From: kernel test robot <lkp@intel.com>
To: Oleg Nesterov <oleg@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>
Cc: oe-kbuild-all@lists.linux.dev,
Linux Memory Management List <linux-mm@kvack.org>,
Andy Lutomirski <luto@kernel.org>, Kees Cook <kees@kernel.org>,
Kusaram Devineni <kusaram@devineni.in>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@kernel.org>, Will Drewry <wad@chromium.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] signal: prevent evasion of SA_IMMUTABLE signals
Date: Sun, 3 May 2026 02:28:01 +0800 [thread overview]
Message-ID: <202605030218.3dGIaLF1-lkp@intel.com> (raw)
In-Reply-To: <afHBYTUA5XexTj-Q@redhat.com>
Hi Oleg,
kernel test robot noticed the following build warnings:
[auto build test WARNING on akpm-mm/mm-everything]
[also build test WARNING on linus/master v7.1-rc1 next-20260430]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Oleg-Nesterov/signal-prevent-evasion-of-SA_IMMUTABLE-signals/20260430-182827
base: https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/r/afHBYTUA5XexTj-Q%40redhat.com
patch subject: [PATCH] signal: prevent evasion of SA_IMMUTABLE signals
config: nios2-randconfig-r132-20260502 (https://download.01.org/0day-ci/archive/20260503/202605030218.3dGIaLF1-lkp@intel.com/config)
compiler: nios2-linux-gcc (GCC) 8.5.0
sparse: v0.6.5-rc1
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260503/202605030218.3dGIaLF1-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202605030218.3dGIaLF1-lkp@intel.com/
sparse warnings: (new ones prefixed by >>)
kernel/signal.c: note: in included file (through include/uapi/asm-generic/signal.h, include/asm-generic/signal.h, arch/nios2/include/uapi/asm/signal.h, ...):
include/uapi/asm-generic/signal-defs.h:83:29: sparse: sparse: multiple address spaces given
kernel/signal.c:191:31: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:191:31: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:191:31: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:194:33: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:194:33: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:194:33: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:497:9: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:497:9: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:497:9: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:501:34: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:501:34: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:501:34: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:523:53: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected struct k_sigaction *ka @@ got struct k_sigaction [noderef] __rcu * @@
kernel/signal.c:523:53: sparse: expected struct k_sigaction *ka
kernel/signal.c:523:53: sparse: got struct k_sigaction [noderef] __rcu *
include/uapi/asm-generic/signal-defs.h:83:29: sparse: sparse: multiple address spaces given
>> kernel/signal.c:1048:40: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct sighand_struct *sighand @@ got struct sighand_struct [noderef] __rcu *sighand @@
kernel/signal.c:1048:40: sparse: expected struct sighand_struct *sighand
kernel/signal.c:1048:40: sparse: got struct sighand_struct [noderef] __rcu *sighand
kernel/signal.c:1314:9: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:1314:9: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:1314:9: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:1315:16: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct k_sigaction *action @@ got struct k_sigaction [noderef] __rcu * @@
kernel/signal.c:1315:16: sparse: expected struct k_sigaction *action
kernel/signal.c:1315:16: sparse: got struct k_sigaction [noderef] __rcu *
kernel/signal.c:1336:34: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:1336:34: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:1336:34: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:2204:44: sparse: sparse: cast removes address space '__rcu' of expression
kernel/signal.c:2223:65: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct task_struct *tsk @@ got struct task_struct [noderef] __rcu *parent @@
kernel/signal.c:2223:65: sparse: expected struct task_struct *tsk
kernel/signal.c:2223:65: sparse: got struct task_struct [noderef] __rcu *parent
kernel/signal.c:2224:40: sparse: sparse: cast removes address space '__rcu' of expression
kernel/signal.c:2242:14: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct sighand_struct *psig @@ got struct sighand_struct [noderef] __rcu *[noderef] __rcu sighand @@
kernel/signal.c:2242:14: sparse: expected struct sighand_struct *psig
kernel/signal.c:2242:14: sparse: got struct sighand_struct [noderef] __rcu *[noderef] __rcu sighand
kernel/signal.c:2275:53: sparse: sparse: incorrect type in argument 3 (different address spaces) @@ expected struct task_struct *t @@ got struct task_struct [noderef] __rcu *parent @@
kernel/signal.c:2275:53: sparse: expected struct task_struct *t
kernel/signal.c:2275:53: sparse: got struct task_struct [noderef] __rcu *parent
kernel/signal.c:2276:34: sparse: sparse: incorrect type in argument 2 (different address spaces) @@ expected struct task_struct *parent @@ got struct task_struct [noderef] __rcu *parent @@
kernel/signal.c:2276:34: sparse: expected struct task_struct *parent
kernel/signal.c:2276:34: sparse: got struct task_struct [noderef] __rcu *parent
kernel/signal.c:2305:24: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct task_struct *parent @@ got struct task_struct [noderef] __rcu *parent @@
kernel/signal.c:2305:24: sparse: expected struct task_struct *parent
kernel/signal.c:2305:24: sparse: got struct task_struct [noderef] __rcu *parent
kernel/signal.c:2308:24: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct task_struct *parent @@ got struct task_struct [noderef] __rcu *real_parent @@
kernel/signal.c:2308:24: sparse: expected struct task_struct *parent
kernel/signal.c:2308:24: sparse: got struct task_struct [noderef] __rcu *real_parent
kernel/signal.c:2341:17: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected struct sighand_struct *sighand @@ got struct sighand_struct [noderef] __rcu *sighand @@
kernel/signal.c:2341:17: sparse: expected struct sighand_struct *sighand
kernel/signal.c:2341:17: sparse: got struct sighand_struct [noderef] __rcu *sighand
kernel/signal.c:2381:41: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:2381:41: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:2381:41: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:2383:39: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:2383:39: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:2383:39: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:2440:33: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:2440:33: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:2440:33: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:2498:31: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:2498:31: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:2498:31: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:2538:31: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:2538:31: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:2538:31: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:2540:33: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:2540:33: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:2540:33: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:2638:41: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:2638:41: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:2638:41: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:2722:41: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:2722:41: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:2722:41: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:2734:33: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:2734:33: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:2734:33: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:2777:52: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct task_struct *tsk @@ got struct task_struct [noderef] __rcu *parent @@
kernel/signal.c:2777:52: sparse: expected struct task_struct *tsk
kernel/signal.c:2777:52: sparse: got struct task_struct [noderef] __rcu *parent
kernel/signal.c:2779:49: sparse: sparse: cast removes address space '__rcu' of expression
kernel/signal.c:2817:49: sparse: sparse: incorrect type in initializer (different address spaces) @@ expected struct sighand_struct *sighand @@ got struct sighand_struct [noderef] __rcu *sighand @@
kernel/signal.c:2817:49: sparse: expected struct sighand_struct *sighand
kernel/signal.c:2817:49: sparse: got struct sighand_struct [noderef] __rcu *sighand
kernel/signal.c:3150:27: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:3150:27: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:3150:27: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:3170:29: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:3170:29: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:3170:29: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:3237:27: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:3237:27: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:3237:27: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:3239:29: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:3239:29: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:3239:29: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:3390:31: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:3390:31: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:3390:31: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:3393:33: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:3393:33: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:3393:33: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:3782:27: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:3782:27: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:3782:27: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:3794:37: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:3794:37: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:3794:37: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:3799:35: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:3799:35: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:3799:35: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:3804:29: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:3804:29: sparse: expected struct spinlock [usertype] *lock
kernel/signal.c:3804:29: sparse: got struct spinlock [noderef] __rcu *
kernel/signal.c:4296:31: sparse: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct spinlock [usertype] *lock @@ got struct spinlock [noderef] __rcu * @@
kernel/signal.c:4296:31: sparse: expected struct spinlock [usertype] *lock
vim +1048 kernel/signal.c
1044
1045 static int __send_signal_locked(int sig, struct kernel_siginfo *info,
1046 struct task_struct *t, enum pid_type type, bool force)
1047 {
> 1048 bool immutable = sa_immutable(t->sighand, sig);
1049 struct sigpending *pending;
1050 struct sigqueue *q;
1051 int override_rlimit;
1052 int ret = 0, result;
1053
1054 lockdep_assert_held(&t->sighand->siglock);
1055
1056 result = TRACE_SIGNAL_IGNORED;
1057 if (!prepare_signal(sig, t, force))
1058 goto ret;
1059
1060 pending = (type != PIDTYPE_PID) ? &t->signal->shared_pending : &t->pending;
1061 /*
1062 * Queue exactly one non-rt signal so that we can get more
1063 * detailed information about the cause. But we must never
1064 * lose the siginfo for an SA_IMMUTABLE signal.
1065 */
1066 result = TRACE_SIGNAL_ALREADY_PENDING;
1067 if (legacy_queue(pending, sig) && !immutable)
1068 goto ret;
1069
1070 result = TRACE_SIGNAL_DELIVERED;
1071 /*
1072 * Skip useless siginfo allocation for SIGKILL and kernel threads.
1073 */
1074 if ((sig == SIGKILL) || (t->flags & PF_KTHREAD))
1075 goto out_set;
1076
1077 /*
1078 * Real-time signals must be queued if sent by sigqueue, or
1079 * some other real-time mechanism. It is implementation
1080 * defined whether kill() does so. We attempt to do so, on
1081 * the principle of least surprise, but since kill is not
1082 * allowed to fail with EAGAIN when low on memory we just
1083 * make sure at least one signal gets delivered and don't
1084 * pass on the info struct.
1085 */
1086 if (sig < SIGRTMIN)
1087 override_rlimit = (is_si_special(info) || info->si_code >= 0);
1088 else
1089 override_rlimit = 0;
1090
1091 q = sigqueue_alloc(sig, t, GFP_ATOMIC, override_rlimit);
1092
1093 if (q) {
1094 /* Ensure dequeue_synchronous_signal() sees SA_IMMUTABLE first */
1095 if (immutable)
1096 list_add(&q->list, &pending->list);
1097 else
1098 list_add_tail(&q->list, &pending->list);
1099
1100 switch ((unsigned long) info) {
1101 case (unsigned long) SEND_SIG_NOINFO:
1102 clear_siginfo(&q->info);
1103 q->info.si_signo = sig;
1104 q->info.si_errno = 0;
1105 q->info.si_code = SI_USER;
1106 q->info.si_pid = task_tgid_nr_ns(current,
1107 task_active_pid_ns(t));
1108 rcu_read_lock();
1109 q->info.si_uid =
1110 from_kuid_munged(task_cred_xxx(t, user_ns),
1111 current_uid());
1112 rcu_read_unlock();
1113 break;
1114 case (unsigned long) SEND_SIG_PRIV:
1115 clear_siginfo(&q->info);
1116 q->info.si_signo = sig;
1117 q->info.si_errno = 0;
1118 q->info.si_code = SI_KERNEL;
1119 q->info.si_pid = 0;
1120 q->info.si_uid = 0;
1121 break;
1122 default:
1123 copy_siginfo(&q->info, info);
1124 break;
1125 }
1126 } else if (!is_si_special(info) &&
1127 sig >= SIGRTMIN && info->si_code != SI_USER) {
1128 /*
1129 * Queue overflow, abort. We may abort if the
1130 * signal was rt and sent by user using something
1131 * other than kill().
1132 */
1133 result = TRACE_SIGNAL_OVERFLOW_FAIL;
1134 ret = -EAGAIN;
1135 goto ret;
1136 } else {
1137 /*
1138 * This is a silent loss of information. We still
1139 * send the signal, but the *info bits are lost.
1140 */
1141 result = TRACE_SIGNAL_LOSE_INFO;
1142 /* The task must not escape SA_IMMUTABLE; escalate to SIGKILL */
1143 if (immutable)
1144 sig = SIGKILL;
1145 }
1146
1147 out_set:
1148 signalfd_notify(t, sig);
1149 sigaddset(&pending->signal, sig);
1150
1151 /* Let multiprocess signals appear after on-going forks */
1152 if (type > PIDTYPE_TGID) {
1153 struct multiprocess_signals *delayed;
1154 hlist_for_each_entry(delayed, &t->signal->multiprocess, node) {
1155 sigset_t *signal = &delayed->signal;
1156 /* Can't queue both a stop and a continue signal */
1157 if (sig == SIGCONT)
1158 sigdelsetmask(signal, SIG_KERNEL_STOP_MASK);
1159 else if (sig_kernel_stop(sig))
1160 sigdelset(signal, SIGCONT);
1161 sigaddset(signal, sig);
1162 }
1163 }
1164
1165 complete_signal(sig, t, type);
1166 ret:
1167 trace_signal_generate(sig, info, t, type != PIDTYPE_PID, result);
1168 return ret;
1169 }
1170
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
prev parent reply other threads:[~2026-05-02 18:28 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-29 8:29 [PATCH] signal: prevent evasion of SA_IMMUTABLE signals Oleg Nesterov
2026-04-29 10:27 ` Oleg Nesterov
2026-05-02 18:28 ` kernel test robot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202605030218.3dGIaLF1-lkp@intel.com \
--to=lkp@intel.com \
--cc=akpm@linux-foundation.org \
--cc=kees@kernel.org \
--cc=kusaram@devineni.in \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@kernel.org \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.