 284 * userspace mapping @secs doesn't exist.
> 285 *
> 286 * Add a WARN() to make sure @secs is already valid userspace pointer
> 287 * from caller (KVM), who should already have handled invalid pointer
> 288 * case (for instance, made by malicious guest). All other checks,
> 289 * such as alignment of @secs, are deferred to ENCLS itself.
> 290 */
> 291 if (WARN_ON_ONCE(!access_ok(secs, PAGE_SIZE)))
> 292 return -EINVAL;
> 293
> 294 __uaccess_begin();
> > 295 ret = __ecreate(pageinfo, (void *)secs);
> 296 __uaccess_end();
How on earth is that expected to work - or am I missing something.
If accessing 'secs' page faults then doesn't the address on the
instruction that faults need to be in the exception table (or
whatever it is called) in order for the kernel not to panic?
Isn't that even true if pagefault_disable() is called to stop
the page being loaded?
The only way the above can work is if the relevant user pages
are 'locked' so they can't possibly fault.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
^ permalink raw reply [flat|nested] 5+ messages in thread
* arch/x86/kernel/cpu/sgx/virt.c:295:36: sparse: sparse: cast removes address space '__user' of expression
@ 2023-08-12 15:27 kernel test robot
0 siblings, 0 replies; 5+ messages in thread
From: kernel test robot @ 2023-08-12 15:27 UTC (permalink / raw)
To: Sean Christopherson
Cc: oe-kbuild-all, linux-kernel, Borislav Petkov, Kai Huang
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: f8de32cc060ba3f63171aaa0e8764d22d8c37978
commit: d155030b1e7c0e448aab22a803f7a71ea2e117d7 x86/sgx: Add helpers to expose ECREATE and EINIT to KVM
date: 2 years, 4 months ago
config: x86_64-allmodconfig (https://download.01.org/0day-ci/archive/20230812/202308122341.T4Bg7lx0-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce: (https://download.01.org/0day-ci/archive/20230812/202308122341.T4Bg7lx0-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202308122341.T4Bg7lx0-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
arch/x86/kernel/cpu/sgx/virt.c:59:13: sparse: sparse: incorrect type in assignment (different base types) @@ expected int [assigned] ret @@ got restricted vm_fault_t @@
arch/x86/kernel/cpu/sgx/virt.c:59:13: sparse: expected int [assigned] ret
arch/x86/kernel/cpu/sgx/virt.c:59:13: sparse: got restricted vm_fault_t
arch/x86/kernel/cpu/sgx/virt.c:60:20: sparse: sparse: restricted vm_fault_t degrades to integer
arch/x86/kernel/cpu/sgx/virt.c:95:35: sparse: sparse: symbol 'sgx_vepc_vm_ops' was not declared. Should it be static?
>> arch/x86/kernel/cpu/sgx/virt.c:295:36: sparse: sparse: cast removes address space '__user' of expression
arch/x86/kernel/cpu/sgx/virt.c:326:24: sparse: sparse: cast removes address space '__user' of expression
arch/x86/kernel/cpu/sgx/virt.c:326:43: sparse: sparse: cast removes address space '__user' of expression
arch/x86/kernel/cpu/sgx/virt.c:326:58: sparse: sparse: cast removes address space '__user' of expression
vim +/__user +295 arch/x86/kernel/cpu/sgx/virt.c
260
261 /**
262 * sgx_virt_ecreate() - Run ECREATE on behalf of guest
263 * @pageinfo: Pointer to PAGEINFO structure
264 * @secs: Userspace pointer to SECS page
265 * @trapnr: trap number injected to guest in case of ECREATE error
266 *
267 * Run ECREATE on behalf of guest after KVM traps ECREATE for the purpose
268 * of enforcing policies of guest's enclaves, and return the trap number
269 * which should be injected to guest in case of any ECREATE error.
270 *
271 * Return:
272 * - 0: ECREATE was successful.
273 * - <0: on error.
274 */
275 int sgx_virt_ecreate(struct sgx_pageinfo *pageinfo, void __user *secs,
276 int *trapnr)
277 {
278 int ret;
279
280 /*
281 * @secs is an untrusted, userspace-provided address. It comes from
282 * KVM and is assumed to be a valid pointer which points somewhere in
283 * userspace. This can fault and call SGX or other fault handlers when
284 * userspace mapping @secs doesn't exist.
285 *
286 * Add a WARN() to make sure @secs is already valid userspace pointer
287 * from caller (KVM), who should already have handled invalid pointer
288 * case (for instance, made by malicious guest). All other checks,
289 * such as alignment of @secs, are deferred to ENCLS itself.
290 */
291 if (WARN_ON_ONCE(!access_ok(secs, PAGE_SIZE)))
292 return -EINVAL;
293
294 __uaccess_begin();
> 295 ret = __ecreate(pageinfo, (void *)secs);
296 __uaccess_end();
297
298 if (encls_faulted(ret)) {
299 *trapnr = ENCLS_TRAPNR(ret);
300 return -EFAULT;
301 }
302
303 /* ECREATE doesn't return an error code, it faults or succeeds. */
304 WARN_ON_ONCE(ret);
305 return 0;
306 }
307 EXPORT_SYMBOL_GPL(sgx_virt_ecreate);
308
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 5+ messages in thread
* arch/x86/kernel/cpu/sgx/virt.c:295:36: sparse: sparse: cast removes address space '__user' of expression
@ 2022-06-04 9:46 kernel test robot
0 siblings, 0 replies; 5+ messages in thread
From: kernel test robot @ 2022-06-04 9:46 UTC (permalink / raw)
To: Sean Christopherson; +Cc: kbuild-all, linux-kernel, Borislav Petkov, Kai Huang
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 032dcf09e2bf7c822be25b4abef7a6c913870d98
commit: d155030b1e7c0e448aab22a803f7a71ea2e117d7 x86/sgx: Add helpers to expose ECREATE and EINIT to KVM
date: 1 year, 2 months ago
config: x86_64-allyesconfig (https://download.01.org/0day-ci/archive/20220604/202206041712.XoJv2ESx-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.3.0-1) 11.3.0
reproduce:
# apt-get install sparse
# sparse version: v0.6.4-18-g56afb504-dirty
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d155030b1e7c0e448aab22a803f7a71ea2e117d7
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout d155030b1e7c0e448aab22a803f7a71ea2e117d7
# save the config file
mkdir build_dir && cp config build_dir/.config
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=x86_64 SHELL=/bin/bash arch/x86/kernel/cpu/sgx/
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
sparse warnings: (new ones prefixed by >>)
arch/x86/kernel/cpu/sgx/virt.c:59:13: sparse: sparse: incorrect type in assignment (different base types) @@ expected int [assigned] ret @@ got restricted vm_fault_t @@
arch/x86/kernel/cpu/sgx/virt.c:59:13: sparse: expected int [assigned] ret
arch/x86/kernel/cpu/sgx/virt.c:59:13: sparse: got restricted vm_fault_t
arch/x86/kernel/cpu/sgx/virt.c:60:20: sparse: sparse: restricted vm_fault_t degrades to integer
arch/x86/kernel/cpu/sgx/virt.c:95:35: sparse: sparse: symbol 'sgx_vepc_vm_ops' was not declared. Should it be static?
>> arch/x86/kernel/cpu/sgx/virt.c:295:36: sparse: sparse: cast removes address space '__user' of expression
arch/x86/kernel/cpu/sgx/virt.c:326:24: sparse: sparse: cast removes address space '__user' of expression
arch/x86/kernel/cpu/sgx/virt.c:326:43: sparse: sparse: cast removes address space '__user' of expression
arch/x86/kernel/cpu/sgx/virt.c:326:58: sparse: sparse: cast removes address space '__user' of expression
vim +/__user +295 arch/x86/kernel/cpu/sgx/virt.c
260
261 /**
262 * sgx_virt_ecreate() - Run ECREATE on behalf of guest
263 * @pageinfo: Pointer to PAGEINFO structure
264 * @secs: Userspace pointer to SECS page
265 * @trapnr: trap number injected to guest in case of ECREATE error
266 *
267 * Run ECREATE on behalf of guest after KVM traps ECREATE for the purpose
268 * of enforcing policies of guest's enclaves, and return the trap number
269 * which should be injected to guest in case of any ECREATE error.
270 *
271 * Return:
272 * - 0: ECREATE was successful.
273 * - <0: on error.
274 */
275 int sgx_virt_ecreate(struct sgx_pageinfo *pageinfo, void __user *secs,
276 int *trapnr)
277 {
278 int ret;
279
280 /*
281 * @secs is an untrusted, userspace-provided address. It comes from
282 * KVM and is assumed to be a valid pointer which points somewhere in
283 * userspace. This can fault and call SGX or other fault handlers when
284 * userspace mapping @secs doesn't exist.
285 *
286 * Add a WARN() to make sure @secs is already valid userspace pointer
287 * from caller (KVM), who should already have handled invalid pointer
288 * case (for instance, made by malicious guest). All other checks,
289 * such as alignment of @secs, are deferred to ENCLS itself.
290 */
291 if (WARN_ON_ONCE(!access_ok(secs, PAGE_SIZE)))
292 return -EINVAL;
293
294 __uaccess_begin();
> 295 ret = __ecreate(pageinfo, (void *)secs);
296 __uaccess_end();
297
298 if (encls_faulted(ret)) {
299 *trapnr = ENCLS_TRAPNR(ret);
300 return -EFAULT;
301 }
302
303 /* ECREATE doesn't return an error code, it faults or succeeds. */
304 WARN_ON_ONCE(ret);
305 return 0;
306 }
307 EXPORT_SYMBOL_GPL(sgx_virt_ecreate);
308
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] 5+ messages in thread
* arch/x86/kernel/cpu/sgx/virt.c:295:36: sparse: sparse: cast removes address space '__user' of expression
@ 2021-12-05 0:50 kernel test robot
0 siblings, 0 replies; 5+ messages in thread
From: kernel test robot @ 2021-12-05 0:50 UTC (permalink / raw)
To: Sean Christopherson; +Cc: kbuild-all, linux-kernel, Borislav Petkov, Kai Huang
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: bbef3c7a63d2a4cb0f3f839db9e767f168c5e348
commit: d155030b1e7c0e448aab22a803f7a71ea2e117d7 x86/sgx: Add helpers to expose ECREATE and EINIT to KVM
date: 8 months ago
config: x86_64-allyesconfig (https://download.01.org/0day-ci/archive/20211205/202112050804.fLXTUZhm-lkp@intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce:
# apt-get install sparse
# sparse version: v0.6.4-dirty
# https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d155030b1e7c0e448aab22a803f7a71ea2e117d7
git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
git fetch --no-tags linus master
git checkout d155030b1e7c0e448aab22a803f7a71ea2e117d7
# save the config file to linux build tree
mkdir build_dir
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=x86_64 SHELL=/bin/bash arch/x86/hyperv/ arch/x86/kernel/cpu/sgx/ drivers/hv/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
sparse warnings: (new ones prefixed by >>)
arch/x86/kernel/cpu/sgx/virt.c:59:13: sparse: sparse: incorrect type in assignment (different base types) @@ expected int [assigned] ret @@ got restricted vm_fault_t @@
arch/x86/kernel/cpu/sgx/virt.c:59:13: sparse: expected int [assigned] ret
arch/x86/kernel/cpu/sgx/virt.c:59:13: sparse: got restricted vm_fault_t
arch/x86/kernel/cpu/sgx/virt.c:60:20: sparse: sparse: restricted vm_fault_t degrades to integer
arch/x86/kernel/cpu/sgx/virt.c:95:35: sparse: sparse: symbol 'sgx_vepc_vm_ops' was not declared. Should it be static?
>> arch/x86/kernel/cpu/sgx/virt.c:295:36: sparse: sparse: cast removes address space '__user' of expression
arch/x86/kernel/cpu/sgx/virt.c:326:24: sparse: sparse: cast removes address space '__user' of expression
arch/x86/kernel/cpu/sgx/virt.c:326:43: sparse: sparse: cast removes address space '__user' of expression
arch/x86/kernel/cpu/sgx/virt.c:326:58: sparse: sparse: cast removes address space '__user' of expression
vim +/__user +295 arch/x86/kernel/cpu/sgx/virt.c
260
261 /**
262 * sgx_virt_ecreate() - Run ECREATE on behalf of guest
263 * @pageinfo: Pointer to PAGEINFO structure
264 * @secs: Userspace pointer to SECS page
265 * @trapnr: trap number injected to guest in case of ECREATE error
266 *
267 * Run ECREATE on behalf of guest after KVM traps ECREATE for the purpose
268 * of enforcing policies of guest's enclaves, and return the trap number
269 * which should be injected to guest in case of any ECREATE error.
270 *
271 * Return:
272 * - 0: ECREATE was successful.
273 * - <0: on error.
274 */
275 int sgx_virt_ecreate(struct sgx_pageinfo *pageinfo, void __user *secs,
276 int *trapnr)
277 {
278 int ret;
279
280 /*
281 * @secs is an untrusted, userspace-provided address. It comes from
282 * KVM and is assumed to be a valid pointer which points somewhere in
283 * userspace. This can fault and call SGX or other fault handlers when
284 * userspace mapping @secs doesn't exist.
285 *
286 * Add a WARN() to make sure @secs is already valid userspace pointer
287 * from caller (KVM), who should already have handled invalid pointer
288 * case (for instance, made by malicious guest). All other checks,
289 * such as alignment of @secs, are deferred to ENCLS itself.
290 */
291 if (WARN_ON_ONCE(!access_ok(secs, PAGE_SIZE)))
292 return -EINVAL;
293
294 __uaccess_begin();
> 295 ret = __ecreate(pageinfo, (void *)secs);
296 __uaccess_end();
297
298 if (encls_faulted(ret)) {
299 *trapnr = ENCLS_TRAPNR(ret);
300 return -EFAULT;
301 }
302
303 /* ECREATE doesn't return an error code, it faults or succeeds. */
304 WARN_ON_ONCE(ret);
305 return 0;
306 }
307 EXPORT_SYMBOL_GPL(sgx_virt_ecreate);
308
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-08-12 15:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-22 0:42 arch/x86/kernel/cpu/sgx/virt.c:295:36: sparse: sparse: cast removes address space '__user' of expression kernel test robot
2022-02-22 10:27 ` David Laight
-- strict thread matches above, loose matches on Subject: below --
2023-08-12 15:27 kernel test robot
2022-06-04 9:46 kernel test robot
2021-12-05 0:50 kernel test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).