The i386 build failures are noticed on Linux next-20240627 and next-20240628 tag. But the clang-18 builds pass.
Reported-by: Linux Kernel Functional Testing lkft@linaro.org
Regressions found on i386:
- gcc-8-i386_defconfig - gcc-13-defconfig
Build log: ------- fs/proc/task_mmu.c: In function 'do_procmap_query': fs/proc/task_mmu.c:598:48: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] 598 | if (karg.vma_name_size && copy_to_user((void __user *)karg.vma_name_addr, | ^ fs/proc/task_mmu.c:605:48: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] 605 | if (karg.build_id_size && copy_to_user((void __user *)karg.build_id_addr, | ^ cc1: all warnings being treated as errors
Steps to reproduce: ------- # tuxmake --runtime podman --target-arch i386 --toolchain gcc-13 --kconfig defconfig
metadata: ---- git_describe: next-20240628 git_repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next git_short_log: 1eb586a9782c ("Add linux-next specific files for 20240628") arch: i386 toolchain: gcc-13
Links: --- - https://storage.tuxsuite.com/public/linaro/lkft/builds/2iWYcW0sQJ6j62u46MNgQ... - https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20240628/tes... - https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20240628/tes...
-- Linaro LKFT https://lkft.linaro.org
On Mon, Jul 1, 2024, at 12:19, Naresh Kamboju wrote:
fs/proc/task_mmu.c: In function 'do_procmap_query': fs/proc/task_mmu.c:598:48: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] 598 | if (karg.vma_name_size && copy_to_user((void __user *)karg.vma_name_addr, | ^ fs/proc/task_mmu.c:605:48: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] 605 | if (karg.build_id_size && copy_to_user((void __user *)karg.build_id_addr, | ^ cc1: all warnings being treated as errors
There is already a fix in linux-next:
@@ -595,14 +595,14 @@ static int do_procmap_query(struct proc_maps_private *priv, void __user *uarg) query_vma_teardown(mm, vma); mmput(mm);
- if (karg.vma_name_size && copy_to_user((void __user *)karg.vma_name_addr, + if (karg.vma_name_size && copy_to_user((void __user *)(uintptr_t)karg.vma_name_addr, name, karg.vma_name_size)) { kfree(name_buf); return -EFAULT; }
This could be expressed slightly nicer using u64_to_user_ptr(), but functionally that is the same.
I also see a slight issue in the use of .compat_ioctl:
const struct file_operations proc_pid_maps_operations = { .open = pid_maps_open, .read = seq_read, .llseek = seq_lseek, .release = proc_map_release, + .unlocked_ioctl = procfs_procmap_ioctl, + .compat_ioctl = procfs_procmap_ioctl, };
Since the argument is always a pointer, this should be
.compat_ioctl = compat_ptr_ioctl,
In practice this is only relevant on 32-bit s390 tasks to sanitize the pointer value.
Arnd
On Mon, Jul 1, 2024 at 4:58 AM Arnd Bergmann arnd@arndb.de wrote:
On Mon, Jul 1, 2024, at 12:19, Naresh Kamboju wrote:
fs/proc/task_mmu.c: In function 'do_procmap_query': fs/proc/task_mmu.c:598:48: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] 598 | if (karg.vma_name_size && copy_to_user((void __user *)karg.vma_name_addr, | ^ fs/proc/task_mmu.c:605:48: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] 605 | if (karg.build_id_size && copy_to_user((void __user *)karg.build_id_addr, | ^ cc1: all warnings being treated as errors
There is already a fix in linux-next:
@@ -595,14 +595,14 @@ static int do_procmap_query(struct proc_maps_private *priv, void __user *uarg) query_vma_teardown(mm, vma); mmput(mm);
if (karg.vma_name_size && copy_to_user((void __user *)karg.vma_name_addr,
if (karg.vma_name_size && copy_to_user((void __user *)(uintptr_t)karg.vma_name_addr, name, karg.vma_name_size)) { kfree(name_buf); return -EFAULT; }This could be expressed slightly nicer using u64_to_user_ptr(), but functionally that is the same.
oh, of course we have a helper for that. I will update my patch, I don't think Andrew has applied it to mm-unstable just yet, thanks for suggestion!
I also see a slight issue in the use of .compat_ioctl:
const struct file_operations proc_pid_maps_operations = { .open = pid_maps_open, .read = seq_read, .llseek = seq_lseek, .release = proc_map_release,
.unlocked_ioctl = procfs_procmap_ioctl,.compat_ioctl = procfs_procmap_ioctl,};
Since the argument is always a pointer, this should be
.compat_ioctl = compat_ptr_ioctl,
Another thing I didn't know about, I'll send a patch to switch to this, thanks!
In practice this is only relevant on 32-bit s390 tasks to sanitize the pointer value.
Arnd
-
Andrii Nakryiko -
Arnd Bergmann -
Naresh Kamboju