CC: [email protected] CC: [email protected] CC: [email protected] TO: Thomas Gleixner <[email protected]>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/tglx/devel.git x86/fpu-kvm head: e16d6eec3c9e60abfb29d0d77f08411d326142dd commit: 8a4ae8c80ec211646b5824b7c89d64cf7d286625 [1/6] x86/fpu: Extend fpu_xstate_prctl() with guest permissions :::::: branch date: 33 hours ago :::::: commit date: 33 hours ago config: i386-randconfig-c001-20211214 (https://download.01.org/0day-ci/archive/20211215/[email protected]/config) compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project b6a2ddb6c8ac29412b1361810972e15221fa021c) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://git.kernel.org/pub/scm/linux/kernel/git/tglx/devel.git/commit/?id=8a4ae8c80ec211646b5824b7c89d64cf7d286625 git remote add tglx-devel https://git.kernel.org/pub/scm/linux/kernel/git/tglx/devel.git git fetch --no-tags tglx-devel x86/fpu-kvm git checkout 8a4ae8c80ec211646b5824b7c89d64cf7d286625 # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=i386 clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ext4_error_inode_block(inode, err_blk, EIO, ^ fs/ext4/ext4.h:3156:2: note: expanded from macro 'ext4_error_inode_block' __ext4_error_inode((inode), __func__, __LINE__, (block), (err), \ ^ ~~~~~~~ fs/ext4/inode.c:6114:9: warning: 3rd function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage] err = block_page_mkwrite(vma, vmf, get_block); ^ ~~~~~~~~~ fs/ext4/inode.c:6030:2: note: 'get_block' declared without an initial value get_block_t *get_block; ^~~~~~~~~~~~~~~~~~~~~~ fs/ext4/inode.c:6033:6: note: Assuming the condition is true if (unlikely(IS_IMMUTABLE(inode))) ^ include/linux/compiler.h:78:40: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^~~~ fs/ext4/inode.c:6033:2: note: Taking false branch if (unlikely(IS_IMMUTABLE(inode))) ^ fs/ext4/inode.c:6042:6: note: Assuming 'err' is 0 if (err) ^~~ fs/ext4/inode.c:6042:2: note: Taking false branch if (err) ^ fs/ext4/inode.c:6051:6: note: Assuming the condition is true if (ext4_should_journal_data(inode)) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/ext4/inode.c:6051:2: note: Taking true branch if (ext4_should_journal_data(inode)) ^ fs/ext4/inode.c:6052:3: note: Control jumps to line 6102 goto retry_alloc; ^ fs/ext4/inode.c:6104:6: note: Calling 'IS_ERR' if (IS_ERR(handle)) { ^~~~~~~~~~~~~~ include/linux/err.h:36:9: note: Assuming the condition is false return IS_ERR_VALUE((unsigned long)ptr); ^ include/linux/err.h:22:34: note: expanded from macro 'IS_ERR_VALUE' #define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO) ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/compiler.h:78:42: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^ include/linux/err.h:36:2: note: Returning zero, which participates in a condition later return IS_ERR_VALUE((unsigned long)ptr); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/ext4/inode.c:6104:6: note: Returning from 'IS_ERR' if (IS_ERR(handle)) { ^~~~~~~~~~~~~~ fs/ext4/inode.c:6104:2: note: Taking false branch if (IS_ERR(handle)) { ^ fs/ext4/inode.c:6113:6: note: Assuming the condition is true if (!ext4_should_journal_data(inode)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/ext4/inode.c:6113:2: note: Taking true branch if (!ext4_should_journal_data(inode)) { ^ fs/ext4/inode.c:6114:9: note: 3rd function call argument is an uninitialized value err = block_page_mkwrite(vma, vmf, get_block); ^ ~~~~~~~~~ 1 warning generated. arch/x86/kernel/pci-iommu_table.c:37:10: warning: Dereference of null pointer (loaded from variable 'p') [clang-analyzer-core.NullDereference] tmp = *p; ^~ arch/x86/kernel/pci-iommu_table.c:30:18: note: Assuming 'p' is < 'finish' for (p = start; p < finish; p++) { ^~~~~~~~~~ arch/x86/kernel/pci-iommu_table.c:30:2: note: Loop condition is true. Entering loop body for (p = start; p < finish; p++) { ^ arch/x86/kernel/pci-iommu_table.c:36:7: note: 'q' is <= 'p' if (q > p) { ^ arch/x86/kernel/pci-iommu_table.c:36:3: note: Taking false branch if (q > p) { ^ arch/x86/kernel/pci-iommu_table.c:30:30: note: Null pointer value stored to 'p' for (p = start; p < finish; p++) { ^~~ arch/x86/kernel/pci-iommu_table.c:30:18: note: 'p' is < 'finish' for (p = start; p < finish; p++) { ^ arch/x86/kernel/pci-iommu_table.c:30:2: note: Loop condition is true. Entering loop body for (p = start; p < finish; p++) { ^ arch/x86/kernel/pci-iommu_table.c:36:7: note: Assuming 'q' is > 'p' if (q > p) { ^~~~~ arch/x86/kernel/pci-iommu_table.c:36:3: note: Taking true branch if (q > p) { ^ arch/x86/kernel/pci-iommu_table.c:37:10: note: Dereference of null pointer (loaded from variable 'p') tmp = *p; ^~ 1 warning generated. >> arch/x86/kernel/fpu/xstate.c:1779:3: warning: Value stored to 'guest' is >> never read [clang-analyzer-deadcode.DeadStores] guest = true; ^ ~~~~ arch/x86/kernel/fpu/xstate.c:1779:3: note: Value stored to 'guest' is never read guest = true; ^ ~~~~ 1 warning generated. drivers/acpi/osl.c:1744:3: warning: Value stored to 'rv' is never read [clang-analyzer-deadcode.DeadStores] rv = acpi_os_map_generic_address(&acpi_gbl_FADT.reset_register); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/acpi/osl.c:1744:3: note: Value stored to 'rv' is never read rv = acpi_os_map_generic_address(&acpi_gbl_FADT.reset_register); ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. drivers/input/keyboard/atkbd.c:1078:17: warning: Value stored to 'dev' during its initialization is never read [clang-analyzer-deadcode.DeadStores] struct device *dev = &atkbd->ps2dev.serio->dev; ^~~ ~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/input/keyboard/atkbd.c:1078:17: note: Value stored to 'dev' during its initialization is never read struct device *dev = &atkbd->ps2dev.serio->dev; ^~~ ~~~~~~~~~~~~~~~~~~~~~~~~~ 1 warning generated. mm/memfd.c:281:2: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(name, MFD_NAME_PREFIX); ^~~~~~ mm/memfd.c:281:2: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(name, MFD_NAME_PREFIX); ^~~~~~ 1 warning generated. drivers/of/device.c:59:29: warning: Value stored to 'of_node' during its initialization is never read [clang-analyzer-deadcode.DeadStores] struct device_node *node, *of_node = dev->of_node; ^~~~~~~ ~~~~~~~~~~~~ drivers/of/device.c:59:29: note: Value stored to 'of_node' during its initialization is never read struct device_node *node, *of_node = dev->of_node; ^~~~~~~ ~~~~~~~~~~~~ 3 warnings generated. drivers/of/property.c:920:19: warning: Access to field 'full_name' results in a dereference of a null pointer [clang-analyzer-core.NullDereference] return kbasename(to_of_node(fwnode)->full_name); ^ include/linux/of.h:161:2: note: expanded from macro 'to_of_node' ({ \ ^ drivers/of/property.c:920:19: note: '?' condition is false return kbasename(to_of_node(fwnode)->full_name); ^ include/linux/of.h:164:3: note: expanded from macro 'to_of_node' is_of_node(__to_of_node_fwnode) ? \ ^ drivers/of/property.c:920:19: note: Access to field 'full_name' results in a dereference of a null pointer return kbasename(to_of_node(fwnode)->full_name); ^ include/linux/of.h:161:2: note: expanded from macro 'to_of_node' ({ \ ^ drivers/of/property.c:926:7: warning: Access to field 'parent' results in a dereference of a null pointer [clang-analyzer-core.NullDereference] if (!to_of_node(fwnode)->parent) ^ include/linux/of.h:161:2: note: expanded from macro 'to_of_node' ({ \ ^ drivers/of/property.c:926:7: note: '?' condition is false if (!to_of_node(fwnode)->parent) ^ include/linux/of.h:164:3: note: expanded from macro 'to_of_node' is_of_node(__to_of_node_fwnode) ? \ ^ drivers/of/property.c:926:7: note: Access to field 'parent' results in a dereference of a null pointer if (!to_of_node(fwnode)->parent) ^ include/linux/of.h:161:2: note: expanded from macro 'to_of_node' ({ \ ^ drivers/of/property.c:1443:22: warning: Value stored to 'con_np' during its initialization is never read [clang-analyzer-deadcode.DeadStores] struct device_node *con_np = to_of_node(fwnode); ^~~~~~ drivers/of/property.c:1443:22: note: Value stored to 'con_np' during its initialization is never read struct device_node *con_np = to_of_node(fwnode); ^~~~~~ 1 warning generated. drivers/of/irq.c:587:2: warning: Dereference of null pointer [clang-analyzer-core.NullDereference] list_for_each_entry_safe(desc, temp_desc, &intc_parent_list, list) { ^ include/linux/list.h:718:7: note: expanded from macro 'list_for_each_entry_safe' n = list_next_entry(pos, member); \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/list.h:557:2: note: expanded from macro 'list_next_entry' list_entry((pos)->member.next, typeof(*(pos)), member) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/list.h:513:2: note: expanded from macro 'list_entry' container_of(ptr, type, member) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/container_of.h:18:25: note: expanded from macro 'container_of' void *__mptr = (void *)(ptr); \ ^~~~~ drivers/of/irq.c:509:2: note: Loop condition is true. Entering loop body for_each_matching_node_and_match(np, matches, &match) { ^ include/linux/of.h:1298:2: note: expanded from macro 'for_each_matching_node_and_match' for (dn = of_find_matching_node_and_match(NULL, matches, match); \ ^ drivers/of/irq.c:510:8: note: Calling 'of_property_read_bool' if (!of_property_read_bool(np, "interrupt-controller") || vim +/guest +1779 arch/x86/kernel/fpu/xstate.c db8268df0983ad Chang S. Bae 2021-10-21 1730 db8268df0983ad Chang S. Bae 2021-10-21 1731 /** db8268df0983ad Chang S. Bae 2021-10-21 1732 * fpu_xstate_prctl - xstate permission operations db8268df0983ad Chang S. Bae 2021-10-21 1733 * @tsk: Redundant pointer to current db8268df0983ad Chang S. Bae 2021-10-21 1734 * @option: A subfunction of arch_prctl() db8268df0983ad Chang S. Bae 2021-10-21 1735 * @arg2: option argument db8268df0983ad Chang S. Bae 2021-10-21 1736 * Return: 0 if successful; otherwise, an error code db8268df0983ad Chang S. Bae 2021-10-21 1737 * db8268df0983ad Chang S. Bae 2021-10-21 1738 * Option arguments: db8268df0983ad Chang S. Bae 2021-10-21 1739 * db8268df0983ad Chang S. Bae 2021-10-21 1740 * ARCH_GET_XCOMP_SUPP: Pointer to user space u64 to store the info db8268df0983ad Chang S. Bae 2021-10-21 1741 * ARCH_GET_XCOMP_PERM: Pointer to user space u64 to store the info db8268df0983ad Chang S. Bae 2021-10-21 1742 * ARCH_REQ_XCOMP_PERM: Facility number requested db8268df0983ad Chang S. Bae 2021-10-21 1743 * db8268df0983ad Chang S. Bae 2021-10-21 1744 * For facilities which require more than one XSTATE component, the request db8268df0983ad Chang S. Bae 2021-10-21 1745 * must be the highest state component number related to that facility, db8268df0983ad Chang S. Bae 2021-10-21 1746 * e.g. for AMX which requires XFEATURE_XTILE_CFG(17) and db8268df0983ad Chang S. Bae 2021-10-21 1747 * XFEATURE_XTILE_DATA(18) this would be XFEATURE_XTILE_DATA(18). db8268df0983ad Chang S. Bae 2021-10-21 1748 */ db8268df0983ad Chang S. Bae 2021-10-21 1749 long fpu_xstate_prctl(struct task_struct *tsk, int option, unsigned long arg2) db8268df0983ad Chang S. Bae 2021-10-21 1750 { db8268df0983ad Chang S. Bae 2021-10-21 1751 u64 __user *uptr = (u64 __user *)arg2; db8268df0983ad Chang S. Bae 2021-10-21 1752 u64 permitted, supported; db8268df0983ad Chang S. Bae 2021-10-21 1753 unsigned long idx = arg2; 8a4ae8c80ec211 Thomas Gleixner 2021-12-07 1754 bool guest = false; db8268df0983ad Chang S. Bae 2021-10-21 1755 db8268df0983ad Chang S. Bae 2021-10-21 1756 if (tsk != current) db8268df0983ad Chang S. Bae 2021-10-21 1757 return -EPERM; db8268df0983ad Chang S. Bae 2021-10-21 1758 db8268df0983ad Chang S. Bae 2021-10-21 1759 switch (option) { db8268df0983ad Chang S. Bae 2021-10-21 1760 case ARCH_GET_XCOMP_SUPP: db8268df0983ad Chang S. Bae 2021-10-21 1761 supported = fpu_user_cfg.max_features | fpu_user_cfg.legacy_features; db8268df0983ad Chang S. Bae 2021-10-21 1762 return put_user(supported, uptr); db8268df0983ad Chang S. Bae 2021-10-21 1763 db8268df0983ad Chang S. Bae 2021-10-21 1764 case ARCH_GET_XCOMP_PERM: db8268df0983ad Chang S. Bae 2021-10-21 1765 /* db8268df0983ad Chang S. Bae 2021-10-21 1766 * Lockless snapshot as it can also change right after the db8268df0983ad Chang S. Bae 2021-10-21 1767 * dropping the lock. db8268df0983ad Chang S. Bae 2021-10-21 1768 */ db8268df0983ad Chang S. Bae 2021-10-21 1769 permitted = xstate_get_host_group_perm(); db8268df0983ad Chang S. Bae 2021-10-21 1770 permitted &= XFEATURE_MASK_USER_SUPPORTED; db8268df0983ad Chang S. Bae 2021-10-21 1771 return put_user(permitted, uptr); db8268df0983ad Chang S. Bae 2021-10-21 1772 8a4ae8c80ec211 Thomas Gleixner 2021-12-07 1773 case ARCH_GET_XCOMP_GUEST_PERM: 8a4ae8c80ec211 Thomas Gleixner 2021-12-07 1774 permitted = xstate_get_guest_group_perm(); 8a4ae8c80ec211 Thomas Gleixner 2021-12-07 1775 permitted &= XFEATURE_MASK_USER_SUPPORTED; 8a4ae8c80ec211 Thomas Gleixner 2021-12-07 1776 return put_user(permitted, uptr); 8a4ae8c80ec211 Thomas Gleixner 2021-12-07 1777 8a4ae8c80ec211 Thomas Gleixner 2021-12-07 1778 case ARCH_REQ_XCOMP_GUEST_PERM: 8a4ae8c80ec211 Thomas Gleixner 2021-12-07 @1779 guest = true; 8a4ae8c80ec211 Thomas Gleixner 2021-12-07 1780 fallthrough; 8a4ae8c80ec211 Thomas Gleixner 2021-12-07 1781 db8268df0983ad Chang S. Bae 2021-10-21 1782 case ARCH_REQ_XCOMP_PERM: db8268df0983ad Chang S. Bae 2021-10-21 1783 if (!IS_ENABLED(CONFIG_X86_64)) db8268df0983ad Chang S. Bae 2021-10-21 1784 return -EOPNOTSUPP; db8268df0983ad Chang S. Bae 2021-10-21 1785 8a4ae8c80ec211 Thomas Gleixner 2021-12-07 1786 return xstate_request_perm(idx, guest); db8268df0983ad Chang S. Bae 2021-10-21 1787 db8268df0983ad Chang S. Bae 2021-10-21 1788 default: db8268df0983ad Chang S. Bae 2021-10-21 1789 return -EINVAL; db8268df0983ad Chang S. Bae 2021-10-21 1790 } db8268df0983ad Chang S. Bae 2021-10-21 1791 } db8268df0983ad Chang S. Bae 2021-10-21 1792 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/[email protected] _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
