* security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
@ 2023-12-03 6:07 kernel test robot
0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2023-12-03 6:07 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "low confidence static check warning: security/commoncap.c:984:41: sparse: sparse: dubious: !x | y"
::::::
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: linux-kernel@vger.kernel.org
TO: Andy Lutomirski <luto@kernel.org>
CC: Christoph Lameter <cl@linux-foundation.org>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 815fb87b753055df2d9e50f6cd80eb10235fe3e9
commit: 58319057b7847667f0c9585b9de0e8932b0fdb08 capabilities: ambient capabilities
date: 8 years ago
:::::: branch date: 6 hours ago
:::::: commit date: 8 years ago
config: x86_64-alldefconfig (https://download.01.org/0day-ci/archive/20231202/202312021337.4FXSmInG-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231202/202312021337.4FXSmInG-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/r/202312021337.4FXSmInG-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
>> security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
In file included from include/linux/kobject.h:21,
from include/linux/module.h:17,
from security/commoncap.c:12:
include/linux/sysfs.h: In function 'sysfs_get_dirent':
include/linux/sysfs.h:496:44: warning: pointer targets in passing argument 2 of 'kernfs_find_and_get' differ in signedness [-Wpointer-sign]
496 | return kernfs_find_and_get(parent, name);
| ^~~~
| |
| const unsigned char *
In file included from include/linux/sysfs.h:15:
include/linux/kernfs.h:424:57: note: expected 'const char *' but argument is of type 'const unsigned char *'
424 | kernfs_find_and_get(struct kernfs_node *kn, const char *name)
| ~~~~~~~~~~~~^~~~
In file included from include/linux/capability.h:15,
from security/commoncap.c:10:
security/commoncap.c: In function 'cap_prctl_drop':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:870:14: note: in expansion of macro 'cap_valid'
870 | if (!cap_valid(cap))
| ^~~~~~~~~
security/commoncap.c: In function 'cap_task_prctl':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:900:22: note: in expansion of macro 'cap_valid'
900 | if (!cap_valid(arg2))
| ^~~~~~~~~
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:984:24: note: in expansion of macro 'cap_valid'
984 | if (((!cap_valid(arg3)) | arg4 | arg5))
| ^~~~~~~~~
security/commoncap.c:73: warning: Function parameter or member 'targ_ns' not described in 'cap_capable'
security/commoncap.c:73: warning: Excess function parameter 'ns' description in 'cap_capable'
security/commoncap.c:843: warning: expecting prototype for cap_task_ioprio(). Prototype was for cap_task_setioprio() instead
security/commoncap.c:856: warning: expecting prototype for cap_task_ioprio(). Prototype was for cap_task_setnice() instead
security/commoncap.c:894: warning: Function parameter or member 'arg2' not described in 'cap_task_prctl'
security/commoncap.c:894: warning: Function parameter or member 'arg3' not described in 'cap_task_prctl'
security/commoncap.c:894: warning: Function parameter or member 'arg4' not described in 'cap_task_prctl'
security/commoncap.c:894: warning: Function parameter or member 'arg5' not described in 'cap_task_prctl'
vim +984 security/commoncap.c
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 879
1d045980e1eff4 David Howells 2008-11-14 880 /**
1d045980e1eff4 David Howells 2008-11-14 881 * cap_task_prctl - Implement process control functions for this security module
1d045980e1eff4 David Howells 2008-11-14 882 * @option: The process control function requested
1d045980e1eff4 David Howells 2008-11-14 883 * @arg2, @arg3, @arg4, @arg5: The argument data for this function
1d045980e1eff4 David Howells 2008-11-14 884 *
1d045980e1eff4 David Howells 2008-11-14 885 * Allow process control functions (sys_prctl()) to alter capabilities; may
1d045980e1eff4 David Howells 2008-11-14 886 * also deny access to other functions not otherwise implemented here.
1d045980e1eff4 David Howells 2008-11-14 887 *
1d045980e1eff4 David Howells 2008-11-14 888 * Returns 0 or +ve on success, -ENOSYS if this function is not implemented
1d045980e1eff4 David Howells 2008-11-14 889 * here, other -ve on error. If -ENOSYS is returned, sys_prctl() and other LSM
1d045980e1eff4 David Howells 2008-11-14 890 * modules will consider performing the function.
1d045980e1eff4 David Howells 2008-11-14 891 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 892 int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
d84f4f992cbd76 David Howells 2008-11-14 893 unsigned long arg4, unsigned long arg5)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 894 {
6d6f3328422a3b Tetsuo Handa 2014-07-22 895 const struct cred *old = current_cred();
d84f4f992cbd76 David Howells 2008-11-14 896 struct cred *new;
d84f4f992cbd76 David Howells 2008-11-14 897
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 898 switch (option) {
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 899 case PR_CAPBSET_READ:
d84f4f992cbd76 David Howells 2008-11-14 900 if (!cap_valid(arg2))
6d6f3328422a3b Tetsuo Handa 2014-07-22 901 return -EINVAL;
6d6f3328422a3b Tetsuo Handa 2014-07-22 902 return !!cap_raised(old->cap_bset, arg2);
d84f4f992cbd76 David Howells 2008-11-14 903
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 904 case PR_CAPBSET_DROP:
6d6f3328422a3b Tetsuo Handa 2014-07-22 905 return cap_prctl_drop(arg2);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 906
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 907 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 908 * The next four prctl's remain to assist with transitioning a
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 909 * system from legacy UID=0 based privilege (when filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 910 * capabilities are not in use) to a system using filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 911 * capabilities only - as the POSIX.1e draft intended.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 912 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 913 * Note:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 914 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 915 * PR_SET_SECUREBITS =
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 916 * issecure_mask(SECURE_KEEP_CAPS_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 917 * | issecure_mask(SECURE_NOROOT)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 918 * | issecure_mask(SECURE_NOROOT_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 919 * | issecure_mask(SECURE_NO_SETUID_FIXUP)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 920 * | issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 921 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 922 * will ensure that the current process and all of its
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 923 * children will be locked into a pure
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 924 * capability-based-privilege environment.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 925 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 926 case PR_SET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 927 if ((((old->securebits & SECURE_ALL_LOCKS) >> 1)
6d6f3328422a3b Tetsuo Handa 2014-07-22 928 & (old->securebits ^ arg2)) /*[1]*/
6d6f3328422a3b Tetsuo Handa 2014-07-22 929 || ((old->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 930 || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/
6a9de49115d5ff Eric Paris 2012-01-03 931 || (cap_capable(current_cred(),
c4a4d603796c72 Eric W. Biederman 2011-11-16 932 current_cred()->user_ns, CAP_SETPCAP,
3699c53c485bf0 David Howells 2009-01-06 933 SECURITY_CAP_AUDIT) != 0) /*[4]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 934 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 935 * [1] no changing of bits that are locked
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 936 * [2] no unlocking of locks
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 937 * [3] no setting of unsupported bits
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 938 * [4] doing anything requires privilege (go read about
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 939 * the "sendmail capabilities bug")
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 940 */
d84f4f992cbd76 David Howells 2008-11-14 941 )
d84f4f992cbd76 David Howells 2008-11-14 942 /* cannot change a locked bit */
6d6f3328422a3b Tetsuo Handa 2014-07-22 943 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 944
6d6f3328422a3b Tetsuo Handa 2014-07-22 945 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 946 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 947 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 948 new->securebits = arg2;
6d6f3328422a3b Tetsuo Handa 2014-07-22 949 return commit_creds(new);
d84f4f992cbd76 David Howells 2008-11-14 950
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 951 case PR_GET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 952 return old->securebits;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 953
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 954 case PR_GET_KEEPCAPS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 955 return !!issecure(SECURE_KEEP_CAPS);
d84f4f992cbd76 David Howells 2008-11-14 956
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 957 case PR_SET_KEEPCAPS:
d84f4f992cbd76 David Howells 2008-11-14 958 if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */
6d6f3328422a3b Tetsuo Handa 2014-07-22 959 return -EINVAL;
d84f4f992cbd76 David Howells 2008-11-14 960 if (issecure(SECURE_KEEP_CAPS_LOCKED))
6d6f3328422a3b Tetsuo Handa 2014-07-22 961 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 962
6d6f3328422a3b Tetsuo Handa 2014-07-22 963 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 964 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 965 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 966 if (arg2)
d84f4f992cbd76 David Howells 2008-11-14 967 new->securebits |= issecure_mask(SECURE_KEEP_CAPS);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 968 else
d84f4f992cbd76 David Howells 2008-11-14 969 new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);
6d6f3328422a3b Tetsuo Handa 2014-07-22 970 return commit_creds(new);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 971
58319057b78476 Andy Lutomirski 2015-09-04 972 case PR_CAP_AMBIENT:
58319057b78476 Andy Lutomirski 2015-09-04 973 if (arg2 == PR_CAP_AMBIENT_CLEAR_ALL) {
58319057b78476 Andy Lutomirski 2015-09-04 974 if (arg3 | arg4 | arg5)
58319057b78476 Andy Lutomirski 2015-09-04 975 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 976
58319057b78476 Andy Lutomirski 2015-09-04 977 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 978 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 979 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 980 cap_clear(new->cap_ambient);
58319057b78476 Andy Lutomirski 2015-09-04 981 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 982 }
58319057b78476 Andy Lutomirski 2015-09-04 983
58319057b78476 Andy Lutomirski 2015-09-04 @984 if (((!cap_valid(arg3)) | arg4 | arg5))
58319057b78476 Andy Lutomirski 2015-09-04 985 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 986
58319057b78476 Andy Lutomirski 2015-09-04 987 if (arg2 == PR_CAP_AMBIENT_IS_SET) {
58319057b78476 Andy Lutomirski 2015-09-04 988 return !!cap_raised(current_cred()->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 989 } else if (arg2 != PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 990 arg2 != PR_CAP_AMBIENT_LOWER) {
58319057b78476 Andy Lutomirski 2015-09-04 991 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 992 } else {
58319057b78476 Andy Lutomirski 2015-09-04 993 if (arg2 == PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 994 (!cap_raised(current_cred()->cap_permitted, arg3) ||
58319057b78476 Andy Lutomirski 2015-09-04 995 !cap_raised(current_cred()->cap_inheritable,
58319057b78476 Andy Lutomirski 2015-09-04 996 arg3)))
58319057b78476 Andy Lutomirski 2015-09-04 997 return -EPERM;
58319057b78476 Andy Lutomirski 2015-09-04 998
58319057b78476 Andy Lutomirski 2015-09-04 999 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 1000 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 1001 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 1002 if (arg2 == PR_CAP_AMBIENT_RAISE)
58319057b78476 Andy Lutomirski 2015-09-04 1003 cap_raise(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1004 else
58319057b78476 Andy Lutomirski 2015-09-04 1005 cap_lower(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1006 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 1007 }
58319057b78476 Andy Lutomirski 2015-09-04 1008
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1009 default:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1010 /* No functionality available - continue with default */
6d6f3328422a3b Tetsuo Handa 2014-07-22 1011 return -ENOSYS;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1012 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1013 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1014
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 8+ messages in thread* security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
@ 2023-12-03 6:31 kernel test robot
0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2023-12-03 6:31 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "low confidence static check warning: security/commoncap.c:984:41: sparse: sparse: dubious: !x | y"
::::::
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: linux-kernel@vger.kernel.org
TO: Andy Lutomirski <luto@kernel.org>
CC: Christoph Lameter <cl@linux-foundation.org>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 815fb87b753055df2d9e50f6cd80eb10235fe3e9
commit: 58319057b7847667f0c9585b9de0e8932b0fdb08 capabilities: ambient capabilities
date: 8 years ago
:::::: branch date: 16 hours ago
:::::: commit date: 8 years ago
config: x86_64-alldefconfig (https://download.01.org/0day-ci/archive/20231202/202312022319.KzOVPs8r-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231202/202312022319.KzOVPs8r-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/r/202312022319.KzOVPs8r-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
>> security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
In file included from include/linux/kobject.h:21,
from include/linux/module.h:17,
from security/commoncap.c:12:
include/linux/sysfs.h: In function 'sysfs_get_dirent':
include/linux/sysfs.h:496:44: warning: pointer targets in passing argument 2 of 'kernfs_find_and_get' differ in signedness [-Wpointer-sign]
496 | return kernfs_find_and_get(parent, name);
| ^~~~
| |
| const unsigned char *
In file included from include/linux/sysfs.h:15:
include/linux/kernfs.h:424:57: note: expected 'const char *' but argument is of type 'const unsigned char *'
424 | kernfs_find_and_get(struct kernfs_node *kn, const char *name)
| ~~~~~~~~~~~~^~~~
In file included from include/linux/capability.h:15,
from security/commoncap.c:10:
security/commoncap.c: In function 'cap_prctl_drop':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:870:14: note: in expansion of macro 'cap_valid'
870 | if (!cap_valid(cap))
| ^~~~~~~~~
security/commoncap.c: In function 'cap_task_prctl':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:900:22: note: in expansion of macro 'cap_valid'
900 | if (!cap_valid(arg2))
| ^~~~~~~~~
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:984:24: note: in expansion of macro 'cap_valid'
984 | if (((!cap_valid(arg3)) | arg4 | arg5))
| ^~~~~~~~~
security/commoncap.c:73: warning: Function parameter or member 'targ_ns' not described in 'cap_capable'
security/commoncap.c:73: warning: Excess function parameter 'ns' description in 'cap_capable'
security/commoncap.c:843: warning: expecting prototype for cap_task_ioprio(). Prototype was for cap_task_setioprio() instead
security/commoncap.c:856: warning: expecting prototype for cap_task_ioprio(). Prototype was for cap_task_setnice() instead
security/commoncap.c:894: warning: Function parameter or member 'arg2' not described in 'cap_task_prctl'
security/commoncap.c:894: warning: Function parameter or member 'arg3' not described in 'cap_task_prctl'
security/commoncap.c:894: warning: Function parameter or member 'arg4' not described in 'cap_task_prctl'
security/commoncap.c:894: warning: Function parameter or member 'arg5' not described in 'cap_task_prctl'
vim +984 security/commoncap.c
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 879
1d045980e1eff4 David Howells 2008-11-14 880 /**
1d045980e1eff4 David Howells 2008-11-14 881 * cap_task_prctl - Implement process control functions for this security module
1d045980e1eff4 David Howells 2008-11-14 882 * @option: The process control function requested
1d045980e1eff4 David Howells 2008-11-14 883 * @arg2, @arg3, @arg4, @arg5: The argument data for this function
1d045980e1eff4 David Howells 2008-11-14 884 *
1d045980e1eff4 David Howells 2008-11-14 885 * Allow process control functions (sys_prctl()) to alter capabilities; may
1d045980e1eff4 David Howells 2008-11-14 886 * also deny access to other functions not otherwise implemented here.
1d045980e1eff4 David Howells 2008-11-14 887 *
1d045980e1eff4 David Howells 2008-11-14 888 * Returns 0 or +ve on success, -ENOSYS if this function is not implemented
1d045980e1eff4 David Howells 2008-11-14 889 * here, other -ve on error. If -ENOSYS is returned, sys_prctl() and other LSM
1d045980e1eff4 David Howells 2008-11-14 890 * modules will consider performing the function.
1d045980e1eff4 David Howells 2008-11-14 891 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 892 int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
d84f4f992cbd76 David Howells 2008-11-14 893 unsigned long arg4, unsigned long arg5)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 894 {
6d6f3328422a3b Tetsuo Handa 2014-07-22 895 const struct cred *old = current_cred();
d84f4f992cbd76 David Howells 2008-11-14 896 struct cred *new;
d84f4f992cbd76 David Howells 2008-11-14 897
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 898 switch (option) {
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 899 case PR_CAPBSET_READ:
d84f4f992cbd76 David Howells 2008-11-14 900 if (!cap_valid(arg2))
6d6f3328422a3b Tetsuo Handa 2014-07-22 901 return -EINVAL;
6d6f3328422a3b Tetsuo Handa 2014-07-22 902 return !!cap_raised(old->cap_bset, arg2);
d84f4f992cbd76 David Howells 2008-11-14 903
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 904 case PR_CAPBSET_DROP:
6d6f3328422a3b Tetsuo Handa 2014-07-22 905 return cap_prctl_drop(arg2);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 906
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 907 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 908 * The next four prctl's remain to assist with transitioning a
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 909 * system from legacy UID=0 based privilege (when filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 910 * capabilities are not in use) to a system using filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 911 * capabilities only - as the POSIX.1e draft intended.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 912 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 913 * Note:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 914 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 915 * PR_SET_SECUREBITS =
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 916 * issecure_mask(SECURE_KEEP_CAPS_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 917 * | issecure_mask(SECURE_NOROOT)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 918 * | issecure_mask(SECURE_NOROOT_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 919 * | issecure_mask(SECURE_NO_SETUID_FIXUP)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 920 * | issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 921 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 922 * will ensure that the current process and all of its
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 923 * children will be locked into a pure
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 924 * capability-based-privilege environment.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 925 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 926 case PR_SET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 927 if ((((old->securebits & SECURE_ALL_LOCKS) >> 1)
6d6f3328422a3b Tetsuo Handa 2014-07-22 928 & (old->securebits ^ arg2)) /*[1]*/
6d6f3328422a3b Tetsuo Handa 2014-07-22 929 || ((old->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 930 || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/
6a9de49115d5ff Eric Paris 2012-01-03 931 || (cap_capable(current_cred(),
c4a4d603796c72 Eric W. Biederman 2011-11-16 932 current_cred()->user_ns, CAP_SETPCAP,
3699c53c485bf0 David Howells 2009-01-06 933 SECURITY_CAP_AUDIT) != 0) /*[4]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 934 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 935 * [1] no changing of bits that are locked
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 936 * [2] no unlocking of locks
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 937 * [3] no setting of unsupported bits
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 938 * [4] doing anything requires privilege (go read about
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 939 * the "sendmail capabilities bug")
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 940 */
d84f4f992cbd76 David Howells 2008-11-14 941 )
d84f4f992cbd76 David Howells 2008-11-14 942 /* cannot change a locked bit */
6d6f3328422a3b Tetsuo Handa 2014-07-22 943 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 944
6d6f3328422a3b Tetsuo Handa 2014-07-22 945 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 946 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 947 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 948 new->securebits = arg2;
6d6f3328422a3b Tetsuo Handa 2014-07-22 949 return commit_creds(new);
d84f4f992cbd76 David Howells 2008-11-14 950
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 951 case PR_GET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 952 return old->securebits;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 953
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 954 case PR_GET_KEEPCAPS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 955 return !!issecure(SECURE_KEEP_CAPS);
d84f4f992cbd76 David Howells 2008-11-14 956
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 957 case PR_SET_KEEPCAPS:
d84f4f992cbd76 David Howells 2008-11-14 958 if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */
6d6f3328422a3b Tetsuo Handa 2014-07-22 959 return -EINVAL;
d84f4f992cbd76 David Howells 2008-11-14 960 if (issecure(SECURE_KEEP_CAPS_LOCKED))
6d6f3328422a3b Tetsuo Handa 2014-07-22 961 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 962
6d6f3328422a3b Tetsuo Handa 2014-07-22 963 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 964 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 965 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 966 if (arg2)
d84f4f992cbd76 David Howells 2008-11-14 967 new->securebits |= issecure_mask(SECURE_KEEP_CAPS);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 968 else
d84f4f992cbd76 David Howells 2008-11-14 969 new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);
6d6f3328422a3b Tetsuo Handa 2014-07-22 970 return commit_creds(new);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 971
58319057b78476 Andy Lutomirski 2015-09-04 972 case PR_CAP_AMBIENT:
58319057b78476 Andy Lutomirski 2015-09-04 973 if (arg2 == PR_CAP_AMBIENT_CLEAR_ALL) {
58319057b78476 Andy Lutomirski 2015-09-04 974 if (arg3 | arg4 | arg5)
58319057b78476 Andy Lutomirski 2015-09-04 975 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 976
58319057b78476 Andy Lutomirski 2015-09-04 977 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 978 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 979 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 980 cap_clear(new->cap_ambient);
58319057b78476 Andy Lutomirski 2015-09-04 981 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 982 }
58319057b78476 Andy Lutomirski 2015-09-04 983
58319057b78476 Andy Lutomirski 2015-09-04 @984 if (((!cap_valid(arg3)) | arg4 | arg5))
58319057b78476 Andy Lutomirski 2015-09-04 985 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 986
58319057b78476 Andy Lutomirski 2015-09-04 987 if (arg2 == PR_CAP_AMBIENT_IS_SET) {
58319057b78476 Andy Lutomirski 2015-09-04 988 return !!cap_raised(current_cred()->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 989 } else if (arg2 != PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 990 arg2 != PR_CAP_AMBIENT_LOWER) {
58319057b78476 Andy Lutomirski 2015-09-04 991 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 992 } else {
58319057b78476 Andy Lutomirski 2015-09-04 993 if (arg2 == PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 994 (!cap_raised(current_cred()->cap_permitted, arg3) ||
58319057b78476 Andy Lutomirski 2015-09-04 995 !cap_raised(current_cred()->cap_inheritable,
58319057b78476 Andy Lutomirski 2015-09-04 996 arg3)))
58319057b78476 Andy Lutomirski 2015-09-04 997 return -EPERM;
58319057b78476 Andy Lutomirski 2015-09-04 998
58319057b78476 Andy Lutomirski 2015-09-04 999 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 1000 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 1001 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 1002 if (arg2 == PR_CAP_AMBIENT_RAISE)
58319057b78476 Andy Lutomirski 2015-09-04 1003 cap_raise(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1004 else
58319057b78476 Andy Lutomirski 2015-09-04 1005 cap_lower(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1006 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 1007 }
58319057b78476 Andy Lutomirski 2015-09-04 1008
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1009 default:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1010 /* No functionality available - continue with default */
6d6f3328422a3b Tetsuo Handa 2014-07-22 1011 return -ENOSYS;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1012 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1013 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1014
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 8+ messages in thread* security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
@ 2023-12-02 1:52 kernel test robot
0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2023-12-02 1:52 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "low confidence static check warning: security/commoncap.c:984:41: sparse: sparse: dubious: !x | y"
::::::
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: linux-kernel@vger.kernel.org
TO: Andy Lutomirski <luto@kernel.org>
CC: Christoph Lameter <cl@linux-foundation.org>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 815fb87b753055df2d9e50f6cd80eb10235fe3e9
commit: 58319057b7847667f0c9585b9de0e8932b0fdb08 capabilities: ambient capabilities
date: 8 years ago
:::::: branch date: 2 hours ago
:::::: commit date: 8 years ago
config: x86_64-alldefconfig (https://download.01.org/0day-ci/archive/20231202/202312020942.iZzzEUVT-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231202/202312020942.iZzzEUVT-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/r/202312020942.iZzzEUVT-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
>> security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
In file included from include/linux/kobject.h:21,
from include/linux/module.h:17,
from security/commoncap.c:12:
include/linux/sysfs.h: In function 'sysfs_get_dirent':
include/linux/sysfs.h:496:44: warning: pointer targets in passing argument 2 of 'kernfs_find_and_get' differ in signedness [-Wpointer-sign]
496 | return kernfs_find_and_get(parent, name);
| ^~~~
| |
| const unsigned char *
In file included from include/linux/sysfs.h:15:
include/linux/kernfs.h:424:57: note: expected 'const char *' but argument is of type 'const unsigned char *'
424 | kernfs_find_and_get(struct kernfs_node *kn, const char *name)
| ~~~~~~~~~~~~^~~~
In file included from include/linux/capability.h:15,
from security/commoncap.c:10:
security/commoncap.c: In function 'cap_prctl_drop':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:870:14: note: in expansion of macro 'cap_valid'
870 | if (!cap_valid(cap))
| ^~~~~~~~~
security/commoncap.c: In function 'cap_task_prctl':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:900:22: note: in expansion of macro 'cap_valid'
900 | if (!cap_valid(arg2))
| ^~~~~~~~~
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:984:24: note: in expansion of macro 'cap_valid'
984 | if (((!cap_valid(arg3)) | arg4 | arg5))
| ^~~~~~~~~
security/commoncap.c:73: warning: Function parameter or member 'targ_ns' not described in 'cap_capable'
security/commoncap.c:73: warning: Excess function parameter 'ns' description in 'cap_capable'
security/commoncap.c:843: warning: expecting prototype for cap_task_ioprio(). Prototype was for cap_task_setioprio() instead
security/commoncap.c:856: warning: expecting prototype for cap_task_ioprio(). Prototype was for cap_task_setnice() instead
security/commoncap.c:894: warning: Function parameter or member 'arg2' not described in 'cap_task_prctl'
security/commoncap.c:894: warning: Function parameter or member 'arg3' not described in 'cap_task_prctl'
security/commoncap.c:894: warning: Function parameter or member 'arg4' not described in 'cap_task_prctl'
security/commoncap.c:894: warning: Function parameter or member 'arg5' not described in 'cap_task_prctl'
vim +984 security/commoncap.c
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 879
1d045980e1eff4 David Howells 2008-11-14 880 /**
1d045980e1eff4 David Howells 2008-11-14 881 * cap_task_prctl - Implement process control functions for this security module
1d045980e1eff4 David Howells 2008-11-14 882 * @option: The process control function requested
1d045980e1eff4 David Howells 2008-11-14 883 * @arg2, @arg3, @arg4, @arg5: The argument data for this function
1d045980e1eff4 David Howells 2008-11-14 884 *
1d045980e1eff4 David Howells 2008-11-14 885 * Allow process control functions (sys_prctl()) to alter capabilities; may
1d045980e1eff4 David Howells 2008-11-14 886 * also deny access to other functions not otherwise implemented here.
1d045980e1eff4 David Howells 2008-11-14 887 *
1d045980e1eff4 David Howells 2008-11-14 888 * Returns 0 or +ve on success, -ENOSYS if this function is not implemented
1d045980e1eff4 David Howells 2008-11-14 889 * here, other -ve on error. If -ENOSYS is returned, sys_prctl() and other LSM
1d045980e1eff4 David Howells 2008-11-14 890 * modules will consider performing the function.
1d045980e1eff4 David Howells 2008-11-14 891 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 892 int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
d84f4f992cbd76 David Howells 2008-11-14 893 unsigned long arg4, unsigned long arg5)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 894 {
6d6f3328422a3b Tetsuo Handa 2014-07-22 895 const struct cred *old = current_cred();
d84f4f992cbd76 David Howells 2008-11-14 896 struct cred *new;
d84f4f992cbd76 David Howells 2008-11-14 897
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 898 switch (option) {
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 899 case PR_CAPBSET_READ:
d84f4f992cbd76 David Howells 2008-11-14 900 if (!cap_valid(arg2))
6d6f3328422a3b Tetsuo Handa 2014-07-22 901 return -EINVAL;
6d6f3328422a3b Tetsuo Handa 2014-07-22 902 return !!cap_raised(old->cap_bset, arg2);
d84f4f992cbd76 David Howells 2008-11-14 903
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 904 case PR_CAPBSET_DROP:
6d6f3328422a3b Tetsuo Handa 2014-07-22 905 return cap_prctl_drop(arg2);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 906
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 907 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 908 * The next four prctl's remain to assist with transitioning a
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 909 * system from legacy UID=0 based privilege (when filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 910 * capabilities are not in use) to a system using filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 911 * capabilities only - as the POSIX.1e draft intended.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 912 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 913 * Note:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 914 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 915 * PR_SET_SECUREBITS =
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 916 * issecure_mask(SECURE_KEEP_CAPS_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 917 * | issecure_mask(SECURE_NOROOT)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 918 * | issecure_mask(SECURE_NOROOT_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 919 * | issecure_mask(SECURE_NO_SETUID_FIXUP)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 920 * | issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 921 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 922 * will ensure that the current process and all of its
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 923 * children will be locked into a pure
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 924 * capability-based-privilege environment.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 925 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 926 case PR_SET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 927 if ((((old->securebits & SECURE_ALL_LOCKS) >> 1)
6d6f3328422a3b Tetsuo Handa 2014-07-22 928 & (old->securebits ^ arg2)) /*[1]*/
6d6f3328422a3b Tetsuo Handa 2014-07-22 929 || ((old->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 930 || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/
6a9de49115d5ff Eric Paris 2012-01-03 931 || (cap_capable(current_cred(),
c4a4d603796c72 Eric W. Biederman 2011-11-16 932 current_cred()->user_ns, CAP_SETPCAP,
3699c53c485bf0 David Howells 2009-01-06 933 SECURITY_CAP_AUDIT) != 0) /*[4]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 934 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 935 * [1] no changing of bits that are locked
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 936 * [2] no unlocking of locks
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 937 * [3] no setting of unsupported bits
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 938 * [4] doing anything requires privilege (go read about
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 939 * the "sendmail capabilities bug")
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 940 */
d84f4f992cbd76 David Howells 2008-11-14 941 )
d84f4f992cbd76 David Howells 2008-11-14 942 /* cannot change a locked bit */
6d6f3328422a3b Tetsuo Handa 2014-07-22 943 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 944
6d6f3328422a3b Tetsuo Handa 2014-07-22 945 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 946 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 947 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 948 new->securebits = arg2;
6d6f3328422a3b Tetsuo Handa 2014-07-22 949 return commit_creds(new);
d84f4f992cbd76 David Howells 2008-11-14 950
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 951 case PR_GET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 952 return old->securebits;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 953
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 954 case PR_GET_KEEPCAPS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 955 return !!issecure(SECURE_KEEP_CAPS);
d84f4f992cbd76 David Howells 2008-11-14 956
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 957 case PR_SET_KEEPCAPS:
d84f4f992cbd76 David Howells 2008-11-14 958 if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */
6d6f3328422a3b Tetsuo Handa 2014-07-22 959 return -EINVAL;
d84f4f992cbd76 David Howells 2008-11-14 960 if (issecure(SECURE_KEEP_CAPS_LOCKED))
6d6f3328422a3b Tetsuo Handa 2014-07-22 961 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 962
6d6f3328422a3b Tetsuo Handa 2014-07-22 963 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 964 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 965 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 966 if (arg2)
d84f4f992cbd76 David Howells 2008-11-14 967 new->securebits |= issecure_mask(SECURE_KEEP_CAPS);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 968 else
d84f4f992cbd76 David Howells 2008-11-14 969 new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);
6d6f3328422a3b Tetsuo Handa 2014-07-22 970 return commit_creds(new);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 971
58319057b78476 Andy Lutomirski 2015-09-04 972 case PR_CAP_AMBIENT:
58319057b78476 Andy Lutomirski 2015-09-04 973 if (arg2 == PR_CAP_AMBIENT_CLEAR_ALL) {
58319057b78476 Andy Lutomirski 2015-09-04 974 if (arg3 | arg4 | arg5)
58319057b78476 Andy Lutomirski 2015-09-04 975 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 976
58319057b78476 Andy Lutomirski 2015-09-04 977 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 978 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 979 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 980 cap_clear(new->cap_ambient);
58319057b78476 Andy Lutomirski 2015-09-04 981 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 982 }
58319057b78476 Andy Lutomirski 2015-09-04 983
58319057b78476 Andy Lutomirski 2015-09-04 @984 if (((!cap_valid(arg3)) | arg4 | arg5))
58319057b78476 Andy Lutomirski 2015-09-04 985 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 986
58319057b78476 Andy Lutomirski 2015-09-04 987 if (arg2 == PR_CAP_AMBIENT_IS_SET) {
58319057b78476 Andy Lutomirski 2015-09-04 988 return !!cap_raised(current_cred()->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 989 } else if (arg2 != PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 990 arg2 != PR_CAP_AMBIENT_LOWER) {
58319057b78476 Andy Lutomirski 2015-09-04 991 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 992 } else {
58319057b78476 Andy Lutomirski 2015-09-04 993 if (arg2 == PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 994 (!cap_raised(current_cred()->cap_permitted, arg3) ||
58319057b78476 Andy Lutomirski 2015-09-04 995 !cap_raised(current_cred()->cap_inheritable,
58319057b78476 Andy Lutomirski 2015-09-04 996 arg3)))
58319057b78476 Andy Lutomirski 2015-09-04 997 return -EPERM;
58319057b78476 Andy Lutomirski 2015-09-04 998
58319057b78476 Andy Lutomirski 2015-09-04 999 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 1000 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 1001 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 1002 if (arg2 == PR_CAP_AMBIENT_RAISE)
58319057b78476 Andy Lutomirski 2015-09-04 1003 cap_raise(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1004 else
58319057b78476 Andy Lutomirski 2015-09-04 1005 cap_lower(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1006 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 1007 }
58319057b78476 Andy Lutomirski 2015-09-04 1008
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1009 default:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1010 /* No functionality available - continue with default */
6d6f3328422a3b Tetsuo Handa 2014-07-22 1011 return -ENOSYS;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1012 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1013 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1014
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 8+ messages in thread* security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
@ 2023-11-17 23:03 kernel test robot
0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2023-11-17 23:03 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "low confidence static check warning: security/commoncap.c:984:41: sparse: sparse: dubious: !x | y"
::::::
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: linux-kernel@vger.kernel.org
TO: Andy Lutomirski <luto@kernel.org>
CC: Christoph Lameter <cl@linux-foundation.org>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 6bc40e44f1ddef16a787f3501b97f1fff909177c
commit: 58319057b7847667f0c9585b9de0e8932b0fdb08 capabilities: ambient capabilities
date: 8 years ago
:::::: branch date: 9 hours ago
:::::: commit date: 8 years ago
config: x86_64-allnoconfig (https://download.01.org/0day-ci/archive/20231118/202311180652.Z241ztNV-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231118/202311180652.Z241ztNV-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/r/202311180652.Z241ztNV-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
>> security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
In file included from include/linux/kobject.h:21,
from include/linux/module.h:17,
from security/commoncap.c:12:
include/linux/sysfs.h: In function 'sysfs_get_dirent':
include/linux/sysfs.h:496:44: warning: pointer targets in passing argument 2 of 'kernfs_find_and_get' differ in signedness [-Wpointer-sign]
496 | return kernfs_find_and_get(parent, name);
| ^~~~
| |
| const unsigned char *
In file included from include/linux/sysfs.h:15:
include/linux/kernfs.h:424:57: note: expected 'const char *' but argument is of type 'const unsigned char *'
424 | kernfs_find_and_get(struct kernfs_node *kn, const char *name)
| ~~~~~~~~~~~~^~~~
In file included from include/linux/capability.h:15,
from security/commoncap.c:10:
security/commoncap.c: In function 'cap_prctl_drop':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:870:14: note: in expansion of macro 'cap_valid'
870 | if (!cap_valid(cap))
| ^~~~~~~~~
security/commoncap.c: In function 'cap_task_prctl':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:900:22: note: in expansion of macro 'cap_valid'
900 | if (!cap_valid(arg2))
| ^~~~~~~~~
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:984:24: note: in expansion of macro 'cap_valid'
984 | if (((!cap_valid(arg3)) | arg4 | arg5))
| ^~~~~~~~~
security/commoncap.c:73: warning: Function parameter or member 'targ_ns' not described in 'cap_capable'
security/commoncap.c:73: warning: Excess function parameter 'ns' description in 'cap_capable'
security/commoncap.c:843: warning: expecting prototype for cap_task_ioprio(). Prototype was for cap_task_setioprio() instead
security/commoncap.c:856: warning: expecting prototype for cap_task_ioprio(). Prototype was for cap_task_setnice() instead
security/commoncap.c:894: warning: Function parameter or member 'arg2' not described in 'cap_task_prctl'
security/commoncap.c:894: warning: Function parameter or member 'arg3' not described in 'cap_task_prctl'
security/commoncap.c:894: warning: Function parameter or member 'arg4' not described in 'cap_task_prctl'
security/commoncap.c:894: warning: Function parameter or member 'arg5' not described in 'cap_task_prctl'
vim +984 security/commoncap.c
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 879
1d045980e1eff4 David Howells 2008-11-14 880 /**
1d045980e1eff4 David Howells 2008-11-14 881 * cap_task_prctl - Implement process control functions for this security module
1d045980e1eff4 David Howells 2008-11-14 882 * @option: The process control function requested
1d045980e1eff4 David Howells 2008-11-14 883 * @arg2, @arg3, @arg4, @arg5: The argument data for this function
1d045980e1eff4 David Howells 2008-11-14 884 *
1d045980e1eff4 David Howells 2008-11-14 885 * Allow process control functions (sys_prctl()) to alter capabilities; may
1d045980e1eff4 David Howells 2008-11-14 886 * also deny access to other functions not otherwise implemented here.
1d045980e1eff4 David Howells 2008-11-14 887 *
1d045980e1eff4 David Howells 2008-11-14 888 * Returns 0 or +ve on success, -ENOSYS if this function is not implemented
1d045980e1eff4 David Howells 2008-11-14 889 * here, other -ve on error. If -ENOSYS is returned, sys_prctl() and other LSM
1d045980e1eff4 David Howells 2008-11-14 890 * modules will consider performing the function.
1d045980e1eff4 David Howells 2008-11-14 891 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 892 int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
d84f4f992cbd76 David Howells 2008-11-14 893 unsigned long arg4, unsigned long arg5)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 894 {
6d6f3328422a3b Tetsuo Handa 2014-07-22 895 const struct cred *old = current_cred();
d84f4f992cbd76 David Howells 2008-11-14 896 struct cred *new;
d84f4f992cbd76 David Howells 2008-11-14 897
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 898 switch (option) {
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 899 case PR_CAPBSET_READ:
d84f4f992cbd76 David Howells 2008-11-14 900 if (!cap_valid(arg2))
6d6f3328422a3b Tetsuo Handa 2014-07-22 901 return -EINVAL;
6d6f3328422a3b Tetsuo Handa 2014-07-22 902 return !!cap_raised(old->cap_bset, arg2);
d84f4f992cbd76 David Howells 2008-11-14 903
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 904 case PR_CAPBSET_DROP:
6d6f3328422a3b Tetsuo Handa 2014-07-22 905 return cap_prctl_drop(arg2);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 906
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 907 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 908 * The next four prctl's remain to assist with transitioning a
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 909 * system from legacy UID=0 based privilege (when filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 910 * capabilities are not in use) to a system using filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 911 * capabilities only - as the POSIX.1e draft intended.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 912 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 913 * Note:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 914 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 915 * PR_SET_SECUREBITS =
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 916 * issecure_mask(SECURE_KEEP_CAPS_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 917 * | issecure_mask(SECURE_NOROOT)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 918 * | issecure_mask(SECURE_NOROOT_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 919 * | issecure_mask(SECURE_NO_SETUID_FIXUP)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 920 * | issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 921 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 922 * will ensure that the current process and all of its
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 923 * children will be locked into a pure
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 924 * capability-based-privilege environment.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 925 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 926 case PR_SET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 927 if ((((old->securebits & SECURE_ALL_LOCKS) >> 1)
6d6f3328422a3b Tetsuo Handa 2014-07-22 928 & (old->securebits ^ arg2)) /*[1]*/
6d6f3328422a3b Tetsuo Handa 2014-07-22 929 || ((old->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 930 || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/
6a9de49115d5ff Eric Paris 2012-01-03 931 || (cap_capable(current_cred(),
c4a4d603796c72 Eric W. Biederman 2011-11-16 932 current_cred()->user_ns, CAP_SETPCAP,
3699c53c485bf0 David Howells 2009-01-06 933 SECURITY_CAP_AUDIT) != 0) /*[4]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 934 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 935 * [1] no changing of bits that are locked
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 936 * [2] no unlocking of locks
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 937 * [3] no setting of unsupported bits
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 938 * [4] doing anything requires privilege (go read about
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 939 * the "sendmail capabilities bug")
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 940 */
d84f4f992cbd76 David Howells 2008-11-14 941 )
d84f4f992cbd76 David Howells 2008-11-14 942 /* cannot change a locked bit */
6d6f3328422a3b Tetsuo Handa 2014-07-22 943 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 944
6d6f3328422a3b Tetsuo Handa 2014-07-22 945 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 946 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 947 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 948 new->securebits = arg2;
6d6f3328422a3b Tetsuo Handa 2014-07-22 949 return commit_creds(new);
d84f4f992cbd76 David Howells 2008-11-14 950
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 951 case PR_GET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 952 return old->securebits;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 953
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 954 case PR_GET_KEEPCAPS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 955 return !!issecure(SECURE_KEEP_CAPS);
d84f4f992cbd76 David Howells 2008-11-14 956
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 957 case PR_SET_KEEPCAPS:
d84f4f992cbd76 David Howells 2008-11-14 958 if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */
6d6f3328422a3b Tetsuo Handa 2014-07-22 959 return -EINVAL;
d84f4f992cbd76 David Howells 2008-11-14 960 if (issecure(SECURE_KEEP_CAPS_LOCKED))
6d6f3328422a3b Tetsuo Handa 2014-07-22 961 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 962
6d6f3328422a3b Tetsuo Handa 2014-07-22 963 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 964 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 965 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 966 if (arg2)
d84f4f992cbd76 David Howells 2008-11-14 967 new->securebits |= issecure_mask(SECURE_KEEP_CAPS);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 968 else
d84f4f992cbd76 David Howells 2008-11-14 969 new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);
6d6f3328422a3b Tetsuo Handa 2014-07-22 970 return commit_creds(new);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 971
58319057b78476 Andy Lutomirski 2015-09-04 972 case PR_CAP_AMBIENT:
58319057b78476 Andy Lutomirski 2015-09-04 973 if (arg2 == PR_CAP_AMBIENT_CLEAR_ALL) {
58319057b78476 Andy Lutomirski 2015-09-04 974 if (arg3 | arg4 | arg5)
58319057b78476 Andy Lutomirski 2015-09-04 975 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 976
58319057b78476 Andy Lutomirski 2015-09-04 977 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 978 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 979 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 980 cap_clear(new->cap_ambient);
58319057b78476 Andy Lutomirski 2015-09-04 981 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 982 }
58319057b78476 Andy Lutomirski 2015-09-04 983
58319057b78476 Andy Lutomirski 2015-09-04 @984 if (((!cap_valid(arg3)) | arg4 | arg5))
58319057b78476 Andy Lutomirski 2015-09-04 985 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 986
58319057b78476 Andy Lutomirski 2015-09-04 987 if (arg2 == PR_CAP_AMBIENT_IS_SET) {
58319057b78476 Andy Lutomirski 2015-09-04 988 return !!cap_raised(current_cred()->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 989 } else if (arg2 != PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 990 arg2 != PR_CAP_AMBIENT_LOWER) {
58319057b78476 Andy Lutomirski 2015-09-04 991 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 992 } else {
58319057b78476 Andy Lutomirski 2015-09-04 993 if (arg2 == PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 994 (!cap_raised(current_cred()->cap_permitted, arg3) ||
58319057b78476 Andy Lutomirski 2015-09-04 995 !cap_raised(current_cred()->cap_inheritable,
58319057b78476 Andy Lutomirski 2015-09-04 996 arg3)))
58319057b78476 Andy Lutomirski 2015-09-04 997 return -EPERM;
58319057b78476 Andy Lutomirski 2015-09-04 998
58319057b78476 Andy Lutomirski 2015-09-04 999 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 1000 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 1001 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 1002 if (arg2 == PR_CAP_AMBIENT_RAISE)
58319057b78476 Andy Lutomirski 2015-09-04 1003 cap_raise(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1004 else
58319057b78476 Andy Lutomirski 2015-09-04 1005 cap_lower(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1006 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 1007 }
58319057b78476 Andy Lutomirski 2015-09-04 1008
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1009 default:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1010 /* No functionality available - continue with default */
6d6f3328422a3b Tetsuo Handa 2014-07-22 1011 return -ENOSYS;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1012 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1013 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1014
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 8+ messages in thread* security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
@ 2023-11-12 7:29 kernel test robot
0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2023-11-12 7:29 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "low confidence static check warning: security/commoncap.c:984:41: sparse: sparse: dubious: !x | y"
::::::
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: linux-kernel@vger.kernel.org
TO: Andy Lutomirski <luto@kernel.org>
CC: Christoph Lameter <cl@linux-foundation.org>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 1b907d0507354b74a4f2c286380cd6059af79248
commit: 58319057b7847667f0c9585b9de0e8932b0fdb08 capabilities: ambient capabilities
date: 8 years ago
:::::: branch date: 6 hours ago
:::::: commit date: 8 years ago
config: x86_64-randconfig-a013-20230614 (https://download.01.org/0day-ci/archive/20231112/202311121535.MVaY98pl-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231112/202311121535.MVaY98pl-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/r/202311121535.MVaY98pl-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
>> security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
security/commoncap.c:1064:27: sparse: sparse: symbol 'capability_hooks' was not declared. Should it be static?
In file included from include/linux/kobject.h:21,
from include/linux/module.h:17,
from security/commoncap.c:12:
include/linux/sysfs.h: In function 'sysfs_get_dirent':
include/linux/sysfs.h:496:44: warning: pointer targets in passing argument 2 of 'kernfs_find_and_get' differ in signedness [-Wpointer-sign]
496 | return kernfs_find_and_get(parent, name);
| ^~~~
| |
| const unsigned char *
In file included from include/linux/sysfs.h:15:
include/linux/kernfs.h:424:57: note: expected 'const char *' but argument is of type 'const unsigned char *'
424 | kernfs_find_and_get(struct kernfs_node *kn, const char *name)
| ~~~~~~~~~~~~^~~~
In file included from include/linux/capability.h:15,
from security/commoncap.c:10:
security/commoncap.c: In function 'cap_prctl_drop':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:870:14: note: in expansion of macro 'cap_valid'
870 | if (!cap_valid(cap))
| ^~~~~~~~~
security/commoncap.c: In function 'cap_task_prctl':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:900:22: note: in expansion of macro 'cap_valid'
900 | if (!cap_valid(arg2))
| ^~~~~~~~~
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:984:24: note: in expansion of macro 'cap_valid'
984 | if (((!cap_valid(arg3)) | arg4 | arg5))
| ^~~~~~~~~
vim +984 security/commoncap.c
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 879
1d045980e1eff4 David Howells 2008-11-14 880 /**
1d045980e1eff4 David Howells 2008-11-14 881 * cap_task_prctl - Implement process control functions for this security module
1d045980e1eff4 David Howells 2008-11-14 882 * @option: The process control function requested
1d045980e1eff4 David Howells 2008-11-14 883 * @arg2, @arg3, @arg4, @arg5: The argument data for this function
1d045980e1eff4 David Howells 2008-11-14 884 *
1d045980e1eff4 David Howells 2008-11-14 885 * Allow process control functions (sys_prctl()) to alter capabilities; may
1d045980e1eff4 David Howells 2008-11-14 886 * also deny access to other functions not otherwise implemented here.
1d045980e1eff4 David Howells 2008-11-14 887 *
1d045980e1eff4 David Howells 2008-11-14 888 * Returns 0 or +ve on success, -ENOSYS if this function is not implemented
1d045980e1eff4 David Howells 2008-11-14 889 * here, other -ve on error. If -ENOSYS is returned, sys_prctl() and other LSM
1d045980e1eff4 David Howells 2008-11-14 890 * modules will consider performing the function.
1d045980e1eff4 David Howells 2008-11-14 891 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 892 int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
d84f4f992cbd76 David Howells 2008-11-14 893 unsigned long arg4, unsigned long arg5)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 894 {
6d6f3328422a3b Tetsuo Handa 2014-07-22 895 const struct cred *old = current_cred();
d84f4f992cbd76 David Howells 2008-11-14 896 struct cred *new;
d84f4f992cbd76 David Howells 2008-11-14 897
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 898 switch (option) {
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 899 case PR_CAPBSET_READ:
d84f4f992cbd76 David Howells 2008-11-14 900 if (!cap_valid(arg2))
6d6f3328422a3b Tetsuo Handa 2014-07-22 901 return -EINVAL;
6d6f3328422a3b Tetsuo Handa 2014-07-22 902 return !!cap_raised(old->cap_bset, arg2);
d84f4f992cbd76 David Howells 2008-11-14 903
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 904 case PR_CAPBSET_DROP:
6d6f3328422a3b Tetsuo Handa 2014-07-22 905 return cap_prctl_drop(arg2);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 906
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 907 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 908 * The next four prctl's remain to assist with transitioning a
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 909 * system from legacy UID=0 based privilege (when filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 910 * capabilities are not in use) to a system using filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 911 * capabilities only - as the POSIX.1e draft intended.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 912 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 913 * Note:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 914 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 915 * PR_SET_SECUREBITS =
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 916 * issecure_mask(SECURE_KEEP_CAPS_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 917 * | issecure_mask(SECURE_NOROOT)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 918 * | issecure_mask(SECURE_NOROOT_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 919 * | issecure_mask(SECURE_NO_SETUID_FIXUP)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 920 * | issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 921 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 922 * will ensure that the current process and all of its
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 923 * children will be locked into a pure
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 924 * capability-based-privilege environment.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 925 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 926 case PR_SET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 927 if ((((old->securebits & SECURE_ALL_LOCKS) >> 1)
6d6f3328422a3b Tetsuo Handa 2014-07-22 928 & (old->securebits ^ arg2)) /*[1]*/
6d6f3328422a3b Tetsuo Handa 2014-07-22 929 || ((old->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 930 || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/
6a9de49115d5ff Eric Paris 2012-01-03 931 || (cap_capable(current_cred(),
c4a4d603796c72 Eric W. Biederman 2011-11-16 932 current_cred()->user_ns, CAP_SETPCAP,
3699c53c485bf0 David Howells 2009-01-06 933 SECURITY_CAP_AUDIT) != 0) /*[4]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 934 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 935 * [1] no changing of bits that are locked
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 936 * [2] no unlocking of locks
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 937 * [3] no setting of unsupported bits
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 938 * [4] doing anything requires privilege (go read about
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 939 * the "sendmail capabilities bug")
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 940 */
d84f4f992cbd76 David Howells 2008-11-14 941 )
d84f4f992cbd76 David Howells 2008-11-14 942 /* cannot change a locked bit */
6d6f3328422a3b Tetsuo Handa 2014-07-22 943 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 944
6d6f3328422a3b Tetsuo Handa 2014-07-22 945 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 946 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 947 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 948 new->securebits = arg2;
6d6f3328422a3b Tetsuo Handa 2014-07-22 949 return commit_creds(new);
d84f4f992cbd76 David Howells 2008-11-14 950
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 951 case PR_GET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 952 return old->securebits;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 953
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 954 case PR_GET_KEEPCAPS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 955 return !!issecure(SECURE_KEEP_CAPS);
d84f4f992cbd76 David Howells 2008-11-14 956
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 957 case PR_SET_KEEPCAPS:
d84f4f992cbd76 David Howells 2008-11-14 958 if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */
6d6f3328422a3b Tetsuo Handa 2014-07-22 959 return -EINVAL;
d84f4f992cbd76 David Howells 2008-11-14 960 if (issecure(SECURE_KEEP_CAPS_LOCKED))
6d6f3328422a3b Tetsuo Handa 2014-07-22 961 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 962
6d6f3328422a3b Tetsuo Handa 2014-07-22 963 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 964 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 965 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 966 if (arg2)
d84f4f992cbd76 David Howells 2008-11-14 967 new->securebits |= issecure_mask(SECURE_KEEP_CAPS);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 968 else
d84f4f992cbd76 David Howells 2008-11-14 969 new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);
6d6f3328422a3b Tetsuo Handa 2014-07-22 970 return commit_creds(new);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 971
58319057b78476 Andy Lutomirski 2015-09-04 972 case PR_CAP_AMBIENT:
58319057b78476 Andy Lutomirski 2015-09-04 973 if (arg2 == PR_CAP_AMBIENT_CLEAR_ALL) {
58319057b78476 Andy Lutomirski 2015-09-04 974 if (arg3 | arg4 | arg5)
58319057b78476 Andy Lutomirski 2015-09-04 975 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 976
58319057b78476 Andy Lutomirski 2015-09-04 977 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 978 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 979 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 980 cap_clear(new->cap_ambient);
58319057b78476 Andy Lutomirski 2015-09-04 981 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 982 }
58319057b78476 Andy Lutomirski 2015-09-04 983
58319057b78476 Andy Lutomirski 2015-09-04 @984 if (((!cap_valid(arg3)) | arg4 | arg5))
58319057b78476 Andy Lutomirski 2015-09-04 985 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 986
58319057b78476 Andy Lutomirski 2015-09-04 987 if (arg2 == PR_CAP_AMBIENT_IS_SET) {
58319057b78476 Andy Lutomirski 2015-09-04 988 return !!cap_raised(current_cred()->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 989 } else if (arg2 != PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 990 arg2 != PR_CAP_AMBIENT_LOWER) {
58319057b78476 Andy Lutomirski 2015-09-04 991 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 992 } else {
58319057b78476 Andy Lutomirski 2015-09-04 993 if (arg2 == PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 994 (!cap_raised(current_cred()->cap_permitted, arg3) ||
58319057b78476 Andy Lutomirski 2015-09-04 995 !cap_raised(current_cred()->cap_inheritable,
58319057b78476 Andy Lutomirski 2015-09-04 996 arg3)))
58319057b78476 Andy Lutomirski 2015-09-04 997 return -EPERM;
58319057b78476 Andy Lutomirski 2015-09-04 998
58319057b78476 Andy Lutomirski 2015-09-04 999 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 1000 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 1001 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 1002 if (arg2 == PR_CAP_AMBIENT_RAISE)
58319057b78476 Andy Lutomirski 2015-09-04 1003 cap_raise(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1004 else
58319057b78476 Andy Lutomirski 2015-09-04 1005 cap_lower(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1006 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 1007 }
58319057b78476 Andy Lutomirski 2015-09-04 1008
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1009 default:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1010 /* No functionality available - continue with default */
6d6f3328422a3b Tetsuo Handa 2014-07-22 1011 return -ENOSYS;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1012 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1013 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1014
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 8+ messages in thread* security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
@ 2023-11-11 19:20 kernel test robot
0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2023-11-11 19:20 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "low confidence static check warning: security/commoncap.c:984:41: sparse: sparse: dubious: !x | y"
::::::
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: linux-kernel@vger.kernel.org
TO: Andy Lutomirski <luto@kernel.org>
CC: Christoph Lameter <cl@linux-foundation.org>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 3ca112b71f35dd5d99fc4571a56b5fc6f0c15814
commit: 58319057b7847667f0c9585b9de0e8932b0fdb08 capabilities: ambient capabilities
date: 8 years ago
:::::: branch date: 19 hours ago
:::::: commit date: 8 years ago
config: x86_64-randconfig-r031-20230909 (https://download.01.org/0day-ci/archive/20231112/202311120345.OsfhC45Z-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231112/202311120345.OsfhC45Z-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/r/202311120345.OsfhC45Z-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
>> security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
security/commoncap.c:1064:27: sparse: sparse: symbol 'capability_hooks' was not declared. Should it be static?
In file included from include/linux/kobject.h:21,
from include/linux/module.h:17,
from security/commoncap.c:12:
include/linux/sysfs.h: In function 'sysfs_get_dirent':
include/linux/sysfs.h:496:44: warning: pointer targets in passing argument 2 of 'kernfs_find_and_get' differ in signedness [-Wpointer-sign]
496 | return kernfs_find_and_get(parent, name);
| ^~~~
| |
| const unsigned char *
In file included from include/linux/sysfs.h:15:
include/linux/kernfs.h:424:57: note: expected 'const char *' but argument is of type 'const unsigned char *'
424 | kernfs_find_and_get(struct kernfs_node *kn, const char *name)
| ~~~~~~~~~~~~^~~~
In file included from include/linux/capability.h:15,
from security/commoncap.c:10:
security/commoncap.c: In function 'cap_prctl_drop':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:870:14: note: in expansion of macro 'cap_valid'
870 | if (!cap_valid(cap))
| ^~~~~~~~~
security/commoncap.c: In function 'cap_task_prctl':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:900:22: note: in expansion of macro 'cap_valid'
900 | if (!cap_valid(arg2))
| ^~~~~~~~~
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:984:24: note: in expansion of macro 'cap_valid'
984 | if (((!cap_valid(arg3)) | arg4 | arg5))
| ^~~~~~~~~
vim +984 security/commoncap.c
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 879
1d045980e1eff4 David Howells 2008-11-14 880 /**
1d045980e1eff4 David Howells 2008-11-14 881 * cap_task_prctl - Implement process control functions for this security module
1d045980e1eff4 David Howells 2008-11-14 882 * @option: The process control function requested
1d045980e1eff4 David Howells 2008-11-14 883 * @arg2, @arg3, @arg4, @arg5: The argument data for this function
1d045980e1eff4 David Howells 2008-11-14 884 *
1d045980e1eff4 David Howells 2008-11-14 885 * Allow process control functions (sys_prctl()) to alter capabilities; may
1d045980e1eff4 David Howells 2008-11-14 886 * also deny access to other functions not otherwise implemented here.
1d045980e1eff4 David Howells 2008-11-14 887 *
1d045980e1eff4 David Howells 2008-11-14 888 * Returns 0 or +ve on success, -ENOSYS if this function is not implemented
1d045980e1eff4 David Howells 2008-11-14 889 * here, other -ve on error. If -ENOSYS is returned, sys_prctl() and other LSM
1d045980e1eff4 David Howells 2008-11-14 890 * modules will consider performing the function.
1d045980e1eff4 David Howells 2008-11-14 891 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 892 int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
d84f4f992cbd76 David Howells 2008-11-14 893 unsigned long arg4, unsigned long arg5)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 894 {
6d6f3328422a3b Tetsuo Handa 2014-07-22 895 const struct cred *old = current_cred();
d84f4f992cbd76 David Howells 2008-11-14 896 struct cred *new;
d84f4f992cbd76 David Howells 2008-11-14 897
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 898 switch (option) {
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 899 case PR_CAPBSET_READ:
d84f4f992cbd76 David Howells 2008-11-14 900 if (!cap_valid(arg2))
6d6f3328422a3b Tetsuo Handa 2014-07-22 901 return -EINVAL;
6d6f3328422a3b Tetsuo Handa 2014-07-22 902 return !!cap_raised(old->cap_bset, arg2);
d84f4f992cbd76 David Howells 2008-11-14 903
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 904 case PR_CAPBSET_DROP:
6d6f3328422a3b Tetsuo Handa 2014-07-22 905 return cap_prctl_drop(arg2);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 906
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 907 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 908 * The next four prctl's remain to assist with transitioning a
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 909 * system from legacy UID=0 based privilege (when filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 910 * capabilities are not in use) to a system using filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 911 * capabilities only - as the POSIX.1e draft intended.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 912 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 913 * Note:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 914 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 915 * PR_SET_SECUREBITS =
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 916 * issecure_mask(SECURE_KEEP_CAPS_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 917 * | issecure_mask(SECURE_NOROOT)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 918 * | issecure_mask(SECURE_NOROOT_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 919 * | issecure_mask(SECURE_NO_SETUID_FIXUP)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 920 * | issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 921 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 922 * will ensure that the current process and all of its
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 923 * children will be locked into a pure
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 924 * capability-based-privilege environment.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 925 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 926 case PR_SET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 927 if ((((old->securebits & SECURE_ALL_LOCKS) >> 1)
6d6f3328422a3b Tetsuo Handa 2014-07-22 928 & (old->securebits ^ arg2)) /*[1]*/
6d6f3328422a3b Tetsuo Handa 2014-07-22 929 || ((old->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 930 || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/
6a9de49115d5ff Eric Paris 2012-01-03 931 || (cap_capable(current_cred(),
c4a4d603796c72 Eric W. Biederman 2011-11-16 932 current_cred()->user_ns, CAP_SETPCAP,
3699c53c485bf0 David Howells 2009-01-06 933 SECURITY_CAP_AUDIT) != 0) /*[4]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 934 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 935 * [1] no changing of bits that are locked
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 936 * [2] no unlocking of locks
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 937 * [3] no setting of unsupported bits
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 938 * [4] doing anything requires privilege (go read about
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 939 * the "sendmail capabilities bug")
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 940 */
d84f4f992cbd76 David Howells 2008-11-14 941 )
d84f4f992cbd76 David Howells 2008-11-14 942 /* cannot change a locked bit */
6d6f3328422a3b Tetsuo Handa 2014-07-22 943 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 944
6d6f3328422a3b Tetsuo Handa 2014-07-22 945 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 946 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 947 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 948 new->securebits = arg2;
6d6f3328422a3b Tetsuo Handa 2014-07-22 949 return commit_creds(new);
d84f4f992cbd76 David Howells 2008-11-14 950
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 951 case PR_GET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 952 return old->securebits;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 953
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 954 case PR_GET_KEEPCAPS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 955 return !!issecure(SECURE_KEEP_CAPS);
d84f4f992cbd76 David Howells 2008-11-14 956
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 957 case PR_SET_KEEPCAPS:
d84f4f992cbd76 David Howells 2008-11-14 958 if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */
6d6f3328422a3b Tetsuo Handa 2014-07-22 959 return -EINVAL;
d84f4f992cbd76 David Howells 2008-11-14 960 if (issecure(SECURE_KEEP_CAPS_LOCKED))
6d6f3328422a3b Tetsuo Handa 2014-07-22 961 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 962
6d6f3328422a3b Tetsuo Handa 2014-07-22 963 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 964 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 965 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 966 if (arg2)
d84f4f992cbd76 David Howells 2008-11-14 967 new->securebits |= issecure_mask(SECURE_KEEP_CAPS);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 968 else
d84f4f992cbd76 David Howells 2008-11-14 969 new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);
6d6f3328422a3b Tetsuo Handa 2014-07-22 970 return commit_creds(new);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 971
58319057b78476 Andy Lutomirski 2015-09-04 972 case PR_CAP_AMBIENT:
58319057b78476 Andy Lutomirski 2015-09-04 973 if (arg2 == PR_CAP_AMBIENT_CLEAR_ALL) {
58319057b78476 Andy Lutomirski 2015-09-04 974 if (arg3 | arg4 | arg5)
58319057b78476 Andy Lutomirski 2015-09-04 975 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 976
58319057b78476 Andy Lutomirski 2015-09-04 977 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 978 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 979 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 980 cap_clear(new->cap_ambient);
58319057b78476 Andy Lutomirski 2015-09-04 981 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 982 }
58319057b78476 Andy Lutomirski 2015-09-04 983
58319057b78476 Andy Lutomirski 2015-09-04 @984 if (((!cap_valid(arg3)) | arg4 | arg5))
58319057b78476 Andy Lutomirski 2015-09-04 985 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 986
58319057b78476 Andy Lutomirski 2015-09-04 987 if (arg2 == PR_CAP_AMBIENT_IS_SET) {
58319057b78476 Andy Lutomirski 2015-09-04 988 return !!cap_raised(current_cred()->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 989 } else if (arg2 != PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 990 arg2 != PR_CAP_AMBIENT_LOWER) {
58319057b78476 Andy Lutomirski 2015-09-04 991 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 992 } else {
58319057b78476 Andy Lutomirski 2015-09-04 993 if (arg2 == PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 994 (!cap_raised(current_cred()->cap_permitted, arg3) ||
58319057b78476 Andy Lutomirski 2015-09-04 995 !cap_raised(current_cred()->cap_inheritable,
58319057b78476 Andy Lutomirski 2015-09-04 996 arg3)))
58319057b78476 Andy Lutomirski 2015-09-04 997 return -EPERM;
58319057b78476 Andy Lutomirski 2015-09-04 998
58319057b78476 Andy Lutomirski 2015-09-04 999 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 1000 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 1001 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 1002 if (arg2 == PR_CAP_AMBIENT_RAISE)
58319057b78476 Andy Lutomirski 2015-09-04 1003 cap_raise(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1004 else
58319057b78476 Andy Lutomirski 2015-09-04 1005 cap_lower(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1006 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 1007 }
58319057b78476 Andy Lutomirski 2015-09-04 1008
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1009 default:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1010 /* No functionality available - continue with default */
6d6f3328422a3b Tetsuo Handa 2014-07-22 1011 return -ENOSYS;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1012 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1013 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1014
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 8+ messages in thread* security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
@ 2023-11-10 12:30 kernel test robot
0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2023-11-10 12:30 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "low confidence static check warning: security/commoncap.c:984:41: sparse: sparse: dubious: !x | y"
::::::
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: linux-kernel@vger.kernel.org
TO: Andy Lutomirski <luto@kernel.org>
CC: Christoph Lameter <cl@linux-foundation.org>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 89cdf9d556016a54ff6ddd62324aa5ec790c05cc
commit: 58319057b7847667f0c9585b9de0e8932b0fdb08 capabilities: ambient capabilities
date: 8 years ago
:::::: branch date: 11 hours ago
:::::: commit date: 8 years ago
config: x86_64-allnoconfig (https://download.01.org/0day-ci/archive/20231110/202311102038.338ZUQVV-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231110/202311102038.338ZUQVV-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/r/202311102038.338ZUQVV-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
>> security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
In file included from include/linux/kobject.h:21,
from include/linux/module.h:17,
from security/commoncap.c:12:
include/linux/sysfs.h: In function 'sysfs_get_dirent':
include/linux/sysfs.h:496:44: warning: pointer targets in passing argument 2 of 'kernfs_find_and_get' differ in signedness [-Wpointer-sign]
496 | return kernfs_find_and_get(parent, name);
| ^~~~
| |
| const unsigned char *
In file included from include/linux/sysfs.h:15:
include/linux/kernfs.h:424:57: note: expected 'const char *' but argument is of type 'const unsigned char *'
424 | kernfs_find_and_get(struct kernfs_node *kn, const char *name)
| ~~~~~~~~~~~~^~~~
In file included from include/linux/capability.h:15,
from security/commoncap.c:10:
security/commoncap.c: In function 'cap_prctl_drop':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:870:14: note: in expansion of macro 'cap_valid'
870 | if (!cap_valid(cap))
| ^~~~~~~~~
security/commoncap.c: In function 'cap_task_prctl':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:900:22: note: in expansion of macro 'cap_valid'
900 | if (!cap_valid(arg2))
| ^~~~~~~~~
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:984:24: note: in expansion of macro 'cap_valid'
984 | if (((!cap_valid(arg3)) | arg4 | arg5))
| ^~~~~~~~~
vim +984 security/commoncap.c
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 879
1d045980e1eff4 David Howells 2008-11-14 880 /**
1d045980e1eff4 David Howells 2008-11-14 881 * cap_task_prctl - Implement process control functions for this security module
1d045980e1eff4 David Howells 2008-11-14 882 * @option: The process control function requested
1d045980e1eff4 David Howells 2008-11-14 883 * @arg2, @arg3, @arg4, @arg5: The argument data for this function
1d045980e1eff4 David Howells 2008-11-14 884 *
1d045980e1eff4 David Howells 2008-11-14 885 * Allow process control functions (sys_prctl()) to alter capabilities; may
1d045980e1eff4 David Howells 2008-11-14 886 * also deny access to other functions not otherwise implemented here.
1d045980e1eff4 David Howells 2008-11-14 887 *
1d045980e1eff4 David Howells 2008-11-14 888 * Returns 0 or +ve on success, -ENOSYS if this function is not implemented
1d045980e1eff4 David Howells 2008-11-14 889 * here, other -ve on error. If -ENOSYS is returned, sys_prctl() and other LSM
1d045980e1eff4 David Howells 2008-11-14 890 * modules will consider performing the function.
1d045980e1eff4 David Howells 2008-11-14 891 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 892 int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
d84f4f992cbd76 David Howells 2008-11-14 893 unsigned long arg4, unsigned long arg5)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 894 {
6d6f3328422a3b Tetsuo Handa 2014-07-22 895 const struct cred *old = current_cred();
d84f4f992cbd76 David Howells 2008-11-14 896 struct cred *new;
d84f4f992cbd76 David Howells 2008-11-14 897
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 898 switch (option) {
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 899 case PR_CAPBSET_READ:
d84f4f992cbd76 David Howells 2008-11-14 900 if (!cap_valid(arg2))
6d6f3328422a3b Tetsuo Handa 2014-07-22 901 return -EINVAL;
6d6f3328422a3b Tetsuo Handa 2014-07-22 902 return !!cap_raised(old->cap_bset, arg2);
d84f4f992cbd76 David Howells 2008-11-14 903
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 904 case PR_CAPBSET_DROP:
6d6f3328422a3b Tetsuo Handa 2014-07-22 905 return cap_prctl_drop(arg2);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 906
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 907 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 908 * The next four prctl's remain to assist with transitioning a
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 909 * system from legacy UID=0 based privilege (when filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 910 * capabilities are not in use) to a system using filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 911 * capabilities only - as the POSIX.1e draft intended.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 912 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 913 * Note:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 914 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 915 * PR_SET_SECUREBITS =
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 916 * issecure_mask(SECURE_KEEP_CAPS_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 917 * | issecure_mask(SECURE_NOROOT)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 918 * | issecure_mask(SECURE_NOROOT_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 919 * | issecure_mask(SECURE_NO_SETUID_FIXUP)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 920 * | issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 921 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 922 * will ensure that the current process and all of its
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 923 * children will be locked into a pure
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 924 * capability-based-privilege environment.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 925 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 926 case PR_SET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 927 if ((((old->securebits & SECURE_ALL_LOCKS) >> 1)
6d6f3328422a3b Tetsuo Handa 2014-07-22 928 & (old->securebits ^ arg2)) /*[1]*/
6d6f3328422a3b Tetsuo Handa 2014-07-22 929 || ((old->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 930 || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/
6a9de49115d5ff Eric Paris 2012-01-03 931 || (cap_capable(current_cred(),
c4a4d603796c72 Eric W. Biederman 2011-11-16 932 current_cred()->user_ns, CAP_SETPCAP,
3699c53c485bf0 David Howells 2009-01-06 933 SECURITY_CAP_AUDIT) != 0) /*[4]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 934 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 935 * [1] no changing of bits that are locked
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 936 * [2] no unlocking of locks
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 937 * [3] no setting of unsupported bits
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 938 * [4] doing anything requires privilege (go read about
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 939 * the "sendmail capabilities bug")
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 940 */
d84f4f992cbd76 David Howells 2008-11-14 941 )
d84f4f992cbd76 David Howells 2008-11-14 942 /* cannot change a locked bit */
6d6f3328422a3b Tetsuo Handa 2014-07-22 943 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 944
6d6f3328422a3b Tetsuo Handa 2014-07-22 945 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 946 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 947 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 948 new->securebits = arg2;
6d6f3328422a3b Tetsuo Handa 2014-07-22 949 return commit_creds(new);
d84f4f992cbd76 David Howells 2008-11-14 950
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 951 case PR_GET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 952 return old->securebits;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 953
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 954 case PR_GET_KEEPCAPS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 955 return !!issecure(SECURE_KEEP_CAPS);
d84f4f992cbd76 David Howells 2008-11-14 956
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 957 case PR_SET_KEEPCAPS:
d84f4f992cbd76 David Howells 2008-11-14 958 if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */
6d6f3328422a3b Tetsuo Handa 2014-07-22 959 return -EINVAL;
d84f4f992cbd76 David Howells 2008-11-14 960 if (issecure(SECURE_KEEP_CAPS_LOCKED))
6d6f3328422a3b Tetsuo Handa 2014-07-22 961 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 962
6d6f3328422a3b Tetsuo Handa 2014-07-22 963 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 964 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 965 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 966 if (arg2)
d84f4f992cbd76 David Howells 2008-11-14 967 new->securebits |= issecure_mask(SECURE_KEEP_CAPS);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 968 else
d84f4f992cbd76 David Howells 2008-11-14 969 new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);
6d6f3328422a3b Tetsuo Handa 2014-07-22 970 return commit_creds(new);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 971
58319057b78476 Andy Lutomirski 2015-09-04 972 case PR_CAP_AMBIENT:
58319057b78476 Andy Lutomirski 2015-09-04 973 if (arg2 == PR_CAP_AMBIENT_CLEAR_ALL) {
58319057b78476 Andy Lutomirski 2015-09-04 974 if (arg3 | arg4 | arg5)
58319057b78476 Andy Lutomirski 2015-09-04 975 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 976
58319057b78476 Andy Lutomirski 2015-09-04 977 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 978 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 979 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 980 cap_clear(new->cap_ambient);
58319057b78476 Andy Lutomirski 2015-09-04 981 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 982 }
58319057b78476 Andy Lutomirski 2015-09-04 983
58319057b78476 Andy Lutomirski 2015-09-04 @984 if (((!cap_valid(arg3)) | arg4 | arg5))
58319057b78476 Andy Lutomirski 2015-09-04 985 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 986
58319057b78476 Andy Lutomirski 2015-09-04 987 if (arg2 == PR_CAP_AMBIENT_IS_SET) {
58319057b78476 Andy Lutomirski 2015-09-04 988 return !!cap_raised(current_cred()->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 989 } else if (arg2 != PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 990 arg2 != PR_CAP_AMBIENT_LOWER) {
58319057b78476 Andy Lutomirski 2015-09-04 991 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 992 } else {
58319057b78476 Andy Lutomirski 2015-09-04 993 if (arg2 == PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 994 (!cap_raised(current_cred()->cap_permitted, arg3) ||
58319057b78476 Andy Lutomirski 2015-09-04 995 !cap_raised(current_cred()->cap_inheritable,
58319057b78476 Andy Lutomirski 2015-09-04 996 arg3)))
58319057b78476 Andy Lutomirski 2015-09-04 997 return -EPERM;
58319057b78476 Andy Lutomirski 2015-09-04 998
58319057b78476 Andy Lutomirski 2015-09-04 999 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 1000 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 1001 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 1002 if (arg2 == PR_CAP_AMBIENT_RAISE)
58319057b78476 Andy Lutomirski 2015-09-04 1003 cap_raise(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1004 else
58319057b78476 Andy Lutomirski 2015-09-04 1005 cap_lower(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1006 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 1007 }
58319057b78476 Andy Lutomirski 2015-09-04 1008
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1009 default:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1010 /* No functionality available - continue with default */
6d6f3328422a3b Tetsuo Handa 2014-07-22 1011 return -ENOSYS;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1012 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1013 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1014
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 8+ messages in thread* security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
@ 2023-11-09 16:12 kernel test robot
0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2023-11-09 16:12 UTC (permalink / raw)
To: oe-kbuild; +Cc: lkp
::::::
:::::: Manual check reason: "low confidence static check warning: security/commoncap.c:984:41: sparse: sparse: dubious: !x | y"
::::::
BCC: lkp@intel.com
CC: oe-kbuild-all@lists.linux.dev
CC: linux-kernel@vger.kernel.org
TO: Andy Lutomirski <luto@kernel.org>
CC: Christoph Lameter <cl@linux-foundation.org>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Linux Memory Management List <linux-mm@kvack.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head: 6bc986ab839c844e78a2333a02e55f02c9e57935
commit: 58319057b7847667f0c9585b9de0e8932b0fdb08 capabilities: ambient capabilities
date: 8 years ago
:::::: branch date: 18 hours ago
:::::: commit date: 8 years ago
config: x86_64-allnoconfig (https://download.01.org/0day-ci/archive/20231109/202311092322.ryWrxjl9-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231109/202311092322.ryWrxjl9-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/r/202311092322.ryWrxjl9-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
>> security/commoncap.c:984:41: sparse: sparse: dubious: !x | y
In file included from include/linux/kobject.h:21,
from include/linux/module.h:17,
from security/commoncap.c:12:
include/linux/sysfs.h: In function 'sysfs_get_dirent':
include/linux/sysfs.h:496:44: warning: pointer targets in passing argument 2 of 'kernfs_find_and_get' differ in signedness [-Wpointer-sign]
496 | return kernfs_find_and_get(parent, name);
| ^~~~
| |
| const unsigned char *
In file included from include/linux/sysfs.h:15:
include/linux/kernfs.h:424:57: note: expected 'const char *' but argument is of type 'const unsigned char *'
424 | kernfs_find_and_get(struct kernfs_node *kn, const char *name)
| ~~~~~~~~~~~~^~~~
In file included from include/linux/capability.h:15,
from security/commoncap.c:10:
security/commoncap.c: In function 'cap_prctl_drop':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:870:14: note: in expansion of macro 'cap_valid'
870 | if (!cap_valid(cap))
| ^~~~~~~~~
security/commoncap.c: In function 'cap_task_prctl':
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:900:22: note: in expansion of macro 'cap_valid'
900 | if (!cap_valid(arg2))
| ^~~~~~~~~
include/uapi/linux/capability.h:357:27: warning: comparison of unsigned expression in '>= 0' is always true [-Wtype-limits]
357 | #define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
| ^~
security/commoncap.c:984:24: note: in expansion of macro 'cap_valid'
984 | if (((!cap_valid(arg3)) | arg4 | arg5))
| ^~~~~~~~~
vim +984 security/commoncap.c
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 879
1d045980e1eff4 David Howells 2008-11-14 880 /**
1d045980e1eff4 David Howells 2008-11-14 881 * cap_task_prctl - Implement process control functions for this security module
1d045980e1eff4 David Howells 2008-11-14 882 * @option: The process control function requested
1d045980e1eff4 David Howells 2008-11-14 883 * @arg2, @arg3, @arg4, @arg5: The argument data for this function
1d045980e1eff4 David Howells 2008-11-14 884 *
1d045980e1eff4 David Howells 2008-11-14 885 * Allow process control functions (sys_prctl()) to alter capabilities; may
1d045980e1eff4 David Howells 2008-11-14 886 * also deny access to other functions not otherwise implemented here.
1d045980e1eff4 David Howells 2008-11-14 887 *
1d045980e1eff4 David Howells 2008-11-14 888 * Returns 0 or +ve on success, -ENOSYS if this function is not implemented
1d045980e1eff4 David Howells 2008-11-14 889 * here, other -ve on error. If -ENOSYS is returned, sys_prctl() and other LSM
1d045980e1eff4 David Howells 2008-11-14 890 * modules will consider performing the function.
1d045980e1eff4 David Howells 2008-11-14 891 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 892 int cap_task_prctl(int option, unsigned long arg2, unsigned long arg3,
d84f4f992cbd76 David Howells 2008-11-14 893 unsigned long arg4, unsigned long arg5)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 894 {
6d6f3328422a3b Tetsuo Handa 2014-07-22 895 const struct cred *old = current_cred();
d84f4f992cbd76 David Howells 2008-11-14 896 struct cred *new;
d84f4f992cbd76 David Howells 2008-11-14 897
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 898 switch (option) {
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 899 case PR_CAPBSET_READ:
d84f4f992cbd76 David Howells 2008-11-14 900 if (!cap_valid(arg2))
6d6f3328422a3b Tetsuo Handa 2014-07-22 901 return -EINVAL;
6d6f3328422a3b Tetsuo Handa 2014-07-22 902 return !!cap_raised(old->cap_bset, arg2);
d84f4f992cbd76 David Howells 2008-11-14 903
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 904 case PR_CAPBSET_DROP:
6d6f3328422a3b Tetsuo Handa 2014-07-22 905 return cap_prctl_drop(arg2);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 906
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 907 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 908 * The next four prctl's remain to assist with transitioning a
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 909 * system from legacy UID=0 based privilege (when filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 910 * capabilities are not in use) to a system using filesystem
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 911 * capabilities only - as the POSIX.1e draft intended.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 912 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 913 * Note:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 914 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 915 * PR_SET_SECUREBITS =
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 916 * issecure_mask(SECURE_KEEP_CAPS_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 917 * | issecure_mask(SECURE_NOROOT)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 918 * | issecure_mask(SECURE_NOROOT_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 919 * | issecure_mask(SECURE_NO_SETUID_FIXUP)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 920 * | issecure_mask(SECURE_NO_SETUID_FIXUP_LOCKED)
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 921 *
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 922 * will ensure that the current process and all of its
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 923 * children will be locked into a pure
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 924 * capability-based-privilege environment.
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 925 */
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 926 case PR_SET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 927 if ((((old->securebits & SECURE_ALL_LOCKS) >> 1)
6d6f3328422a3b Tetsuo Handa 2014-07-22 928 & (old->securebits ^ arg2)) /*[1]*/
6d6f3328422a3b Tetsuo Handa 2014-07-22 929 || ((old->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 930 || (arg2 & ~(SECURE_ALL_LOCKS | SECURE_ALL_BITS)) /*[3]*/
6a9de49115d5ff Eric Paris 2012-01-03 931 || (cap_capable(current_cred(),
c4a4d603796c72 Eric W. Biederman 2011-11-16 932 current_cred()->user_ns, CAP_SETPCAP,
3699c53c485bf0 David Howells 2009-01-06 933 SECURITY_CAP_AUDIT) != 0) /*[4]*/
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 934 /*
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 935 * [1] no changing of bits that are locked
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 936 * [2] no unlocking of locks
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 937 * [3] no setting of unsupported bits
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 938 * [4] doing anything requires privilege (go read about
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 939 * the "sendmail capabilities bug")
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 940 */
d84f4f992cbd76 David Howells 2008-11-14 941 )
d84f4f992cbd76 David Howells 2008-11-14 942 /* cannot change a locked bit */
6d6f3328422a3b Tetsuo Handa 2014-07-22 943 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 944
6d6f3328422a3b Tetsuo Handa 2014-07-22 945 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 946 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 947 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 948 new->securebits = arg2;
6d6f3328422a3b Tetsuo Handa 2014-07-22 949 return commit_creds(new);
d84f4f992cbd76 David Howells 2008-11-14 950
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 951 case PR_GET_SECUREBITS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 952 return old->securebits;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 953
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 954 case PR_GET_KEEPCAPS:
6d6f3328422a3b Tetsuo Handa 2014-07-22 955 return !!issecure(SECURE_KEEP_CAPS);
d84f4f992cbd76 David Howells 2008-11-14 956
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 957 case PR_SET_KEEPCAPS:
d84f4f992cbd76 David Howells 2008-11-14 958 if (arg2 > 1) /* Note, we rely on arg2 being unsigned here */
6d6f3328422a3b Tetsuo Handa 2014-07-22 959 return -EINVAL;
d84f4f992cbd76 David Howells 2008-11-14 960 if (issecure(SECURE_KEEP_CAPS_LOCKED))
6d6f3328422a3b Tetsuo Handa 2014-07-22 961 return -EPERM;
6d6f3328422a3b Tetsuo Handa 2014-07-22 962
6d6f3328422a3b Tetsuo Handa 2014-07-22 963 new = prepare_creds();
6d6f3328422a3b Tetsuo Handa 2014-07-22 964 if (!new)
6d6f3328422a3b Tetsuo Handa 2014-07-22 965 return -ENOMEM;
d84f4f992cbd76 David Howells 2008-11-14 966 if (arg2)
d84f4f992cbd76 David Howells 2008-11-14 967 new->securebits |= issecure_mask(SECURE_KEEP_CAPS);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 968 else
d84f4f992cbd76 David Howells 2008-11-14 969 new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);
6d6f3328422a3b Tetsuo Handa 2014-07-22 970 return commit_creds(new);
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 971
58319057b78476 Andy Lutomirski 2015-09-04 972 case PR_CAP_AMBIENT:
58319057b78476 Andy Lutomirski 2015-09-04 973 if (arg2 == PR_CAP_AMBIENT_CLEAR_ALL) {
58319057b78476 Andy Lutomirski 2015-09-04 974 if (arg3 | arg4 | arg5)
58319057b78476 Andy Lutomirski 2015-09-04 975 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 976
58319057b78476 Andy Lutomirski 2015-09-04 977 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 978 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 979 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 980 cap_clear(new->cap_ambient);
58319057b78476 Andy Lutomirski 2015-09-04 981 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 982 }
58319057b78476 Andy Lutomirski 2015-09-04 983
58319057b78476 Andy Lutomirski 2015-09-04 @984 if (((!cap_valid(arg3)) | arg4 | arg5))
58319057b78476 Andy Lutomirski 2015-09-04 985 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 986
58319057b78476 Andy Lutomirski 2015-09-04 987 if (arg2 == PR_CAP_AMBIENT_IS_SET) {
58319057b78476 Andy Lutomirski 2015-09-04 988 return !!cap_raised(current_cred()->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 989 } else if (arg2 != PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 990 arg2 != PR_CAP_AMBIENT_LOWER) {
58319057b78476 Andy Lutomirski 2015-09-04 991 return -EINVAL;
58319057b78476 Andy Lutomirski 2015-09-04 992 } else {
58319057b78476 Andy Lutomirski 2015-09-04 993 if (arg2 == PR_CAP_AMBIENT_RAISE &&
58319057b78476 Andy Lutomirski 2015-09-04 994 (!cap_raised(current_cred()->cap_permitted, arg3) ||
58319057b78476 Andy Lutomirski 2015-09-04 995 !cap_raised(current_cred()->cap_inheritable,
58319057b78476 Andy Lutomirski 2015-09-04 996 arg3)))
58319057b78476 Andy Lutomirski 2015-09-04 997 return -EPERM;
58319057b78476 Andy Lutomirski 2015-09-04 998
58319057b78476 Andy Lutomirski 2015-09-04 999 new = prepare_creds();
58319057b78476 Andy Lutomirski 2015-09-04 1000 if (!new)
58319057b78476 Andy Lutomirski 2015-09-04 1001 return -ENOMEM;
58319057b78476 Andy Lutomirski 2015-09-04 1002 if (arg2 == PR_CAP_AMBIENT_RAISE)
58319057b78476 Andy Lutomirski 2015-09-04 1003 cap_raise(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1004 else
58319057b78476 Andy Lutomirski 2015-09-04 1005 cap_lower(new->cap_ambient, arg3);
58319057b78476 Andy Lutomirski 2015-09-04 1006 return commit_creds(new);
58319057b78476 Andy Lutomirski 2015-09-04 1007 }
58319057b78476 Andy Lutomirski 2015-09-04 1008
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1009 default:
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1010 /* No functionality available - continue with default */
6d6f3328422a3b Tetsuo Handa 2014-07-22 1011 return -ENOSYS;
3898b1b4ebff8d Andrew G. Morgan 2008-04-28 1012 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1013 }
^1da177e4c3f41 Linus Torvalds 2005-04-16 1014
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-12-03 6:31 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-03 6:07 security/commoncap.c:984:41: sparse: sparse: dubious: !x | y kernel test robot
-- strict thread matches above, loose matches on Subject: below --
2023-12-03 6:31 kernel test robot
2023-12-02 1:52 kernel test robot
2023-11-17 23:03 kernel test robot
2023-11-12 7:29 kernel test robot
2023-11-11 19:20 kernel test robot
2023-11-10 12:30 kernel test robot
2023-11-09 16:12 kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.