The Intel build-bot detected a sparse warning with with a patch I posted a
couple of days ago that was accepted in the audit/next tree:
Subject: [linux-next:master 6689/6751] kernel/audit_watch.c:543:36: sparse: dereference of noderef expression
Date: Friday, August 07, 2015, 06:57:55 PM
From: kbuild test robot <[email protected]>
tree: git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head: e6455bc5b91f41f842f30465c9193320f0568707
commit: 2e3a8aeb63e5335d4f837d453787c71bcb479796 [6689/6751] Merge remote- tracking branch 'audit/next'
sparse warnings: (new ones prefixed by >>)
>> kernel/audit_watch.c:543:36: sparse: dereference of noderef expression
kernel/audit_watch.c:544:28: sparse: dereference of noderef expression
34d99af5 Richard Guy Briggs 2015-08-05 541 int audit_exe_compare(struct task_struct *tsk, struct audit_fsnotify_mark *mark)
34d99af5 Richard Guy Briggs 2015-08-05 542 {
34d99af5 Richard Guy Briggs 2015-08-05 @543 unsigned long ino = tsk->mm- >exe_file->f_inode->i_ino;
34d99af5 Richard Guy Briggs 2015-08-05 544 dev_t dev = tsk->mm->exe_file- >f_inode->i_sb->s_dev;
:::::: The code at line 543 was first introduced by commit
:::::: 34d99af52ad40bd498ba66970579a5bc1fb1a3bc audit: implement audit by executable
tsk->mm->exe_file requires RCU access. The warning was reproduceable by adding
"C=1 CF=-D__CHECK_ENDIAN__" to the build command, and verified eliminated with
this patch.
Signed-off-by: Richard Guy Briggs <[email protected]>
---
kernel/audit_watch.c | 12 +++++++++---
1 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 1255dbf..656c7e9 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -540,8 +540,14 @@ int audit_dupe_exe(struct audit_krule *new, struct audit_krule *old)
int audit_exe_compare(struct task_struct *tsk, struct audit_fsnotify_mark *mark)
{
- unsigned long ino = tsk->mm->exe_file->f_inode->i_ino;
- dev_t dev = tsk->mm->exe_file->f_inode->i_sb->s_dev;
-
+ struct file *exe_file;
+ unsigned long ino;
+ dev_t dev;
+
+ rcu_read_lock();
+ exe_file = rcu_dereference(tsk->mm->exe_file);
+ ino = exe_file->f_inode->i_ino;
+ dev = exe_file->f_inode->i_sb->s_dev;
+ rcu_read_unlock();
return audit_mark_compare(mark, ino, dev);
}
--
1.7.1
On Saturday, August 08, 2015 10:20:25 AM Richard Guy Briggs wrote:
> diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> index 1255dbf..656c7e9 100644
> --- a/kernel/audit_watch.c
> +++ b/kernel/audit_watch.c
> @@ -540,8 +540,14 @@ int audit_dupe_exe(struct audit_krule *new, struct
> audit_krule *old)
>
> int audit_exe_compare(struct task_struct *tsk, struct audit_fsnotify_mark
> *mark) {
> - unsigned long ino = tsk->mm->exe_file->f_inode->i_ino;
> - dev_t dev = tsk->mm->exe_file->f_inode->i_sb->s_dev;
> -
> + struct file *exe_file;
> + unsigned long ino;
> + dev_t dev;
> +
> + rcu_read_lock();
> + exe_file = rcu_dereference(tsk->mm->exe_file);
This line is triggering a sparse error on my system:
# make C=1 M=kernel
...
CHECK kernel/audit_watch.c
kernel/audit_watch.c:548:20: error: incompatible types in comparison
expression (different address spaces)
For the record I'm using gcc v4.9.3 and sparse v0.5.0.
> + ino = exe_file->f_inode->i_ino;
> + dev = exe_file->f_inode->i_sb->s_dev;
> + rcu_read_unlock();
> return audit_mark_compare(mark, ino, dev);
> }
--
paul moore
security @ redhat
On 15/08/10, Paul Moore wrote:
> On Saturday, August 08, 2015 10:20:25 AM Richard Guy Briggs wrote:
> > diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> > index 1255dbf..656c7e9 100644
> > --- a/kernel/audit_watch.c
> > +++ b/kernel/audit_watch.c
> > @@ -540,8 +540,14 @@ int audit_dupe_exe(struct audit_krule *new, struct
> > audit_krule *old)
> >
> > int audit_exe_compare(struct task_struct *tsk, struct audit_fsnotify_mark
> > *mark) {
> > - unsigned long ino = tsk->mm->exe_file->f_inode->i_ino;
> > - dev_t dev = tsk->mm->exe_file->f_inode->i_sb->s_dev;
> > -
> > + struct file *exe_file;
> > + unsigned long ino;
> > + dev_t dev;
> > +
> > + rcu_read_lock();
> > + exe_file = rcu_dereference(tsk->mm->exe_file);
>
> This line is triggering a sparse error on my system:
>
> # make C=1 M=kernel
> ...
> CHECK kernel/audit_watch.c
> kernel/audit_watch.c:548:20: error: incompatible types in comparison
> expression (different address spaces)
That's odd. I got this complaint when I had forgotten to add the
rcu_dereference() call, but not in its current state. Mind you, I get
swamped with errors and warnings from all over the system (starting with
ptrace.c, signal.c, exit.c, fork.c, audit.c, ftrace.c,
selinux/netnode.c, ...) when I add
"M=kernel" to my build command, so I start to wonder how valid that
result is or that flag. Where is M=kernel documented?
> For the record I'm using gcc v4.9.3 and sparse v0.5.0.
gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-11)
sparse 0.4.4-7.el6
> > + ino = exe_file->f_inode->i_ino;
> > + dev = exe_file->f_inode->i_sb->s_dev;
> > + rcu_read_unlock();
> > return audit_mark_compare(mark, ino, dev);
> > }
>
> --
> paul moore
> security @ redhat
>
- RGB
--
Richard Guy Briggs <[email protected]>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
On Monday, August 10, 2015 01:29:43 PM Richard Guy Briggs wrote:
> On 15/08/10, Paul Moore wrote:
> > On Saturday, August 08, 2015 10:20:25 AM Richard Guy Briggs wrote:
> > > diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> > > index 1255dbf..656c7e9 100644
> > > --- a/kernel/audit_watch.c
> > > +++ b/kernel/audit_watch.c
> > > @@ -540,8 +540,14 @@ int audit_dupe_exe(struct audit_krule *new, struct
> > > audit_krule *old)
> > >
> > > int audit_exe_compare(struct task_struct *tsk, struct
> > > audit_fsnotify_mark
> > >
> > > *mark) {
> > > - unsigned long ino = tsk->mm->exe_file->f_inode->i_ino;
> > > - dev_t dev = tsk->mm->exe_file->f_inode->i_sb->s_dev;
> > > -
> > > + struct file *exe_file;
> > > + unsigned long ino;
> > > + dev_t dev;
> > > +
> > > + rcu_read_lock();
> > > + exe_file = rcu_dereference(tsk->mm->exe_file);
> >
> > This line is triggering a sparse error on my system:
> > # make C=1 M=kernel
> > ...
> >
> > CHECK kernel/audit_watch.c
> >
> > kernel/audit_watch.c:548:20: error: incompatible types in comparison
> > expression (different address spaces)
>
> That's odd. I got this complaint when I had forgotten to add the
> rcu_dereference() call, but not in its current state. Mind you, I get
> swamped with errors and warnings from all over the system (starting with
> ptrace.c, signal.c, exit.c, fork.c, audit.c, ftrace.c,
> selinux/netnode.c, ...) when I add
> "M=kernel" to my build command, so I start to wonder how valid that
> result is or that flag. Where is M=kernel documented?
I don't remember anymore, it's something I've been using so long that I've
forgotten where I first learned of it. The "M=<X>" flag signals that you only
want to build a specific module/directory, e.g. M=kernel builds everything
under kernel/ whereas M=security/selinux builds everything under
security/selinux.
So you don't see this error?
--
paul moore
security @ redhat
On 15/08/10, Paul Moore wrote:
> On Monday, August 10, 2015 01:29:43 PM Richard Guy Briggs wrote:
> > On 15/08/10, Paul Moore wrote:
> > > On Saturday, August 08, 2015 10:20:25 AM Richard Guy Briggs wrote:
> > > > diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> > > > index 1255dbf..656c7e9 100644
> > > > --- a/kernel/audit_watch.c
> > > > +++ b/kernel/audit_watch.c
> > > > @@ -540,8 +540,14 @@ int audit_dupe_exe(struct audit_krule *new, struct
> > > > audit_krule *old)
> > > >
> > > > int audit_exe_compare(struct task_struct *tsk, struct
> > > > audit_fsnotify_mark
> > > >
> > > > *mark) {
> > > > - unsigned long ino = tsk->mm->exe_file->f_inode->i_ino;
> > > > - dev_t dev = tsk->mm->exe_file->f_inode->i_sb->s_dev;
> > > > -
> > > > + struct file *exe_file;
> > > > + unsigned long ino;
> > > > + dev_t dev;
> > > > +
> > > > + rcu_read_lock();
> > > > + exe_file = rcu_dereference(tsk->mm->exe_file);
> > >
> > > This line is triggering a sparse error on my system:
> > > # make C=1 M=kernel
> > > ...
> > >
> > > CHECK kernel/audit_watch.c
> > >
> > > kernel/audit_watch.c:548:20: error: incompatible types in comparison
> > > expression (different address spaces)
> >
> > That's odd. I got this complaint when I had forgotten to add the
> > rcu_dereference() call, but not in its current state. Mind you, I get
> > swamped with errors and warnings from all over the system (starting with
> > ptrace.c, signal.c, exit.c, fork.c, audit.c, ftrace.c,
> > selinux/netnode.c, ...) when I add
> > "M=kernel" to my build command, so I start to wonder how valid that
> > result is or that flag. Where is M=kernel documented?
>
> I don't remember anymore, it's something I've been using so long that I've
> forgotten where I first learned of it. The "M=<X>" flag signals that you only
> want to build a specific module/directory, e.g. M=kernel builds everything
> under kernel/ whereas M=security/selinux builds everything under
> security/selinux.
>
> So you don't see this error?
No, I don't, but I see a number of unrelated ones that I will address in time...
> paul moore
- RGB
--
Richard Guy Briggs <[email protected]>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
On 15/08/11, Richard Guy Briggs wrote:
> On 15/08/10, Paul Moore wrote:
> > On Monday, August 10, 2015 01:29:43 PM Richard Guy Briggs wrote:
> > > On 15/08/10, Paul Moore wrote:
> > > > On Saturday, August 08, 2015 10:20:25 AM Richard Guy Briggs wrote:
> > > > > diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
> > > > > index 1255dbf..656c7e9 100644
> > > > > --- a/kernel/audit_watch.c
> > > > > +++ b/kernel/audit_watch.c
> > > > > @@ -540,8 +540,14 @@ int audit_dupe_exe(struct audit_krule *new, struct
> > > > > audit_krule *old)
> > > > >
> > > > > int audit_exe_compare(struct task_struct *tsk, struct
> > > > > audit_fsnotify_mark
> > > > >
> > > > > *mark) {
> > > > > - unsigned long ino = tsk->mm->exe_file->f_inode->i_ino;
> > > > > - dev_t dev = tsk->mm->exe_file->f_inode->i_sb->s_dev;
> > > > > -
> > > > > + struct file *exe_file;
> > > > > + unsigned long ino;
> > > > > + dev_t dev;
> > > > > +
> > > > > + rcu_read_lock();
> > > > > + exe_file = rcu_dereference(tsk->mm->exe_file);
> > > >
> > > > This line is triggering a sparse error on my system:
> > > > # make C=1 M=kernel
> > > > ...
> > > >
> > > > CHECK kernel/audit_watch.c
> > > >
> > > > kernel/audit_watch.c:548:20: error: incompatible types in comparison
> > > > expression (different address spaces)
> > >
> > > That's odd. I got this complaint when I had forgotten to add the
> > > rcu_dereference() call, but not in its current state. Mind you, I get
> > > swamped with errors and warnings from all over the system (starting with
> > > ptrace.c, signal.c, exit.c, fork.c, audit.c, ftrace.c,
> > > selinux/netnode.c, ...) when I add
> > > "M=kernel" to my build command, so I start to wonder how valid that
> > > result is or that flag. Where is M=kernel documented?
> >
> > I don't remember anymore, it's something I've been using so long that I've
> > forgotten where I first learned of it. The "M=<X>" flag signals that you only
> > want to build a specific module/directory, e.g. M=kernel builds everything
> > under kernel/ whereas M=security/selinux builds everything under
> > security/selinux.
> >
> > So you don't see this error?
>
> No, I don't, but I see a number of unrelated ones that I will address in time...
Do you plan to push this fix to next?
> > paul moore
>
> - RGB
- RGB
--
Richard Guy Briggs <[email protected]>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
On Wednesday, August 12, 2015 05:48:48 AM Richard Guy Briggs wrote:
>
> Do you plan to push this fix to next?
Patience. Yes, I'll be pushing this to next sometime this week; as usual I'll
send mail when I do.
--
paul moore
security @ redhat
On 15/08/12, Paul Moore wrote:
> On Wednesday, August 12, 2015 05:48:48 AM Richard Guy Briggs wrote:
> >
> > Do you plan to push this fix to next?
>
> Patience. Yes, I'll be pushing this to next sometime this week; as usual I'll
> send mail when I do.
Ok, no problem, I'm not rushing. I was unsure what your intentions were
or whether there was more to do to help it happen.
> paul moore
- RGB
--
Richard Guy Briggs <[email protected]>
Senior Software Engineer, Kernel Security, AMER ENG Base Operating Systems, Red Hat
Remote, Ottawa, Canada
Voice: +1.647.777.2635, Internal: (81) 32635, Alt: +1.613.693.0684x3545
On Wednesday, August 12, 2015 11:19:44 AM Richard Guy Briggs wrote:
> On 15/08/12, Paul Moore wrote:
> > On Wednesday, August 12, 2015 05:48:48 AM Richard Guy Briggs wrote:
> > > Do you plan to push this fix to next?
> >
> > Patience. Yes, I'll be pushing this to next sometime this week; as usual
> > I'll send mail when I do.
>
> Ok, no problem, I'm not rushing. I was unsure what your intentions were
> or whether there was more to do to help it happen.
It's merged. I still don't know why I'm seeing that error, but the patch is
obviously correct so I'm just going to merge it anyway and chalk it up to some
compiler/sparse oddity.
As far as patch follow-ups, if you haven't heard back from me after four days
or so (yes, that is as arbitrary as it sounds), it isn't a bad idea to send a
follow-up, especially if it is a critical patch, to make sure I've seen the
patch (things do occasionally fall through the cracks). However, if it is
only been a day or two and I haven't responded, rest assured I've likely seen
your patch I'm just dealing with something else at the moment and haven't had
the time to review/comment/merge your patch.
--
paul moore
security @ redhat