From: kernel test robot <[email protected]>
To: Ammar Faizi <[email protected]>,
GNU/Weeb Mailing List <[email protected]>
Cc: [email protected]
Subject: [ammarfaizi2-block:google/android/kernel/common/deprecated/android-4.14-p-release 137/6167] security/commoncap.c:75:5: sparse: sparse: symbol '__cap_capable' was not declared. Should it be static?
Date: Wed, 25 Jan 2023 11:39:29 +0800 [thread overview]
Message-ID: <[email protected]> (raw)
tree: https://github.com/ammarfaizi2/linux-block google/android/kernel/common/deprecated/android-4.14-p-release
head: 0ca5d5ac9152d01b3494fb2efb5390319eb9904a
commit: 2b02b4ab89b9cba5aec936046d8538962c5142fc [137/6167] ANDROID: net: paranoid: commoncap: Begin to warn users of implicit PARANOID_NETWORK capability grants
config: i386-randconfig-s002-20230123 (https://download.01.org/0day-ci/archive/20230125/[email protected]/config)
compiler: gcc-7 (Ubuntu 7.5.0-6ubuntu2) 7.5.0
reproduce:
# apt-get install sparse
# sparse version: v0.6.4-39-gce1a6720-dirty
# https://github.com/ammarfaizi2/linux-block/commit/2b02b4ab89b9cba5aec936046d8538962c5142fc
git remote add ammarfaizi2-block https://github.com/ammarfaizi2/linux-block
git fetch --no-tags ammarfaizi2-block google/android/kernel/common/deprecated/android-4.14-p-release
git checkout 2b02b4ab89b9cba5aec936046d8538962c5142fc
# save the config file
mkdir build_dir && cp config build_dir/.config
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=i386 olddefconfig
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=i386 SHELL=/bin/bash
If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <[email protected]>
sparse warnings: (new ones prefixed by >>)
>> security/commoncap.c:75:5: sparse: sparse: symbol '__cap_capable' was not declared. Should it be static?
security/commoncap.c:474:31: sparse: sparse: incorrect type in assignment (different base types) @@ expected restricted __le32 [usertype] magic @@ got int @@
security/commoncap.c:474:31: sparse: expected restricted __le32 [usertype] magic
security/commoncap.c:474:31: sparse: got int
security/commoncap.c:475:33: sparse: sparse: incorrect type in assignment (different base types) @@ expected restricted __le32 [usertype] nsmagic @@ got unsigned int [usertype] @@
security/commoncap.c:475:33: sparse: expected restricted __le32 [usertype] nsmagic
security/commoncap.c:475:33: sparse: got unsigned int [usertype]
security/commoncap.c:476:29: sparse: sparse: restricted __le32 degrades to integer
security/commoncap.c:477:39: sparse: sparse: invalid assignment: |=
security/commoncap.c:477:39: sparse: left side has type restricted __le32
security/commoncap.c:477:39: sparse: right side has type int
security/commoncap.c:479:42: sparse: sparse: cast from restricted __le32
security/commoncap.c:1226:41: sparse: sparse: dubious: !x | y
security/commoncap.c:1307:27: sparse: sparse: symbol 'capability_hooks' was not declared. Should it be static?
security/commoncap.c:75:5: warning: no previous declaration for '__cap_capable' [-Wmissing-declarations]
int __cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
^~~~~~~~~~~~~
In file included from include/linux/capability.h:16:0,
from security/commoncap.c:10:
security/commoncap.c: In function 'cap_prctl_drop':
include/uapi/linux/capability.h:372:27: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits]
#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
^
security/commoncap.c:1112:7: note: in expansion of macro 'cap_valid'
if (!cap_valid(cap))
^~~~~~~~~
security/commoncap.c: In function 'cap_task_prctl':
include/uapi/linux/capability.h:372:27: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits]
#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
^
security/commoncap.c:1142:8: note: in expansion of macro 'cap_valid'
if (!cap_valid(arg2))
^~~~~~~~~
include/uapi/linux/capability.h:372:27: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits]
#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP)
^
security/commoncap.c:1226:10: note: in expansion of macro 'cap_valid'
if (((!cap_valid(arg3)) | arg4 | arg5))
^~~~~~~~~
vim +/__cap_capable +75 security/commoncap.c
59
60 /**
61 * __cap_capable - Determine whether a task has a particular effective capability
62 * @cred: The credentials to use
63 * @ns: The user namespace in which we need the capability
64 * @cap: The capability to check for
65 * @audit: Whether to write an audit message or not
66 *
67 * Determine whether the nominated task has the specified capability amongst
68 * its effective set, returning 0 if it does, -ve if it does not.
69 *
70 * NOTE WELL: cap_has_capability() cannot be used like the kernel's capable()
71 * and has_capability() functions. That is, it has the reverse semantics:
72 * cap_has_capability() returns 0 when a task has a capability, but the
73 * kernel's capable() and has_capability() returns 1 for this case.
74 */
> 75 int __cap_capable(const struct cred *cred, struct user_namespace *targ_ns,
76 int cap, int audit)
77 {
78 struct user_namespace *ns = targ_ns;
79
80 /* See if cred has the capability in the target user namespace
81 * by examining the target user namespace and all of the target
82 * user namespace's parents.
83 */
84 for (;;) {
85 /* Do we have the necessary capabilities? */
86 if (ns == cred->user_ns)
87 return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM;
88
89 /*
90 * If we're already at a lower level than we're looking for,
91 * we're done searching.
92 */
93 if (ns->level <= cred->user_ns->level)
94 return -EPERM;
95
96 /*
97 * The owner of the user namespace in the parent of the
98 * user namespace has all caps.
99 */
100 if ((ns->parent == cred->user_ns) && uid_eq(ns->owner, cred->euid))
101 return 0;
102
103 /*
104 * If you have a capability in a parent user ns, then you have
105 * it over all children user namespaces as well.
106 */
107 ns = ns->parent;
108 }
109
110 /* We never get here */
111 }
112
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests
next reply other threads:[~2023-01-25 3:39 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-25 3:39 kernel test robot [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-08-05 17:28 [ammarfaizi2-block:google/android/kernel/common/deprecated/android-4.14-p-release 137/6167] security/commoncap.c:75:5: sparse: sparse: symbol '__cap_capable' was not declared. Should it be static? kernel test robot
2022-08-05 4:27 kernel test robot
2022-03-04 3:28 kernel test robot
2022-03-03 6:15 kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox