From: kernel test robot <lkp@intel.com>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: kbuild-all@lists.01.org, clang-built-linux@googlegroups.com,
linux-integrity@vger.kernel.org,
Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Subject: [integrity:next-integrity-testing 13/13] security/integrity/evm/evm_crypto.c:181:41: warning: format specifies type 'unsigned long' but the argument has type 'unsigned int'
Date: Sat, 19 Jun 2021 06:46:45 +0800 [thread overview]
Message-ID: <202106190637.Sg2c2F2k-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 9461 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity-testing
head: 5b5aed323646d2240eb70913841ef06c94d6e9a5
commit: 5b5aed323646d2240eb70913841ef06c94d6e9a5 [13/13] evm: output EVM digest calculation info
config: riscv-randconfig-r003-20210618 (attached as .config)
compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project 64720f57bea6a6bf033feef4a5751ab9c0c3b401)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install riscv cross compiling tool for clang build
# apt-get install binutils-riscv64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/commit/?id=5b5aed323646d2240eb70913841ef06c94d6e9a5
git remote add integrity https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
git fetch --no-tags integrity next-integrity-testing
git checkout 5b5aed323646d2240eb70913841ef06c94d6e9a5
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
>> security/integrity/evm/evm_crypto.c:181:41: warning: format specifies type 'unsigned long' but the argument has type 'unsigned int' [-Wformat]
pr_debug("hmac_misc: (%lu) [%*phN]\n", sizeof(struct h_misc),
~~~ ^~~~~~~~~~~~~~~~~~~~~
%u
include/linux/printk.h:430:38: note: expanded from macro 'pr_debug'
no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
~~~ ^~~~~~~~~~~
include/linux/printk.h:140:17: note: expanded from macro 'no_printk'
printk(fmt, ##__VA_ARGS__); \
~~~ ^~~~~~~~~~~
>> security/integrity/evm/evm_crypto.c:261:7: warning: format specifies type 'unsigned long' but the argument has type 'size_t' (aka 'unsigned int') [-Wformat]
req_xattr_value_len,
^~~~~~~~~~~~~~~~~~~
include/linux/printk.h:430:38: note: expanded from macro 'pr_debug'
no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
~~~ ^~~~~~~~~~~
include/linux/printk.h:140:17: note: expanded from macro 'no_printk'
printk(fmt, ##__VA_ARGS__); \
~~~ ^~~~~~~~~~~
security/integrity/evm/evm_crypto.c:286:47: warning: format specifies type 'unsigned long' but the argument has type 'size_t' (aka 'unsigned int') [-Wformat]
pr_debug("%s: (%lu) [%*phN]", xattr->name, xattr_size,
~~~ ^~~~~~~~~~
%u
include/linux/printk.h:430:38: note: expanded from macro 'pr_debug'
no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
~~~ ^~~~~~~~~~~
include/linux/printk.h:140:17: note: expanded from macro 'no_printk'
printk(fmt, ##__VA_ARGS__); \
~~~ ^~~~~~~~~~~
3 warnings generated.
vim +181 security/integrity/evm/evm_crypto.c
138
139 /* Protect against 'cutting & pasting' security.evm xattr, include inode
140 * specific info.
141 *
142 * (Additional directory/file metadata needs to be added for more complete
143 * protection.)
144 */
145 static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
146 char type, char *digest)
147 {
148 struct h_misc {
149 unsigned long ino;
150 __u32 generation;
151 uid_t uid;
152 gid_t gid;
153 umode_t mode;
154 } hmac_misc;
155
156 memset(&hmac_misc, 0, sizeof(hmac_misc));
157 /* Don't include the inode or generation number in portable
158 * signatures
159 */
160 if (type != EVM_XATTR_PORTABLE_DIGSIG) {
161 hmac_misc.ino = inode->i_ino;
162 hmac_misc.generation = inode->i_generation;
163 }
164 /* The hmac uid and gid must be encoded in the initial user
165 * namespace (not the filesystems user namespace) as encoding
166 * them in the filesystems user namespace allows an attack
167 * where first they are written in an unprivileged fuse mount
168 * of a filesystem and then the system is tricked to mount the
169 * filesystem for real on next boot and trust it because
170 * everything is signed.
171 */
172 hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid);
173 hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid);
174 hmac_misc.mode = inode->i_mode;
175 crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc));
176 if ((evm_hmac_attrs & EVM_ATTR_FSUUID) &&
177 type != EVM_XATTR_PORTABLE_DIGSIG)
178 crypto_shash_update(desc, (u8 *)&inode->i_sb->s_uuid, UUID_SIZE);
179 crypto_shash_final(desc, digest);
180
> 181 pr_debug("hmac_misc: (%lu) [%*phN]\n", sizeof(struct h_misc),
182 (int) sizeof(struct h_misc), &hmac_misc);
183 }
184
185 /*
186 * Dump large security xattr values as a continuous ascii hexademical string.
187 * (pr_debug is limited to 64 bytes.)
188 */
189 static void dump_security_xattr(const char *prefix, const void *src, size_t count)
190 {
191 #if defined(DEBUG) || defined(CONFIG_DYNAMIC_DEBUG)
192 char *asciihex, *p;
193
194 p = asciihex = kmalloc(count * 2 + 1, GFP_KERNEL);
195 if (!asciihex)
196 return;
197
198 p = bin2hex(p, src, count);
199 *p = 0;
200 pr_debug("%s: (%lu) %.*s\n", prefix, count, (int) count * 2, asciihex);
201 kfree(asciihex);
202 #endif
203 }
204
205 /*
206 * Calculate the HMAC value across the set of protected security xattrs.
207 *
208 * Instead of retrieving the requested xattr, for performance, calculate
209 * the hmac using the requested xattr value. Don't alloc/free memory for
210 * each xattr, but attempt to re-use the previously allocated memory.
211 */
212 static int evm_calc_hmac_or_hash(struct dentry *dentry,
213 const char *req_xattr_name,
214 const char *req_xattr_value,
215 size_t req_xattr_value_len,
216 uint8_t type, struct evm_digest *data)
217 {
218 struct inode *inode = d_backing_inode(dentry);
219 struct xattr_list *xattr;
220 struct shash_desc *desc;
221 size_t xattr_size = 0;
222 char *xattr_value = NULL;
223 int error;
224 int size;
225 bool ima_present = false;
226
227 if (!(inode->i_opflags & IOP_XATTR) ||
228 inode->i_sb->s_user_ns != &init_user_ns)
229 return -EOPNOTSUPP;
230
231 desc = init_desc(type, data->hdr.algo);
232 if (IS_ERR(desc))
233 return PTR_ERR(desc);
234
235 data->hdr.length = crypto_shash_digestsize(desc->tfm);
236
237 error = -ENODATA;
238 list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
239 bool is_ima = false;
240
241 if (strcmp(xattr->name, XATTR_NAME_IMA) == 0)
242 is_ima = true;
243
244 /*
245 * Skip non-enabled xattrs for locally calculated
246 * signatures/HMACs.
247 */
248 if (type != EVM_XATTR_PORTABLE_DIGSIG && !xattr->enabled)
249 continue;
250
251 if ((req_xattr_name && req_xattr_value)
252 && !strcmp(xattr->name, req_xattr_name)) {
253 error = 0;
254 crypto_shash_update(desc, (const u8 *)req_xattr_value,
255 req_xattr_value_len);
256 if (is_ima)
257 ima_present = true;
258
259 if (req_xattr_value_len < 64)
260 pr_debug("%s: (%lu) [%*phN]\n", req_xattr_name,
> 261 req_xattr_value_len,
262 (int)req_xattr_value_len,
263 req_xattr_value);
264 else
265 dump_security_xattr(req_xattr_name,
266 req_xattr_value,
267 req_xattr_value_len);
268 continue;
269 }
270 size = vfs_getxattr_alloc(&init_user_ns, dentry, xattr->name,
271 &xattr_value, xattr_size, GFP_NOFS);
272 if (size == -ENOMEM) {
273 error = -ENOMEM;
274 goto out;
275 }
276 if (size < 0)
277 continue;
278
279 error = 0;
280 xattr_size = size;
281 crypto_shash_update(desc, (const u8 *)xattr_value, xattr_size);
282 if (is_ima)
283 ima_present = true;
284
285 if (xattr_size < 64)
286 pr_debug("%s: (%lu) [%*phN]", xattr->name, xattr_size,
287 (int)xattr_size, xattr_value);
288 else
289 dump_security_xattr(xattr->name, xattr_value,
290 xattr_size);
291 }
292 hmac_add_misc(desc, inode, type, data->digest);
293
294 /* Portable EVM signatures must include an IMA hash */
295 if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present)
296 error = -EPERM;
297 out:
298 kfree(xattr_value);
299 kfree(desc);
300 return error;
301 }
302
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 34991 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: kernel test robot <lkp@intel.com>
To: kbuild-all@lists.01.org
Subject: [integrity:next-integrity-testing 13/13] security/integrity/evm/evm_crypto.c:181:41: warning: format specifies type 'unsigned long' but the argument has type 'unsigned int'
Date: Sat, 19 Jun 2021 06:46:45 +0800 [thread overview]
Message-ID: <202106190637.Sg2c2F2k-lkp@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 9688 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity-testing
head: 5b5aed323646d2240eb70913841ef06c94d6e9a5
commit: 5b5aed323646d2240eb70913841ef06c94d6e9a5 [13/13] evm: output EVM digest calculation info
config: riscv-randconfig-r003-20210618 (attached as .config)
compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project 64720f57bea6a6bf033feef4a5751ab9c0c3b401)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install riscv cross compiling tool for clang build
# apt-get install binutils-riscv64-linux-gnu
# https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/commit/?id=5b5aed323646d2240eb70913841ef06c94d6e9a5
git remote add integrity https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
git fetch --no-tags integrity next-integrity-testing
git checkout 5b5aed323646d2240eb70913841ef06c94d6e9a5
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
>> security/integrity/evm/evm_crypto.c:181:41: warning: format specifies type 'unsigned long' but the argument has type 'unsigned int' [-Wformat]
pr_debug("hmac_misc: (%lu) [%*phN]\n", sizeof(struct h_misc),
~~~ ^~~~~~~~~~~~~~~~~~~~~
%u
include/linux/printk.h:430:38: note: expanded from macro 'pr_debug'
no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
~~~ ^~~~~~~~~~~
include/linux/printk.h:140:17: note: expanded from macro 'no_printk'
printk(fmt, ##__VA_ARGS__); \
~~~ ^~~~~~~~~~~
>> security/integrity/evm/evm_crypto.c:261:7: warning: format specifies type 'unsigned long' but the argument has type 'size_t' (aka 'unsigned int') [-Wformat]
req_xattr_value_len,
^~~~~~~~~~~~~~~~~~~
include/linux/printk.h:430:38: note: expanded from macro 'pr_debug'
no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
~~~ ^~~~~~~~~~~
include/linux/printk.h:140:17: note: expanded from macro 'no_printk'
printk(fmt, ##__VA_ARGS__); \
~~~ ^~~~~~~~~~~
security/integrity/evm/evm_crypto.c:286:47: warning: format specifies type 'unsigned long' but the argument has type 'size_t' (aka 'unsigned int') [-Wformat]
pr_debug("%s: (%lu) [%*phN]", xattr->name, xattr_size,
~~~ ^~~~~~~~~~
%u
include/linux/printk.h:430:38: note: expanded from macro 'pr_debug'
no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
~~~ ^~~~~~~~~~~
include/linux/printk.h:140:17: note: expanded from macro 'no_printk'
printk(fmt, ##__VA_ARGS__); \
~~~ ^~~~~~~~~~~
3 warnings generated.
vim +181 security/integrity/evm/evm_crypto.c
138
139 /* Protect against 'cutting & pasting' security.evm xattr, include inode
140 * specific info.
141 *
142 * (Additional directory/file metadata needs to be added for more complete
143 * protection.)
144 */
145 static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
146 char type, char *digest)
147 {
148 struct h_misc {
149 unsigned long ino;
150 __u32 generation;
151 uid_t uid;
152 gid_t gid;
153 umode_t mode;
154 } hmac_misc;
155
156 memset(&hmac_misc, 0, sizeof(hmac_misc));
157 /* Don't include the inode or generation number in portable
158 * signatures
159 */
160 if (type != EVM_XATTR_PORTABLE_DIGSIG) {
161 hmac_misc.ino = inode->i_ino;
162 hmac_misc.generation = inode->i_generation;
163 }
164 /* The hmac uid and gid must be encoded in the initial user
165 * namespace (not the filesystems user namespace) as encoding
166 * them in the filesystems user namespace allows an attack
167 * where first they are written in an unprivileged fuse mount
168 * of a filesystem and then the system is tricked to mount the
169 * filesystem for real on next boot and trust it because
170 * everything is signed.
171 */
172 hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid);
173 hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid);
174 hmac_misc.mode = inode->i_mode;
175 crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc));
176 if ((evm_hmac_attrs & EVM_ATTR_FSUUID) &&
177 type != EVM_XATTR_PORTABLE_DIGSIG)
178 crypto_shash_update(desc, (u8 *)&inode->i_sb->s_uuid, UUID_SIZE);
179 crypto_shash_final(desc, digest);
180
> 181 pr_debug("hmac_misc: (%lu) [%*phN]\n", sizeof(struct h_misc),
182 (int) sizeof(struct h_misc), &hmac_misc);
183 }
184
185 /*
186 * Dump large security xattr values as a continuous ascii hexademical string.
187 * (pr_debug is limited to 64 bytes.)
188 */
189 static void dump_security_xattr(const char *prefix, const void *src, size_t count)
190 {
191 #if defined(DEBUG) || defined(CONFIG_DYNAMIC_DEBUG)
192 char *asciihex, *p;
193
194 p = asciihex = kmalloc(count * 2 + 1, GFP_KERNEL);
195 if (!asciihex)
196 return;
197
198 p = bin2hex(p, src, count);
199 *p = 0;
200 pr_debug("%s: (%lu) %.*s\n", prefix, count, (int) count * 2, asciihex);
201 kfree(asciihex);
202 #endif
203 }
204
205 /*
206 * Calculate the HMAC value across the set of protected security xattrs.
207 *
208 * Instead of retrieving the requested xattr, for performance, calculate
209 * the hmac using the requested xattr value. Don't alloc/free memory for
210 * each xattr, but attempt to re-use the previously allocated memory.
211 */
212 static int evm_calc_hmac_or_hash(struct dentry *dentry,
213 const char *req_xattr_name,
214 const char *req_xattr_value,
215 size_t req_xattr_value_len,
216 uint8_t type, struct evm_digest *data)
217 {
218 struct inode *inode = d_backing_inode(dentry);
219 struct xattr_list *xattr;
220 struct shash_desc *desc;
221 size_t xattr_size = 0;
222 char *xattr_value = NULL;
223 int error;
224 int size;
225 bool ima_present = false;
226
227 if (!(inode->i_opflags & IOP_XATTR) ||
228 inode->i_sb->s_user_ns != &init_user_ns)
229 return -EOPNOTSUPP;
230
231 desc = init_desc(type, data->hdr.algo);
232 if (IS_ERR(desc))
233 return PTR_ERR(desc);
234
235 data->hdr.length = crypto_shash_digestsize(desc->tfm);
236
237 error = -ENODATA;
238 list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
239 bool is_ima = false;
240
241 if (strcmp(xattr->name, XATTR_NAME_IMA) == 0)
242 is_ima = true;
243
244 /*
245 * Skip non-enabled xattrs for locally calculated
246 * signatures/HMACs.
247 */
248 if (type != EVM_XATTR_PORTABLE_DIGSIG && !xattr->enabled)
249 continue;
250
251 if ((req_xattr_name && req_xattr_value)
252 && !strcmp(xattr->name, req_xattr_name)) {
253 error = 0;
254 crypto_shash_update(desc, (const u8 *)req_xattr_value,
255 req_xattr_value_len);
256 if (is_ima)
257 ima_present = true;
258
259 if (req_xattr_value_len < 64)
260 pr_debug("%s: (%lu) [%*phN]\n", req_xattr_name,
> 261 req_xattr_value_len,
262 (int)req_xattr_value_len,
263 req_xattr_value);
264 else
265 dump_security_xattr(req_xattr_name,
266 req_xattr_value,
267 req_xattr_value_len);
268 continue;
269 }
270 size = vfs_getxattr_alloc(&init_user_ns, dentry, xattr->name,
271 &xattr_value, xattr_size, GFP_NOFS);
272 if (size == -ENOMEM) {
273 error = -ENOMEM;
274 goto out;
275 }
276 if (size < 0)
277 continue;
278
279 error = 0;
280 xattr_size = size;
281 crypto_shash_update(desc, (const u8 *)xattr_value, xattr_size);
282 if (is_ima)
283 ima_present = true;
284
285 if (xattr_size < 64)
286 pr_debug("%s: (%lu) [%*phN]", xattr->name, xattr_size,
287 (int)xattr_size, xattr_value);
288 else
289 dump_security_xattr(xattr->name, xattr_value,
290 xattr_size);
291 }
292 hmac_add_misc(desc, inode, type, data->digest);
293
294 /* Portable EVM signatures must include an IMA hash */
295 if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present)
296 error = -EPERM;
297 out:
298 kfree(xattr_value);
299 kfree(desc);
300 return error;
301 }
302
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 34991 bytes --]
next reply other threads:[~2021-06-18 22:47 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-18 22:46 kernel test robot [this message]
2021-06-18 22:46 ` [integrity:next-integrity-testing 13/13] security/integrity/evm/evm_crypto.c:181:41: warning: format specifies type 'unsigned long' but the argument has type 'unsigned int' kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202106190637.Sg2c2F2k-lkp@intel.com \
--to=lkp@intel.com \
--cc=clang-built-linux@googlegroups.com \
--cc=kbuild-all@lists.01.org \
--cc=linux-integrity@vger.kernel.org \
--cc=nramas@linux.microsoft.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.