* [zohar-integrity:next-integrity-testing 1/1] security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
@ 2021-09-14 22:30 ` kernel test robot
0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2021-09-14 22:30 UTC (permalink / raw)
To: liqiong; +Cc: kbuild-all, linux-integrity, Mimi Zohar, THOBY Simon
[-- Attachment #1: Type: text/plain, Size: 5573 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity-testing
head: 836f7b6ca082b7031d2687b3493eefd104ddc060
commit: 836f7b6ca082b7031d2687b3493eefd104ddc060 [1/1] ima: fix deadlock when traversing "ima_default_rules".
config: x86_64-rhel-8.3-kselftests (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce:
# apt-get install sparse
# sparse version: v0.6.4-dirty
# https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/commit/?id=836f7b6ca082b7031d2687b3493eefd104ddc060
git remote add zohar-integrity https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
git fetch --no-tags zohar-integrity next-integrity-testing
git checkout 836f7b6ca082b7031d2687b3493eefd104ddc060
# save the attached .config to linux build tree
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=x86_64 SHELL=/bin/bash
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
sparse warnings: (new ones prefixed by >>)
>> security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
>> security/integrity/ima/ima_policy.c:684:25: sparse: struct list_head [noderef] __rcu *
>> security/integrity/ima/ima_policy.c:684:25: sparse: struct list_head *
security/integrity/ima/ima_policy.c:976:17: sparse: sparse: incompatible types in comparison expression (different address spaces):
security/integrity/ima/ima_policy.c:976:17: sparse: struct list_head [noderef] __rcu *
security/integrity/ima/ima_policy.c:976:17: sparse: struct list_head *
security/integrity/ima/ima_policy.c:1776:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
security/integrity/ima/ima_policy.c:1776:25: sparse: struct list_head [noderef] __rcu *
security/integrity/ima/ima_policy.c:1776:25: sparse: struct list_head *
security/integrity/ima/ima_policy.c:2030:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
security/integrity/ima/ima_policy.c:2030:25: sparse: struct list_head [noderef] __rcu *
security/integrity/ima/ima_policy.c:2030:25: sparse: struct list_head *
vim +684 security/integrity/ima/ima_policy.c
648
649 /**
650 * ima_match_policy - decision based on LSM and other conditions
651 * @mnt_userns: user namespace of the mount the inode was found from
652 * @inode: pointer to an inode for which the policy decision is being made
653 * @cred: pointer to a credentials structure for which the policy decision is
654 * being made
655 * @secid: LSM secid of the task to be validated
656 * @func: IMA hook identifier
657 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
658 * @pcr: set the pcr to extend
659 * @template_desc: the template that should be used for this rule
660 * @func_data: func specific data, may be NULL
661 * @allowed_algos: allowlist of hash algorithms for the IMA xattr
662 *
663 * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type)
664 * conditions.
665 *
666 * Since the IMA policy may be updated multiple times we need to lock the
667 * list when walking it. Reads are many orders of magnitude more numerous
668 * than writes so ima_match_policy() is classical RCU candidate.
669 */
670 int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode,
671 const struct cred *cred, u32 secid, enum ima_hooks func,
672 int mask, int flags, int *pcr,
673 struct ima_template_desc **template_desc,
674 const char *func_data, unsigned int *allowed_algos)
675 {
676 struct ima_rule_entry *entry;
677 int action = 0, actmask = flags | (flags << 1);
678 struct list_head *ima_rules_tmp;
679
680 if (template_desc && !*template_desc)
681 *template_desc = ima_template_desc_current();
682
683 rcu_read_lock();
> 684 ima_rules_tmp = rcu_dereference(ima_rules);
685 list_for_each_entry_rcu(entry, ima_rules_tmp, list) {
686
687 if (!(entry->action & actmask))
688 continue;
689
690 if (!ima_match_rules(entry, mnt_userns, inode, cred, secid,
691 func, mask, func_data))
692 continue;
693
694 action |= entry->flags & IMA_ACTION_FLAGS;
695
696 action |= entry->action & IMA_DO_MASK;
697 if (entry->action & IMA_APPRAISE) {
698 action |= get_subaction(entry, func);
699 action &= ~IMA_HASH;
700 if (ima_fail_unverifiable_sigs)
701 action |= IMA_FAIL_UNVERIFIABLE_SIGS;
702
703 if (allowed_algos &&
704 entry->flags & IMA_VALIDATE_ALGOS)
705 *allowed_algos = entry->allowed_algos;
706 }
707
708 if (entry->action & IMA_DO_MASK)
709 actmask &= ~(entry->action | entry->action << 1);
710 else
711 actmask &= ~(entry->action | entry->action >> 1);
712
713 if ((pcr) && (entry->flags & IMA_PCR))
714 *pcr = entry->pcr;
715
716 if (template_desc && entry->template)
717 *template_desc = entry->template;
718
719 if (!actmask)
720 break;
721 }
722 rcu_read_unlock();
723
724 return action;
725 }
726
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 42057 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* [zohar-integrity:next-integrity-testing 1/1] security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
@ 2021-09-14 22:30 ` kernel test robot
0 siblings, 0 replies; 8+ messages in thread
From: kernel test robot @ 2021-09-14 22:30 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 5693 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity-testing
head: 836f7b6ca082b7031d2687b3493eefd104ddc060
commit: 836f7b6ca082b7031d2687b3493eefd104ddc060 [1/1] ima: fix deadlock when traversing "ima_default_rules".
config: x86_64-rhel-8.3-kselftests (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce:
# apt-get install sparse
# sparse version: v0.6.4-dirty
# https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/commit/?id=836f7b6ca082b7031d2687b3493eefd104ddc060
git remote add zohar-integrity https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
git fetch --no-tags zohar-integrity next-integrity-testing
git checkout 836f7b6ca082b7031d2687b3493eefd104ddc060
# save the attached .config to linux build tree
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=x86_64 SHELL=/bin/bash
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
sparse warnings: (new ones prefixed by >>)
>> security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
>> security/integrity/ima/ima_policy.c:684:25: sparse: struct list_head [noderef] __rcu *
>> security/integrity/ima/ima_policy.c:684:25: sparse: struct list_head *
security/integrity/ima/ima_policy.c:976:17: sparse: sparse: incompatible types in comparison expression (different address spaces):
security/integrity/ima/ima_policy.c:976:17: sparse: struct list_head [noderef] __rcu *
security/integrity/ima/ima_policy.c:976:17: sparse: struct list_head *
security/integrity/ima/ima_policy.c:1776:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
security/integrity/ima/ima_policy.c:1776:25: sparse: struct list_head [noderef] __rcu *
security/integrity/ima/ima_policy.c:1776:25: sparse: struct list_head *
security/integrity/ima/ima_policy.c:2030:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
security/integrity/ima/ima_policy.c:2030:25: sparse: struct list_head [noderef] __rcu *
security/integrity/ima/ima_policy.c:2030:25: sparse: struct list_head *
vim +684 security/integrity/ima/ima_policy.c
648
649 /**
650 * ima_match_policy - decision based on LSM and other conditions
651 * @mnt_userns: user namespace of the mount the inode was found from
652 * @inode: pointer to an inode for which the policy decision is being made
653 * @cred: pointer to a credentials structure for which the policy decision is
654 * being made
655 * @secid: LSM secid of the task to be validated
656 * @func: IMA hook identifier
657 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
658 * @pcr: set the pcr to extend
659 * @template_desc: the template that should be used for this rule
660 * @func_data: func specific data, may be NULL
661 * @allowed_algos: allowlist of hash algorithms for the IMA xattr
662 *
663 * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type)
664 * conditions.
665 *
666 * Since the IMA policy may be updated multiple times we need to lock the
667 * list when walking it. Reads are many orders of magnitude more numerous
668 * than writes so ima_match_policy() is classical RCU candidate.
669 */
670 int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode,
671 const struct cred *cred, u32 secid, enum ima_hooks func,
672 int mask, int flags, int *pcr,
673 struct ima_template_desc **template_desc,
674 const char *func_data, unsigned int *allowed_algos)
675 {
676 struct ima_rule_entry *entry;
677 int action = 0, actmask = flags | (flags << 1);
678 struct list_head *ima_rules_tmp;
679
680 if (template_desc && !*template_desc)
681 *template_desc = ima_template_desc_current();
682
683 rcu_read_lock();
> 684 ima_rules_tmp = rcu_dereference(ima_rules);
685 list_for_each_entry_rcu(entry, ima_rules_tmp, list) {
686
687 if (!(entry->action & actmask))
688 continue;
689
690 if (!ima_match_rules(entry, mnt_userns, inode, cred, secid,
691 func, mask, func_data))
692 continue;
693
694 action |= entry->flags & IMA_ACTION_FLAGS;
695
696 action |= entry->action & IMA_DO_MASK;
697 if (entry->action & IMA_APPRAISE) {
698 action |= get_subaction(entry, func);
699 action &= ~IMA_HASH;
700 if (ima_fail_unverifiable_sigs)
701 action |= IMA_FAIL_UNVERIFIABLE_SIGS;
702
703 if (allowed_algos &&
704 entry->flags & IMA_VALIDATE_ALGOS)
705 *allowed_algos = entry->allowed_algos;
706 }
707
708 if (entry->action & IMA_DO_MASK)
709 actmask &= ~(entry->action | entry->action << 1);
710 else
711 actmask &= ~(entry->action | entry->action >> 1);
712
713 if ((pcr) && (entry->flags & IMA_PCR))
714 *pcr = entry->pcr;
715
716 if (template_desc && entry->template)
717 *template_desc = entry->template;
718
719 if (!actmask)
720 break;
721 }
722 rcu_read_unlock();
723
724 return action;
725 }
726
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 42057 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [zohar-integrity:next-integrity-testing 1/1] security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
2021-09-14 22:30 ` kernel test robot
@ 2021-09-16 12:05 ` liqiong
-1 siblings, 0 replies; 8+ messages in thread
From: liqiong @ 2021-09-16 12:05 UTC (permalink / raw)
To: Mimi Zohar; +Cc: kernel test robot, kbuild-all, linux-integrity, THOBY Simon
Hi Mini,
I got this sparse warnings, should i fix it ?
It seems the follow patch can fix, but i don't think should do
this check (ima_rules_tmp == NULL).
-static struct list_head *ima_rules = &ima_default_rules;
+static struct list_head __rcu *ima_rules = (struct list_head __rcu *)(&ima_default_rules);
ima_rules_tmp = rcu_dereference(ima_rules);
+if (ima_rules_tmp == NULL)
+ return ;
--
Thanks,
Liqiong
在 2021年09月15日 06:30, kernel test robot 写道:
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity-testing
> head: 836f7b6ca082b7031d2687b3493eefd104ddc060
> commit: 836f7b6ca082b7031d2687b3493eefd104ddc060 [1/1] ima: fix deadlock when traversing "ima_default_rules".
> config: x86_64-rhel-8.3-kselftests (attached as .config)
> compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> reproduce:
> # apt-get install sparse
> # sparse version: v0.6.4-dirty
> # https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/commit/?id=836f7b6ca082b7031d2687b3493eefd104ddc060
> git remote add zohar-integrity https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
> git fetch --no-tags zohar-integrity next-integrity-testing
> git checkout 836f7b6ca082b7031d2687b3493eefd104ddc060
> # save the attached .config to linux build tree
> make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=x86_64 SHELL=/bin/bash
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
>
>
> sparse warnings: (new ones prefixed by >>)
>>> security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
>>> security/integrity/ima/ima_policy.c:684:25: sparse: struct list_head [noderef] __rcu *
>>> security/integrity/ima/ima_policy.c:684:25: sparse: struct list_head *
> security/integrity/ima/ima_policy.c:976:17: sparse: sparse: incompatible types in comparison expression (different address spaces):
> security/integrity/ima/ima_policy.c:976:17: sparse: struct list_head [noderef] __rcu *
> security/integrity/ima/ima_policy.c:976:17: sparse: struct list_head *
> security/integrity/ima/ima_policy.c:1776:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
> security/integrity/ima/ima_policy.c:1776:25: sparse: struct list_head [noderef] __rcu *
> security/integrity/ima/ima_policy.c:1776:25: sparse: struct list_head *
> security/integrity/ima/ima_policy.c:2030:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
> security/integrity/ima/ima_policy.c:2030:25: sparse: struct list_head [noderef] __rcu *
> security/integrity/ima/ima_policy.c:2030:25: sparse: struct list_head *
>
> vim +684 security/integrity/ima/ima_policy.c
>
> 648
> 649 /**
> 650 * ima_match_policy - decision based on LSM and other conditions
> 651 * @mnt_userns: user namespace of the mount the inode was found from
> 652 * @inode: pointer to an inode for which the policy decision is being made
> 653 * @cred: pointer to a credentials structure for which the policy decision is
> 654 * being made
> 655 * @secid: LSM secid of the task to be validated
> 656 * @func: IMA hook identifier
> 657 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
> 658 * @pcr: set the pcr to extend
> 659 * @template_desc: the template that should be used for this rule
> 660 * @func_data: func specific data, may be NULL
> 661 * @allowed_algos: allowlist of hash algorithms for the IMA xattr
> 662 *
> 663 * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type)
> 664 * conditions.
> 665 *
> 666 * Since the IMA policy may be updated multiple times we need to lock the
> 667 * list when walking it. Reads are many orders of magnitude more numerous
> 668 * than writes so ima_match_policy() is classical RCU candidate.
> 669 */
> 670 int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode,
> 671 const struct cred *cred, u32 secid, enum ima_hooks func,
> 672 int mask, int flags, int *pcr,
> 673 struct ima_template_desc **template_desc,
> 674 const char *func_data, unsigned int *allowed_algos)
> 675 {
> 676 struct ima_rule_entry *entry;
> 677 int action = 0, actmask = flags | (flags << 1);
> 678 struct list_head *ima_rules_tmp;
> 679
> 680 if (template_desc && !*template_desc)
> 681 *template_desc = ima_template_desc_current();
> 682
> 683 rcu_read_lock();
> > 684 ima_rules_tmp = rcu_dereference(ima_rules);
> 685 list_for_each_entry_rcu(entry, ima_rules_tmp, list) {
> 686
> 687 if (!(entry->action & actmask))
> 688 continue;
> 689
> 690 if (!ima_match_rules(entry, mnt_userns, inode, cred, secid,
> 691 func, mask, func_data))
> 692 continue;
> 693
> 694 action |= entry->flags & IMA_ACTION_FLAGS;
> 695
> 696 action |= entry->action & IMA_DO_MASK;
> 697 if (entry->action & IMA_APPRAISE) {
> 698 action |= get_subaction(entry, func);
> 699 action &= ~IMA_HASH;
> 700 if (ima_fail_unverifiable_sigs)
> 701 action |= IMA_FAIL_UNVERIFIABLE_SIGS;
> 702
> 703 if (allowed_algos &&
> 704 entry->flags & IMA_VALIDATE_ALGOS)
> 705 *allowed_algos = entry->allowed_algos;
> 706 }
> 707
> 708 if (entry->action & IMA_DO_MASK)
> 709 actmask &= ~(entry->action | entry->action << 1);
> 710 else
> 711 actmask &= ~(entry->action | entry->action >> 1);
> 712
> 713 if ((pcr) && (entry->flags & IMA_PCR))
> 714 *pcr = entry->pcr;
> 715
> 716 if (template_desc && entry->template)
> 717 *template_desc = entry->template;
> 718
> 719 if (!actmask)
> 720 break;
> 721 }
> 722 rcu_read_unlock();
> 723
> 724 return action;
> 725 }
> 726
>
> ---
> 0-DAY CI Kernel Test Service, Intel Corporation
> https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [zohar-integrity:next-integrity-testing 1/1] security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
@ 2021-09-16 12:05 ` liqiong
0 siblings, 0 replies; 8+ messages in thread
From: liqiong @ 2021-09-16 12:05 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 6408 bytes --]
Hi Mini,
I got this sparse warnings, should i fix it ?
It seems the follow patch can fix, but i don't think should do
this check (ima_rules_tmp == NULL).
-static struct list_head *ima_rules = &ima_default_rules;
+static struct list_head __rcu *ima_rules = (struct list_head __rcu *)(&ima_default_rules);
ima_rules_tmp = rcu_dereference(ima_rules);
+if (ima_rules_tmp == NULL)
+ return ;
--
Thanks,
Liqiong
在 2021年09月15日 06:30, kernel test robot 写道:
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity-testing
> head: 836f7b6ca082b7031d2687b3493eefd104ddc060
> commit: 836f7b6ca082b7031d2687b3493eefd104ddc060 [1/1] ima: fix deadlock when traversing "ima_default_rules".
> config: x86_64-rhel-8.3-kselftests (attached as .config)
> compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
> reproduce:
> # apt-get install sparse
> # sparse version: v0.6.4-dirty
> # https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/commit/?id=836f7b6ca082b7031d2687b3493eefd104ddc060
> git remote add zohar-integrity https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
> git fetch --no-tags zohar-integrity next-integrity-testing
> git checkout 836f7b6ca082b7031d2687b3493eefd104ddc060
> # save the attached .config to linux build tree
> make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=x86_64 SHELL=/bin/bash
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
>
>
> sparse warnings: (new ones prefixed by >>)
>>> security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
>>> security/integrity/ima/ima_policy.c:684:25: sparse: struct list_head [noderef] __rcu *
>>> security/integrity/ima/ima_policy.c:684:25: sparse: struct list_head *
> security/integrity/ima/ima_policy.c:976:17: sparse: sparse: incompatible types in comparison expression (different address spaces):
> security/integrity/ima/ima_policy.c:976:17: sparse: struct list_head [noderef] __rcu *
> security/integrity/ima/ima_policy.c:976:17: sparse: struct list_head *
> security/integrity/ima/ima_policy.c:1776:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
> security/integrity/ima/ima_policy.c:1776:25: sparse: struct list_head [noderef] __rcu *
> security/integrity/ima/ima_policy.c:1776:25: sparse: struct list_head *
> security/integrity/ima/ima_policy.c:2030:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
> security/integrity/ima/ima_policy.c:2030:25: sparse: struct list_head [noderef] __rcu *
> security/integrity/ima/ima_policy.c:2030:25: sparse: struct list_head *
>
> vim +684 security/integrity/ima/ima_policy.c
>
> 648
> 649 /**
> 650 * ima_match_policy - decision based on LSM and other conditions
> 651 * @mnt_userns: user namespace of the mount the inode was found from
> 652 * @inode: pointer to an inode for which the policy decision is being made
> 653 * @cred: pointer to a credentials structure for which the policy decision is
> 654 * being made
> 655 * @secid: LSM secid of the task to be validated
> 656 * @func: IMA hook identifier
> 657 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
> 658 * @pcr: set the pcr to extend
> 659 * @template_desc: the template that should be used for this rule
> 660 * @func_data: func specific data, may be NULL
> 661 * @allowed_algos: allowlist of hash algorithms for the IMA xattr
> 662 *
> 663 * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type)
> 664 * conditions.
> 665 *
> 666 * Since the IMA policy may be updated multiple times we need to lock the
> 667 * list when walking it. Reads are many orders of magnitude more numerous
> 668 * than writes so ima_match_policy() is classical RCU candidate.
> 669 */
> 670 int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode,
> 671 const struct cred *cred, u32 secid, enum ima_hooks func,
> 672 int mask, int flags, int *pcr,
> 673 struct ima_template_desc **template_desc,
> 674 const char *func_data, unsigned int *allowed_algos)
> 675 {
> 676 struct ima_rule_entry *entry;
> 677 int action = 0, actmask = flags | (flags << 1);
> 678 struct list_head *ima_rules_tmp;
> 679
> 680 if (template_desc && !*template_desc)
> 681 *template_desc = ima_template_desc_current();
> 682
> 683 rcu_read_lock();
> > 684 ima_rules_tmp = rcu_dereference(ima_rules);
> 685 list_for_each_entry_rcu(entry, ima_rules_tmp, list) {
> 686
> 687 if (!(entry->action & actmask))
> 688 continue;
> 689
> 690 if (!ima_match_rules(entry, mnt_userns, inode, cred, secid,
> 691 func, mask, func_data))
> 692 continue;
> 693
> 694 action |= entry->flags & IMA_ACTION_FLAGS;
> 695
> 696 action |= entry->action & IMA_DO_MASK;
> 697 if (entry->action & IMA_APPRAISE) {
> 698 action |= get_subaction(entry, func);
> 699 action &= ~IMA_HASH;
> 700 if (ima_fail_unverifiable_sigs)
> 701 action |= IMA_FAIL_UNVERIFIABLE_SIGS;
> 702
> 703 if (allowed_algos &&
> 704 entry->flags & IMA_VALIDATE_ALGOS)
> 705 *allowed_algos = entry->allowed_algos;
> 706 }
> 707
> 708 if (entry->action & IMA_DO_MASK)
> 709 actmask &= ~(entry->action | entry->action << 1);
> 710 else
> 711 actmask &= ~(entry->action | entry->action >> 1);
> 712
> 713 if ((pcr) && (entry->flags & IMA_PCR))
> 714 *pcr = entry->pcr;
> 715
> 716 if (template_desc && entry->template)
> 717 *template_desc = entry->template;
> 718
> 719 if (!actmask)
> 720 break;
> 721 }
> 722 rcu_read_unlock();
> 723
> 724 return action;
> 725 }
> 726
>
> ---
> 0-DAY CI Kernel Test Service, Intel Corporation
> https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [zohar-integrity:next-integrity-testing 1/1] security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
2021-09-16 12:05 ` liqiong
@ 2021-09-17 14:27 ` Mimi Zohar
-1 siblings, 0 replies; 8+ messages in thread
From: Mimi Zohar @ 2021-09-17 14:27 UTC (permalink / raw)
To: liqiong; +Cc: kernel test robot, kbuild-all, linux-integrity, THOBY Simon
On Thu, 2021-09-16 at 20:05 +0800, liqiong wrote:
> Hi Mini,
>
> I got this sparse warnings, should i fix it ?
>
> It seems the follow patch can fix, but i don't think should do
> this check (ima_rules_tmp == NULL).
>
>
> -static struct list_head *ima_rules = &ima_default_rules;
> +static struct list_head __rcu *ima_rules = (struct list_head __rcu *)(&ima_default_rules);
>
> ima_rules_tmp = rcu_dereference(ima_rules);
> +if (ima_rules_tmp == NULL)
> + return ;
Agreed, the "__rcu" annotation is missing. Probably both ima_rules
and ima_rules_tmp should be annotated with "__rcu". Agreed,
ima_rules_tmp will either point to the default or custom policy rules.
No need for the check.
Please post a new version of the patch, with "Reported-by: kernel test
robot <lkp@intel.com> (Fix sparse: incompatible types in comparison
expression)".
thanks,
Mimi
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [zohar-integrity:next-integrity-testing 1/1] security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
@ 2021-09-17 14:27 ` Mimi Zohar
0 siblings, 0 replies; 8+ messages in thread
From: Mimi Zohar @ 2021-09-17 14:27 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 895 bytes --]
On Thu, 2021-09-16 at 20:05 +0800, liqiong wrote:
> Hi Mini,
>
> I got this sparse warnings, should i fix it ?
>
> It seems the follow patch can fix, but i don't think should do
> this check (ima_rules_tmp == NULL).
>
>
> -static struct list_head *ima_rules = &ima_default_rules;
> +static struct list_head __rcu *ima_rules = (struct list_head __rcu *)(&ima_default_rules);
>
> ima_rules_tmp = rcu_dereference(ima_rules);
> +if (ima_rules_tmp == NULL)
> + return ;
Agreed, the "__rcu" annotation is missing. Probably both ima_rules
and ima_rules_tmp should be annotated with "__rcu". Agreed,
ima_rules_tmp will either point to the default or custom policy rules.
No need for the check.
Please post a new version of the patch, with "Reported-by: kernel test
robot <lkp@intel.com> (Fix sparse: incompatible types in comparison
expression)".
thanks,
Mimi
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [zohar-integrity:next-integrity-testing 1/1] security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
2021-09-17 14:27 ` Mimi Zohar
@ 2021-09-18 2:49 ` liqiong
-1 siblings, 0 replies; 8+ messages in thread
From: liqiong @ 2021-09-18 2:49 UTC (permalink / raw)
To: Mimi Zohar; +Cc: kernel test robot, kbuild-all, linux-integrity, THOBY Simon
Hi Mimi,
According to "Documentation/RCU/rcu_dereference":
"->rcu_protected_pointer might be declared as follows:
struct foo __rcu *rcu_protected_pointer; "
it seems only "ima_rules" should add "__rcu" annotation,
because it a "rcu_protected_pointer". "sparse" only check this
pointer. Adding ""__rcu" annotation to "ima_rules_tmp", it
could not help to avoid the warnings.
在 2021年09月17日 22:27, Mimi Zohar 写道:
> On Thu, 2021-09-16 at 20:05 +0800, liqiong wrote:
>> Hi Mini,
>>
>> I got this sparse warnings, should i fix it ?
>>
>> It seems the follow patch can fix, but i don't think should do
>> this check (ima_rules_tmp == NULL).
>>
>>
>> -static struct list_head *ima_rules = &ima_default_rules;
>> +static struct list_head __rcu *ima_rules = (struct list_head __rcu *)(&ima_default_rules);
>>
>> ima_rules_tmp = rcu_dereference(ima_rules);
>> +if (ima_rules_tmp == NULL)
>> + return ;
> Agreed, the "__rcu" annotation is missing. Probably both ima_rules
> and ima_rules_tmp should be annotated with "__rcu". Agreed,
> ima_rules_tmp will either point to the default or custom policy rules.
> No need for the check.
>
> Please post a new version of the patch, with "Reported-by: kernel test
> robot <lkp@intel.com> (Fix sparse: incompatible types in comparison
> expression)".
>
> thanks,
>
> Mimi
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [zohar-integrity:next-integrity-testing 1/1] security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
@ 2021-09-18 2:49 ` liqiong
0 siblings, 0 replies; 8+ messages in thread
From: liqiong @ 2021-09-18 2:49 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 1374 bytes --]
Hi Mimi,
According to "Documentation/RCU/rcu_dereference":
"->rcu_protected_pointer might be declared as follows:
struct foo __rcu *rcu_protected_pointer; "
it seems only "ima_rules" should add "__rcu" annotation,
because it a "rcu_protected_pointer". "sparse" only check this
pointer. Adding ""__rcu" annotation to "ima_rules_tmp", it
could not help to avoid the warnings.
在 2021年09月17日 22:27, Mimi Zohar 写道:
> On Thu, 2021-09-16 at 20:05 +0800, liqiong wrote:
>> Hi Mini,
>>
>> I got this sparse warnings, should i fix it ?
>>
>> It seems the follow patch can fix, but i don't think should do
>> this check (ima_rules_tmp == NULL).
>>
>>
>> -static struct list_head *ima_rules = &ima_default_rules;
>> +static struct list_head __rcu *ima_rules = (struct list_head __rcu *)(&ima_default_rules);
>>
>> ima_rules_tmp = rcu_dereference(ima_rules);
>> +if (ima_rules_tmp == NULL)
>> + return ;
> Agreed, the "__rcu" annotation is missing. Probably both ima_rules
> and ima_rules_tmp should be annotated with "__rcu". Agreed,
> ima_rules_tmp will either point to the default or custom policy rules.
> No need for the check.
>
> Please post a new version of the patch, with "Reported-by: kernel test
> robot <lkp@intel.com> (Fix sparse: incompatible types in comparison
> expression)".
>
> thanks,
>
> Mimi
>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-09-18 2:49 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-14 22:30 [zohar-integrity:next-integrity-testing 1/1] security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces): kernel test robot
2021-09-14 22:30 ` kernel test robot
2021-09-16 12:05 ` liqiong
2021-09-16 12:05 ` liqiong
2021-09-17 14:27 ` Mimi Zohar
2021-09-17 14:27 ` Mimi Zohar
2021-09-18 2:49 ` liqiong
2021-09-18 2:49 ` liqiong
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.