Received: by 2002:a25:5b86:0:0:0:0:0 with SMTP id p128csp1840754ybb; Fri, 29 Mar 2019 12:26:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqzRTUfXgkPeJGX/FPe9GpYpb2dyYo7OTv4CianUctxvHndoz5YP/ljNQUY9tN46G7McZVcP X-Received: by 2002:a63:744b:: with SMTP id e11mr29447937pgn.327.1553887603627; Fri, 29 Mar 2019 12:26:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553887603; cv=none; d=google.com; s=arc-20160816; b=p6KIy3b5BEa6ayfCQ+KqBZbdMKw1MjgBy35bmTHoFfXdjaEfOLqYSwFYB/wNMjGI50 5yVFWkx0BYBbhMLR39hfhvkuhRwjbxEYPoSypyhgLauCWVUpLeVWUvW/RvJcny1g2TF3 vFXsS2yo7SeNHgQooakQfpOwn0EWENb81E7Ov7dH+TZSOdG/e3pb3cKAZcOXjMzkmha+ d07Qm8YHcriSs8xqAUXKtJtcUvUDzjZ68fWr78almZ9/ZIDirz56vxXdvR0CKIw7TD+w ohwcuPu7n3GbW69nfNFTb28807FOzSkg4LR8vV5lrSBMO6gjOu3oeu8LU5d5lPxlD0As YkuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Ai7XKZgRt/T3cY2YiqZQIBXBs886rmhRgPWUQtcZRmw=; b=SizgPBqugj3t0CB2IcO4IkyapFWSHx3Pl1VhSiMGlMML5a7FO57pzP7XnLFLRvTVBy pxrmRjeVEaYB5vn+07rakrx6tj7Fk2iZTUr1oAsGRlEnzI0UcFGYpMrDvTNO3O5228q4 I75A/oeHJ/rjkwwrTmh3RxDs0HzexSi3u2V9j43pHyuTDZLLkBlxc5rywFGmydlf7q3e v83mFPXxAaUQvlLfxVbNH60WYBSC/Z2Jb4lhlXIU7qJQue8/X7GB2ZV40INmpZO6qp7V dTBLIjVEpW2qn1kJG64U+Qx7zue/OdPGe23qATPbeCUgjkRLJ5JVVYOwotwI2ZScXuPT SSWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=TLio0A+I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q29si2541530pfi.98.2019.03.29.12.26.27; Fri, 29 Mar 2019 12:26:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=TLio0A+I; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729858AbfC2TZw (ORCPT + 99 others); Fri, 29 Mar 2019 15:25:52 -0400 Received: from mail-oi1-f196.google.com ([209.85.167.196]:43583 "EHLO mail-oi1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729747AbfC2TZw (ORCPT ); Fri, 29 Mar 2019 15:25:52 -0400 Received: by mail-oi1-f196.google.com with SMTP id t81so2540533oig.10 for ; Fri, 29 Mar 2019 12:25:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ai7XKZgRt/T3cY2YiqZQIBXBs886rmhRgPWUQtcZRmw=; b=TLio0A+INOKKREAsE1LDLQAHeBVetckhWH+5DWHTuyvRvW6Ck7KbM0gqkP9s5xt77k qd1LGFuk4AwyTM7y5iAAp/uGyUHpS7TsLvSHtTtXRb61Trplugz4S1LyWc1vIPYC5J2F CcJXj+Z6zh8+QGIj6FfhVuvdgG/AsfaJETfS9HJtu0qy2sHuEBqsdiY5pAVywoYAVFwj 8qngIKOV2QX3W1AdcZugOaX86+RBey5nIbQq53geTzmOW321cme4a7PjnmXW4Zut7H3a l9tV0J7cY/rCKpcI+C6V4hR5DPKKxC+DCo1ihKibB5dR1uRZPHq4M0NnWOKSLtpm51Z9 Dpjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ai7XKZgRt/T3cY2YiqZQIBXBs886rmhRgPWUQtcZRmw=; b=sUsuoOKsR+o4KfYJjVn9Q02dQ6MwAbk1dIdcc5eueeDf9uQyLBO3IRvq3fmSjhC2MT Cwk/GkfzNp3pG1oNR4KX8TBFOi8UrI8Nv8hTIijpVnpKtXMVcCWabA4/e0T3hAk2vmKN bjSG8z/m1GDe6nX/brD0ENfMqgE0IHWLgHOU2smxaKfslbUcJ97eILuKE71523nm6HX2 2rzAinDoEdoteQVA4QNLXdXfXotH9RDA6v5PZu7SpblKvbSH6TNSskGUIGPVAR8noYo+ 5V7V4PHEYoNV7Tr7Nzl1cCC1JF5xmVgmsVp0z2WOEwuz9ApDuMQk6ga03yt83hB3WuzN hI2A== X-Gm-Message-State: APjAAAXmdh4xnlOWffJ4Pash/sD4QEP1zdunvp+2hIUakMQksgaaTJ4v CjJ0R5tj9mRNZKySB8ZspsDBr7VHP1+tAzwfmkcQyA== X-Received: by 2002:aca:3806:: with SMTP id f6mr4628564oia.47.1553887551354; Fri, 29 Mar 2019 12:25:51 -0700 (PDT) MIME-Version: 1.0 References: <20190329163047.223508-1-jannh@google.com> <20190329163047.223508-3-jannh@google.com> <20190329180329.hl3t7a43sg3sshsf@ltop.local> In-Reply-To: <20190329180329.hl3t7a43sg3sshsf@ltop.local> From: Jann Horn Date: Fri, 29 Mar 2019 20:25:25 +0100 Message-ID: Subject: Re: [PATCH v2 3/4] x86/fpu: Fix __user annotations To: Luc Van Oostenryck , linux-sparse@vger.kernel.org Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , "the arch/x86 maintainers" , kernel list , Qiaowei Ren Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org +sparse list On Fri, Mar 29, 2019 at 7:03 PM Luc Van Oostenryck wrote: > > On Fri, Mar 29, 2019 at 05:30:46PM +0100, Jann Horn wrote: > > In save_xstate_epilog(), use __user when type-casting userspace pointers. > > > > In setup_sigcontext() and x32_setup_rt_frame(), perform explicit __force > > casts for converting userspace pointers to unsigned long; put_user_ex() > > already performs a cast, but without __force, which is required by sparse > > for conversions from userspace pointers to numbers. > > ... > > > diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c > > index 08dfd4c1a4f9..e13cd972f9af 100644 > > --- a/arch/x86/kernel/signal.c > > +++ b/arch/x86/kernel/signal.c > > @@ -206,7 +206,7 @@ int setup_sigcontext(struct sigcontext __user *sc, void __user *fpstate, > > put_user_ex(regs->ss, &sc->ss); > > #endif /* CONFIG_X86_32 */ > > > > - put_user_ex(fpstate, &sc->fpstate); > > + put_user_ex((unsigned long __force)fpstate, &sc->fpstate); > > The __force here is not needed and in fact meaningless as the address > space annotations and checks only concern pointers. By casting a > pointer to an unsigned long, all type info is lost anyway and thus > no address-space checks are performed. It's a bit like such casts > always have an implicit __force already included. Oooh, it's a sparse bug. So, without this, sparse complains: CHECK arch/x86/kernel/signal.c arch/x86/kernel/signal.c:209:17: warning: cast removes address space '' of expression arch/x86/kernel/signal.c:209:17: warning: cast removes address space '' of expression arch/x86/kernel/signal.c:209:17: warning: cast removes address space '' of expression arch/x86/kernel/signal.c:209:17: warning: cast removes address space '' of expression arch/x86/kernel/signal.c:572:17: warning: cast removes address space '' of expression arch/x86/kernel/signal.c:572:17: warning: cast removes address space '' of expression arch/x86/kernel/signal.c:572:17: warning: cast removes address space '' of expression arch/x86/kernel/signal.c:572:17: warning: cast removes address space '' of expression Apparently it's significant that the user pointer is stored as a __u64, and __u64 is defined as unsigned long long. By reducing this to a small testcase, I arrived at this: sparse-master$ nl jannh-typeof-number.c 1 #define __user __attribute__((noderef, address_space(1))) 2 static unsigned long a(void __user *fpstate) { 3 return (unsigned long long)fpstate; 4 } 5 static unsigned long b(void __user *fpstate) { 6 return (unsigned long)fpstate; 7 } 8 static unsigned long c(void __user *fpstate) { 9 return (unsigned int)fpstate; 10 } sparse-master$ ./sparse -Wall jannh-typeof-number.c jannh-typeof-number.c:3:11: warning: cast removes address space '' of expression jannh-typeof-number.c:9:11: warning: cast removes address space '' of expression sparse-master$ I'll have a look at sparse and try to come up with a patch if I can figure out what's going wrong.