From patchwork Thu Apr 1 22:13:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 413959 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 496B5C43616 for ; Thu, 1 Apr 2021 22:13:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 29A736105A for ; Thu, 1 Apr 2021 22:13:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236048AbhDAWNy (ORCPT ); Thu, 1 Apr 2021 18:13:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32982 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236115AbhDAWNc (ORCPT ); Thu, 1 Apr 2021 18:13:32 -0400 Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 13E12C0613A9 for ; Thu, 1 Apr 2021 15:13:30 -0700 (PDT) Received: by mail-pj1-x1035.google.com with SMTP id bt4so1847987pjb.5 for ; Thu, 01 Apr 2021 15:13:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Gl97oxPIVXZYcwzInna88mJV+71EBUvsRwHZJgUDTHE=; b=cjEHKO3ZTN3Ma1U7kUNTQIY3BEyXWR5Oiq3b1Ab399l4RaoR1D9Xfj7jh6gn8uHBc5 QKViE6iqhBpPP2P5EXXz7dFbfY3p8MmA7Jm5AlM8/D9y/MsBQcFarAjVOYPx0vfWbuj1 wk6jz/SWx7LmdwRz1IcgUz/6sRonpSFR7ttts= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Gl97oxPIVXZYcwzInna88mJV+71EBUvsRwHZJgUDTHE=; b=YK8GuPVT27om4WbmKqi3iauDXzK+5JjoaYsig5rYYBH0/6Q5SzytYC03GWldIGBfG1 EMDWGKoPBr9pEDwHOPdrwqW+e6NfevtBqwKQkiFJGJUAHmcj8UelP9gX2YWoQqsoJXdF cVXFSf/XdW6jt9M85a7oVIu1yQhHqyTJ7zHVFK36wXcwKR3M2dg+IgaOb7q3ZdOzNK7a x3TuJ4d72DCSKHyjg/mHYNxYLLgYMAIUKvBlj9XFqS9p0+v7+tlXS7oqFPnILBEfG4Y1 kNkf/pYnTT67rHIvHsNjOY6bNHIosmulmcBU6iJDMroKQjeD49tb6AGzMHuq1bh7Z3IQ 0stQ== X-Gm-Message-State: AOAM533VuTw1inNPLkjdhwn8mvXUS6cVrX2yzgfGdXGnGkitNMCa+hSX q1kPz2VVB/haOWQfYUWDfLn0nA== X-Google-Smtp-Source: ABdhPJy9ADuU0excc/0DZGu3CanfDu/XK6zyd+laHOepTuQ25LQdKdnPsZqD7XioexndWEgyKYLoXw== X-Received: by 2002:a17:902:8f8d:b029:e7:4a2f:1950 with SMTP id z13-20020a1709028f8db02900e74a2f1950mr9634785plo.77.1617315209867; Thu, 01 Apr 2021 15:13:29 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id y68sm7022290pgy.5.2021.04.01.15.13.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Apr 2021 15:13:28 -0700 (PDT) From: Kees Cook To: Greg Kroah-Hartman Cc: Kees Cook , Christoph Hellwig , Nathan Chancellor , Arnd Bergmann , Tejun Heo , Alexander Viro , "Rafael J. Wysocki" , Shuah Khan , Nathan Chancellor , Nick Desaulniers , Andrew Morton , Kefeng Wang , "Matthew Wilcox (Oracle)" , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kselftest@vger.kernel.org, clang-built-linux@googlegroups.com, Michal Hocko , Alexey Dobriyan , Lee Duncan , Chris Leech , Adam Nichols , linux-hardening@vger.kernel.org Subject: [PATCH v4 1/3] lkdtm/heap: Add vmalloc linear overflow test Date: Thu, 1 Apr 2021 15:13:18 -0700 Message-Id: <20210401221320.2717732-2-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210401221320.2717732-1-keescook@chromium.org> References: <20210401221320.2717732-1-keescook@chromium.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; g=970fea1dfc54675cf92960ed316cdea27f2a2b55; i=zAev4cjW2dHa2AXn2sZrbiZj58xWVMf9s1WNriwUPTo=; m=qJGeBnIdFmEfwvhoT9HcMsaZ+R0eVHz0QfuZfXAAVFA=; p=jblLmhd9kg9taPt5qJwEBeZbhf2U5OVB9wDFfWdvEwc= X-Patch-Sig: m=pgp; i=keescook@chromium.org; s=0x0x8972F4DFDC6DC026; b=iQIzBAABCgAdFiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmBmRX4ACgkQiXL039xtwCZE+hAAnIT uar89s8tk5F3KllVHos+dD9cu+MxDd8FCSDc61glKeq3AnFikTxoWcqrMRrZ/9bWse2ECMyXcUr2G ysUtjKS1/0RP3B2HvYQGOIaO/wQlNkz+55Tmpg/LjiUClRc1uHo27W/0Eo+MeSq54RpUE068a/df/ KIfZpK5b2kv9CZaIk75ZoMiaZ7v+gXmHhijoDN1CrE0K9OfopKWNCLA3f1bkPoStdaA+NHn6PK9Mo mYXcaOEMWLEtcte1ycFNdGEbsSt5O0uMsWUJRI5/fH6NDdWAReHY4CVTImbMDE7S3a+WkYU/nl5wk //eufaod6uCp7vYgXHvnI1DvVOpP7S7uzvDjvx4rL7r7aAWU3vPdbdntw6NXEchs8JnjAZ4BTLXz4 rEC6x4CcxYx6qoT9wgAgHTWSfhMsjCI13Crr4RLZzGLw9oToL60IEoS/2mlwG/+8DgJpKpdwbZqS4 Ka1j23mSyZksyTlOHM6HifEw1QX9rlB41FXJsVAjQIL/lyx/YAW/sUDccJKR3wqmZuesnTD+RbFZ0 4hlR0Q3INkv8RBBg/+lPd8hb9QwftkOxkGMQV0xqsYC81lN3IS+kAxNdgurRWeQzsOTMML37DD60G P9zP81gb39t43FvyY/LDuT2RKBAHd3ffyG2pbPP3v95Y1LhDRICP60gpJ/j+FQ6I= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Similar to the existing slab overflow and stack exhaustion tests, add VMALLOC_LINEAR_OVERFLOW (and rename the slab test SLAB_LINEAR_OVERFLOW). Signed-off-by: Kees Cook --- drivers/misc/lkdtm/core.c | 3 ++- drivers/misc/lkdtm/heap.c | 21 ++++++++++++++++++++- drivers/misc/lkdtm/lkdtm.h | 3 ++- tools/testing/selftests/lkdtm/tests.txt | 3 ++- 4 files changed, 26 insertions(+), 4 deletions(-) diff --git a/drivers/misc/lkdtm/core.c b/drivers/misc/lkdtm/core.c index b2aff4d87c01..c3a5ad21b3d2 100644 --- a/drivers/misc/lkdtm/core.c +++ b/drivers/misc/lkdtm/core.c @@ -119,7 +119,8 @@ static const struct crashtype crashtypes[] = { CRASHTYPE(UNALIGNED_LOAD_STORE_WRITE), CRASHTYPE(FORTIFY_OBJECT), CRASHTYPE(FORTIFY_SUBOBJECT), - CRASHTYPE(OVERWRITE_ALLOCATION), + CRASHTYPE(SLAB_LINEAR_OVERFLOW), + CRASHTYPE(VMALLOC_LINEAR_OVERFLOW), CRASHTYPE(WRITE_AFTER_FREE), CRASHTYPE(READ_AFTER_FREE), CRASHTYPE(WRITE_BUDDY_AFTER_FREE), diff --git a/drivers/misc/lkdtm/heap.c b/drivers/misc/lkdtm/heap.c index 1323bc16f113..5d491c22e09a 100644 --- a/drivers/misc/lkdtm/heap.c +++ b/drivers/misc/lkdtm/heap.c @@ -5,18 +5,37 @@ */ #include "lkdtm.h" #include +#include #include static struct kmem_cache *double_free_cache; static struct kmem_cache *a_cache; static struct kmem_cache *b_cache; +/* + * If there aren't guard pages, it's likely that a consecutive allocation will + * let us overflow into the second allocation without overwriting something real. + */ +void lkdtm_VMALLOC_LINEAR_OVERFLOW(void) +{ + char *one, *two; + + one = vzalloc(PAGE_SIZE); + two = vzalloc(PAGE_SIZE); + + pr_info("Attempting vmalloc linear overflow ...\n"); + memset(one, 0xAA, PAGE_SIZE + 1); + + vfree(two); + vfree(one); +} + /* * This tries to stay within the next largest power-of-2 kmalloc cache * to avoid actually overwriting anything important if it's not detected * correctly. */ -void lkdtm_OVERWRITE_ALLOCATION(void) +void lkdtm_SLAB_LINEAR_OVERFLOW(void) { size_t len = 1020; u32 *data = kmalloc(len, GFP_KERNEL); diff --git a/drivers/misc/lkdtm/lkdtm.h b/drivers/misc/lkdtm/lkdtm.h index 5ae48c64df24..5a852d0beee0 100644 --- a/drivers/misc/lkdtm/lkdtm.h +++ b/drivers/misc/lkdtm/lkdtm.h @@ -38,7 +38,8 @@ void lkdtm_FORTIFY_SUBOBJECT(void); /* heap.c */ void __init lkdtm_heap_init(void); void __exit lkdtm_heap_exit(void); -void lkdtm_OVERWRITE_ALLOCATION(void); +void lkdtm_VMALLOC_LINEAR_OVERFLOW(void); +void lkdtm_SLAB_LINEAR_OVERFLOW(void); void lkdtm_WRITE_AFTER_FREE(void); void lkdtm_READ_AFTER_FREE(void); void lkdtm_WRITE_BUDDY_AFTER_FREE(void); diff --git a/tools/testing/selftests/lkdtm/tests.txt b/tools/testing/selftests/lkdtm/tests.txt index 11ef159be0fd..322a1d2439e3 100644 --- a/tools/testing/selftests/lkdtm/tests.txt +++ b/tools/testing/selftests/lkdtm/tests.txt @@ -15,7 +15,8 @@ UNSET_SMEP CR4 bits went missing DOUBLE_FAULT CORRUPT_PAC UNALIGNED_LOAD_STORE_WRITE -#OVERWRITE_ALLOCATION Corrupts memory on failure +VMALLOC_LINEAR_OVERFLOW +SLAB_LINEAR_OVERFLOW #WRITE_AFTER_FREE Corrupts memory on failure READ_AFTER_FREE #WRITE_BUDDY_AFTER_FREE Corrupts memory on failure From patchwork Thu Apr 1 22:13:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 413664 Delivered-To: patch@linaro.org Received: by 2002:a02:8562:0:0:0:0:0 with SMTP id g89csp942231jai; Thu, 1 Apr 2021 15:13:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx3TW0QVA57hCVQWQ618vO9oZbgv8lxYrSubesxFDEZZWLudkcDV2+SvgbBJzU2hV9fK2cz X-Received: by 2002:a05:6e02:1d12:: with SMTP id i18mr8854075ila.238.1617315232824; Thu, 01 Apr 2021 15:13:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617315232; cv=none; d=google.com; s=arc-20160816; b=NQ8kJslyXJYvYqKmZjnhJguMfb6H113BZRFk3xwMWR4ch/4QZA4xaytrIIK0/YY0wO XvR57Dq/raHPYFwDbkZH7KFvcUb5EcfHUAfsbp3hNKCxBQlKnmqd8XlQmnBdQfyS1JFr /WzkgerMxoSfEXwzJB7w9Lch+NX3Dqa0x6abULQFKg9MFfWz5VoiadQH7jo3UT15xHbA 8o8O+sc4J1BY+oU7TasX2iqNkpPrK/BL1wCCpTvCYHVrMD+KFxshW29BpQNcqNdzJbrE hRVSyx0AKJ6HCp4t+lKSTjGyuvMJssrqYemycSo383W/aERw2usQv678uqdYeMuma+4l OFPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=+ed7VreEWmipFlx5jenlD6GzJkKJrcT4I8s/OqzA0i0=; b=Sy40tUiVg2UjtFqc33W7IS1mgU2CqsKoV/uKDbWSoZ1l4Tikg29Pp/Z661CDCMeWVN s7A6Ffv4EPr1aevDLYj2dUTT1JfLlSFLdxMf9vURG+rHbGa5vmPwlmkLVpAYZAZud9ig 5tFPXSgsNSc9MkG3g9BsALa4B7O5G7gKt0zhQJQoqTlUAEkbLcdOw3PcTiMrBY8E4M8+ 7aAhxq5pu8I/eMoipa/gPCoHGtLe+ZADn1LjenDi5jCjy/2gjJJOriEMJg0UHq0VVndC Qd5JcCJLGTF9Dj0T4OgpN5H+VPdeksN7xgHfeAdbdDUI2wTWf4H6+1Lx5Y0MWnYqN6FN nPSw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=MVcoIZrQ; spf=pass (google.com: domain of linux-kselftest-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kselftest-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z5si5380868ilh.73.2021.04.01.15.13.52; Thu, 01 Apr 2021 15:13:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kselftest-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=MVcoIZrQ; spf=pass (google.com: domain of linux-kselftest-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kselftest-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234832AbhDAWNv (ORCPT + 5 others); Thu, 1 Apr 2021 18:13:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32990 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236110AbhDAWNc (ORCPT ); Thu, 1 Apr 2021 18:13:32 -0400 Received: from mail-pf1-x42d.google.com (mail-pf1-x42d.google.com [IPv6:2607:f8b0:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2F52C061797 for ; Thu, 1 Apr 2021 15:13:31 -0700 (PDT) Received: by mail-pf1-x42d.google.com with SMTP id j25so2434993pfe.2 for ; Thu, 01 Apr 2021 15:13:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=+ed7VreEWmipFlx5jenlD6GzJkKJrcT4I8s/OqzA0i0=; b=MVcoIZrQlvVcmQw6Q7zTf+TL+LvBevTMEQM/sQTCGQdJRCHkODdqFrhlGlyLtPQqO1 MqHhedF01mipbWimf0tiEub58/KFZfgwlOONe0rNFLv51Kzf9OKCuFr4BVNfwnOa7TvX 3RuK52nBjEPN4VfjR6vNPNYljfKr3XLRrUlBQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+ed7VreEWmipFlx5jenlD6GzJkKJrcT4I8s/OqzA0i0=; b=BTfJOIECAERjPJdr0Pj+YMd3xXFH3fIqXU87kJELiYSxt2qICJfeWyEVFwj40znD19 kxRJPlPpfcPt8DIM708GdeqcrYQ3cEj4wWuCawTh4w7s1IFbNOD1bycGparnjl/DmTHm djrUg4aWZ1p/Z+m5HrjvRmtnPvKfIH7bzEZt+IKLPDm2RmkIbGRMur24H83qkDopgs/H AX4qC8MJnMpwLS/AsN5gfejR0CcxomMkPo3jRhrQ9FhTGwRrazv7EQTj3fQETmNWvbyE 8T8He/ZrWV2w5Cjk5SixA0Uvru5jiFqYNZr6Yz1eUKs8XbSsAYhS2xBsOCpQbgYfhJxO MQ1A== X-Gm-Message-State: AOAM531BaZOieUppiM6vZOBCWI9nsjpEkci23a3+kgwvveEW+TQ4gh0l +Bk8EmXpuigohft0Q9opS7PuUQ== X-Received: by 2002:a62:2742:0:b029:222:b711:3324 with SMTP id n63-20020a6227420000b0290222b7113324mr9372178pfn.7.1617315211421; Thu, 01 Apr 2021 15:13:31 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id fr23sm6380245pjb.22.2021.04.01.15.13.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Apr 2021 15:13:29 -0700 (PDT) From: Kees Cook To: Greg Kroah-Hartman Cc: Kees Cook , Arnd Bergmann , Christoph Hellwig , Nathan Chancellor , Tejun Heo , Alexander Viro , "Rafael J. Wysocki" , Shuah Khan , Nathan Chancellor , Nick Desaulniers , Andrew Morton , Kefeng Wang , "Matthew Wilcox (Oracle)" , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kselftest@vger.kernel.org, clang-built-linux@googlegroups.com, Michal Hocko , Alexey Dobriyan , Lee Duncan , Chris Leech , Adam Nichols , linux-hardening@vger.kernel.org Subject: [PATCH v4 2/3] seq_file: Fix clang warning for NULL pointer arithmetic Date: Thu, 1 Apr 2021 15:13:19 -0700 Message-Id: <20210401221320.2717732-3-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210401221320.2717732-1-keescook@chromium.org> References: <20210401221320.2717732-1-keescook@chromium.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; g=072ba8d0292080bbec63f540b8a7b8f4388d46e0; i=X28+TLSj6UAzyfUwM6ASBpL0O+6znj4kpkRLU6W477w=; m=BVZ7UGjppHc9pxpbNOtE+k2Mc/TPPXIP/bm3a5RPhjA=; p=bMQkNyH1GTm6eEjiE8Zl6RhCNwohxteBG+pqB7gCs1I= X-Patch-Sig: m=pgp; i=arnd@arndb.de; s=0x0x8972F4DFDC6DC026; b=iQIzBAABCgAdFiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmBmRX8ACgkQiXL039xtwCaLMg/+Lhx pOKAP38pEErrYMo+5DOvXlMaNUoctJ8O82UArlKz1tK0WnGh/2r6wsUb57mBRxiEm1Fqs4js4duAl kR7kxnB0PYJgEVpDX2mbErnsMYYEpTK2OPrFPfuXpogkv7ZzBTR8dfQwxETzu+yBfjnn1DmRNqIVF j9TrK2uBIE7lwsIWWyEuuEVYoZ68xhrJ9IrQ1ZLE5fA4VF/woqhbJKXQAUimIgUO6mvg9OJpISbWs CYQxi2njTOqAtu8mSsyhsuBuW8KV+G/PeM0oSqythjF6LKzULC86d3WEH6aEazn2znU7/frImFMxl UhkTHmOfkr/tMJyxO8jDuPjpXytP0fmIkpOSgNIh7PlQgLWXf5+OkbCoU/WSTY1jR27M7+HAvGd7Q C9hYO6odGUvbXgyGVaruHYEZfTQ/1Mym/duFmytroX4JG8bnj5gVv9L01vETRRa9WSeP6Fj8vzxoA ko6fy/Oq77nJ2SiA//Z1h3wNCzGagcTHRAh96xkDD1FzytY3Hjb8tbTwBZsYvlmvjQnyscKPBUPHc N8EC5Bc7vZPFKzPf53UMw/NirSq1etb50K5J7aWmAbmgJm+qryafE51E/Xvd/uaOrzjdypKRhuxGN uCHmvLBr6U1WaTio88kV78F55LIb9pgl0iVP+4UV7wscGidMpLzJGIVSeO8qaN5w= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org From: Arnd Bergmann Clang points out that adding something to NULL is not allowed in standard C: fs/kernfs/file.c:127:15: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] return NULL + !*ppos; ~~~~ ^ fs/seq_file.c:529:14: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic] return NULL + (*pos == 0); Rephrase the code to be extra explicit about the valid, giving them named SEQ_OPEN_EOF and SEQ_OPEN_SINGLE definitions. The instance in kernfs was copied from single_start, so fix both at once. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Fixes: c2b19daf6760 ("sysfs, kernfs: prepare read path for kernfs") Reviewed-by: Christoph Hellwig Reviewed-by: Nathan Chancellor Signed-off-by: Arnd Bergmann Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20201028151202.3074398-1-arnd@kernel.org --- fs/kernfs/file.c | 9 ++++++--- fs/seq_file.c | 5 ++++- include/linux/seq_file.h | 6 ++++++ 3 files changed, 16 insertions(+), 4 deletions(-) -- 2.25.1 diff --git a/fs/kernfs/file.c b/fs/kernfs/file.c index c75719312147..721bcbc1d4d0 100644 --- a/fs/kernfs/file.c +++ b/fs/kernfs/file.c @@ -122,10 +122,13 @@ static void *kernfs_seq_start(struct seq_file *sf, loff_t *ppos) return next; } else { /* - * The same behavior and code as single_open(). Returns - * !NULL if pos is at the beginning; otherwise, NULL. + * The same behavior and code as single_open(). Continues + * if pos is at the beginning; otherwise, NULL. */ - return NULL + !*ppos; + if (*ppos) + return NULL; + + return SEQ_OPEN_SINGLE; } } diff --git a/fs/seq_file.c b/fs/seq_file.c index cb11a34fb871..1b5bd95d0a48 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -542,7 +542,10 @@ EXPORT_SYMBOL(seq_dentry); static void *single_start(struct seq_file *p, loff_t *pos) { - return NULL + (*pos == 0); + if (*pos) + return NULL; + + return SEQ_OPEN_SINGLE; } static void *single_next(struct seq_file *p, void *v, loff_t *pos) diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h index b83b3ae3c877..51c870765bfd 100644 --- a/include/linux/seq_file.h +++ b/include/linux/seq_file.h @@ -37,6 +37,12 @@ struct seq_operations { #define SEQ_SKIP 1 +/* + * op->start must return a non-NULL pointer for single_open(), + * this is used when we don't care about the specific value. + */ +#define SEQ_OPEN_SINGLE ((void *)1) + /** * seq_has_overflowed - check if the buffer has overflowed * @m: the seq_file handle