linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Nayna Jain <nayna@linux.vnet.ibm.com>
To: Dan Carpenter <dan.carpenter@oracle.com>, kbuild@01.org
Cc: kbuild-all@01.org, linux-integrity@vger.kernel.org,
	zohar@linux.ibm.com, linux-security-module@vger.kernel.org,
	linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org,
	dhowells@redhat.com, jforbes@redhat.com
Subject: Re: [PATCH v3 3/6] ima: refactor ima_init_policy()
Date: Mon, 24 Sep 2018 16:40:39 +0530	[thread overview]
Message-ID: <83d87b89-d1df-5e13-23d9-1ee2e8c9a75f@linux.vnet.ibm.com> (raw)
In-Reply-To: <20180921083429.c7sikis5bzxdifny@mwanda>



On 09/21/2018 02:04 PM, Dan Carpenter wrote:
> Hi Nayna,
>
> Thank you for the patch! Perhaps something to improve:
>
> url:    https://github.com/0day-ci/linux/commits/Nayna-Jain/Add-support-for-architecture-specific-IMA-policies/20180920-035110
>
> smatch warnings:
> security/integrity/ima/ima_policy.c:489 add_rules() warn: should this be a bitwise op?
>
> # https://github.com/0day-ci/linux/commit/84a2e186f940ebc6c34e6d276e55f665167a5bb8
> git remote add linux-review https://github.com/0day-ci/linux
> git remote update linux-review
> git checkout 84a2e186f940ebc6c34e6d276e55f665167a5bb8
> vim +489 security/integrity/ima/ima_policy.c
>
> 6f0911a6 Mimi Zohar 2018-04-12  477
> 84a2e186 Nayna Jain 2018-09-19  478  static void add_rules(struct ima_rule_entry *entries, int count,
> 84a2e186 Nayna Jain 2018-09-19  479  		      enum policy_rule_list file)
> 84a2e186 Nayna Jain 2018-09-19  480  {
> 84a2e186 Nayna Jain 2018-09-19  481  	int i = 0;
> 84a2e186 Nayna Jain 2018-09-19  482
> 84a2e186 Nayna Jain 2018-09-19  483  	for (i = 0; i < count; i++) {
> 84a2e186 Nayna Jain 2018-09-19  484  		struct ima_rule_entry *entry;
> 84a2e186 Nayna Jain 2018-09-19  485
> 84a2e186 Nayna Jain 2018-09-19  486  		if (file && IMA_DEFAULT_POLICY)
>                                                      ^^^^^^^^^^^^^^^^^^^^^^^^^^
> 84a2e186 Nayna Jain 2018-09-19  487  			list_add_tail(&entries[i].list, &ima_default_rules);
> 84a2e186 Nayna Jain 2018-09-19  488
> 84a2e186 Nayna Jain 2018-09-19 @489  		if (file && IMA_CUSTOM_POLICY) {
>                                                      ^^^^^^^^^^^^^^^^^^^^^^^^^
>
> It does look like it should be "if (file & IMA_CUSTOM_POLICY) {" but I
> haven't looked at the context besides what's here in this email.
Thanks Dan for noticing this. Yes, I will fix it and post the v4 version.

Thanks & Regards,
     - Nayna


>
> 84a2e186 Nayna Jain 2018-09-19  490  			entry = kmemdup(&entries[i], sizeof(*entry),
> 84a2e186 Nayna Jain 2018-09-19  491  					GFP_KERNEL);
> 84a2e186 Nayna Jain 2018-09-19  492  			if (!entry)
> 84a2e186 Nayna Jain 2018-09-19  493  				continue;
> 84a2e186 Nayna Jain 2018-09-19  494
> 84a2e186 Nayna Jain 2018-09-19  495  			INIT_LIST_HEAD(&entry->list);
> 84a2e186 Nayna Jain 2018-09-19  496  			list_add_tail(&entry->list, &ima_policy_rules);
> 84a2e186 Nayna Jain 2018-09-19  497  		}
> 84a2e186 Nayna Jain 2018-09-19  498  		if (entries[i].action == APPRAISE)
> 84a2e186 Nayna Jain 2018-09-19  499  			temp_ima_appraise |= ima_appraise_flag(entries[i].func);
> 84a2e186 Nayna Jain 2018-09-19  500  		if (entries[i].func == POLICY_CHECK)
> 84a2e186 Nayna Jain 2018-09-19  501  			temp_ima_appraise |= IMA_APPRAISE_POLICY;
> 84a2e186 Nayna Jain 2018-09-19  502  	}
> 84a2e186 Nayna Jain 2018-09-19  503  }
> 84a2e186 Nayna Jain 2018-09-19  504
>
> ---
> 0-DAY kernel test infrastructure                Open Source Technology Center
> https://lists.01.org/pipermail/kbuild-all                   Intel Corporation
>


  reply	other threads:[~2018-09-24 11:13 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-19  7:55 [PATCH v3 0/6] Add support for architecture specific IMA policies Nayna Jain
2018-09-19  7:55 ` [PATCH v3 1/6] x86/ima: define arch_ima_get_secureboot Nayna Jain
2018-09-19  7:55 ` [PATCH v3 2/6] ima: prevent kexec_load syscall based on runtime secureboot flag Nayna Jain
2018-09-19  7:55 ` [PATCH v3 3/6] ima: refactor ima_init_policy() Nayna Jain
2018-09-21  8:34   ` Dan Carpenter
2018-09-24 11:10     ` Nayna Jain [this message]
2018-09-19  7:55 ` [PATCH v3 4/6] ima: add support for arch specific policies Nayna Jain
2018-09-19  7:55 ` [PATCH v3 5/6] ima: add support for external setting of ima_appraise Nayna Jain
2018-09-19  7:55 ` [PATCH v3 6/6] x86/ima: define arch_get_ima_policy() for x86 Nayna Jain

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=83d87b89-d1df-5e13-23d9-1ee2e8c9a75f@linux.vnet.ibm.com \
    --to=nayna@linux.vnet.ibm.com \
    --cc=dan.carpenter@oracle.com \
    --cc=dhowells@redhat.com \
    --cc=jforbes@redhat.com \
    --cc=kbuild-all@01.org \
    --cc=kbuild@01.org \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).