From: "Mickaël Salaün" <mic@digikod.net>
To: Dan Carpenter <dan.carpenter@linaro.org>
Cc: linux-security-module@vger.kernel.org,
"Günther Noack" <gnoack@google.com>
Subject: Re: [bug report] landlock: Add AUDIT_LANDLOCK_DOMAIN and log domain status
Date: Wed, 12 Mar 2025 11:50:31 +0100 [thread overview]
Message-ID: <20250312.ungooTh8Iotu@digikod.net> (raw)
In-Reply-To: <2425110b-b5ca-4b33-bf75-e6fca0b0de63@stanley.mountain>
On Wed, Mar 12, 2025 at 11:33:29AM +0300, Dan Carpenter wrote:
> Hello Mickaël Salaün,
>
> Commit 96cc6f48a8e4 ("landlock: Add AUDIT_LANDLOCK_DOMAIN and log
> domain status") from Mar 8, 2025 (linux-next), leads to the following
> Smatch static checker warning:
>
> security/landlock/domain.c:66 get_current_exe()
> warn: 'size' unsigned <= 0
Hi,
Thanks for the report, I'll fix this issue.
I'm using Smatch's kchecker (commit f4f26f80d4f3) but I didn't get this
warning. I tried with and without build_kernel_data.sh but I get the same
result. Which command are you using?
>
> security/landlock/domain.c
> 39 static const void *get_current_exe(const char **const exe_str,
> 40 size_t *const exe_size)
> 41 {
> 42 const size_t buffer_size = LANDLOCK_PATH_MAX_SIZE;
> 43 struct mm_struct *mm = current->mm;
> 44 struct file *file __free(fput) = NULL;
> 45 char *buffer __free(kfree) = NULL;
> 46 const char *exe;
> 47 size_t size;
> 48
> 49 if (!mm)
> 50 return NULL;
> 51
> 52 file = get_mm_exe_file(mm);
> 53 if (!file)
> 54 return NULL;
> 55
> 56 buffer = kmalloc(buffer_size, GFP_KERNEL);
> 57 if (!buffer)
> 58 return ERR_PTR(-ENOMEM);
> 59
> 60 exe = d_path(&file->f_path, buffer, buffer_size);
> 61 if (WARN_ON_ONCE(IS_ERR(exe)))
> 62 /* Should never happen according to LANDLOCK_PATH_MAX_SIZE. */
> 63 return ERR_CAST(exe);
> 64
> 65 size = buffer + buffer_size - exe;
>
> d_path() takes a buffer and returns exe which is a pointer to the
> somewhere in the middle of buffer.
>
> --> 66 if (WARN_ON_ONCE(size <= 0))
>
> So size can't be negative. And also size is declared as unsigned so it
> can't be negative for that reason either.
>
> 67 return ERR_PTR(-ENAMETOOLONG);
> 68
> 69 *exe_size = size;
> 70 *exe_str = exe;
> 71 return no_free_ptr(buffer);
> 72 }
>
> regards,
> dan carpenter
>
next prev parent reply other threads:[~2025-03-12 10:50 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-12 8:33 [bug report] landlock: Add AUDIT_LANDLOCK_DOMAIN and log domain status Dan Carpenter
2025-03-12 10:50 ` Mickaël Salaün [this message]
2025-03-12 11:32 ` Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250312.ungooTh8Iotu@digikod.net \
--to=mic@digikod.net \
--cc=dan.carpenter@linaro.org \
--cc=gnoack@google.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox