Message ID | 20231109102658.2075547-1-wozizhi@huawei.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | [-next,V2] proc: support file->f_pos checking in mem_lseek | expand |
On Thu, Nov 09, 2023 at 06:26:58PM +0800, WoZ1zh1 wrote: > In mem_lseek, file->f_pos may overflow. And it's not a problem that > mem_open set file mode with FMODE_UNSIGNED_OFFSET(memory_lseek). However, > another file use mem_lseek do lseek can have not FMODE_UNSIGNED_OFFSET > (kpageflags_proc_ops/proc_pagemap_operations...), so in order to prevent > file->f_pos updated to an abnormal number, fix it by checking overflow and > FMODE_UNSIGNED_OFFSET. Umm... Is there any reasons why all of those shouldn't get FMODE_UNSIGNED_OFFSET as well?
Hi WoZ1zh1, kernel test robot noticed the following build warnings: [auto build test WARNING on next-20231108] url: https://github.com/intel-lab-lkp/linux/commits/WoZ1zh1/proc-support-file-f_pos-checking-in-mem_lseek/20231109-103353 base: next-20231108 patch link: https://lore.kernel.org/r/20231109102658.2075547-1-wozizhi%40huawei.com patch subject: [PATCH -next V2] proc: support file->f_pos checking in mem_lseek config: arc-randconfig-001-20231109 (https://download.01.org/0day-ci/archive/20231109/202311091307.k2L6reDL-lkp@intel.com/config) compiler: arc-elf-gcc (GCC) 13.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231109/202311091307.k2L6reDL-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202311091307.k2L6reDL-lkp@intel.com/ All warnings (new ones prefixed by >>): fs/proc/base.c: In function 'mem_lseek': >> fs/proc/base.c:911:24: warning: this statement may fall through [-Wimplicit-fallthrough=] 911 | offset += file->f_pos; | ~~~~~~~^~~~~~~~~~~~~~ fs/proc/base.c:912:9: note: here 912 | case SEEK_SET: | ^~~~ vim +911 fs/proc/base.c 903 904 loff_t mem_lseek(struct file *file, loff_t offset, int orig) 905 { 906 loff_t ret = 0; 907 908 spin_lock(&file->f_lock); 909 switch (orig) { 910 case SEEK_CUR: > 911 offset += file->f_pos; 912 case SEEK_SET: 913 /* to avoid userland mistaking f_pos=-9 as -EBADF=-9 */ 914 if ((unsigned long long)offset >= -MAX_ERRNO) 915 ret = -EOVERFLOW; 916 break; 917 default: 918 ret = -EINVAL; 919 } 920 if (!ret) { 921 if (offset < 0 && !(unsigned_offsets(file))) { 922 ret = -EINVAL; 923 } else { 924 file->f_pos = offset; 925 ret = file->f_pos; 926 force_successful_syscall_return(); 927 } 928 } 929 930 spin_unlock(&file->f_lock); 931 return ret; 932 } 933
Hi WoZ1zh1, kernel test robot noticed the following build warnings: [auto build test WARNING on next-20231108] url: https://github.com/intel-lab-lkp/linux/commits/WoZ1zh1/proc-support-file-f_pos-checking-in-mem_lseek/20231109-103353 base: next-20231108 patch link: https://lore.kernel.org/r/20231109102658.2075547-1-wozizhi%40huawei.com patch subject: [PATCH -next V2] proc: support file->f_pos checking in mem_lseek config: um-allnoconfig (https://download.01.org/0day-ci/archive/20231110/202311101239.ihy4cKpf-lkp@intel.com/config) compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project.git 4a5ac14ee968ff0ad5d2cc1ffa0299048db4c88a) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231110/202311101239.ihy4cKpf-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202311101239.ihy4cKpf-lkp@intel.com/ All warnings (new ones prefixed by >>): In file included from fs/proc/base.c:68: In file included from include/linux/swap.h:9: In file included from include/linux/memcontrol.h:13: In file included from include/linux/cgroup.h:26: In file included from include/linux/kernel_stat.h:9: In file included from include/linux/interrupt.h:11: In file included from include/linux/hardirq.h:11: In file included from arch/um/include/asm/hardirq.h:5: In file included from include/asm-generic/hardirq.h:17: In file included from include/linux/irq.h:20: In file included from include/linux/io.h:13: In file included from arch/um/include/asm/io.h:24: include/asm-generic/io.h:547:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] 547 | val = __raw_readb(PCI_IOBASE + addr); | ~~~~~~~~~~ ^ include/asm-generic/io.h:560:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] 560 | val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr)); | ~~~~~~~~~~ ^ include/uapi/linux/byteorder/little_endian.h:37:51: note: expanded from macro '__le16_to_cpu' 37 | #define __le16_to_cpu(x) ((__force __u16)(__le16)(x)) | ^ In file included from fs/proc/base.c:68: In file included from include/linux/swap.h:9: In file included from include/linux/memcontrol.h:13: In file included from include/linux/cgroup.h:26: In file included from include/linux/kernel_stat.h:9: In file included from include/linux/interrupt.h:11: In file included from include/linux/hardirq.h:11: In file included from arch/um/include/asm/hardirq.h:5: In file included from include/asm-generic/hardirq.h:17: In file included from include/linux/irq.h:20: In file included from include/linux/io.h:13: In file included from arch/um/include/asm/io.h:24: include/asm-generic/io.h:573:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] 573 | val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr)); | ~~~~~~~~~~ ^ include/uapi/linux/byteorder/little_endian.h:35:51: note: expanded from macro '__le32_to_cpu' 35 | #define __le32_to_cpu(x) ((__force __u32)(__le32)(x)) | ^ In file included from fs/proc/base.c:68: In file included from include/linux/swap.h:9: In file included from include/linux/memcontrol.h:13: In file included from include/linux/cgroup.h:26: In file included from include/linux/kernel_stat.h:9: In file included from include/linux/interrupt.h:11: In file included from include/linux/hardirq.h:11: In file included from arch/um/include/asm/hardirq.h:5: In file included from include/asm-generic/hardirq.h:17: In file included from include/linux/irq.h:20: In file included from include/linux/io.h:13: In file included from arch/um/include/asm/io.h:24: include/asm-generic/io.h:584:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] 584 | __raw_writeb(value, PCI_IOBASE + addr); | ~~~~~~~~~~ ^ include/asm-generic/io.h:594:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] 594 | __raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr); | ~~~~~~~~~~ ^ include/asm-generic/io.h:604:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] 604 | __raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr); | ~~~~~~~~~~ ^ include/asm-generic/io.h:692:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] 692 | readsb(PCI_IOBASE + addr, buffer, count); | ~~~~~~~~~~ ^ include/asm-generic/io.h:700:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] 700 | readsw(PCI_IOBASE + addr, buffer, count); | ~~~~~~~~~~ ^ include/asm-generic/io.h:708:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] 708 | readsl(PCI_IOBASE + addr, buffer, count); | ~~~~~~~~~~ ^ include/asm-generic/io.h:717:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] 717 | writesb(PCI_IOBASE + addr, buffer, count); | ~~~~~~~~~~ ^ include/asm-generic/io.h:726:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] 726 | writesw(PCI_IOBASE + addr, buffer, count); | ~~~~~~~~~~ ^ include/asm-generic/io.h:735:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] 735 | writesl(PCI_IOBASE + addr, buffer, count); | ~~~~~~~~~~ ^ >> fs/proc/base.c:912:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] 912 | case SEEK_SET: | ^ fs/proc/base.c:912:2: note: insert '__attribute__((fallthrough));' to silence this warning 912 | case SEEK_SET: | ^ | __attribute__((fallthrough)); fs/proc/base.c:912:2: note: insert 'break;' to avoid fall-through 912 | case SEEK_SET: | ^ | break; 13 warnings generated. vim +912 fs/proc/base.c 903 904 loff_t mem_lseek(struct file *file, loff_t offset, int orig) 905 { 906 loff_t ret = 0; 907 908 spin_lock(&file->f_lock); 909 switch (orig) { 910 case SEEK_CUR: 911 offset += file->f_pos; > 912 case SEEK_SET: 913 /* to avoid userland mistaking f_pos=-9 as -EBADF=-9 */ 914 if ((unsigned long long)offset >= -MAX_ERRNO) 915 ret = -EOVERFLOW; 916 break; 917 default: 918 ret = -EINVAL; 919 } 920 if (!ret) { 921 if (offset < 0 && !(unsigned_offsets(file))) { 922 ret = -EINVAL; 923 } else { 924 file->f_pos = offset; 925 ret = file->f_pos; 926 force_successful_syscall_return(); 927 } 928 } 929 930 spin_unlock(&file->f_lock); 931 return ret; 932 } 933
I have missed fallthrough, and will fix it in V3. Thanks, Zizhi Wo 在 2023/11/10 12:34, kernel test robot 写道: > Hi WoZ1zh1, > > kernel test robot noticed the following build warnings: > > [auto build test WARNING on next-20231108] > > url: https://github.com/intel-lab-lkp/linux/commits/WoZ1zh1/proc-support-file-f_pos-checking-in-mem_lseek/20231109-103353 > base: next-20231108 > patch link: https://lore.kernel.org/r/20231109102658.2075547-1-wozizhi%40huawei.com > patch subject: [PATCH -next V2] proc: support file->f_pos checking in mem_lseek > config: um-allnoconfig (https://download.01.org/0day-ci/archive/20231110/202311101239.ihy4cKpf-lkp@intel.com/config) > compiler: clang version 17.0.0 (https://github.com/llvm/llvm-project.git 4a5ac14ee968ff0ad5d2cc1ffa0299048db4c88a) > reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231110/202311101239.ihy4cKpf-lkp@intel.com/reproduce) > > If you fix the issue in a separate patch/commit (i.e. not just a new version of > the same patch/commit), kindly add following tags > | Reported-by: kernel test robot <lkp@intel.com> > | Closes: https://lore.kernel.org/oe-kbuild-all/202311101239.ihy4cKpf-lkp@intel.com/ > > All warnings (new ones prefixed by >>): > > In file included from fs/proc/base.c:68: > In file included from include/linux/swap.h:9: > In file included from include/linux/memcontrol.h:13: > In file included from include/linux/cgroup.h:26: > In file included from include/linux/kernel_stat.h:9: > In file included from include/linux/interrupt.h:11: > In file included from include/linux/hardirq.h:11: > In file included from arch/um/include/asm/hardirq.h:5: > In file included from include/asm-generic/hardirq.h:17: > In file included from include/linux/irq.h:20: > In file included from include/linux/io.h:13: > In file included from arch/um/include/asm/io.h:24: > include/asm-generic/io.h:547:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] > 547 | val = __raw_readb(PCI_IOBASE + addr); > | ~~~~~~~~~~ ^ > include/asm-generic/io.h:560:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] > 560 | val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr)); > | ~~~~~~~~~~ ^ > include/uapi/linux/byteorder/little_endian.h:37:51: note: expanded from macro '__le16_to_cpu' > 37 | #define __le16_to_cpu(x) ((__force __u16)(__le16)(x)) > | ^ > In file included from fs/proc/base.c:68: > In file included from include/linux/swap.h:9: > In file included from include/linux/memcontrol.h:13: > In file included from include/linux/cgroup.h:26: > In file included from include/linux/kernel_stat.h:9: > In file included from include/linux/interrupt.h:11: > In file included from include/linux/hardirq.h:11: > In file included from arch/um/include/asm/hardirq.h:5: > In file included from include/asm-generic/hardirq.h:17: > In file included from include/linux/irq.h:20: > In file included from include/linux/io.h:13: > In file included from arch/um/include/asm/io.h:24: > include/asm-generic/io.h:573:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] > 573 | val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr)); > | ~~~~~~~~~~ ^ > include/uapi/linux/byteorder/little_endian.h:35:51: note: expanded from macro '__le32_to_cpu' > 35 | #define __le32_to_cpu(x) ((__force __u32)(__le32)(x)) > | ^ > In file included from fs/proc/base.c:68: > In file included from include/linux/swap.h:9: > In file included from include/linux/memcontrol.h:13: > In file included from include/linux/cgroup.h:26: > In file included from include/linux/kernel_stat.h:9: > In file included from include/linux/interrupt.h:11: > In file included from include/linux/hardirq.h:11: > In file included from arch/um/include/asm/hardirq.h:5: > In file included from include/asm-generic/hardirq.h:17: > In file included from include/linux/irq.h:20: > In file included from include/linux/io.h:13: > In file included from arch/um/include/asm/io.h:24: > include/asm-generic/io.h:584:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] > 584 | __raw_writeb(value, PCI_IOBASE + addr); > | ~~~~~~~~~~ ^ > include/asm-generic/io.h:594:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] > 594 | __raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr); > | ~~~~~~~~~~ ^ > include/asm-generic/io.h:604:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] > 604 | __raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr); > | ~~~~~~~~~~ ^ > include/asm-generic/io.h:692:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] > 692 | readsb(PCI_IOBASE + addr, buffer, count); > | ~~~~~~~~~~ ^ > include/asm-generic/io.h:700:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] > 700 | readsw(PCI_IOBASE + addr, buffer, count); > | ~~~~~~~~~~ ^ > include/asm-generic/io.h:708:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] > 708 | readsl(PCI_IOBASE + addr, buffer, count); > | ~~~~~~~~~~ ^ > include/asm-generic/io.h:717:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] > 717 | writesb(PCI_IOBASE + addr, buffer, count); > | ~~~~~~~~~~ ^ > include/asm-generic/io.h:726:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] > 726 | writesw(PCI_IOBASE + addr, buffer, count); > | ~~~~~~~~~~ ^ > include/asm-generic/io.h:735:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] > 735 | writesl(PCI_IOBASE + addr, buffer, count); > | ~~~~~~~~~~ ^ >>> fs/proc/base.c:912:2: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] > 912 | case SEEK_SET: > | ^ > fs/proc/base.c:912:2: note: insert '__attribute__((fallthrough));' to silence this warning > 912 | case SEEK_SET: > | ^ > | __attribute__((fallthrough)); > fs/proc/base.c:912:2: note: insert 'break;' to avoid fall-through > 912 | case SEEK_SET: > | ^ > | break; > 13 warnings generated. > > > vim +912 fs/proc/base.c > > 903 > 904 loff_t mem_lseek(struct file *file, loff_t offset, int orig) > 905 { > 906 loff_t ret = 0; > 907 > 908 spin_lock(&file->f_lock); > 909 switch (orig) { > 910 case SEEK_CUR: > 911 offset += file->f_pos; > > 912 case SEEK_SET: > 913 /* to avoid userland mistaking f_pos=-9 as -EBADF=-9 */ > 914 if ((unsigned long long)offset >= -MAX_ERRNO) > 915 ret = -EOVERFLOW; > 916 break; > 917 default: > 918 ret = -EINVAL; > 919 } > 920 if (!ret) { > 921 if (offset < 0 && !(unsigned_offsets(file))) { > 922 ret = -EINVAL; > 923 } else { > 924 file->f_pos = offset; > 925 ret = file->f_pos; > 926 force_successful_syscall_return(); > 927 } > 928 } > 929 > 930 spin_unlock(&file->f_lock); > 931 return ret; > 932 } > 933 >
diff --git a/fs/proc/base.c b/fs/proc/base.c index dd31e3b6bf77..0fd986e861d9 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -903,18 +903,32 @@ static ssize_t mem_write(struct file *file, const char __user *buf, loff_t mem_lseek(struct file *file, loff_t offset, int orig) { + loff_t ret = 0; + + spin_lock(&file->f_lock); switch (orig) { - case 0: - file->f_pos = offset; - break; - case 1: - file->f_pos += offset; + case SEEK_CUR: + offset += file->f_pos; + case SEEK_SET: + /* to avoid userland mistaking f_pos=-9 as -EBADF=-9 */ + if ((unsigned long long)offset >= -MAX_ERRNO) + ret = -EOVERFLOW; break; default: - return -EINVAL; + ret = -EINVAL; } - force_successful_syscall_return(); - return file->f_pos; + if (!ret) { + if (offset < 0 && !(unsigned_offsets(file))) { + ret = -EINVAL; + } else { + file->f_pos = offset; + ret = file->f_pos; + force_successful_syscall_return(); + } + } + + spin_unlock(&file->f_lock); + return ret; } static int mem_release(struct inode *inode, struct file *file) diff --git a/fs/read_write.c b/fs/read_write.c index 4771701c896b..2f456d5a1df5 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -34,11 +34,6 @@ const struct file_operations generic_ro_fops = { EXPORT_SYMBOL(generic_ro_fops); -static inline bool unsigned_offsets(struct file *file) -{ - return file->f_mode & FMODE_UNSIGNED_OFFSET; -} - /** * vfs_setpos - update the file offset for lseek * @file: file structure in question diff --git a/include/linux/fs.h b/include/linux/fs.h index 98b7a7a8c42e..dde0756d2350 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2994,7 +2994,10 @@ extern ssize_t iter_file_splice_write(struct pipe_inode_info *, extern long do_splice_direct(struct file *in, loff_t *ppos, struct file *out, loff_t *opos, size_t len, unsigned int flags); - +static inline bool unsigned_offsets(struct file *file) +{ + return file->f_mode & FMODE_UNSIGNED_OFFSET; +} extern void file_ra_state_init(struct file_ra_state *ra, struct address_space *mapping); extern loff_t noop_llseek(struct file *file, loff_t offset, int whence);
In mem_lseek, file->f_pos may overflow. And it's not a problem that mem_open set file mode with FMODE_UNSIGNED_OFFSET(memory_lseek). However, another file use mem_lseek do lseek can have not FMODE_UNSIGNED_OFFSET (kpageflags_proc_ops/proc_pagemap_operations...), so in order to prevent file->f_pos updated to an abnormal number, fix it by checking overflow and FMODE_UNSIGNED_OFFSET. Signed-off-by: WoZ1zh1 <wozizhi@huawei.com> --- fs/proc/base.c | 30 ++++++++++++++++++++++-------- fs/read_write.c | 5 ----- include/linux/fs.h | 5 ++++- 3 files changed, 26 insertions(+), 14 deletions(-)