* [kees:for-next/lkdtm 6/6] drivers/misc/lkdtm/cfi.c:72:13: sparse: sparse: non size-preserving pointer to integer cast
@ 2022-04-20 6:17 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2022-04-20 6:17 UTC (permalink / raw)
To: Kees Cook; +Cc: kbuild-all, linux-kernel, Dan Li
tree: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git for-next/lkdtm
head: 2e53b877dc1258d4ac3de98f496bb88ec3bf5e25
commit: 2e53b877dc1258d4ac3de98f496bb88ec3bf5e25 [6/6] lkdtm: Add CFI_BACKWARD to test ROP mitigations
config: nios2-randconfig-s032-20220420 (https://download.01.org/0day-ci/archive/20220420/202204201422.AzI0RBIZ-lkp@intel.com/config)
compiler: nios2-linux-gcc (GCC) 11.2.0
reproduce:
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# apt-get install sparse
# sparse version: v0.6.4-dirty
# https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?id=2e53b877dc1258d4ac3de98f496bb88ec3bf5e25
git remote add kees https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git
git fetch --no-tags kees for-next/lkdtm
git checkout 2e53b877dc1258d4ac3de98f496bb88ec3bf5e25
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=nios2 SHELL=/bin/bash drivers/misc/lkdtm/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
sparse warnings: (new ones prefixed by >>)
drivers/misc/lkdtm/cfi.c:100:27: sparse: sparse: Using plain integer as NULL pointer
>> drivers/misc/lkdtm/cfi.c:72:13: sparse: sparse: non size-preserving pointer to integer cast
>> drivers/misc/lkdtm/cfi.c:72:13: sparse: sparse: non size-preserving integer to pointer cast
drivers/misc/lkdtm/cfi.c:87:13: sparse: sparse: non size-preserving pointer to integer cast
drivers/misc/lkdtm/cfi.c:87:13: sparse: sparse: non size-preserving integer to pointer cast
vim +72 drivers/misc/lkdtm/cfi.c
60
61 #define no_pac_addr(addr) \
62 ((__force __typeof__(addr))((__force u64)(addr) | PAGE_OFFSET))
63
64 /* The ultimate ROP gadget. */
65 static noinline __no_ret_protection
66 void set_return_addr_unchecked(unsigned long *expected, unsigned long *addr)
67 {
68 /* Use of volatile is to make sure final write isn't seen as a dead store. */
69 unsigned long * volatile *ret_addr = (unsigned long **)__builtin_frame_address(0) + 1;
70
71 /* Make sure we've found the right place on the stack before writing it. */
> 72 if (no_pac_addr(*ret_addr) == expected)
73 *ret_addr = (addr);
74 else
75 /* Check architecture, stack layout, or compiler behavior... */
76 pr_warn("Eek: return address mismatch! %px != %px\n",
77 *ret_addr, addr);
78 }
79
80 static noinline
81 void set_return_addr(unsigned long *expected, unsigned long *addr)
82 {
83 /* Use of volatile is to make sure final write isn't seen as a dead store. */
84 unsigned long * volatile *ret_addr = (unsigned long **)__builtin_frame_address(0) + 1;
85
86 /* Make sure we've found the right place on the stack before writing it. */
87 if (no_pac_addr(*ret_addr) == expected)
88 *ret_addr = (addr);
89 else
90 /* Check architecture, stack layout, or compiler behavior... */
91 pr_warn("Eek: return address mismatch! %px != %px\n",
92 *ret_addr, addr);
93 }
94
95 static volatile int force_check;
96
97 static void lkdtm_CFI_BACKWARD(void)
98 {
99 /* Use calculated gotos to keep labels addressable. */
> 100 void *labels[] = {0, &&normal, &&redirected, &&check_normal, &&check_redirected};
101
102 pr_info("Attempting unchecked stack return address redirection ...\n");
103
104 /* Always false */
105 if (force_check) {
106 /*
107 * Prepare to call with NULLs to avoid parameters being treated as
108 * constants in -02.
109 */
110 set_return_addr_unchecked(NULL, NULL);
111 set_return_addr(NULL, NULL);
112 if (force_check)
113 goto *labels[1];
114 if (force_check)
115 goto *labels[2];
116 if (force_check)
117 goto *labels[3];
118 if (force_check)
119 goto *labels[4];
120 return;
121 }
122
123 /*
124 * Use fallthrough switch case to keep basic block ordering between
125 * set_return_addr*() and the label after it.
126 */
127 switch (force_check) {
128 case 0:
129 set_return_addr_unchecked(&&normal, &&redirected);
130 fallthrough;
131 case 1:
132 normal:
133 /* Always true */
134 if (!force_check) {
135 pr_err("FAIL: stack return address manipulation failed!\n");
136 /* If we can't redirect "normally", we can't test mitigations. */
137 return;
138 }
139 break;
140 default:
141 redirected:
142 pr_info("ok: redirected stack return address.\n");
143 break;
144 }
145
146 pr_info("Attempting checked stack return address redirection ...\n");
147
148 switch (force_check) {
149 case 0:
150 set_return_addr(&&check_normal, &&check_redirected);
151 fallthrough;
152 case 1:
153 check_normal:
154 /* Always true */
155 if (!force_check) {
156 pr_info("ok: control flow unchanged.\n");
157 return;
158 }
159
160 check_redirected:
161 pr_err("FAIL: stack return address was redirected!\n");
162 break;
163 }
164
165 if (IS_ENABLED(CONFIG_ARM64_PTR_AUTH_KERNEL)) {
166 pr_expected_config(CONFIG_ARM64_PTR_AUTH_KERNEL);
167 return;
168 }
169 if (IS_ENABLED(CONFIG_SHADOW_CALL_STACK)) {
170 pr_expected_config(CONFIG_SHADOW_CALL_STACK);
171 return;
172 }
173 pr_warn("This is probably expected, since this %s was built *without* %s=y nor %s=y\n",
174 lkdtm_kernel_info,
175 "CONFIG_ARM64_PTR_AUTH_KERNEL", "CONFIG_SHADOW_CALL_STACK");
176 }
177
--
0-DAY CI Kernel Test Service
https://01.org/lkp
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-04-20 6:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-04-20 6:17 [kees:for-next/lkdtm 6/6] drivers/misc/lkdtm/cfi.c:72:13: sparse: sparse: non size-preserving pointer to integer cast kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.