* Re: [PATCH v8 07/12] landlock: Add network rules support [not found] ` <9a6ea6ac-525d-e058-5867-0794a99b19a3@huawei.com> @ 2023-01-06 19:22 ` Mickaël Salaün 2023-01-09 7:59 ` Konstantin Meskhidze (A) 0 siblings, 1 reply; 8+ messages in thread From: Mickaël Salaün @ 2023-01-06 19:22 UTC (permalink / raw) To: Konstantin Meskhidze (A), linux-sparse Cc: willemdebruijn.kernel, gnoack3000, linux-security-module, netdev, netfilter-devel, artem.kuzin, Linux API, Alejandro Colomar (man-pages) On 04/01/2023 12:41, Konstantin Meskhidze (A) wrote: > > > 11/17/2022 9:43 PM, Mickaël Salaün пишет: [...] >>> /** >>> @@ -79,6 +91,24 @@ struct landlock_path_beneath_attr { >>> */ >>> } __attribute__((packed)); >>> >>> +/** >>> + * struct landlock_net_service_attr - TCP subnet definition >>> + * >>> + * Argument of sys_landlock_add_rule(). >>> + */ >>> +struct landlock_net_service_attr { >>> + /** >>> + * @allowed_access: Bitmask of allowed access network for services >>> + * (cf. `Network flags`_). >>> + */ >>> + __u64 allowed_access; >>> + /** >>> + * @port: Network port. >>> + */ >>> + __u16 port; >> >> From an UAPI point of view, I think the port field should be __be16, as >> for sockaddr_in->port and other network-related APIs. This will require >> some kernel changes to please sparse: make C=2 security/landlock/ must >> not print any warning. > > I have this errors trying to launch sparse checking: > > DESCEND objtool > DESCEND bpf/resolve_btfids > CALL scripts/checksyscalls.sh > CHK kernel/kheaders_data.tar.xz > CC security/landlock/setup.o > CHECK security/landlock/setup.c > ./include/asm-generic/rwonce.h:67:16: error: typename in expression > ./include/asm-generic/rwonce.h:67:16: error: Expected ) in function call > ./include/asm-generic/rwonce.h:67:16: error: got : > ./include/linux/list.h:292:16: error: typename in expression > ./include/linux/list.h:292:16: error: Expected ) in function call > ./include/linux/list.h:292:16: error: got : > > .... > > ./include/linux/seqlock.h:682:16: error: Expected ) in function call > ./include/linux/seqlock.h:682:16: error: got : > ./include/linux/seqlock.h:695:16: error: typename in expression > ./include/linux/seqlock.h:695:16: error: Expected ) in function call > ./include/linux/seqlock.h:695:16: error: too many errors > Segmentation fault (core dumped) > make[3]: *** [scripts/Makefile.build:250: security/landlock/setup.o] > Error 139 > make[3]: *** Deleting file 'security/landlock/setup.o' > make[3]: *** Waiting for unfinished jobs.... > Segmentation fault (core dumped) > make[3]: *** [scripts/Makefile.build:250: security/landlock/syscalls.o] > Error 139 > make[3]: *** Deleting file 'security/landlock/syscalls.o' > make[2]: *** [scripts/Makefile.build:502: security/landlock] Error 2 > make[1]: *** [scripts/Makefile.build:502: security] Error 2 > make[1]: *** Waiting for unfinished jobs.... > make: *** [Makefile:1994: .] Error 2 I don't know about this error. Did you follow the documentation? https://docs.kernel.org/dev-tools/sparse.html#getting-sparse >> >> Using big-endian values as keys (casted to uintptr_t, not strictly >> __be16) in the rb-tree should not be an issue because there is no port >> range ordering (for now). >> >> A dedicated test should check that endianness is correct, e.g. by using >> different port encoding. This should include passing and failing tests, >> but they should work on all architectures (i.e. big or little endian). ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v8 07/12] landlock: Add network rules support 2023-01-06 19:22 ` [PATCH v8 07/12] landlock: Add network rules support Mickaël Salaün @ 2023-01-09 7:59 ` Konstantin Meskhidze (A) 2023-01-09 8:58 ` Dan Carpenter 0 siblings, 1 reply; 8+ messages in thread From: Konstantin Meskhidze (A) @ 2023-01-09 7:59 UTC (permalink / raw) To: Mickaël Salaün, linux-sparse Cc: willemdebruijn.kernel, gnoack3000, linux-security-module, netdev, netfilter-devel, artem.kuzin, Linux API, Alejandro Colomar (man-pages) 1/6/2023 10:22 PM, Mickaël Salaün пишет: > > On 04/01/2023 12:41, Konstantin Meskhidze (A) wrote: >> >> >> 11/17/2022 9:43 PM, Mickaël Salaün пишет: > > [...] > >>>> /** >>>> @@ -79,6 +91,24 @@ struct landlock_path_beneath_attr { >>>> */ >>>> } __attribute__((packed)); >>>> >>>> +/** >>>> + * struct landlock_net_service_attr - TCP subnet definition >>>> + * >>>> + * Argument of sys_landlock_add_rule(). >>>> + */ >>>> +struct landlock_net_service_attr { >>>> + /** >>>> + * @allowed_access: Bitmask of allowed access network for services >>>> + * (cf. `Network flags`_). >>>> + */ >>>> + __u64 allowed_access; >>>> + /** >>>> + * @port: Network port. >>>> + */ >>>> + __u16 port; >>> >>> From an UAPI point of view, I think the port field should be __be16, as >>> for sockaddr_in->port and other network-related APIs. This will require >>> some kernel changes to please sparse: make C=2 security/landlock/ must >>> not print any warning. >> >> I have this errors trying to launch sparse checking: >> >> DESCEND objtool >> DESCEND bpf/resolve_btfids >> CALL scripts/checksyscalls.sh >> CHK kernel/kheaders_data.tar.xz >> CC security/landlock/setup.o >> CHECK security/landlock/setup.c >> ./include/asm-generic/rwonce.h:67:16: error: typename in expression >> ./include/asm-generic/rwonce.h:67:16: error: Expected ) in function call >> ./include/asm-generic/rwonce.h:67:16: error: got : >> ./include/linux/list.h:292:16: error: typename in expression >> ./include/linux/list.h:292:16: error: Expected ) in function call >> ./include/linux/list.h:292:16: error: got : >> >> .... >> >> ./include/linux/seqlock.h:682:16: error: Expected ) in function call >> ./include/linux/seqlock.h:682:16: error: got : >> ./include/linux/seqlock.h:695:16: error: typename in expression >> ./include/linux/seqlock.h:695:16: error: Expected ) in function call >> ./include/linux/seqlock.h:695:16: error: too many errors >> Segmentation fault (core dumped) >> make[3]: *** [scripts/Makefile.build:250: security/landlock/setup.o] >> Error 139 >> make[3]: *** Deleting file 'security/landlock/setup.o' >> make[3]: *** Waiting for unfinished jobs.... >> Segmentation fault (core dumped) >> make[3]: *** [scripts/Makefile.build:250: security/landlock/syscalls.o] >> Error 139 >> make[3]: *** Deleting file 'security/landlock/syscalls.o' >> make[2]: *** [scripts/Makefile.build:502: security/landlock] Error 2 >> make[1]: *** [scripts/Makefile.build:502: security] Error 2 >> make[1]: *** Waiting for unfinished jobs.... >> make: *** [Makefile:1994: .] Error 2 > > I don't know about this error. Did you follow the documentation? > https://docs.kernel.org/dev-tools/sparse.html#getting-sparse > Yes, I did as in the documentation. that's strange. If you dont mind can you please check it when I sent a new patch? > > >>> >>> Using big-endian values as keys (casted to uintptr_t, not strictly >>> __be16) in the rb-tree should not be an issue because there is no port >>> range ordering (for now). >>> >>> A dedicated test should check that endianness is correct, e.g. by using >>> different port encoding. This should include passing and failing tests, >>> but they should work on all architectures (i.e. big or little endian). > . ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v8 07/12] landlock: Add network rules support 2023-01-09 7:59 ` Konstantin Meskhidze (A) @ 2023-01-09 8:58 ` Dan Carpenter 2023-01-09 9:26 ` Konstantin Meskhidze (A) 0 siblings, 1 reply; 8+ messages in thread From: Dan Carpenter @ 2023-01-09 8:58 UTC (permalink / raw) To: Konstantin Meskhidze (A) Cc: Mickaël Salaün, linux-sparse, willemdebruijn.kernel, gnoack3000, linux-security-module, netdev, netfilter-devel, artem.kuzin, Linux API, Alejandro Colomar (man-pages) These warnings seem like something I have seen before. Maybe it was an issue with _Generic() support? Are you really sure you're running the latest git version of Sparse? I tested this patch with the latest version of Sparse on my system and it worked fine. regards, dan carpenter ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v8 07/12] landlock: Add network rules support 2023-01-09 8:58 ` Dan Carpenter @ 2023-01-09 9:26 ` Konstantin Meskhidze (A) 2023-01-09 10:20 ` Dan Carpenter 0 siblings, 1 reply; 8+ messages in thread From: Konstantin Meskhidze (A) @ 2023-01-09 9:26 UTC (permalink / raw) To: Dan Carpenter Cc: Mickaël Salaün, linux-sparse, willemdebruijn.kernel, gnoack3000, linux-security-module, netdev, netfilter-devel, artem.kuzin, Linux API, Alejandro Colomar (man-pages) 1/9/2023 11:58 AM, Dan Carpenter пишет: > These warnings seem like something I have seen before. Maybe it was an > issue with _Generic() support? > > Are you really sure you're running the latest git version of Sparse? > > I tested this patch with the latest version of Sparse on my system and > it worked fine. Hi Dan, git is on the master branch now - hash ce1a6720 (dated 27 June 2022) Is this correct version? regards, Konstantin. > > regards, > dan carpenter > > . ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v8 07/12] landlock: Add network rules support 2023-01-09 9:26 ` Konstantin Meskhidze (A) @ 2023-01-09 10:20 ` Dan Carpenter 2023-01-09 11:39 ` Konstantin Meskhidze (A) 0 siblings, 1 reply; 8+ messages in thread From: Dan Carpenter @ 2023-01-09 10:20 UTC (permalink / raw) To: Konstantin Meskhidze (A) Cc: Mickaël Salaün, linux-sparse, willemdebruijn.kernel, gnoack3000, linux-security-module, netdev, netfilter-devel, artem.kuzin, Linux API, Alejandro Colomar (man-pages) On Mon, Jan 09, 2023 at 12:26:52PM +0300, Konstantin Meskhidze (A) wrote: > > > 1/9/2023 11:58 AM, Dan Carpenter пишет: > > These warnings seem like something I have seen before. Maybe it was an > > issue with _Generic() support? > > > > Are you really sure you're running the latest git version of Sparse? > > > > I tested this patch with the latest version of Sparse on my system and > > it worked fine. > > Hi Dan, > > git is on the master branch now - hash ce1a6720 (dated 27 June 2022) > > Is this correct version? Yes, that's correct. What is your .config? regards, dan carpenter ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v8 07/12] landlock: Add network rules support 2023-01-09 10:20 ` Dan Carpenter @ 2023-01-09 11:39 ` Konstantin Meskhidze (A) 2023-01-09 11:53 ` Dan Carpenter 0 siblings, 1 reply; 8+ messages in thread From: Konstantin Meskhidze (A) @ 2023-01-09 11:39 UTC (permalink / raw) To: Dan Carpenter Cc: Mickaël Salaün, linux-sparse, willemdebruijn.kernel, gnoack3000, linux-security-module, netdev, netfilter-devel, artem.kuzin, Linux API, Alejandro Colomar (man-pages) 1/9/2023 1:20 PM, Dan Carpenter пишет: > On Mon, Jan 09, 2023 at 12:26:52PM +0300, Konstantin Meskhidze (A) wrote: >> >> >> 1/9/2023 11:58 AM, Dan Carpenter пишет: >> > These warnings seem like something I have seen before. Maybe it was an >> > issue with _Generic() support? >> > >> > Are you really sure you're running the latest git version of Sparse? >> > >> > I tested this patch with the latest version of Sparse on my system and >> > it worked fine. >> >> Hi Dan, >> >> git is on the master branch now - hash ce1a6720 (dated 27 June 2022) >> >> Is this correct version? > > Yes, that's correct. What is your .config? What parameters do I need to check in .config? > > regards, > dan carpenter > > . ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v8 07/12] landlock: Add network rules support 2023-01-09 11:39 ` Konstantin Meskhidze (A) @ 2023-01-09 11:53 ` Dan Carpenter 2023-01-09 12:18 ` Konstantin Meskhidze (A) 0 siblings, 1 reply; 8+ messages in thread From: Dan Carpenter @ 2023-01-09 11:53 UTC (permalink / raw) To: Konstantin Meskhidze (A) Cc: Mickaël Salaün, linux-sparse, willemdebruijn.kernel, gnoack3000, linux-security-module, netdev, netfilter-devel, artem.kuzin, Linux API, Alejandro Colomar (man-pages) On Mon, Jan 09, 2023 at 02:39:36PM +0300, Konstantin Meskhidze (A) wrote: > > > 1/9/2023 1:20 PM, Dan Carpenter пишет: > > On Mon, Jan 09, 2023 at 12:26:52PM +0300, Konstantin Meskhidze (A) wrote: > > > > > > > > > 1/9/2023 11:58 AM, Dan Carpenter пишет: > > > > These warnings seem like something I have seen before. Maybe it was an > > > > issue with _Generic() support? > > > > > Are you really sure you're running the latest git version of > > > Sparse? > > > > > I tested this patch with the latest version of Sparse on my > > > system and > > > > it worked fine. > > > > > > Hi Dan, > > > > > > git is on the master branch now - hash ce1a6720 (dated 27 June 2022) > > > > > > Is this correct version? > > > > Yes, that's correct. What is your .config? > > What parameters do I need to check in .config? I don't know. I was hoping you could just email me the whole thing and/or the results from make security/landlock/ruleset.i. That way we could see what line was making Sparse complain. regards, dan carpenter ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v8 07/12] landlock: Add network rules support 2023-01-09 11:53 ` Dan Carpenter @ 2023-01-09 12:18 ` Konstantin Meskhidze (A) 0 siblings, 0 replies; 8+ messages in thread From: Konstantin Meskhidze (A) @ 2023-01-09 12:18 UTC (permalink / raw) To: Dan Carpenter Cc: Mickaël Salaün, linux-sparse, willemdebruijn.kernel, gnoack3000, linux-security-module, netdev, netfilter-devel, artem.kuzin, Linux API, Alejandro Colomar (man-pages) 1/9/2023 2:53 PM, Dan Carpenter пишет: > On Mon, Jan 09, 2023 at 02:39:36PM +0300, Konstantin Meskhidze (A) wrote: >> >> >> 1/9/2023 1:20 PM, Dan Carpenter пишет: >> > On Mon, Jan 09, 2023 at 12:26:52PM +0300, Konstantin Meskhidze (A) wrote: >> > > >> > > >> > > 1/9/2023 11:58 AM, Dan Carpenter пишет: >> > > > These warnings seem like something I have seen before. Maybe it was an >> > > > issue with _Generic() support? >> > > > > Are you really sure you're running the latest git version of >> > > Sparse? >> > > > > I tested this patch with the latest version of Sparse on my >> > > system and >> > > > it worked fine. >> > > >> > > Hi Dan, >> > > >> > > git is on the master branch now - hash ce1a6720 (dated 27 June 2022) >> > > >> > > Is this correct version? >> > >> > Yes, that's correct. What is your .config? >> >> What parameters do I need to check in .config? > > I don't know. I was hoping you could just email me the whole thing > and/or the results from make security/landlock/ruleset.i. That way > we could see what line was making Sparse complain. here is the whole error message: make C=2 security/landlock/ CHECK scripts/mod/empty.c CALL scripts/checksyscalls.sh DESCEND objtool DESCEND bpf/resolve_btfids CHECK security/landlock/setup.c ./include/asm-generic/rwonce.h:67:16: error: typename in expression ./include/asm-generic/rwonce.h:67:16: error: Expected ) in function call ./include/asm-generic/rwonce.h:67:16: error: got : ./include/linux/list.h:292:16: error: typename in expression ./include/linux/list.h:292:16: error: Expected ) in function call ./include/linux/list.h:292:16: error: got : ./include/linux/list.h:328:34: error: typename in expression ./include/linux/list.h:328:34: error: Expected ) in function call ./include/linux/list.h:328:34: error: got : ./include/linux/list.h:329:53: error: typename in expression ./include/linux/list.h:329:53: error: Expected ) in function call ./include/linux/list.h:329:53: error: got : ./include/linux/list.h:867:17: error: typename in expression ./include/linux/list.h:867:17: error: Expected ) in function call ./include/linux/list.h:867:17: error: got : ./include/linux/list.h:876:17: error: typename in expression ./include/linux/list.h:876:17: error: Expected ) in function call ./include/linux/list.h:876:17: error: got : ./arch/x86/include/asm/atomic.h:29:16: error: typename in expression ./arch/x86/include/asm/atomic.h:29:16: error: Expected ) in function call ./arch/x86/include/asm/atomic.h:29:16: error: got : ./arch/x86/include/asm/atomic64_64.h:22:16: error: typename in expression ./arch/x86/include/asm/atomic64_64.h:22:16: error: Expected ) in function call ./arch/x86/include/asm/atomic64_64.h:22:16: error: got : ./include/linux/atomic/atomic-arch-fallback.h:227:23: error: typename in expression ./include/linux/atomic/atomic-arch-fallback.h:227:23: error: Expected ) in function call ./include/linux/atomic/atomic-arch-fallback.h:227:23: error: got : ./include/linux/atomic/atomic-arch-fallback.h:1348:23: error: typename in expression ./include/linux/atomic/atomic-arch-fallback.h:1348:23: error: Expected ) in function call ./include/linux/atomic/atomic-arch-fallback.h:1348:23: error: got : ./include/linux/jump_label.h:286:9: error: Expected ; at end of statement ./include/linux/jump_label.h:286:9: error: got __flags ./include/linux/jump_label.h:302:9: error: Expected ; at end of statement ./include/linux/jump_label.h:302:9: error: got __flags ./include/linux/jump_label.h:319:9: error: Expected ; at end of statement ./include/linux/jump_label.h:319:9: error: got __flags ./include/linux/jump_label.h:322:17: error: Expected ; at end of statement ./include/linux/jump_label.h:322:17: error: got __flags ./include/linux/jump_label.h:330:9: error: Expected ; at end of statement ./include/linux/jump_label.h:330:9: error: got __flags ./include/linux/jump_label.h:333:17: error: Expected ; at end of statement ./include/linux/jump_label.h:333:17: error: got __flags ./include/asm-generic/bitops/generic-non-atomic.h:140:23: error: typename in expression ./include/asm-generic/bitops/generic-non-atomic.h:140:23: error: Expected ) in function call ./include/asm-generic/bitops/generic-non-atomic.h:140:23: error: got : ./include/linux/bitmap.h:268:17: error: Expected ; at end of statement ./include/linux/bitmap.h:268:17: error: got __flags ./include/linux/thread_info.h:127:16: error: typename in expression ./include/linux/thread_info.h:127:16: error: Expected ) in function call ./include/linux/thread_info.h:127:16: error: got : ./include/linux/thread_info.h:233:13: error: Expected ; at end of statement ./include/linux/thread_info.h:233:13: error: got __flags ./include/linux/llist.h:191:16: error: typename in expression ./include/linux/llist.h:191:16: error: Expected ) in function call ./include/linux/llist.h:191:16: error: got : ./include/linux/rcupdate.h:1073:31: error: typename in expression ./include/linux/rcupdate.h:1073:31: error: Expected ) in function call ./include/linux/rcupdate.h:1073:31: error: got : ./include/linux/rcupdate.h:1077:9: error: Expected ; at end of statement ./include/linux/rcupdate.h:1077:9: error: got __flags ./include/linux/key.h:453:16: error: typename in expression ./include/linux/key.h:453:16: error: Expected ) in function call ./include/linux/key.h:453:16: error: got : ./include/linux/list_bl.h:74:33: error: typename in expression ./include/linux/list_bl.h:74:33: error: Expected ) in function call ./include/linux/list_bl.h:74:33: error: got : ./include/linux/rculist_bl.h:24:33: error: typename in expression ./include/linux/rculist_bl.h:24:33: error: Expected ) in function call ./include/linux/rculist_bl.h:24:33: error: got : ./include/linux/seqlock.h:259:16: error: typename in expression ./include/linux/seqlock.h:259:16: error: Expected ) in function call ./include/linux/seqlock.h:259:16: error: got : ./include/linux/seqlock.h:274:1: error: typename in expression ./include/linux/seqlock.h:274:1: error: Expected ) in function call ./include/linux/seqlock.h:274:1: error: got : ./include/linux/seqlock.h:274:1: error: typename in expression ./include/linux/seqlock.h:274:1: error: Expected ) in function call ./include/linux/seqlock.h:274:1: error: got : ./include/linux/seqlock.h:275:1: error: typename in expression ./include/linux/seqlock.h:275:1: error: Expected ) in function call ./include/linux/seqlock.h:275:1: error: got : ./include/linux/seqlock.h:275:1: error: typename in expression ./include/linux/seqlock.h:275:1: error: Expected ) in function call ./include/linux/seqlock.h:275:1: error: got : ./include/linux/seqlock.h:276:1: error: typename in expression ./include/linux/seqlock.h:276:1: error: Expected ) in function call ./include/linux/seqlock.h:276:1: error: got : ./include/linux/seqlock.h:276:1: error: typename in expression ./include/linux/seqlock.h:276:1: error: Expected ) in function call ./include/linux/seqlock.h:276:1: error: got : ./include/linux/seqlock.h:277:1: error: typename in expression ./include/linux/seqlock.h:277:1: error: Expected ) in function call ./include/linux/seqlock.h:277:1: error: got : ./include/linux/seqlock.h:277:1: error: typename in expression ./include/linux/seqlock.h:277:1: error: Expected ) in function call ./include/linux/seqlock.h:277:1: error: got : ./include/linux/seqlock.h:429:16: error: typename in expression ./include/linux/seqlock.h:429:16: error: Expected ) in function call ./include/linux/seqlock.h:429:16: error: got : ./include/linux/seqlock.h:682:16: error: typename in expression ./include/linux/seqlock.h:682:16: error: Expected ) in function call ./include/linux/seqlock.h:682:16: error: too many errors Segmentation fault (core dumped) make[3]: *** [scripts/Makefile.build:251: security/landlock/setup.o] Error 139 make[2]: *** [scripts/Makefile.build:502: security/landlock] Error 2 make[1]: *** [scripts/Makefile.build:502: security] Error 2 make: *** [Makefile:1994: .] Error 2 Please tell me if you need some more info. regards, Konstantin > > regards, > dan carpenter > > . ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-01-09 12:18 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20221021152644.155136-1-konstantin.meskhidze@huawei.com>
[not found] ` <20221021152644.155136-8-konstantin.meskhidze@huawei.com>
[not found] ` <49391484-7401-e7c7-d909-3bd6bd024731@digikod.net>
[not found] ` <9a6ea6ac-525d-e058-5867-0794a99b19a3@huawei.com>
2023-01-06 19:22 ` [PATCH v8 07/12] landlock: Add network rules support Mickaël Salaün
2023-01-09 7:59 ` Konstantin Meskhidze (A)
2023-01-09 8:58 ` Dan Carpenter
2023-01-09 9:26 ` Konstantin Meskhidze (A)
2023-01-09 10:20 ` Dan Carpenter
2023-01-09 11:39 ` Konstantin Meskhidze (A)
2023-01-09 11:53 ` Dan Carpenter
2023-01-09 12:18 ` Konstantin Meskhidze (A)
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox