CC: [email protected] CC: [email protected] BCC: [email protected] In-Reply-To: <[email protected]> References: <[email protected]> TO: "Eric W. Biederman" <[email protected]>
Hi "Eric, [FYI, it's a private test report for your RFC patch.] [auto build test WARNING on linus/master] [also build test WARNING on v5.18-rc3 next-20220422] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/intel-lab-lkp/linux/commits/Eric-W-Biederman/ptrace-Don-t-change-__state/20220421-045703 base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git b253435746d9a4a701b5f09211b9c14d3370d0da :::::: branch date: 3 days ago :::::: commit date: 3 days ago config: arm-randconfig-c002-20220420 (https://download.01.org/0day-ci/archive/20220423/[email protected]/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project bac6cd5bf85669e3376610cfc4c4f9ca015e7b9b) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install arm cross compiling tool for clang build # apt-get install binutils-arm-linux-gnueabi # https://github.com/intel-lab-lkp/linux/commit/7d3fafb75102c0e8d5282487c2822d0f3b301aa9 git remote add linux-review https://github.com/intel-lab-lkp/linux git fetch --no-tags linux-review Eric-W-Biederman/ptrace-Don-t-change-__state/20220421-045703 git checkout 7d3fafb75102c0e8d5282487c2822d0f3b301aa9 # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ^~~~~~~ security/keys/request_key.c:165:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] sprintf(keyring_str[1], "%d", prkey); ^~~~~~~ security/keys/request_key.c:165:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 sprintf(keyring_str[1], "%d", prkey); ^~~~~~~ security/keys/request_key.c:172:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] sprintf(keyring_str[2], "%d", sskey); ^~~~~~~ security/keys/request_key.c:172:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 sprintf(keyring_str[2], "%d", sskey); ^~~~~~~ security/keys/request_key.c:510:3: warning: Value stored to 'ret' is never read [clang-analyzer-deadcode.DeadStores] ret = 0; ^ ~ security/keys/request_key.c:510:3: note: Value stored to 'ret' is never read ret = 0; ^ ~ Suppressed 64 warnings (64 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 41 warnings generated. kernel/panic.c:427:13: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] s = buf + sprintf(buf, "Tainted: "); ^~~~~~~ kernel/panic.c:427:13: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 s = buf + sprintf(buf, "Tainted: "); ^~~~~~~ kernel/panic.c:435:3: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] snprintf(buf, sizeof(buf), "Not tainted"); ^~~~~~~~ kernel/panic.c:435:3: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 snprintf(buf, sizeof(buf), "Not tainted"); ^~~~~~~~ kernel/panic.c:654:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(__start_once, 0, __end_once - __start_once); ^ include/linux/fortify-string.h:272:25: note: expanded from macro 'memset' #define memset(p, c, s) __fortify_memset_chk(p, c, s, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk' __underlying_memset(p, c, __fortify_size); \ ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset' #define __underlying_memset __builtin_memset ^~~~~~~~~~~~~~~~ kernel/panic.c:654:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(__start_once, 0, __end_once - __start_once); ^ include/linux/fortify-string.h:272:25: note: expanded from macro 'memset' #define memset(p, c, s) __fortify_memset_chk(p, c, s, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk' __underlying_memset(p, c, __fortify_size); \ ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset' #define __underlying_memset __builtin_memset ^~~~~~~~~~~~~~~~ Suppressed 38 warnings (38 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 54 warnings generated. kernel/cpu.c:2282:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return sprintf(buf, "%d\n", st->state); ^~~~~~~ kernel/cpu.c:2282:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 return sprintf(buf, "%d\n", st->state); ^~~~~~~ kernel/cpu.c:2330:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return sprintf(buf, "%d\n", st->target); ^~~~~~~ kernel/cpu.c:2330:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 return sprintf(buf, "%d\n", st->target); ^~~~~~~ kernel/cpu.c:2389:9: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return sprintf(buf, "%d\n", st->fail); ^~~~~~~ kernel/cpu.c:2389:9: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 return sprintf(buf, "%d\n", st->fail); ^~~~~~~ kernel/cpu.c:2418:10: warning: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] cur = sprintf(buf, "%3d: %s\n", i, sp->name); ^~~~~~~ kernel/cpu.c:2418:10: note: Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 cur = sprintf(buf, "%3d: %s\n", i, sp->name); ^~~~~~~ kernel/cpu.c:2504:9: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return snprintf(buf, PAGE_SIZE - 2, "%s\n", state); ^~~~~~~~ kernel/cpu.c:2504:9: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 return snprintf(buf, PAGE_SIZE - 2, "%s\n", state); ^~~~~~~~ kernel/cpu.c:2517:9: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] return snprintf(buf, PAGE_SIZE - 2, "%d\n", sched_smt_active()); ^~~~~~~~ kernel/cpu.c:2517:9: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 return snprintf(buf, PAGE_SIZE - 2, "%d\n", sched_smt_active()); ^~~~~~~~ Suppressed 48 warnings (48 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 52 warnings generated. >> kernel/ptrace.c:894:6: warning: Branch condition evaluates to a garbage >> value [clang-analyzer-core.uninitialized.Branch] if (need_siglock) ^ kernel/ptrace.c:1054:2: note: Control jumps to 'case 7:' at line 1233 switch (request) { ^ kernel/ptrace.c:1234:10: note: Calling 'ptrace_resume' return ptrace_resume(child, request, data); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ kernel/ptrace.c:852:2: note: 'need_siglock' declared without an initial value bool need_siglock; ^~~~~~~~~~~~~~~~~ kernel/ptrace.c:854:2: note: Taking false branch if (!valid_signal(data)) ^ kernel/ptrace.c:857:6: note: 'request' is not equal to PTRACE_SYSCALL if (request == PTRACE_SYSCALL) ^~~~~~~ kernel/ptrace.c:857:2: note: Taking false branch if (request == PTRACE_SYSCALL) ^ kernel/ptrace.c:869:2: note: Taking false branch if (is_singleblock(request)) { ^ kernel/ptrace.c:873:13: note: 'request' is not equal to 9 } else if (is_singlestep(request) || is_sysemu_singlestep(request)) { ^ kernel/ptrace.c:832:34: note: expanded from macro 'is_singlestep' #define is_singlestep(request) ((request) == PTRACE_SINGLESTEP) ^~~~~~~~~ kernel/ptrace.c:873:13: note: Left side of '||' is false } else if (is_singlestep(request) || is_sysemu_singlestep(request)) { ^ kernel/ptrace.c:832:33: note: expanded from macro 'is_singlestep' #define is_singlestep(request) ((request) == PTRACE_SINGLESTEP) ^ kernel/ptrace.c:873:9: note: Taking false branch } else if (is_singlestep(request) || is_sysemu_singlestep(request)) { ^ kernel/ptrace.c:894:6: note: Branch condition evaluates to a garbage value if (need_siglock) ^~~~~~~~~~~~ Suppressed 51 warnings (50 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 19 warnings generated. Suppressed 19 warnings (19 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 46 warnings generated. Suppressed 46 warnings (46 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 37 warnings generated. Suppressed 37 warnings (37 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 38 warnings generated. Suppressed 38 warnings (38 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 46 warnings generated. fs/jfs/jfs_metapage.c:671:3: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(mp->data, 0, PSIZE); ^ include/linux/fortify-string.h:272:25: note: expanded from macro 'memset' #define memset(p, c, s) __fortify_memset_chk(p, c, s, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk' __underlying_memset(p, c, __fortify_size); \ ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset' #define __underlying_memset __builtin_memset ^~~~~~~~~~~~~~~~ fs/jfs/jfs_metapage.c:671:3: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(mp->data, 0, PSIZE); ^ include/linux/fortify-string.h:272:25: note: expanded from macro 'memset' #define memset(p, c, s) __fortify_memset_chk(p, c, s, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:265:2: note: expanded from macro '__fortify_memset_chk' __underlying_memset(p, c, __fortify_size); \ ^~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:47:29: note: expanded from macro '__underlying_memset' #define __underlying_memset __builtin_memset ^~~~~~~~~~~~~~~~ Suppressed 45 warnings (45 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 50 warnings generated. fs/jfs/jfs_logmgr.c:433:4: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(dst, src, nbytes); ^ include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy' #define memcpy(p, q, s) __fortify_memcpy_chk(p, q, s, \ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/fortify-string.h:362:2: note: expanded from macro '__fortify_memcpy_chk' __underlying_##op(p, q, __fortify_size); \ ^~~~~~~~~~~~~~~~~ note: expanded from here include/linux/fortify-string.h:45:29: note: expanded from macro '__underlying_memcpy' #define __underlying_memcpy __builtin_memcpy ^~~~~~~~~~~~~~~~ fs/jfs/jfs_logmgr.c:433:4: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(dst, src, nbytes); ^ include/linux/fortify-string.h:369:26: note: expanded from macro 'memcpy' vim +894 kernel/ptrace.c 36df29d7994180c Roland McGrath 2008-01-30 868 5b88abbf770a0e1 Roland McGrath 2008-01-30 869 if (is_singleblock(request)) { 5b88abbf770a0e1 Roland McGrath 2008-01-30 870 if (unlikely(!arch_has_block_step())) 5b88abbf770a0e1 Roland McGrath 2008-01-30 871 return -EIO; 5b88abbf770a0e1 Roland McGrath 2008-01-30 872 user_enable_block_step(child); 5b88abbf770a0e1 Roland McGrath 2008-01-30 873 } else if (is_singlestep(request) || is_sysemu_singlestep(request)) { 36df29d7994180c Roland McGrath 2008-01-30 874 if (unlikely(!arch_has_single_step())) 36df29d7994180c Roland McGrath 2008-01-30 875 return -EIO; 36df29d7994180c Roland McGrath 2008-01-30 876 user_enable_single_step(child); 3a709703538c471 Roland McGrath 2009-04-07 877 } else { 36df29d7994180c Roland McGrath 2008-01-30 878 user_disable_single_step(child); 3a709703538c471 Roland McGrath 2009-04-07 879 } 36df29d7994180c Roland McGrath 2008-01-30 880 b72c186999e689c Oleg Nesterov 2015-04-16 881 /* b72c186999e689c Oleg Nesterov 2015-04-16 882 * Change ->exit_code and ->state under siglock to avoid the race b72c186999e689c Oleg Nesterov 2015-04-16 883 * with wait_task_stopped() in between; a non-zero ->exit_code will b72c186999e689c Oleg Nesterov 2015-04-16 884 * wrongly look like another report from tracee. b72c186999e689c Oleg Nesterov 2015-04-16 885 * b72c186999e689c Oleg Nesterov 2015-04-16 886 * Note that we need siglock even if ->exit_code == data and/or this b72c186999e689c Oleg Nesterov 2015-04-16 887 * status was not reported yet, the new status must not be cleared by b72c186999e689c Oleg Nesterov 2015-04-16 888 * wait_task_stopped() after resume. b72c186999e689c Oleg Nesterov 2015-04-16 889 * b72c186999e689c Oleg Nesterov 2015-04-16 890 * If data == 0 we do not care if wait_task_stopped() reports the old b72c186999e689c Oleg Nesterov 2015-04-16 891 * status and clears the code too; this can't race with the tracee, it b72c186999e689c Oleg Nesterov 2015-04-16 892 * takes siglock after resume. b72c186999e689c Oleg Nesterov 2015-04-16 893 */ b72c186999e689c Oleg Nesterov 2015-04-16 @894 if (need_siglock) b72c186999e689c Oleg Nesterov 2015-04-16 895 spin_lock_irq(&child->sighand->siglock); 36df29d7994180c Roland McGrath 2008-01-30 896 child->exit_code = data; 0666fb51b1483f2 Oleg Nesterov 2011-05-25 897 wake_up_state(child, __TASK_TRACED); b72c186999e689c Oleg Nesterov 2015-04-16 898 if (need_siglock) b72c186999e689c Oleg Nesterov 2015-04-16 899 spin_unlock_irq(&child->sighand->siglock); 36df29d7994180c Roland McGrath 2008-01-30 900 36df29d7994180c Roland McGrath 2008-01-30 901 return 0; 36df29d7994180c Roland McGrath 2008-01-30 902 } 36df29d7994180c Roland McGrath 2008-01-30 903 -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
