Re: [PATCH 4/4] x86/ima: define arch_get_ima_policy() for x86

public inbox for linux-efi@vger.kernel.org
 help / color / mirror / Atom feed

From: kbuild test robot <lkp@intel.com>
Cc: kbuild-all@01.org,
	linux-integrity <linux-integrity@vger.kernel.org>,
	linux-security-module <linux-security-module@vger.kernel.org>,
	linux-efi <linux-efi@vger.kernel.org>,
	linux-kernel <linux-kernel@vger.kernel.org>,
	David Howells <dhowells@redhat.com>,
	Seth Forshee <seth.forshee@canonical.com>,
	Justin Forbes <jforbes@redhat.com>,
	Eric Richter <erichte@linux.vnet.ibm.com>
Subject: Re: [PATCH 4/4] x86/ima: define arch_get_ima_policy() for x86
Date: Sat, 28 Jul 2018 20:22:27 +0800	[thread overview]
Message-ID: <201807282011.jTLIG5hy%fengguang.wu@intel.com> (raw)
In-Reply-To: <20180725233200.761-5-erichte@linux.vnet.ibm.com>

Hi Eric,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on integrity/next-integrity]
[also build test WARNING on next-20180727]
[cannot apply to v4.18-rc6]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Eric-Richter/ima-add-support-for-arch-specific-policies/20180728-072442
base:   https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity

smatch warnings:
security/integrity/ima/ima_policy.c:522 ima_init_arch_policy() error: potential null dereference 'arch_policy_entry'.  (kcalloc returns null)

vim +/arch_policy_entry +522 security/integrity/ima/ima_policy.c

b4c0791e Nayna Jain 2018-07-25  484  
b4c0791e Nayna Jain 2018-07-25  485  /*
b4c0791e Nayna Jain 2018-07-25  486   * ima_init_arch_policy - convert arch policy strings to rules
b4c0791e Nayna Jain 2018-07-25  487   *
b4c0791e Nayna Jain 2018-07-25  488   * Return number of arch specific rules.
b4c0791e Nayna Jain 2018-07-25  489   */
b4c0791e Nayna Jain 2018-07-25  490  static int __init ima_init_arch_policy(void)
b4c0791e Nayna Jain 2018-07-25  491  {
b4c0791e Nayna Jain 2018-07-25  492  	const char * const *arch_rules;
b4c0791e Nayna Jain 2018-07-25  493  	const char * const *rules;
b4c0791e Nayna Jain 2018-07-25  494  	int arch_entries = 0;
b4c0791e Nayna Jain 2018-07-25  495  	int i = 0;
b4c0791e Nayna Jain 2018-07-25  496  
b4c0791e Nayna Jain 2018-07-25  497  	arch_rules = arch_get_ima_policy();
b4c0791e Nayna Jain 2018-07-25  498  	if (!arch_rules) {
b4c0791e Nayna Jain 2018-07-25  499  		pr_info("No architecture policy rules.\n");
b4c0791e Nayna Jain 2018-07-25  500  		return arch_entries;
b4c0791e Nayna Jain 2018-07-25  501  	}
b4c0791e Nayna Jain 2018-07-25  502  
b4c0791e Nayna Jain 2018-07-25  503  	/* Get number of rules */
b4c0791e Nayna Jain 2018-07-25  504  	for (rules = arch_rules; *rules != NULL; rules++)
b4c0791e Nayna Jain 2018-07-25  505  		arch_entries++;
b4c0791e Nayna Jain 2018-07-25  506  
b4c0791e Nayna Jain 2018-07-25  507  	arch_policy_rules = kcalloc(arch_entries + 1,
b4c0791e Nayna Jain 2018-07-25  508  				    sizeof(*arch_policy_rules), GFP_KERNEL);
b4c0791e Nayna Jain 2018-07-25  509  	if (!arch_policy_rules)
b4c0791e Nayna Jain 2018-07-25  510  		return 0;
b4c0791e Nayna Jain 2018-07-25  511  
b4c0791e Nayna Jain 2018-07-25  512  	arch_policy_entry = kcalloc(arch_entries + 1,
b4c0791e Nayna Jain 2018-07-25  513  				    sizeof(*arch_policy_entry), GFP_KERNEL);
b4c0791e Nayna Jain 2018-07-25  514  
b4c0791e Nayna Jain 2018-07-25  515  	/* Convert arch policy string rules to struct ima_rule_entry format */
b4c0791e Nayna Jain 2018-07-25  516  	for (rules = arch_rules, i = 0; *rules != NULL; rules++) {
b4c0791e Nayna Jain 2018-07-25  517  		char rule[255];
b4c0791e Nayna Jain 2018-07-25  518  		int result;
b4c0791e Nayna Jain 2018-07-25  519  
b4c0791e Nayna Jain 2018-07-25  520  		result = strlcpy(rule, *rules, sizeof(rule));
b4c0791e Nayna Jain 2018-07-25  521  
b4c0791e Nayna Jain 2018-07-25 @522  		INIT_LIST_HEAD(&arch_policy_entry[i].list);
b4c0791e Nayna Jain 2018-07-25  523  		result = ima_parse_rule(rule, &arch_policy_entry[i]);
b4c0791e Nayna Jain 2018-07-25  524  		if (result) {
b4c0791e Nayna Jain 2018-07-25  525  			pr_warn("Skipping unknown architecture policy rule: %s\n", rule);
b4c0791e Nayna Jain 2018-07-25  526  			memset(&arch_policy_entry[i], 0,
b4c0791e Nayna Jain 2018-07-25  527  			       sizeof(*arch_policy_entry));
b4c0791e Nayna Jain 2018-07-25  528  			continue;
b4c0791e Nayna Jain 2018-07-25  529  		}
b4c0791e Nayna Jain 2018-07-25  530  		arch_policy_rules[i] = &arch_policy_entry[i];
b4c0791e Nayna Jain 2018-07-25  531  		i++;
b4c0791e Nayna Jain 2018-07-25  532  	}
b4c0791e Nayna Jain 2018-07-25  533  	return i;
b4c0791e Nayna Jain 2018-07-25  534  }
b4c0791e Nayna Jain 2018-07-25  535  

:::::: The code at line 522 was first introduced by commit
:::::: b4c0791e0facd968a3e0502a8a544390025a9a38 ima: add support for arch specific policies

:::::: TO: Nayna Jain <nayna@linux.vnet.ibm.com>
:::::: CC: 0day robot <lkp@intel.com>

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

     prev parent reply	other threads:[~2018-07-28 12:22 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-25 23:31 [PATCH 0/4] Add support for architecture-specific IMA policies Eric Richter
2018-07-25 23:31 ` [PATCH 1/4] ima: add support for arch specific policies Eric Richter
2018-07-28  2:24   ` kbuild test robot
2018-08-03 10:08     ` Nayna Jain
2018-07-28  2:24   ` [RFC PATCH] ima: arch_policy_rules can be static kbuild test robot
2018-07-25 23:31 ` [PATCH 2/4] ima: add support for external setting of ima_appraise Eric Richter
2018-07-25 23:31 ` [PATCH 3/4] ima: add support for KEXEC_ORIG_KERNEL_CHECK Eric Richter
2018-08-03 13:11   ` Seth Forshee
2018-08-03 14:54     ` Mimi Zohar
2018-08-03 16:16       ` Seth Forshee
2018-08-03 19:47         ` Mimi Zohar
2018-07-25 23:32 ` [PATCH 4/4] x86/ima: define arch_get_ima_policy() for x86 Eric Richter
2018-07-28 12:22   ` kbuild test robot [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201807282011.jTLIG5hy%fengguang.wu@intel.com \
    --to=lkp@intel.com \
    --cc=dhowells@redhat.com \
    --cc=erichte@linux.vnet.ibm.com \
    --cc=jforbes@redhat.com \
    --cc=kbuild-all@01.org \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=seth.forshee@canonical.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox