From: Kees Cook <keescook@chromium.org>
To: Tycho Andersen <tycho.andersen@canonical.com>
Cc: Andy Lutomirski <luto@amacapital.net>,
Will Drewry <wad@chromium.org>,
Roland McGrath <roland@hack.frob.com>,
Pavel Emelyanov <xemul@parallels.com>,
"Serge E. Hallyn" <serge.hallyn@ubuntu.com>,
Oleg Nesterov <oleg@redhat.com>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [kees:seccomp/tip 2/2] kernel/ptrace.c:567:3: note: in expansion of macro 'if'
Date: Mon, 15 Jun 2015 15:25:39 -0700 [thread overview]
Message-ID: <CAGXu5j+1TXE3MzbrAu=0hHgmk4nfndQxZPzi7R+oKigP21pH9Q@mail.gmail.com> (raw)
In-Reply-To: <201506160626.KppQbBQV%fengguang.wu@intel.com>
Looks like dead-code elimination happens after structures are
accessed, so this needs to use the accessor. Sorry I missed this
earlier!
I've fixed it up as:
- if (current->seccomp.mode != SECCOMP_MODE_DISABLED ||
+ if (seccomp_mode(¤t->seccomp) != SECCOMP_MODE_DISABLED ||
-Kees
On Mon, Jun 15, 2015 at 3:13 PM, kbuild test robot
<fengguang.wu@intel.com> wrote:
> tree: git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git seccomp/tip
> head: 25234531b68b83b0a5967459613195a2ecc6b5b4
> commit: 25234531b68b83b0a5967459613195a2ecc6b5b4 [2/2] seccomp: add ptrace options for suspend/resume
> config: x86_64-randconfig-x005-201524 (attached as .config)
> reproduce:
> git checkout 25234531b68b83b0a5967459613195a2ecc6b5b4
> # save the attached .config to linux build tree
> make ARCH=x86_64
>
> All warnings (new ones prefixed by >>):
>
> In file included from include/uapi/linux/stddef.h:1:0,
> from include/linux/stddef.h:4,
> from include/uapi/linux/posix_types.h:4,
> from include/uapi/linux/types.h:13,
> from include/linux/types.h:5,
> from include/uapi/linux/capability.h:16,
> from include/linux/capability.h:15,
> from kernel/ptrace.c:10:
> kernel/ptrace.c: In function 'ptrace_setoptions':
> kernel/ptrace.c:567:23: error: 'struct seccomp' has no member named 'mode'
> if (current->seccomp.mode != SECCOMP_MODE_DISABLED ||
> ^
> include/linux/compiler.h:145:28: note: in definition of macro '__trace_if'
> if (__builtin_constant_p((cond)) ? !!(cond) : \
> ^
>>> kernel/ptrace.c:567:3: note: in expansion of macro 'if'
> if (current->seccomp.mode != SECCOMP_MODE_DISABLED ||
> ^
> kernel/ptrace.c:567:23: error: 'struct seccomp' has no member named 'mode'
> if (current->seccomp.mode != SECCOMP_MODE_DISABLED ||
> ^
> include/linux/compiler.h:145:40: note: in definition of macro '__trace_if'
> if (__builtin_constant_p((cond)) ? !!(cond) : \
> ^
>>> kernel/ptrace.c:567:3: note: in expansion of macro 'if'
> if (current->seccomp.mode != SECCOMP_MODE_DISABLED ||
> ^
> kernel/ptrace.c:567:23: error: 'struct seccomp' has no member named 'mode'
> if (current->seccomp.mode != SECCOMP_MODE_DISABLED ||
> ^
> include/linux/compiler.h:156:16: note: in definition of macro '__trace_if'
> ______r = !!(cond); \
> ^
>>> kernel/ptrace.c:567:3: note: in expansion of macro 'if'
> if (current->seccomp.mode != SECCOMP_MODE_DISABLED ||
> ^
>
> vim +/if +567 kernel/ptrace.c
>
> 551
> 552 static int ptrace_setoptions(struct task_struct *child, unsigned long data)
> 553 {
> 554 unsigned flags;
> 555
> 556 if (data & ~(unsigned long)PTRACE_O_MASK)
> 557 return -EINVAL;
> 558
> 559 if (unlikely(data & PTRACE_O_SUSPEND_SECCOMP)) {
> 560 if (!config_enabled(CONFIG_CHECKPOINT_RESTORE) ||
> 561 !config_enabled(CONFIG_SECCOMP))
> 562 return -EINVAL;
> 563
> 564 if (!capable(CAP_SYS_ADMIN))
> 565 return -EPERM;
> 566
> > 567 if (current->seccomp.mode != SECCOMP_MODE_DISABLED ||
> 568 current->ptrace & PT_SUSPEND_SECCOMP)
> 569 return -EPERM;
> 570 }
> 571
> 572 /* Avoid intermediate state when all opts are cleared */
> 573 flags = child->ptrace;
> 574 flags &= ~(PTRACE_O_MASK << PT_OPT_FLAG_SHIFT);
> 575 flags |= (data << PT_OPT_FLAG_SHIFT);
>
> ---
> 0-DAY kernel test infrastructure Open Source Technology Center
> http://lists.01.org/mailman/listinfo/kbuild Intel Corporation
--
Kees Cook
Chrome OS Security
next parent reply other threads:[~2015-06-15 22:25 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <201506160626.KppQbBQV%fengguang.wu@intel.com>
2015-06-15 22:25 ` Kees Cook [this message]
2015-06-15 22:30 ` [kees:seccomp/tip 2/2] kernel/ptrace.c:567:3: note: in expansion of macro 'if' Oleg Nesterov
2015-06-16 13:26 ` Tycho Andersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGXu5j+1TXE3MzbrAu=0hHgmk4nfndQxZPzi7R+oKigP21pH9Q@mail.gmail.com' \
--to=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=oleg@redhat.com \
--cc=roland@hack.frob.com \
--cc=serge.hallyn@ubuntu.com \
--cc=tycho.andersen@canonical.com \
--cc=wad@chromium.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.