Re: [PATCH RESEND] KEYS: fix parsing invalid pkey info string

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mimi Zohar <zohar@linux.ibm.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
	ebiggers@kernel.org,
	James Morris James Morris <jmorris@namei.org>,
	Mimi Zohar <zohar@linux.vnet.ibm.com>,
	Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
	Peter Huewe <peterhuewe@gmx.de>
Cc: David Howells <dhowells@redhat.com>,
	keyrings@vger.kernel.org,
	Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
	syzkaller-bugs@googlegroups.com
Subject: Re: [PATCH RESEND] KEYS: fix parsing invalid pkey info string
Date: Mon, 17 Dec 2018 20:21:07 +0000	[thread overview]
Message-ID: <1545078067.10804.13.camel@linux.ibm.com> (raw)
In-Reply-To: <CAHk-=wjsMJeEkJbE3QhM3SY-DT9VsnMWNQKMNsG9TetnjREWDQ@mail.gmail.com>

On Mon, 2018-12-17 at 11:06 -0800, Linus Torvalds wrote:
> On Mon, Dec 17, 2018 at 10:49 AM Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
> >
> > So the *simplest* fix would seem to be to literally remove all those
> > "= -1" for the Opt_err initialization.  Making the code smaller,
> > simpler, and fixing the bug in the process.
> 
> Something like this
> 
>     git  grep -l 'Opt_err = -1' | xargs sed -i 's/Opt_err = -1/Opt_err/'
> 
> would do it, but I also notice that
> security/integrity/ima/ima_policy.c then has some truly funky code
> that plays around with the enum numbers , ie
> 
>   #define pt(token)     policy_tokens[token + Opt_err].pattern

Yikes!

> which actually depends on the ordering of policy_tokens[], and depends
> on the exact values, ie it literally (and quite insanely) sets Opt_err
> to -1, and then Opt_measure to 1, and leaves 0 unused. That code
> seriously makes no sense at all, and is fundamentally broken.
> 
> It would be better to use
> 
>     #define pt(token)     policy_tokens[token - Opt_measure].pattern
> 
> instead, but even then you should have a huge comment about how the
> policy_tokens[] array absolutely has to be properly ordered.

Will do.

> 
> Honestly, for being about "security", all of this code seems to be
> doing some really questionable things with all those Opt_xyz enums.

It's being used for parsing and displaying the policy, which do need
to be in sync.

Mimi

WARNING: multiple messages have this Message-ID (diff)

From: Mimi Zohar <zohar@linux.ibm.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
	ebiggers@kernel.org,
	James Morris James Morris <jmorris@namei.org>,
	Mimi Zohar <zohar@linux.vnet.ibm.com>,
	Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
	Peter Huewe <peterhuewe@gmx.de>
Cc: David Howells <dhowells@redhat.com>,
	keyrings@vger.kernel.org,
	Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
	syzkaller-bugs@googlegroups.com
Subject: Re: [PATCH RESEND] KEYS: fix parsing invalid pkey info string
Date: Mon, 17 Dec 2018 15:21:07 -0500	[thread overview]
Message-ID: <1545078067.10804.13.camel@linux.ibm.com> (raw)
In-Reply-To: <CAHk-=wjsMJeEkJbE3QhM3SY-DT9VsnMWNQKMNsG9TetnjREWDQ@mail.gmail.com>

On Mon, 2018-12-17 at 11:06 -0800, Linus Torvalds wrote:
> On Mon, Dec 17, 2018 at 10:49 AM Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
> >
> > So the *simplest* fix would seem to be to literally remove all those
> > "= -1" for the Opt_err initialization.  Making the code smaller,
> > simpler, and fixing the bug in the process.
> 
> Something like this
> 
>     git  grep -l 'Opt_err = -1' | xargs sed -i 's/Opt_err = -1/Opt_err/'
> 
> would do it, but I also notice that
> security/integrity/ima/ima_policy.c then has some truly funky code
> that plays around with the enum numbers , ie
> 
>   #define pt(token)     policy_tokens[token + Opt_err].pattern

Yikes!

> which actually depends on the ordering of policy_tokens[], and depends
> on the exact values, ie it literally (and quite insanely) sets Opt_err
> to -1, and then Opt_measure to 1, and leaves 0 unused. That code
> seriously makes no sense at all, and is fundamentally broken.
> 
> It would be better to use
> 
>     #define pt(token)     policy_tokens[token - Opt_measure].pattern
> 
> instead, but even then you should have a huge comment about how the
> policy_tokens[] array absolutely has to be properly ordered.

Will do.

> 
> Honestly, for being about "security", all of this code seems to be
> doing some really questionable things with all those Opt_xyz enums.

It's being used for parsing and displaying the policy, which do need
to be in sync.

Mimi

next prev parent reply	other threads:[~2018-12-17 20:21 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-03 15:48 general protection fault in keyctl_pkey_params_get syzbot
2018-11-03 15:48 ` syzbot
2018-11-03 17:30 ` [PATCH] KEYS: fix parsing invalid pkey info string Eric Biggers
2018-11-03 17:30   ` Eric Biggers
2018-11-28 23:20   ` Eric Biggers
2018-11-28 23:20     ` Eric Biggers
2018-12-06 18:26     ` Eric Biggers
2018-12-06 18:26       ` Eric Biggers
2018-12-17 18:12     ` [PATCH RESEND] " Eric Biggers
2018-12-17 18:12       ` Eric Biggers
2018-12-17 18:43       ` Linus Torvalds
2018-12-17 18:43         ` Linus Torvalds
2018-12-17 18:49         ` Linus Torvalds
2018-12-17 18:49           ` Linus Torvalds
2018-12-17 19:06           ` Linus Torvalds
2018-12-17 19:06             ` Linus Torvalds
2018-12-17 19:39             ` Linus Torvalds
2018-12-17 19:39               ` Linus Torvalds
2018-12-17 19:51               ` James Bottomley
2018-12-17 19:51                 ` James Bottomley
2018-12-17 20:02                 ` Linus Torvalds
2018-12-17 20:02                   ` Linus Torvalds
2018-12-17 20:29                   ` Mimi Zohar
2018-12-17 20:29                     ` Mimi Zohar
2018-12-18  0:44                   ` James Bottomley
2018-12-18  0:44                     ` James Bottomley
2018-12-31 22:45                   ` Eric Biggers
2018-12-31 22:45                     ` Eric Biggers
2019-01-01 21:08                     ` Linus Torvalds
2019-01-01 21:08                       ` Linus Torvalds
2018-12-17 20:21             ` Mimi Zohar [this message]
2018-12-17 20:21               ` Mimi Zohar
2018-12-17 20:31               ` Linus Torvalds
2018-12-17 20:31                 ` Linus Torvalds
2018-12-18 12:34         ` Dmitry Vyukov
2018-12-18 12:34           ` Dmitry Vyukov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1545078067.10804.13.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=dhowells@redhat.com \
    --cc=ebiggers@kernel.org \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=jmorris@namei.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=peterhuewe@gmx.de \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=torvalds@linux-foundation.org \
    --cc=zohar@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.