tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

livepatch/samples/selftest: Use klp_shadow_alloc() API correctly

The commit e91c2518a5d22a ("livepatch: Initialize shadow variables
safely by a custom callback") leads to the following static checker
warning:

samples/livepatch/livepatch-shadow-fix1.c:86 livepatch_fix1_dummy_alloc()
error: 'klp_shadow_alloc()' 'leak' too small (4 vs 8)

It is because klp_shadow_alloc() is used a wrong way:

int *leak;
shadow_leak = klp_shadow_alloc(d, SV_LEAK, sizeof(leak), GFP_KERNEL,
shadow_leak_ctor, leak);

The code is supposed to store the "leak" pointer into the shadow variable.
3rd parameter correctly passes size of the data (size of pointer). But
the 5th parameter is wrong. It should pass pointer to the data (pointer
to the pointer) but it passes the pointer directly.

It works because shadow_leak_ctor() handle "ctor_data" as the data
instead of pointer to the data. But it is semantically wrong and
confusing.

The same problem is also in the module used by selftests. In this case,
"pvX" variables are introduced. They represent the data stored in
the shadow variables.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Reviewed-by: Joe Lawrence <joe.lawrence@redhat.com>
Acked-by: Miroslav Benes <mbenes@suse.cz>
Reviewed-by: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>

authored by

Petr Mladek and committed by
Jiri Kosina be6da984 c24c57a4

+36 -25
+30 -22
lib/livepatch/test_klp_shadow_vars.c
··· 73 73 gfp_t gfp_flags, klp_shadow_ctor_t ctor, 74 74 void *ctor_data) 75 75 { 76 - int *var = ctor_data; 76 + int **var = ctor_data; 77 77 int **sv; 78 78 79 79 sv = klp_shadow_alloc(obj, id, size, gfp_flags, ctor, var); 80 80 pr_info("klp_%s(obj=PTR%d, id=0x%lx, size=%zx, gfp_flags=%pGg), ctor=PTR%d, ctor_data=PTR%d = PTR%d\n", 81 81 __func__, ptr_id(obj), id, size, &gfp_flags, ptr_id(ctor), 82 - ptr_id(var), ptr_id(sv)); 82 + ptr_id(*var), ptr_id(sv)); 83 83 84 84 return sv; 85 85 } ··· 88 88 gfp_t gfp_flags, klp_shadow_ctor_t ctor, 89 89 void *ctor_data) 90 90 { 91 - int *var = ctor_data; 91 + int **var = ctor_data; 92 92 int **sv; 93 93 94 94 sv = klp_shadow_get_or_alloc(obj, id, size, gfp_flags, ctor, var); 95 95 pr_info("klp_%s(obj=PTR%d, id=0x%lx, size=%zx, gfp_flags=%pGg), ctor=PTR%d, ctor_data=PTR%d = PTR%d\n", 96 96 __func__, ptr_id(obj), id, size, &gfp_flags, ptr_id(ctor), 97 - ptr_id(var), ptr_id(sv)); 97 + ptr_id(*var), ptr_id(sv)); 98 98 99 99 return sv; 100 100 } ··· 118 118 static int shadow_ctor(void *obj, void *shadow_data, void *ctor_data) 119 119 { 120 120 int **sv = shadow_data; 121 - int *var = ctor_data; 121 + int **var = ctor_data; 122 122 123 - *sv = var; 123 + if (!var) 124 + return -EINVAL; 125 + 126 + *sv = *var; 124 127 pr_info("%s: PTR%d -> PTR%d\n", 125 - __func__, ptr_id(sv), ptr_id(var)); 128 + __func__, ptr_id(sv), ptr_id(*var)); 126 129 127 130 return 0; 128 131 } ··· 142 139 { 143 140 void *obj = THIS_MODULE; 144 141 int id = 0x1234; 145 - size_t size = sizeof(int *); 146 142 gfp_t gfp_flags = GFP_KERNEL; 147 143 148 144 int var1, var2, var3, var4; 145 + int *pv1, *pv2, *pv3, *pv4; 149 146 int **sv1, **sv2, **sv3, **sv4; 150 147 151 148 int **sv; 152 149 150 + pv1 = &var1; 151 + pv2 = &var2; 152 + pv3 = &var3; 153 + pv4 = &var4; 154 + 153 155 ptr_id(NULL); 154 - ptr_id(&var1); 155 - ptr_id(&var2); 156 - ptr_id(&var3); 157 - ptr_id(&var4); 156 + ptr_id(pv1); 157 + ptr_id(pv2); 158 + ptr_id(pv3); 159 + ptr_id(pv4); 158 160 159 161 /* 160 162 * With an empty shadow variable hash table, expect not to find ··· 172 164 /* 173 165 * Allocate a few shadow variables with different <obj> and <id>. 174 166 */ 175 - sv1 = shadow_alloc(obj, id, size, gfp_flags, shadow_ctor, &var1); 167 + sv1 = shadow_alloc(obj, id, sizeof(pv1), gfp_flags, shadow_ctor, &pv1); 176 168 if (!sv1) 177 169 return -ENOMEM; 178 170 179 - sv2 = shadow_alloc(obj + 1, id, size, gfp_flags, shadow_ctor, &var2); 171 + sv2 = shadow_alloc(obj + 1, id, sizeof(pv2), gfp_flags, shadow_ctor, &pv2); 180 172 if (!sv2) 181 173 return -ENOMEM; 182 174 183 - sv3 = shadow_alloc(obj, id + 1, size, gfp_flags, shadow_ctor, &var3); 175 + sv3 = shadow_alloc(obj, id + 1, sizeof(pv3), gfp_flags, shadow_ctor, &pv3); 184 176 if (!sv3) 185 177 return -ENOMEM; 186 178 ··· 191 183 sv = shadow_get(obj, id); 192 184 if (!sv) 193 185 return -EINVAL; 194 - if (sv == sv1 && *sv1 == &var1) 186 + if (sv == sv1 && *sv1 == pv1) 195 187 pr_info(" got expected PTR%d -> PTR%d result\n", 196 188 ptr_id(sv1), ptr_id(*sv1)); 197 189 198 190 sv = shadow_get(obj + 1, id); 199 191 if (!sv) 200 192 return -EINVAL; 201 - if (sv == sv2 && *sv2 == &var2) 193 + if (sv == sv2 && *sv2 == pv2) 202 194 pr_info(" got expected PTR%d -> PTR%d result\n", 203 195 ptr_id(sv2), ptr_id(*sv2)); 204 196 sv = shadow_get(obj, id + 1); 205 197 if (!sv) 206 198 return -EINVAL; 207 - if (sv == sv3 && *sv3 == &var3) 199 + if (sv == sv3 && *sv3 == pv3) 208 200 pr_info(" got expected PTR%d -> PTR%d result\n", 209 201 ptr_id(sv3), ptr_id(*sv3)); 210 202 ··· 212 204 * Allocate or get a few more, this time with the same <obj>, <id>. 213 205 * The second invocation should return the same shadow var. 214 206 */ 215 - sv4 = shadow_get_or_alloc(obj + 2, id, size, gfp_flags, shadow_ctor, &var4); 207 + sv4 = shadow_get_or_alloc(obj + 2, id, sizeof(pv4), gfp_flags, shadow_ctor, &pv4); 216 208 if (!sv4) 217 209 return -ENOMEM; 218 210 219 - sv = shadow_get_or_alloc(obj + 2, id, size, gfp_flags, shadow_ctor, &var4); 211 + sv = shadow_get_or_alloc(obj + 2, id, sizeof(pv4), gfp_flags, shadow_ctor, &pv4); 220 212 if (!sv) 221 213 return -EINVAL; 222 - if (sv == sv4 && *sv4 == &var4) 214 + if (sv == sv4 && *sv4 == pv4) 223 215 pr_info(" got expected PTR%d -> PTR%d result\n", 224 216 ptr_id(sv4), ptr_id(*sv4)); 225 217 ··· 248 240 sv = shadow_get(obj, id + 1); 249 241 if (!sv) 250 242 return -EINVAL; 251 - if (sv == sv3 && *sv3 == &var3) 243 + if (sv == sv3 && *sv3 == pv3) 252 244 pr_info(" got expected PTR%d -> PTR%d result\n", 253 245 ptr_id(sv3), ptr_id(*sv3)); 254 246
+6 -3
samples/livepatch/livepatch-shadow-fix1.c
··· 53 53 static int shadow_leak_ctor(void *obj, void *shadow_data, void *ctor_data) 54 54 { 55 55 int **shadow_leak = shadow_data; 56 - int *leak = ctor_data; 56 + int **leak = ctor_data; 57 57 58 - *shadow_leak = leak; 58 + if (!ctor_data) 59 + return -EINVAL; 60 + 61 + *shadow_leak = *leak; 59 62 return 0; 60 63 } 61 64 ··· 86 83 } 87 84 88 85 klp_shadow_alloc(d, SV_LEAK, sizeof(leak), GFP_KERNEL, 89 - shadow_leak_ctor, leak); 86 + shadow_leak_ctor, &leak); 90 87 91 88 pr_info("%s: dummy @ %p, expires @ %lx\n", 92 89 __func__, d, d->jiffies_expire);