From: Dan Carpenter <dan.carpenter@oracle.com>
To: kbuild@lists.01.org, Casey Schaufler <casey@schaufler-ca.com>,
casey.schaufler@intel.com, jmorris@namei.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: lkp@intel.com, kbuild-all@lists.01.org, casey@schaufler-ca.com,
linux-audit@redhat.com, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
paul@paul-moore.com, stephen.smalley.work@gmail.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v36 18/33] LSM: Use lsmcontext in security_dentry_init_security
Date: Thu, 23 Jun 2022 10:09:48 +0300 [thread overview]
Message-ID: <202206230827.rGKbTxmu-lkp@intel.com> (raw)
In-Reply-To: <20220609230146.319210-19-casey@schaufler-ca.com>
Hi Casey,
url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220610-080129
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
config: parisc-randconfig-m031-20220622 (https://download.01.org/0day-ci/archive/20220623/202206230827.rGKbTxmu-lkp@intel.com/config)
compiler: hppa-linux-gcc (GCC) 11.3.0
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
New smatch warnings:
fs/fuse/dir.c:484 get_security_context() error: uninitialized symbol 'name'.
Old smatch warnings:
fs/fuse/dir.c:503 get_security_context() warn: is 'ptr' large enough for 'struct fuse_secctx'? 0
vim +/name +484 fs/fuse/dir.c
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 462 static int get_security_context(struct dentry *entry, umode_t mode,
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 463 void **security_ctx, u32 *security_ctxlen)
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 464 {
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 465 struct fuse_secctx *fctx;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 466 struct fuse_secctx_header *header;
86d33e271bed73 Casey Schaufler 2022-06-09 467 struct lsmcontext lsmctx;
^^^^^^^^^^^^^^^^^^^^^^^^
86d33e271bed73 Casey Schaufler 2022-06-09 468 void *ptr;
86d33e271bed73 Casey Schaufler 2022-06-09 469 u32 total_len = sizeof(*header);
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 470 int err, nr_ctx = 0;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 471 const char *name;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 472 size_t namelen;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 473
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 474 err = security_dentry_init_security(entry, mode, &entry->d_name,
86d33e271bed73 Casey Schaufler 2022-06-09 475 &name, &lsmctx);
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 476 if (err) {
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 477 if (err != -EOPNOTSUPP)
Imagine "err == -EOPNOTSUPP".
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 478 goto out_err;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 479 /* No LSM is supporting this security hook. Ignore error */
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 480 }
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 481
86d33e271bed73 Casey Schaufler 2022-06-09 482 if (lsmctx.len) {
Then actually "lsmctx.len" is uninitialized. Everything breaks after
that.
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 483 nr_ctx = 1;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 @484 namelen = strlen(name) + 1;
^^^^
Warning.
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 485 err = -EIO;
86d33e271bed73 Casey Schaufler 2022-06-09 486 if (WARN_ON(namelen > XATTR_NAME_MAX + 1 ||
86d33e271bed73 Casey Schaufler 2022-06-09 487 lsmctx.len > S32_MAX))
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 488 goto out_err;
86d33e271bed73 Casey Schaufler 2022-06-09 489 total_len += FUSE_REC_ALIGN(sizeof(*fctx) + namelen +
86d33e271bed73 Casey Schaufler 2022-06-09 490 lsmctx.len);
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 491 }
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 492
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 493 err = -ENOMEM;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 494 header = ptr = kzalloc(total_len, GFP_KERNEL);
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 495 if (!ptr)
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 496 goto out_err;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 497
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 498 header->nr_secctx = nr_ctx;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 499 header->size = total_len;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 500 ptr += sizeof(*header);
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 501 if (nr_ctx) {
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 502 fctx = ptr;
86d33e271bed73 Casey Schaufler 2022-06-09 503 fctx->size = lsmctx.len;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 504 ptr += sizeof(*fctx);
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 505
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 506 strcpy(ptr, name);
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 507 ptr += namelen;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 508
86d33e271bed73 Casey Schaufler 2022-06-09 509 memcpy(ptr, lsmctx.context, lsmctx.len);
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 510 }
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 511 *security_ctxlen = total_len;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 512 *security_ctx = header;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 513 err = 0;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 514 out_err:
86d33e271bed73 Casey Schaufler 2022-06-09 515 if (nr_ctx)
86d33e271bed73 Casey Schaufler 2022-06-09 516 security_release_secctx(&lsmctx);
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 517 return err;
3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 518 }
--
0-DAY CI Kernel Test Service
https://01.org/lkp
next prev parent reply other threads:[~2022-06-23 7:10 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20220609230146.319210-1-casey.ref@schaufler-ca.com>
2022-06-09 23:01 ` [PATCH v36 00/33] LSM: Module stacking for AppArmor Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 01/33] integrity: disassociate ima_filter_rule from security_audit_rule Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 02/33] LSM: Infrastructure management of the sock security Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 03/33] LSM: Add the lsmblob data structure Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 04/33] LSM: provide lsm name and id slot mappings Casey Schaufler
2022-06-10 7:51 ` kernel test robot
2022-06-09 23:01 ` [PATCH v36 05/33] IMA: avoid label collisions with stacked LSMs Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 06/33] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 07/33] LSM: Use lsmblob in security_kernel_act_as Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 08/33] LSM: Use lsmblob in security_secctx_to_secid Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 09/33] LSM: Use lsmblob in security_secid_to_secctx Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 10/33] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 11/33] LSM: Use lsmblob in security_current_getsecid Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 12/33] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 13/33] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2022-06-12 19:35 ` kernel test robot
2022-06-09 23:01 ` [PATCH v36 14/33] LSM: Specify which LSM to display Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 15/33] LSM: Ensure the correct LSM context releaser Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 16/33] LSM: Use lsmcontext in security_secid_to_secctx Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 17/33] LSM: Use lsmcontext in security_inode_getsecctx Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 18/33] LSM: Use lsmcontext in security_dentry_init_security Casey Schaufler
2022-06-10 3:05 ` kernel test robot
2022-06-23 7:09 ` Dan Carpenter [this message]
2022-06-09 23:01 ` [PATCH v36 19/33] LSM: security_secid_to_secctx in netlink netfilter Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 20/33] NET: Store LSM netlabel data in a lsmblob Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 21/33] binder: Pass LSM identifier for confirmation Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 22/33] LSM: Extend security_secid_to_secctx to include module selection Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 23/33] Audit: Keep multiple LSM data in audit_names Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 24/33] Audit: Create audit_stamp structure Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 25/33] LSM: Add a function to report multiple LSMs Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 26/33] Audit: Allow multiple records in an audit_buffer Casey Schaufler
2022-06-10 21:04 ` Paul Moore
2022-06-09 23:01 ` [PATCH v36 27/33] Audit: Add record for multiple task security contexts Casey Schaufler
2022-06-10 21:06 ` Paul Moore
2022-06-09 23:01 ` [PATCH v36 28/33] audit: multiple subject lsm values for netlabel Casey Schaufler
2022-06-10 21:10 ` Paul Moore
2022-06-09 23:01 ` [PATCH v36 29/33] Audit: Add record for multiple object contexts Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 30/33] netlabel: Use a struct lsmblob in audit data Casey Schaufler
2022-06-10 21:12 ` Paul Moore
2022-06-09 23:01 ` [PATCH v36 31/33] LSM: Removed scaffolding function lsmcontext_init Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 32/33] LSM: Add /proc attr entry for full LSM context Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 33/33] AppArmor: Remove the exclusive flag Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202206230827.rGKbTxmu-lkp@intel.com \
--to=dan.carpenter@oracle.com \
--cc=casey.schaufler@intel.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=kbuild-all@lists.01.org \
--cc=kbuild@lists.01.org \
--cc=keescook@chromium.org \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=lkp@intel.com \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).