Re: security/loadpin/loadpin.c:365 dm_verity_ioctl() warn: maybe return -EFAULT instead of the bytes remaining?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Kees Cook <keescook@chromium.org>
To: kbuild-all@lists.01.org
Subject: Re: security/loadpin/loadpin.c:365 dm_verity_ioctl() warn: maybe return -EFAULT instead of the bytes remaining?
Date: Tue, 16 Aug 2022 12:17:57 -0700	[thread overview]
Message-ID: <202208161217.2DFCE2D532@keescook> (raw)
In-Reply-To: <202208141119.RKGSGoZ7-lkp@intel.com>

[-- Attachment #1: Type: text/plain, Size: 2483 bytes --]

On Mon, Aug 15, 2022 at 11:07:12AM +0300, Dan Carpenter wrote:
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> head:   aea23e7c464bfdec04b52cf61edb62030e9e0d0a
> commit: 3f805f8cc23ba35679dd01446929292911c2b469 LoadPin: Enable loading from trusted dm-verity devices
> config: s390-randconfig-m031-20220810 (https://download.01.org/0day-ci/archive/20220814/202208141119.RKGSGoZ7-lkp(a)intel.com/config)
> compiler: s390-linux-gcc (GCC) 12.1.0
> 
> If you fix the issue, kindly add following tag where applicable
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> smatch warnings:
> security/loadpin/loadpin.c:365 dm_verity_ioctl() warn: maybe return -EFAULT instead of the bytes remaining?
> 
> vim +365 security/loadpin/loadpin.c
> 
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  355  static long dm_verity_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  356  {
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  357  	void __user *uarg = (void __user *)arg;
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  358  	unsigned int fd;
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  359  	int rc;
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  360  
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  361  	switch (cmd) {
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  362  	case LOADPIN_IOC_SET_TRUSTED_VERITY_DIGESTS:
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  363  		rc = copy_from_user(&fd, uarg, sizeof(fd));
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  364  		if (rc)
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27 @365  			return rc;
> 
> The copy_from_user() function returns the number of bytes remaining to
> be copied.  It should be:
> 
> 	if (copy_from_user(&fd, uarg, sizeof(fd)))
> 		return -EFAULT;

Oops, yes. I'll get this fixed.

-Kees

> 
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  366  
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  367  		return read_trusted_verity_root_digests(fd);
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  368  
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  369  	default:
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  370  		return -EINVAL;
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  371  	}
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  372  }
> 
> -- 
> 0-DAY CI Kernel Test Service
> https://01.org/lkp
> 

-- 
Kees Cook

WARNING: multiple messages have this Message-ID (diff)

From: Kees Cook <keescook@chromium.org>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: kbuild@lists.01.org, Matthias Kaehlcke <mka@chromium.org>,
	lkp@intel.com, kbuild-all@lists.01.org,
	linux-kernel@vger.kernel.org
Subject: Re: security/loadpin/loadpin.c:365 dm_verity_ioctl() warn: maybe return -EFAULT instead of the bytes remaining?
Date: Tue, 16 Aug 2022 12:17:57 -0700	[thread overview]
Message-ID: <202208161217.2DFCE2D532@keescook> (raw)
In-Reply-To: <202208141119.RKGSGoZ7-lkp@intel.com>

On Mon, Aug 15, 2022 at 11:07:12AM +0300, Dan Carpenter wrote:
> tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
> head:   aea23e7c464bfdec04b52cf61edb62030e9e0d0a
> commit: 3f805f8cc23ba35679dd01446929292911c2b469 LoadPin: Enable loading from trusted dm-verity devices
> config: s390-randconfig-m031-20220810 (https://download.01.org/0day-ci/archive/20220814/202208141119.RKGSGoZ7-lkp@intel.com/config)
> compiler: s390-linux-gcc (GCC) 12.1.0
> 
> If you fix the issue, kindly add following tag where applicable
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> smatch warnings:
> security/loadpin/loadpin.c:365 dm_verity_ioctl() warn: maybe return -EFAULT instead of the bytes remaining?
> 
> vim +365 security/loadpin/loadpin.c
> 
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  355  static long dm_verity_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  356  {
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  357  	void __user *uarg = (void __user *)arg;
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  358  	unsigned int fd;
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  359  	int rc;
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  360  
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  361  	switch (cmd) {
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  362  	case LOADPIN_IOC_SET_TRUSTED_VERITY_DIGESTS:
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  363  		rc = copy_from_user(&fd, uarg, sizeof(fd));
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  364  		if (rc)
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27 @365  			return rc;
> 
> The copy_from_user() function returns the number of bytes remaining to
> be copied.  It should be:
> 
> 	if (copy_from_user(&fd, uarg, sizeof(fd)))
> 		return -EFAULT;

Oops, yes. I'll get this fixed.

-Kees

> 
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  366  
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  367  		return read_trusted_verity_root_digests(fd);
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  368  
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  369  	default:
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  370  		return -EINVAL;
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  371  	}
> 3f805f8cc23ba3 Matthias Kaehlcke 2022-06-27  372  }
> 
> -- 
> 0-DAY CI Kernel Test Service
> https://01.org/lkp
> 

-- 
Kees Cook

next prev parent reply	other threads:[~2022-08-16 19:17 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-14  3:47 security/loadpin/loadpin.c:365 dm_verity_ioctl() warn: maybe return -EFAULT instead of the bytes remaining? kernel test robot
2022-08-15  8:07 ` Dan Carpenter
2022-08-15  8:07 ` Dan Carpenter
2022-08-16 19:17 ` Kees Cook [this message]
2022-08-16 19:17   ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202208161217.2DFCE2D532@keescook \
    --to=keescook@chromium.org \
    --cc=kbuild-all@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.