[PATCH] capabilities: fix sparse warning about _

linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] capabilities: fix sparse warning about __user access
@ 2023-06-19 12:35 Ben Dooks
  2023-06-19 17:57 ` Serge E. Hallyn
  0 siblings, 1 reply; 5+ messages in thread
From: Ben Dooks @ 2023-06-19 12:35 UTC (permalink / raw)
  To: linux-security-module; +Cc: linux-kernel, serge, Ben Dooks

The two syscalls for capget and capset are producing sparse warnings
as sparse is thinking that the "struct __user_cap_data_struct" is marked
user, which seems to be down to the declaration and typedef at the same
time.

Fix the following warnings by splutting the struct declaration and then
the user typedef into two:

kernel/capability.c:191:35: warning: incorrect type in argument 2 (different address spaces)
kernel/capability.c:191:35:    expected void const *from
kernel/capability.c:191:35:    got struct __user_cap_data_struct [noderef] __user *
kernel/capability.c:168:14: warning: dereference of noderef expression
kernel/capability.c:168:45: warning: dereference of noderef expression
kernel/capability.c:169:14: warning: dereference of noderef expression
kernel/capability.c:169:45: warning: dereference of noderef expression
kernel/capability.c:170:14: warning: dereference of noderef expression
kernel/capability.c:170:45: warning: dereference of noderef expression
kernel/capability.c:244:29: warning: incorrect type in argument 1 (different address spaces)
kernel/capability.c:244:29:    expected void *to
kernel/capability.c:244:29:    got struct __user_cap_data_struct [noderef] __user ( * )[2]
kernel/capability.c:247:42: warning: dereference of noderef expression
kernel/capability.c:247:64: warning: dereference of noderef expression
kernel/capability.c:248:42: warning: dereference of noderef expression
kernel/capability.c:248:64: warning: dereference of noderef expression
kernel/capability.c:249:42: warning: dereference of noderef expression
kernel/capability.c:249:64: warning: dereference of noderef expression

Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
---
 include/uapi/linux/capability.h | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
index 3d61a0ae055d..5bb906098697 100644
--- a/include/uapi/linux/capability.h
+++ b/include/uapi/linux/capability.h
@@ -41,11 +41,12 @@ typedef struct __user_cap_header_struct {
 	int pid;
 } __user *cap_user_header_t;
 
-typedef struct __user_cap_data_struct {
+struct __user_cap_data_struct {
         __u32 effective;
         __u32 permitted;
         __u32 inheritable;
-} __user *cap_user_data_t;
+};
+typedef struct __user_cap_data_struct __user *cap_user_data_t;
 
 
 #define VFS_CAP_REVISION_MASK	0xFF000000
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] capabilities: fix sparse warning about __user access
  2023-06-19 12:35 [PATCH] capabilities: fix sparse warning about __user access Ben Dooks
@ 2023-06-19 17:57 ` Serge E. Hallyn
  2023-06-19 21:47   ` Paul Moore
  0 siblings, 1 reply; 5+ messages in thread
From: Serge E. Hallyn @ 2023-06-19 17:57 UTC (permalink / raw)
  To: Ben Dooks; +Cc: linux-security-module, linux-kernel, serge, Paul Moore

On Mon, Jun 19, 2023 at 01:35:35PM +0100, Ben Dooks wrote:
> The two syscalls for capget and capset are producing sparse warnings
> as sparse is thinking that the "struct __user_cap_data_struct" is marked
> user, which seems to be down to the declaration and typedef at the same
> time.
> 
> Fix the following warnings by splutting the struct declaration and then
> the user typedef into two:

I'm not a fan of making code changes to work around scanners'
shortcomings, mainly because eventually I assume the scanners
will learn to deal with it.

However, I don't like the all-in-one typedef+struct definition
either, so let's go with it :)

Paul, do you mind picking this up?

thanks,
-serge

> kernel/capability.c:191:35: warning: incorrect type in argument 2 (different address spaces)
> kernel/capability.c:191:35:    expected void const *from
> kernel/capability.c:191:35:    got struct __user_cap_data_struct [noderef] __user *
> kernel/capability.c:168:14: warning: dereference of noderef expression
> kernel/capability.c:168:45: warning: dereference of noderef expression
> kernel/capability.c:169:14: warning: dereference of noderef expression
> kernel/capability.c:169:45: warning: dereference of noderef expression
> kernel/capability.c:170:14: warning: dereference of noderef expression
> kernel/capability.c:170:45: warning: dereference of noderef expression
> kernel/capability.c:244:29: warning: incorrect type in argument 1 (different address spaces)
> kernel/capability.c:244:29:    expected void *to
> kernel/capability.c:244:29:    got struct __user_cap_data_struct [noderef] __user ( * )[2]
> kernel/capability.c:247:42: warning: dereference of noderef expression
> kernel/capability.c:247:64: warning: dereference of noderef expression
> kernel/capability.c:248:42: warning: dereference of noderef expression
> kernel/capability.c:248:64: warning: dereference of noderef expression
> kernel/capability.c:249:42: warning: dereference of noderef expression
> kernel/capability.c:249:64: warning: dereference of noderef expression
> 
> Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>

Reviewed-by: Serge Hallyn <serge@hallyn.com>

> ---
>  include/uapi/linux/capability.h | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/include/uapi/linux/capability.h b/include/uapi/linux/capability.h
> index 3d61a0ae055d..5bb906098697 100644
> --- a/include/uapi/linux/capability.h
> +++ b/include/uapi/linux/capability.h
> @@ -41,11 +41,12 @@ typedef struct __user_cap_header_struct {
>  	int pid;
>  } __user *cap_user_header_t;
>  
> -typedef struct __user_cap_data_struct {
> +struct __user_cap_data_struct {
>          __u32 effective;
>          __u32 permitted;
>          __u32 inheritable;
> -} __user *cap_user_data_t;
> +};
> +typedef struct __user_cap_data_struct __user *cap_user_data_t;
>  
>  
>  #define VFS_CAP_REVISION_MASK	0xFF000000
> -- 
> 2.39.2

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] capabilities: fix sparse warning about __user access
  2023-06-19 17:57 ` Serge E. Hallyn
@ 2023-06-19 21:47   ` Paul Moore
  2023-06-21 13:43     ` Serge Hallyn
  0 siblings, 1 reply; 5+ messages in thread
From: Paul Moore @ 2023-06-19 21:47 UTC (permalink / raw)
  To: Serge E. Hallyn; +Cc: Ben Dooks, linux-security-module, linux-kernel

On Mon, Jun 19, 2023 at 1:57 PM Serge E. Hallyn <serge@hallyn.com> wrote:
>
> On Mon, Jun 19, 2023 at 01:35:35PM +0100, Ben Dooks wrote:
> > The two syscalls for capget and capset are producing sparse warnings
> > as sparse is thinking that the "struct __user_cap_data_struct" is marked
> > user, which seems to be down to the declaration and typedef at the same
> > time.
> >
> > Fix the following warnings by splutting the struct declaration and then
> > the user typedef into two:
>
> I'm not a fan of making code changes to work around scanners'
> shortcomings, mainly because eventually I assume the scanners
> will learn to deal with it.
>
> However, I don't like the all-in-one typedef+struct definition
> either, so let's go with it :)
>
> Paul, do you mind picking this up?

Sure, no problem.  Since we are at -rc7, I'm assuming this can wait
until after the merge window?

-- 
paul-moore.com

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] capabilities: fix sparse warning about __user access
  2023-06-19 21:47   ` Paul Moore
@ 2023-06-21 13:43     ` Serge Hallyn
  2023-07-05 22:46       ` Paul Moore
  0 siblings, 1 reply; 5+ messages in thread
From: Serge Hallyn @ 2023-06-21 13:43 UTC (permalink / raw)
  To: Paul Moore; +Cc: Ben Dooks, linux-security-module, linux-kernel

On Mon, Jun 19, 2023 at 05:47:54PM -0400, Paul Moore wrote:
> On Mon, Jun 19, 2023 at 1:57 PM Serge E. Hallyn <serge@hallyn.com> wrote:
> >
> > On Mon, Jun 19, 2023 at 01:35:35PM +0100, Ben Dooks wrote:
> > > The two syscalls for capget and capset are producing sparse warnings
> > > as sparse is thinking that the "struct __user_cap_data_struct" is marked
> > > user, which seems to be down to the declaration and typedef at the same
> > > time.
> > >
> > > Fix the following warnings by splutting the struct declaration and then
> > > the user typedef into two:
> >
> > I'm not a fan of making code changes to work around scanners'
> > shortcomings, mainly because eventually I assume the scanners
> > will learn to deal with it.
> >
> > However, I don't like the all-in-one typedef+struct definition
> > either, so let's go with it :)
> >
> > Paul, do you mind picking this up?
> 
> Sure, no problem.  Since we are at -rc7, I'm assuming this can wait
> until after the merge window?

Yeah, it's just fixing a sparse warning, no urgency.

thanks,
-serge

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] capabilities: fix sparse warning about __user access
  2023-06-21 13:43     ` Serge Hallyn
@ 2023-07-05 22:46       ` Paul Moore
  0 siblings, 0 replies; 5+ messages in thread
From: Paul Moore @ 2023-07-05 22:46 UTC (permalink / raw)
  To: Serge Hallyn, Ben Dooks; +Cc: linux-security-module, linux-kernel

On Wed, Jun 21, 2023 at 9:43 AM Serge Hallyn <serge@hallyn.com> wrote:
> On Mon, Jun 19, 2023 at 05:47:54PM -0400, Paul Moore wrote:
> > On Mon, Jun 19, 2023 at 1:57 PM Serge E. Hallyn <serge@hallyn.com> wrote:
> > >
> > > On Mon, Jun 19, 2023 at 01:35:35PM +0100, Ben Dooks wrote:
> > > > The two syscalls for capget and capset are producing sparse warnings
> > > > as sparse is thinking that the "struct __user_cap_data_struct" is marked
> > > > user, which seems to be down to the declaration and typedef at the same
> > > > time.
> > > >
> > > > Fix the following warnings by splutting the struct declaration and then
> > > > the user typedef into two:
> > >
> > > I'm not a fan of making code changes to work around scanners'
> > > shortcomings, mainly because eventually I assume the scanners
> > > will learn to deal with it.
> > >
> > > However, I don't like the all-in-one typedef+struct definition
> > > either, so let's go with it :)
> > >
> > > Paul, do you mind picking this up?
> >
> > Sure, no problem.  Since we are at -rc7, I'm assuming this can wait
> > until after the merge window?
>
> Yeah, it's just fixing a sparse warning, no urgency.

Actually, this looks like a dup of 55382134366e ("capability: erase
checker warnings about struct __user_cap_data_struct") which is
currently in Linus' tree.

Thank you for your patch Ben, but it looks as if we had a patch a
couple of weeks before yours which fixed the same problem.  If you
notice continuing problems with the latest kernel sources from Linus
please let us know.

-- 
paul-moore.com

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-07-05 22:47 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-19 12:35 [PATCH] capabilities: fix sparse warning about __user access Ben Dooks
2023-06-19 17:57 ` Serge E. Hallyn
2023-06-19 21:47   ` Paul Moore
2023-06-21 13:43     ` Serge Hallyn
2023-07-05 22:46       ` Paul Moore

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).