linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 1/5] doc: Fix warning in Documentation/security/IMA-templates.rst
@ 2021-06-08 12:31 Roberto Sassu
  2021-06-08 12:31 ` [PATCH 2/5] ima: Set correct casting types Roberto Sassu
                   ` (3 more replies)
  0 siblings, 4 replies; 5+ messages in thread
From: Roberto Sassu @ 2021-06-08 12:31 UTC (permalink / raw)
  To: zohar, sfr
  Cc: linux-integrity, linux-security-module, linux-next, linux-doc,
	linux-kernel, Roberto Sassu

This patch fixes the warning:

Documentation/security/IMA-templates.rst:81: WARNING: Inline
substitution_reference start-string without end-string.

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 Documentation/security/IMA-templates.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Documentation/security/IMA-templates.rst b/Documentation/security/IMA-templates.rst
index 5adc22f99496..1a91d92950a7 100644
--- a/Documentation/security/IMA-templates.rst
+++ b/Documentation/security/IMA-templates.rst
@@ -78,7 +78,7 @@ descriptors by adding their identifier to the format string
  - 'iuid': the inode UID;
  - 'igid': the inode GID;
  - 'imode': the inode mode;
- - 'xattrnames': a list of xattr names (separated by |), only if the xattr is
+ - 'xattrnames': a list of xattr names (separated by ``|``), only if the xattr is
     present;
  - 'xattrlengths': a list of xattr lengths (u32), only if the xattr is present;
  - 'xattrvalues': a list of xattr values;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 2/5] ima: Set correct casting types
  2021-06-08 12:31 [PATCH 1/5] doc: Fix warning in Documentation/security/IMA-templates.rst Roberto Sassu
@ 2021-06-08 12:31 ` Roberto Sassu
  2021-06-08 12:31 ` [PATCH 3/5] ima/evm: Fix type mismatch Roberto Sassu
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 5+ messages in thread
From: Roberto Sassu @ 2021-06-08 12:31 UTC (permalink / raw)
  To: zohar, sfr
  Cc: linux-integrity, linux-security-module, linux-next, linux-doc,
	linux-kernel, Roberto Sassu, kernel test robot

The code expects that the values being parsed from a buffer when the
ima_canonical_fmt global variable is true are in little endian. Thus, this
patch sets the casting types accordingly.

Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 security/integrity/ima/ima_template.c     |  8 ++++----
 security/integrity/ima/ima_template_lib.c | 11 ++++++-----
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index a85963853a91..694560396be0 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -423,9 +423,9 @@ int ima_restore_measurement_list(loff_t size, void *buf)
 		return 0;
 
 	if (ima_canonical_fmt) {
-		khdr->version = le16_to_cpu(khdr->version);
-		khdr->count = le64_to_cpu(khdr->count);
-		khdr->buffer_size = le64_to_cpu(khdr->buffer_size);
+		khdr->version = le16_to_cpu((__force __le16)khdr->version);
+		khdr->count = le64_to_cpu((__force __le64)khdr->count);
+		khdr->buffer_size = le64_to_cpu((__force __le64)khdr->buffer_size);
 	}
 
 	if (khdr->version != 1) {
@@ -515,7 +515,7 @@ int ima_restore_measurement_list(loff_t size, void *buf)
 		}
 
 		entry->pcr = !ima_canonical_fmt ? *(u32 *)(hdr[HDR_PCR].data) :
-			     le32_to_cpu(*(u32 *)(hdr[HDR_PCR].data));
+			     le32_to_cpu(*(__le32 *)(hdr[HDR_PCR].data));
 		ret = ima_restore_measurement_entry(entry);
 		if (ret < 0)
 			break;
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
index 518fd50ea48a..3f8d53a03612 100644
--- a/security/integrity/ima/ima_template_lib.c
+++ b/security/integrity/ima/ima_template_lib.c
@@ -98,21 +98,21 @@ static void ima_show_template_data_ascii(struct seq_file *m,
 		case sizeof(u16):
 			if (ima_canonical_fmt)
 				seq_printf(m, "%u",
-					   le16_to_cpu(*(u16 *)buf_ptr));
+					   le16_to_cpu(*(__le16 *)buf_ptr));
 			else
 				seq_printf(m, "%u", *(u16 *)buf_ptr);
 			break;
 		case sizeof(u32):
 			if (ima_canonical_fmt)
 				seq_printf(m, "%u",
-					   le32_to_cpu(*(u32 *)buf_ptr));
+					   le32_to_cpu(*(__le32 *)buf_ptr));
 			else
 				seq_printf(m, "%u", *(u32 *)buf_ptr);
 			break;
 		case sizeof(u64):
 			if (ima_canonical_fmt)
 				seq_printf(m, "%llu",
-					   le64_to_cpu(*(u64 *)buf_ptr));
+					   le64_to_cpu(*(__le64 *)buf_ptr));
 			else
 				seq_printf(m, "%llu", *(u64 *)buf_ptr);
 			break;
@@ -226,9 +226,10 @@ int ima_parse_buf(void *bufstartp, void *bufendp, void **bufcurp,
 			if (bufp > (bufendp - sizeof(u32)))
 				break;
 
-			fields[i].len = *(u32 *)bufp;
 			if (ima_canonical_fmt)
-				fields[i].len = le32_to_cpu(fields[i].len);
+				fields[i].len = le32_to_cpu(*(__le32 *)bufp);
+			else
+				fields[i].len = *(u32 *)bufp;
 
 			bufp += sizeof(u32);
 		}
-- 
2.25.1


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 3/5] ima/evm: Fix type mismatch
  2021-06-08 12:31 [PATCH 1/5] doc: Fix warning in Documentation/security/IMA-templates.rst Roberto Sassu
  2021-06-08 12:31 ` [PATCH 2/5] ima: Set correct casting types Roberto Sassu
@ 2021-06-08 12:31 ` Roberto Sassu
  2021-06-08 12:31 ` [PATCH 4/5] ima: Include header defining ima_post_key_create_or_update() Roberto Sassu
  2021-06-08 12:31 ` [PATCH 5/5] ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect() Roberto Sassu
  3 siblings, 0 replies; 5+ messages in thread
From: Roberto Sassu @ 2021-06-08 12:31 UTC (permalink / raw)
  To: zohar, sfr
  Cc: linux-integrity, linux-security-module, linux-next, linux-doc,
	linux-kernel, Roberto Sassu, kernel test robot

The endianness of a variable written to the measurement list cannot be
determined at compile time, as it depends on the value of the
ima_canonical_fmt global variable (set through a kernel option with the
same name if the machine is big endian).

If ima_canonical_fmt is false, the endianness of a variable is the same as
the machine; if ima_canonical_fmt is true, the endianness is little endian.
The warning arises due to this type of instruction:

var = cpu_to_leXX(var)

which tries to assign a value in little endian to a variable with native
endianness (little or big endian).

Given that the variables set with this instruction are not used in any
operation but just written to a buffer, it is safe to force the type of the
value being set to be the same of the type of the variable with:

var = (__force <var type>)cpu_to_leXX(var)

Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 security/integrity/evm/evm_main.c         |  2 +-
 security/integrity/ima/ima_crypto.c       |  4 ++--
 security/integrity/ima/ima_fs.c           |  6 +++---
 security/integrity/ima/ima_template_lib.c | 11 ++++++-----
 4 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 2c226e634ae9..977208aecd06 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -360,7 +360,7 @@ int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
 			size = sizeof(u32);
 			if (buffer) {
 				if (canonical_fmt)
-					rc = cpu_to_le32(rc);
+					rc = (__force int)cpu_to_le32(rc);
 
 				*(u32 *)(buffer + total_size) = rc;
 			}
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index f6a7e9643b54..a7206cc1d7d1 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -598,8 +598,8 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
 		u8 buffer[IMA_EVENT_NAME_LEN_MAX + 1] = { 0 };
 		u8 *data_to_hash = field_data[i].data;
 		u32 datalen = field_data[i].len;
-		u32 datalen_to_hash =
-		    !ima_canonical_fmt ? datalen : cpu_to_le32(datalen);
+		u32 datalen_to_hash = !ima_canonical_fmt ?
+				datalen : (__force u32)cpu_to_le32(datalen);
 
 		if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
 			rc = crypto_shash_update(shash,
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index ea8ff8a07b36..3d8e9d5db5aa 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -147,7 +147,7 @@ int ima_measurements_show(struct seq_file *m, void *v)
 	 * PCR used defaults to the same (config option) in
 	 * little-endian format, unless set in policy
 	 */
-	pcr = !ima_canonical_fmt ? e->pcr : cpu_to_le32(e->pcr);
+	pcr = !ima_canonical_fmt ? e->pcr : (__force u32)cpu_to_le32(e->pcr);
 	ima_putc(m, &pcr, sizeof(e->pcr));
 
 	/* 2nd: template digest */
@@ -155,7 +155,7 @@ int ima_measurements_show(struct seq_file *m, void *v)
 
 	/* 3rd: template name size */
 	namelen = !ima_canonical_fmt ? strlen(template_name) :
-		cpu_to_le32(strlen(template_name));
+		(__force u32)cpu_to_le32(strlen(template_name));
 	ima_putc(m, &namelen, sizeof(namelen));
 
 	/* 4th:  template name */
@@ -167,7 +167,7 @@ int ima_measurements_show(struct seq_file *m, void *v)
 
 	if (!is_ima_template) {
 		template_data_len = !ima_canonical_fmt ? e->template_data_len :
-			cpu_to_le32(e->template_data_len);
+			(__force u32)cpu_to_le32(e->template_data_len);
 		ima_putc(m, &template_data_len, sizeof(e->template_data_len));
 	}
 
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
index 3f8d53a03612..8e2a121af5e1 100644
--- a/security/integrity/ima/ima_template_lib.c
+++ b/security/integrity/ima/ima_template_lib.c
@@ -133,7 +133,8 @@ static void ima_show_template_data_binary(struct seq_file *m,
 	    strlen(field_data->data) : field_data->len;
 
 	if (show != IMA_SHOW_BINARY_NO_FIELD_LEN) {
-		u32 field_len = !ima_canonical_fmt ? len : cpu_to_le32(len);
+		u32 field_len = !ima_canonical_fmt ?
+				len : (__force u32)cpu_to_le32(len);
 
 		ima_putc(m, &field_len, sizeof(field_len));
 	}
@@ -570,9 +571,9 @@ static int ima_eventinodedac_init_common(struct ima_event_data *event_data,
 
 	if (ima_canonical_fmt) {
 		if (sizeof(id) == sizeof(u16))
-			id = cpu_to_le16(id);
+			id = (__force u16)cpu_to_le16(id);
 		else
-			id = cpu_to_le32(id);
+			id = (__force u32)cpu_to_le32(id);
 	}
 
 	return ima_write_template_field_data((void *)&id, sizeof(id),
@@ -607,7 +608,7 @@ int ima_eventinodemode_init(struct ima_event_data *event_data,
 			    struct ima_field_data *field_data)
 {
 	struct inode *inode;
-	umode_t mode;
+	u16 mode;
 
 	if (!event_data->file)
 		return 0;
@@ -615,7 +616,7 @@ int ima_eventinodemode_init(struct ima_event_data *event_data,
 	inode = file_inode(event_data->file);
 	mode = inode->i_mode;
 	if (ima_canonical_fmt)
-		mode = cpu_to_le16(mode);
+		mode = (__force u16)cpu_to_le16(mode);
 
 	return ima_write_template_field_data((char *)&mode, sizeof(mode),
 					     DATA_FMT_UINT, field_data);
-- 
2.25.1


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 4/5] ima: Include header defining ima_post_key_create_or_update()
  2021-06-08 12:31 [PATCH 1/5] doc: Fix warning in Documentation/security/IMA-templates.rst Roberto Sassu
  2021-06-08 12:31 ` [PATCH 2/5] ima: Set correct casting types Roberto Sassu
  2021-06-08 12:31 ` [PATCH 3/5] ima/evm: Fix type mismatch Roberto Sassu
@ 2021-06-08 12:31 ` Roberto Sassu
  2021-06-08 12:31 ` [PATCH 5/5] ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect() Roberto Sassu
  3 siblings, 0 replies; 5+ messages in thread
From: Roberto Sassu @ 2021-06-08 12:31 UTC (permalink / raw)
  To: zohar, sfr
  Cc: linux-integrity, linux-security-module, linux-next, linux-doc,
	linux-kernel, Roberto Sassu

This patch fixes the sparse warning for ima_post_key_create_or_update() by
adding the header file that defines the prototype (linux/ima.h).

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 security/integrity/ima/ima_asymmetric_keys.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security/integrity/ima/ima_asymmetric_keys.c b/security/integrity/ima/ima_asymmetric_keys.c
index 1fb0b0e09559..c985418698a4 100644
--- a/security/integrity/ima/ima_asymmetric_keys.c
+++ b/security/integrity/ima/ima_asymmetric_keys.c
@@ -11,6 +11,7 @@
 
 #include <keys/asymmetric-type.h>
 #include <linux/user_namespace.h>
+#include <linux/ima.h>
 #include "ima.h"
 
 /**
-- 
2.25.1


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH 5/5] ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect()
  2021-06-08 12:31 [PATCH 1/5] doc: Fix warning in Documentation/security/IMA-templates.rst Roberto Sassu
                   ` (2 preceding siblings ...)
  2021-06-08 12:31 ` [PATCH 4/5] ima: Include header defining ima_post_key_create_or_update() Roberto Sassu
@ 2021-06-08 12:31 ` Roberto Sassu
  3 siblings, 0 replies; 5+ messages in thread
From: Roberto Sassu @ 2021-06-08 12:31 UTC (permalink / raw)
  To: zohar, sfr
  Cc: linux-integrity, linux-security-module, linux-next, linux-doc,
	linux-kernel, Roberto Sassu

This patch fixes the sparse warning:

sparse: warning: Using plain integer as NULL pointer

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 security/integrity/ima/ima_main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 906c1d8e0b71..287b90509006 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -433,7 +433,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
 	inode = file_inode(vma->vm_file);
 	action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode,
 				current_cred(), secid, MAY_EXEC, MMAP_CHECK,
-				&pcr, &template, 0);
+				&pcr, &template, NULL);
 
 	/* Is the mmap'ed file in policy? */
 	if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK)))
-- 
2.25.1


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2021-06-08 12:32 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-08 12:31 [PATCH 1/5] doc: Fix warning in Documentation/security/IMA-templates.rst Roberto Sassu
2021-06-08 12:31 ` [PATCH 2/5] ima: Set correct casting types Roberto Sassu
2021-06-08 12:31 ` [PATCH 3/5] ima/evm: Fix type mismatch Roberto Sassu
2021-06-08 12:31 ` [PATCH 4/5] ima: Include header defining ima_post_key_create_or_update() Roberto Sassu
2021-06-08 12:31 ` [PATCH 5/5] ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect() Roberto Sassu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).