CC: [email protected] CC: [email protected] CC: [email protected] TO: Jonathon Reinhart <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: d4d016caa4b85b9aa98d7ec8c84e928621a614bc commit: 31c4d2f160eb7b17cbead24dc6efed06505a3fee net: Ensure net namespace isolation of sysctls date: 5 months ago :::::: branch date: 16 hours ago :::::: commit date: 5 months ago config: riscv-randconfig-c006-20210919 (attached as .config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project c8b3d7d6d6de37af68b2f379d0e37304f78e115f) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install riscv cross compiling tool for clang build # apt-get install binutils-riscv64-linux-gnu # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31c4d2f160eb7b17cbead24dc6efed06505a3fee git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 31c4d2f160eb7b17cbead24dc6efed06505a3fee # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) include/linux/rcupdate.h:374:48: note: expanded from macro '__rcu_dereference_check' typeof(*p) *________p1 = (typeof(*p) *__force)READ_ONCE(p); \ ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) include/linux/compiler_types.h:320:2: note: expanded from macro 'compiletime_assert' _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) ^ include/linux/compiler_types.h:308:2: note: expanded from macro '_compiletime_assert' __compiletime_assert(condition, msg, prefix, suffix) ^ include/linux/compiler_types.h:298:2: note: expanded from macro '__compiletime_assert' do { \ ^ net/sched/sch_fq_codel.c:89:11: note: Left side of '&&' is false filter = rcu_dereference_bh(q->filter_list); ^ include/linux/rcupdate.h:579:31: note: expanded from macro 'rcu_dereference_bh' #define rcu_dereference_bh(p) rcu_dereference_bh_check(p, 0) ^ include/linux/rcupdate.h:523:2: note: expanded from macro 'rcu_dereference_bh_check' __rcu_dereference_check((p), (c) || rcu_read_lock_bh_held(), __rcu) ^ include/linux/rcupdate.h:375:2: note: expanded from macro '__rcu_dereference_check' RCU_LOCKDEP_WARN(!(c), "suspicious rcu_dereference_check() usage"); \ ^ include/linux/rcupdate.h:345:48: note: expanded from macro 'RCU_LOCKDEP_WARN' #define RCU_LOCKDEP_WARN(c, s) do { } while (0 && (c)) ^ net/sched/sch_fq_codel.c:89:11: note: Loop condition is false. Exiting loop filter = rcu_dereference_bh(q->filter_list); ^ include/linux/rcupdate.h:579:31: note: expanded from macro 'rcu_dereference_bh' #define rcu_dereference_bh(p) rcu_dereference_bh_check(p, 0) ^ include/linux/rcupdate.h:523:2: note: expanded from macro 'rcu_dereference_bh_check' __rcu_dereference_check((p), (c) || rcu_read_lock_bh_held(), __rcu) ^ include/linux/rcupdate.h:375:2: note: expanded from macro '__rcu_dereference_check' RCU_LOCKDEP_WARN(!(c), "suspicious rcu_dereference_check() usage"); \ ^ include/linux/rcupdate.h:345:32: note: expanded from macro 'RCU_LOCKDEP_WARN' #define RCU_LOCKDEP_WARN(c, s) do { } while (0 && (c)) ^ net/sched/sch_fq_codel.c:90:6: note: Assuming 'filter' is null if (!filter) ^~~~~~~ net/sched/sch_fq_codel.c:90:2: note: Taking true branch if (!filter) ^ net/sched/sch_fq_codel.c:91:3: note: Returning without writing to '*qerr' return fq_codel_hash(q, skb) + 1; ^ net/sched/sch_fq_codel.c:194:8: note: Returning from 'fq_codel_classify' idx = fq_codel_classify(skb, sch, &ret); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/sched/sch_fq_codel.c:195:6: note: Assuming 'idx' is equal to 0 if (idx == 0) { ^~~~~~~~ net/sched/sch_fq_codel.c:195:2: note: Taking true branch if (idx == 0) { ^ net/sched/sch_fq_codel.c:196:11: note: The left operand of '&' is a garbage value if (ret & __NET_XMIT_BYPASS) ~~~ ^ Suppressed 11 warnings (4 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 12 warnings generated. >> net/sysctl_net.c:146:4: warning: Value stored to 'where' is never read >> [clang-analyzer-deadcode.DeadStores] where = "module"; ^ ~~~~~~~~ net/sysctl_net.c:146:4: note: Value stored to 'where' is never read where = "module"; ^ ~~~~~~~~ net/sysctl_net.c:148:4: warning: Value stored to 'where' is never read [clang-analyzer-deadcode.DeadStores] where = "kernel"; ^ ~~~~~~~~ net/sysctl_net.c:148:4: note: Value stored to 'where' is never read where = "kernel"; ^ ~~~~~~~~ Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 9 warnings generated. Suppressed 9 warnings (2 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 11 warnings generated. net/core/net-sysfs.c:1719:2: warning: Value stored to 'txq' is never read [clang-analyzer-deadcode.DeadStores] txq = real_tx; ^ ~~~~~~~ net/core/net-sysfs.c:1719:2: note: Value stored to 'txq' is never read txq = real_tx; ^ ~~~~~~~ Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 12 warnings generated. net/core/bpf_sk_storage.c:755:4: warning: Value stored to 'b' is never read [clang-analyzer-deadcode.DeadStores] b = &smap->buckets[bucket_id++]; ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ net/core/bpf_sk_storage.c:755:4: note: Value stored to 'b' is never read b = &smap->buckets[bucket_id++]; ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Suppressed 11 warnings (4 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. Suppressed 10 warnings (3 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 2 warnings generated. Suppressed 2 warnings (2 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 9 warnings generated. Suppressed 9 warnings (2 in non-user code, 7 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 10 warnings generated. sound/core/memalloc.c:212:20: warning: The result of the left shift is undefined due to shifting by '64', which is greater or equal to the width of type 'unsigned long' [clang-analyzer-core.UndefinedBinaryOperatorResult] size = PAGE_SIZE << get_order(size); ^ ~~~~~~~~~~~~~~~ sound/core/memalloc.c:206:2: note: Loop condition is true. Entering loop body while ((err = snd_dma_alloc_pages(type, device, size, dmab)) < 0) { ^ sound/core/memalloc.c:207:3: note: Taking false branch if (err != -ENOMEM) ^ sound/core/memalloc.c:209:7: note: Assuming the condition is false if (size <= PAGE_SIZE) ^~~~~~~~~~~~~~~~~ sound/core/memalloc.c:209:3: note: Taking false branch if (size <= PAGE_SIZE) ^ sound/core/memalloc.c:212:23: note: Calling 'get_order' size = PAGE_SIZE << get_order(size); ^~~~~~~~~~~~~~~ include/asm-generic/getorder.h:31:2: note: Taking false branch if (__builtin_constant_p(size)) { vim +/where +146 net/sysctl_net.c 95bdfccb2bf4ea Eric W. Biederman 2007-11-30 117 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 118 /* Verify that sysctls for non-init netns are safe by either: 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 119 * 1) being read-only, or 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 120 * 2) having a data pointer which points outside of the global kernel/module 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 121 * data segment, and rather into the heap where a per-net object was 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 122 * allocated. 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 123 */ 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 124 static void ensure_safe_net_sysctl(struct net *net, const char *path, 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 125 struct ctl_table *table) 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 126 { 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 127 struct ctl_table *ent; 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 128 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 129 pr_debug("Registering net sysctl (net %p): %s\n", net, path); 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 130 for (ent = table; ent->procname; ent++) { 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 131 unsigned long addr; 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 132 const char *where; 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 133 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 134 pr_debug(" procname=%s mode=%o proc_handler=%ps data=%p\n", 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 135 ent->procname, ent->mode, ent->proc_handler, ent->data); 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 136 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 137 /* If it's not writable inside the netns, then it can't hurt. */ 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 138 if ((ent->mode & 0222) == 0) { 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 139 pr_debug(" Not writable by anyone\n"); 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 140 continue; 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 141 } 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 142 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 143 /* Where does data point? */ 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 144 addr = (unsigned long)ent->data; 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 145 if (is_module_address(addr)) 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 @146 where = "module"; 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 147 else if (core_kernel_data(addr)) 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 148 where = "kernel"; 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 149 else 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 150 continue; 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 151 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 152 /* If it is writable and points to kernel/module global 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 153 * data, then it's probably a netns leak. 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 154 */ 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 155 WARN(1, "sysctl %s/%s: data points to %s global data: %ps\n", 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 156 path, ent->procname, where, ent->data); 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 157 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 158 /* Make it "safe" by dropping writable perms */ 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 159 ent->mode &= ~0222; 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 160 } 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 161 } 31c4d2f160eb7b Jonathon Reinhart 2021-04-12 162 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected]
.config.gz
Description: application/gzip
_______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
