From: Al Viro <viro@ZenIV.linux.org.uk>
To: lkp@lists.01.org
Subject: Re: [lkp-robot] [waitid()] 75f64d68f9: Kernel_panic-not_syncing:Attempted_to_kill_init!exitcode=
Date: Sun, 21 May 2017 08:34:06 +0100 [thread overview]
Message-ID: <20170521073405.GX390@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20170519060820.GW568@yexl-desktop>
[-- Attachment #1: Type: text/plain, Size: 1472 bytes --]
On Fri, May 19, 2017 at 02:08:20PM +0800, kernel test robot wrote:
>
> FYI, we noticed the following commit:
>
> commit: 75f64d68f9816a1c244b8685f056389b24d97e98 ("waitid(): switch copyout of siginfo to unsafe_put_user()")
> url: https://github.com/0day-ci/linux/commits/Al-Viro/move-compat-wait4-and-waitid-next-to-native-variants/20170516-084127
>
>
> in testcase: boot
Cute... That's unsafe_put_user() bug, actually. There's no unsafe_put_user()
callers in mainline and it's fairly early in the cycle. Linus, do you have
any problems with that one? If not, I'll send a pull request with it + osf_wait4()
fix...
fix unsafe_put_user()
__put_user_size() relies upon its first argument having the same type as what
the second one points to; the only other user makes sure of that and
unsafe_put_user() should do the same.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index 68766b276d9e..d9668c3beb5b 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -703,7 +703,7 @@ extern struct movsl_mask {
#define unsafe_put_user(x, ptr, err_label) \
do { \
int __pu_err; \
- __put_user_size((x), (ptr), sizeof(*(ptr)), __pu_err, -EFAULT); \
+ __put_user_size((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)), __pu_err, -EFAULT); \
if (unlikely(__pu_err)) goto err_label; \
} while (0)
WARNING: multiple messages have this Message-ID (diff)
From: Al Viro <viro@ZenIV.linux.org.uk>
To: kernel test robot <xiaolong.ye@intel.com>
Cc: linux-kernel@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>, Oleg Nesterov <oleg@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
Christoph Hellwig <hch@lst.de>,
lkp@01.org
Subject: Re: [lkp-robot] [waitid()] 75f64d68f9: Kernel_panic-not_syncing:Attempted_to_kill_init!exitcode=
Date: Sun, 21 May 2017 08:34:06 +0100 [thread overview]
Message-ID: <20170521073405.GX390@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20170519060820.GW568@yexl-desktop>
On Fri, May 19, 2017 at 02:08:20PM +0800, kernel test robot wrote:
>
> FYI, we noticed the following commit:
>
> commit: 75f64d68f9816a1c244b8685f056389b24d97e98 ("waitid(): switch copyout of siginfo to unsafe_put_user()")
> url: https://github.com/0day-ci/linux/commits/Al-Viro/move-compat-wait4-and-waitid-next-to-native-variants/20170516-084127
>
>
> in testcase: boot
Cute... That's unsafe_put_user() bug, actually. There's no unsafe_put_user()
callers in mainline and it's fairly early in the cycle. Linus, do you have
any problems with that one? If not, I'll send a pull request with it + osf_wait4()
fix...
fix unsafe_put_user()
__put_user_size() relies upon its first argument having the same type as what
the second one points to; the only other user makes sure of that and
unsafe_put_user() should do the same.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
index 68766b276d9e..d9668c3beb5b 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -703,7 +703,7 @@ extern struct movsl_mask {
#define unsafe_put_user(x, ptr, err_label) \
do { \
int __pu_err; \
- __put_user_size((x), (ptr), sizeof(*(ptr)), __pu_err, -EFAULT); \
+ __put_user_size((__typeof__(*(ptr)))(x), (ptr), sizeof(*(ptr)), __pu_err, -EFAULT); \
if (unlikely(__pu_err)) goto err_label; \
} while (0)
next prev parent reply other threads:[~2017-05-21 7:34 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-15 22:31 [RFC][PATCHSET] wait4()/waitid() cleanups Al Viro
2017-05-15 22:37 ` [PATCH 1/8] move compat wait4 and waitid next to native variants Al Viro
2017-05-15 22:37 ` [PATCH 2/8] wait4(2)/waitid(2): separate copying rusage to userland Al Viro
2017-05-15 22:37 ` [PATCH 3/8] kernel_wait4()/kernel_waitid(): delay copying status " Al Viro
2017-05-15 22:37 ` [PATCH 4/8] waitid(2): leave copyout of siginfo to syscall itself Al Viro
2017-05-15 23:06 ` Linus Torvalds
2017-05-15 23:46 ` Al Viro
2017-05-17 19:48 ` Eric W. Biederman
2017-05-15 22:37 ` [PATCH 5/8] lift getrusage() from wait_noreap_copyout() Al Viro
2017-05-15 22:37 ` [PATCH 6/8] kill wait_noreap_copyout() Al Viro
2017-05-15 22:37 ` [PATCH 7/8] wait_task_zombie: consolidate info logics Al Viro
2017-05-15 22:37 ` [PATCH 8/8] waitid(): switch copyout of siginfo to unsafe_put_user() Al Viro
2017-05-16 3:55 ` kbuild test robot
2017-05-16 4:17 ` kbuild test robot
2017-05-19 6:08 ` [lkp-robot] [waitid()] 75f64d68f9: Kernel_panic-not_syncing:Attempted_to_kill_init!exitcode= kernel test robot
2017-05-19 6:08 ` kernel test robot
2017-05-21 7:34 ` Al Viro [this message]
2017-05-21 7:34 ` Al Viro
2017-05-21 19:04 ` Linus Torvalds
2017-05-21 19:04 ` Linus Torvalds
2017-05-21 19:35 ` Linus Torvalds
2017-05-21 19:35 ` Linus Torvalds
2017-05-21 21:14 ` Al Viro
2017-05-21 21:14 ` Al Viro
2017-05-21 21:37 ` Linus Torvalds
2017-05-21 21:37 ` Linus Torvalds
2017-05-21 22:19 ` Linus Torvalds
2017-05-21 22:19 ` Linus Torvalds
2017-05-22 1:39 ` Linus Torvalds
2017-05-22 1:39 ` Linus Torvalds
2017-05-17 19:57 ` [RFC][PATCHSET] wait4()/waitid() cleanups Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170521073405.GX390@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=lkp@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.