From: James Bottomley <jejb@linux.vnet.ibm.com>
To: Arnd Bergmann <arnd@arndb.de>,
Nick Desaulniers <ndesaulniers@google.com>
Cc: zohar@linux.vnet.ibm.com, dhowells@redhat.com, jmorris@namei.org,
serge@hallyn.com, linux-integrity@vger.kernel.org,
keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
LKML <linux-kernel@vger.kernel.org>,
Nathan Chancellor <natechancellor@gmail.com>,
Eric Biggers <ebiggers@google.com>
Subject: Re: undefined behavior (-Wvarargs) in security/keys/trusted.c#TSS_authhmac()
Date: Thu, 11 Oct 2018 09:10:03 -0700 [thread overview]
Message-ID: <1539274203.2623.56.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <CAK8P3a3PjfQHKb_Chmn6RDyLV7+xE=s_AAFdt+fNshohdD7Ztw@mail.gmail.com>
On Thu, 2018-10-11 at 18:02 +0200, Arnd Bergmann wrote:
> On 10/10/18, Nick Desaulniers <ndesaulniers@google.com> wrote:
> > Hello,
> > I noticed that compiling with
> > CONFIG_TCG_TPM=y
> > CONFIG_HW_RANDOM_TPM=y
> > and Clang produced the warning:
> >
> > CC security/keys/trusted.o
> > security/keys/trusted.c:146:17: warning: passing an object that
> > undergoes default
> > argument promotion to 'va_start' has undefined behavior [-
> > Wvarargs]
> > va_start(argp, h3);
> > ^
> > security/keys/trusted.c:126:37: note: parameter of type 'unsigned
> > char' is declared here
> > unsigned char *h2, unsigned char h3, ...)
> > ^
> >
> > Specifically, it seems that both the C90 (4.8.1.1) and C11
> > (7.16.1.4) standards explicitly call this out as undefined
> > behavior:
> >
> > The parameter parmN is the identifier of the rightmost parameter in
> > the variable parameter list in the function definition (the one
> > just before the ...). If the parameter parmN is declared with ...
> > or with a type that is not compatible with the type that results
> > after application of the default argument promotions, the behavior
> > is undefined.
> >
> > So if I understand my C promotion/conversion rules correctly,
> > unsigned char would be promoted to int?
> >
> > We had a few ideas for possible fixes in:
> > https://github.com/ClangBuiltLinux/linux/issues/41
>
> I arrived at a similar patch as the one cited there, but it broke
> again after an 'extern' declaration was added in
> include/keys/trusted.h, so that has to be patched as well now
They look either over complicated or potentially problematic. since
this is an internal API and a char * is always legal, what's wrong with
simply swapping h2 and h3?
James
next prev parent reply other threads:[~2018-10-11 16:10 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-09 22:11 undefined behavior (-Wvarargs) in security/keys/trusted.c#TSS_authhmac() Nick Desaulniers
2018-10-11 16:02 ` Arnd Bergmann
2018-10-11 16:10 ` James Bottomley [this message]
2018-10-11 20:31 ` [PATCH] KEYS: trusted: fix -Wvarags warning ndesaulniers
2018-10-12 1:50 ` Nathan Chancellor
2018-10-12 16:55 ` Nick Desaulniers
2018-10-12 17:03 ` Nathan Chancellor
2018-10-12 12:29 ` Denis Kenzior
2018-10-12 15:05 ` James Bottomley
2018-10-12 15:13 ` Denis Kenzior
2018-10-12 15:22 ` James Bottomley
2018-10-12 15:44 ` Denis Kenzior
2018-10-12 15:46 ` James Bottomley
2018-10-12 15:53 ` Denis Kenzior
2018-10-12 16:01 ` James Bottomley
2018-10-12 17:14 ` Nick Desaulniers
2018-10-12 15:25 ` James Bottomley
2018-10-12 17:05 ` Nick Desaulniers
2018-10-12 17:17 ` Nick Desaulniers
2018-10-12 17:27 ` Denis Kenzior
2018-10-12 18:39 ` Nick Desaulniers
2018-10-12 17:02 ` Nick Desaulniers
2018-10-12 17:15 ` Denis Kenzior
2018-10-15 9:26 ` David Laight
2018-10-15 21:53 ` Nick Desaulniers
2018-10-16 8:13 ` David Laight
2018-10-22 23:43 ` [PATCH v2] " ndesaulniers
2018-10-23 0:00 ` Nathan Chancellor
2018-10-24 8:36 ` Jarkko Sakkinen
2018-10-29 17:54 ` Nick Desaulniers
2019-02-11 18:36 ` Nick Desaulniers
2019-02-12 23:12 ` Jarkko Sakkinen
2019-02-14 10:52 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1539274203.2623.56.camel@linux.vnet.ibm.com \
--to=jejb@linux.vnet.ibm.com \
--cc=arnd@arndb.de \
--cc=dhowells@redhat.com \
--cc=ebiggers@google.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=natechancellor@gmail.com \
--cc=ndesaulniers@google.com \
--cc=serge@hallyn.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).