* [PATCH 1/5] doc: Fix warning in Documentation/security/IMA-templates.rst
@ 2021-06-08 12:31 Roberto Sassu
2021-06-08 12:31 ` [PATCH 2/5] ima: Set correct casting types Roberto Sassu
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Roberto Sassu @ 2021-06-08 12:31 UTC (permalink / raw)
To: zohar, sfr
Cc: linux-integrity, linux-security-module, linux-next, linux-doc,
linux-kernel, Roberto Sassu
This patch fixes the warning:
Documentation/security/IMA-templates.rst:81: WARNING: Inline
substitution_reference start-string without end-string.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
Documentation/security/IMA-templates.rst | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Documentation/security/IMA-templates.rst b/Documentation/security/IMA-templates.rst
index 5adc22f99496..1a91d92950a7 100644
--- a/Documentation/security/IMA-templates.rst
+++ b/Documentation/security/IMA-templates.rst
@@ -78,7 +78,7 @@ descriptors by adding their identifier to the format string
- 'iuid': the inode UID;
- 'igid': the inode GID;
- 'imode': the inode mode;
- - 'xattrnames': a list of xattr names (separated by |), only if the xattr is
+ - 'xattrnames': a list of xattr names (separated by ``|``), only if the xattr is
present;
- 'xattrlengths': a list of xattr lengths (u32), only if the xattr is present;
- 'xattrvalues': a list of xattr values;
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/5] ima: Set correct casting types
2021-06-08 12:31 [PATCH 1/5] doc: Fix warning in Documentation/security/IMA-templates.rst Roberto Sassu
@ 2021-06-08 12:31 ` Roberto Sassu
2021-06-08 12:31 ` [PATCH 3/5] ima/evm: Fix type mismatch Roberto Sassu
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Roberto Sassu @ 2021-06-08 12:31 UTC (permalink / raw)
To: zohar, sfr
Cc: linux-integrity, linux-security-module, linux-next, linux-doc,
linux-kernel, Roberto Sassu, kernel test robot
The code expects that the values being parsed from a buffer when the
ima_canonical_fmt global variable is true are in little endian. Thus, this
patch sets the casting types accordingly.
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
security/integrity/ima/ima_template.c | 8 ++++----
security/integrity/ima/ima_template_lib.c | 11 ++++++-----
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index a85963853a91..694560396be0 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -423,9 +423,9 @@ int ima_restore_measurement_list(loff_t size, void *buf)
return 0;
if (ima_canonical_fmt) {
- khdr->version = le16_to_cpu(khdr->version);
- khdr->count = le64_to_cpu(khdr->count);
- khdr->buffer_size = le64_to_cpu(khdr->buffer_size);
+ khdr->version = le16_to_cpu((__force __le16)khdr->version);
+ khdr->count = le64_to_cpu((__force __le64)khdr->count);
+ khdr->buffer_size = le64_to_cpu((__force __le64)khdr->buffer_size);
}
if (khdr->version != 1) {
@@ -515,7 +515,7 @@ int ima_restore_measurement_list(loff_t size, void *buf)
}
entry->pcr = !ima_canonical_fmt ? *(u32 *)(hdr[HDR_PCR].data) :
- le32_to_cpu(*(u32 *)(hdr[HDR_PCR].data));
+ le32_to_cpu(*(__le32 *)(hdr[HDR_PCR].data));
ret = ima_restore_measurement_entry(entry);
if (ret < 0)
break;
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
index 518fd50ea48a..3f8d53a03612 100644
--- a/security/integrity/ima/ima_template_lib.c
+++ b/security/integrity/ima/ima_template_lib.c
@@ -98,21 +98,21 @@ static void ima_show_template_data_ascii(struct seq_file *m,
case sizeof(u16):
if (ima_canonical_fmt)
seq_printf(m, "%u",
- le16_to_cpu(*(u16 *)buf_ptr));
+ le16_to_cpu(*(__le16 *)buf_ptr));
else
seq_printf(m, "%u", *(u16 *)buf_ptr);
break;
case sizeof(u32):
if (ima_canonical_fmt)
seq_printf(m, "%u",
- le32_to_cpu(*(u32 *)buf_ptr));
+ le32_to_cpu(*(__le32 *)buf_ptr));
else
seq_printf(m, "%u", *(u32 *)buf_ptr);
break;
case sizeof(u64):
if (ima_canonical_fmt)
seq_printf(m, "%llu",
- le64_to_cpu(*(u64 *)buf_ptr));
+ le64_to_cpu(*(__le64 *)buf_ptr));
else
seq_printf(m, "%llu", *(u64 *)buf_ptr);
break;
@@ -226,9 +226,10 @@ int ima_parse_buf(void *bufstartp, void *bufendp, void **bufcurp,
if (bufp > (bufendp - sizeof(u32)))
break;
- fields[i].len = *(u32 *)bufp;
if (ima_canonical_fmt)
- fields[i].len = le32_to_cpu(fields[i].len);
+ fields[i].len = le32_to_cpu(*(__le32 *)bufp);
+ else
+ fields[i].len = *(u32 *)bufp;
bufp += sizeof(u32);
}
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 3/5] ima/evm: Fix type mismatch
2021-06-08 12:31 [PATCH 1/5] doc: Fix warning in Documentation/security/IMA-templates.rst Roberto Sassu
2021-06-08 12:31 ` [PATCH 2/5] ima: Set correct casting types Roberto Sassu
@ 2021-06-08 12:31 ` Roberto Sassu
2021-06-08 12:31 ` [PATCH 4/5] ima: Include header defining ima_post_key_create_or_update() Roberto Sassu
2021-06-08 12:31 ` [PATCH 5/5] ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect() Roberto Sassu
3 siblings, 0 replies; 5+ messages in thread
From: Roberto Sassu @ 2021-06-08 12:31 UTC (permalink / raw)
To: zohar, sfr
Cc: linux-integrity, linux-security-module, linux-next, linux-doc,
linux-kernel, Roberto Sassu, kernel test robot
The endianness of a variable written to the measurement list cannot be
determined at compile time, as it depends on the value of the
ima_canonical_fmt global variable (set through a kernel option with the
same name if the machine is big endian).
If ima_canonical_fmt is false, the endianness of a variable is the same as
the machine; if ima_canonical_fmt is true, the endianness is little endian.
The warning arises due to this type of instruction:
var = cpu_to_leXX(var)
which tries to assign a value in little endian to a variable with native
endianness (little or big endian).
Given that the variables set with this instruction are not used in any
operation but just written to a buffer, it is safe to force the type of the
value being set to be the same of the type of the variable with:
var = (__force <var type>)cpu_to_leXX(var)
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
security/integrity/evm/evm_main.c | 2 +-
security/integrity/ima/ima_crypto.c | 4 ++--
security/integrity/ima/ima_fs.c | 6 +++---
security/integrity/ima/ima_template_lib.c | 11 ++++++-----
4 files changed, 12 insertions(+), 11 deletions(-)
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 2c226e634ae9..977208aecd06 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -360,7 +360,7 @@ int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
size = sizeof(u32);
if (buffer) {
if (canonical_fmt)
- rc = cpu_to_le32(rc);
+ rc = (__force int)cpu_to_le32(rc);
*(u32 *)(buffer + total_size) = rc;
}
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index f6a7e9643b54..a7206cc1d7d1 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -598,8 +598,8 @@ static int ima_calc_field_array_hash_tfm(struct ima_field_data *field_data,
u8 buffer[IMA_EVENT_NAME_LEN_MAX + 1] = { 0 };
u8 *data_to_hash = field_data[i].data;
u32 datalen = field_data[i].len;
- u32 datalen_to_hash =
- !ima_canonical_fmt ? datalen : cpu_to_le32(datalen);
+ u32 datalen_to_hash = !ima_canonical_fmt ?
+ datalen : (__force u32)cpu_to_le32(datalen);
if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
rc = crypto_shash_update(shash,
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index ea8ff8a07b36..3d8e9d5db5aa 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -147,7 +147,7 @@ int ima_measurements_show(struct seq_file *m, void *v)
* PCR used defaults to the same (config option) in
* little-endian format, unless set in policy
*/
- pcr = !ima_canonical_fmt ? e->pcr : cpu_to_le32(e->pcr);
+ pcr = !ima_canonical_fmt ? e->pcr : (__force u32)cpu_to_le32(e->pcr);
ima_putc(m, &pcr, sizeof(e->pcr));
/* 2nd: template digest */
@@ -155,7 +155,7 @@ int ima_measurements_show(struct seq_file *m, void *v)
/* 3rd: template name size */
namelen = !ima_canonical_fmt ? strlen(template_name) :
- cpu_to_le32(strlen(template_name));
+ (__force u32)cpu_to_le32(strlen(template_name));
ima_putc(m, &namelen, sizeof(namelen));
/* 4th: template name */
@@ -167,7 +167,7 @@ int ima_measurements_show(struct seq_file *m, void *v)
if (!is_ima_template) {
template_data_len = !ima_canonical_fmt ? e->template_data_len :
- cpu_to_le32(e->template_data_len);
+ (__force u32)cpu_to_le32(e->template_data_len);
ima_putc(m, &template_data_len, sizeof(e->template_data_len));
}
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
index 3f8d53a03612..8e2a121af5e1 100644
--- a/security/integrity/ima/ima_template_lib.c
+++ b/security/integrity/ima/ima_template_lib.c
@@ -133,7 +133,8 @@ static void ima_show_template_data_binary(struct seq_file *m,
strlen(field_data->data) : field_data->len;
if (show != IMA_SHOW_BINARY_NO_FIELD_LEN) {
- u32 field_len = !ima_canonical_fmt ? len : cpu_to_le32(len);
+ u32 field_len = !ima_canonical_fmt ?
+ len : (__force u32)cpu_to_le32(len);
ima_putc(m, &field_len, sizeof(field_len));
}
@@ -570,9 +571,9 @@ static int ima_eventinodedac_init_common(struct ima_event_data *event_data,
if (ima_canonical_fmt) {
if (sizeof(id) == sizeof(u16))
- id = cpu_to_le16(id);
+ id = (__force u16)cpu_to_le16(id);
else
- id = cpu_to_le32(id);
+ id = (__force u32)cpu_to_le32(id);
}
return ima_write_template_field_data((void *)&id, sizeof(id),
@@ -607,7 +608,7 @@ int ima_eventinodemode_init(struct ima_event_data *event_data,
struct ima_field_data *field_data)
{
struct inode *inode;
- umode_t mode;
+ u16 mode;
if (!event_data->file)
return 0;
@@ -615,7 +616,7 @@ int ima_eventinodemode_init(struct ima_event_data *event_data,
inode = file_inode(event_data->file);
mode = inode->i_mode;
if (ima_canonical_fmt)
- mode = cpu_to_le16(mode);
+ mode = (__force u16)cpu_to_le16(mode);
return ima_write_template_field_data((char *)&mode, sizeof(mode),
DATA_FMT_UINT, field_data);
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 4/5] ima: Include header defining ima_post_key_create_or_update()
2021-06-08 12:31 [PATCH 1/5] doc: Fix warning in Documentation/security/IMA-templates.rst Roberto Sassu
2021-06-08 12:31 ` [PATCH 2/5] ima: Set correct casting types Roberto Sassu
2021-06-08 12:31 ` [PATCH 3/5] ima/evm: Fix type mismatch Roberto Sassu
@ 2021-06-08 12:31 ` Roberto Sassu
2021-06-08 12:31 ` [PATCH 5/5] ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect() Roberto Sassu
3 siblings, 0 replies; 5+ messages in thread
From: Roberto Sassu @ 2021-06-08 12:31 UTC (permalink / raw)
To: zohar, sfr
Cc: linux-integrity, linux-security-module, linux-next, linux-doc,
linux-kernel, Roberto Sassu
This patch fixes the sparse warning for ima_post_key_create_or_update() by
adding the header file that defines the prototype (linux/ima.h).
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
security/integrity/ima/ima_asymmetric_keys.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/integrity/ima/ima_asymmetric_keys.c b/security/integrity/ima/ima_asymmetric_keys.c
index 1fb0b0e09559..c985418698a4 100644
--- a/security/integrity/ima/ima_asymmetric_keys.c
+++ b/security/integrity/ima/ima_asymmetric_keys.c
@@ -11,6 +11,7 @@
#include <keys/asymmetric-type.h>
#include <linux/user_namespace.h>
+#include <linux/ima.h>
#include "ima.h"
/**
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 5/5] ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect()
2021-06-08 12:31 [PATCH 1/5] doc: Fix warning in Documentation/security/IMA-templates.rst Roberto Sassu
` (2 preceding siblings ...)
2021-06-08 12:31 ` [PATCH 4/5] ima: Include header defining ima_post_key_create_or_update() Roberto Sassu
@ 2021-06-08 12:31 ` Roberto Sassu
3 siblings, 0 replies; 5+ messages in thread
From: Roberto Sassu @ 2021-06-08 12:31 UTC (permalink / raw)
To: zohar, sfr
Cc: linux-integrity, linux-security-module, linux-next, linux-doc,
linux-kernel, Roberto Sassu
This patch fixes the sparse warning:
sparse: warning: Using plain integer as NULL pointer
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
security/integrity/ima/ima_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 906c1d8e0b71..287b90509006 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -433,7 +433,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
inode = file_inode(vma->vm_file);
action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode,
current_cred(), secid, MAY_EXEC, MMAP_CHECK,
- &pcr, &template, 0);
+ &pcr, &template, NULL);
/* Is the mmap'ed file in policy? */
if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK)))
--
2.25.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-06-08 12:32 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-08 12:31 [PATCH 1/5] doc: Fix warning in Documentation/security/IMA-templates.rst Roberto Sassu
2021-06-08 12:31 ` [PATCH 2/5] ima: Set correct casting types Roberto Sassu
2021-06-08 12:31 ` [PATCH 3/5] ima/evm: Fix type mismatch Roberto Sassu
2021-06-08 12:31 ` [PATCH 4/5] ima: Include header defining ima_post_key_create_or_update() Roberto Sassu
2021-06-08 12:31 ` [PATCH 5/5] ima: Pass NULL instead of 0 to ima_get_action() in ima_file_mprotect() Roberto Sassu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).