[integrity:next-integrity-testing 13/13] security/integrity/evm/evm_crypto.c:181:41: warning: format specifies type 'unsigned long' but the argument has type 'unsigned int'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



tree:   https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity-testing
head:   5b5aed323646d2240eb70913841ef06c94d6e9a5
commit: 5b5aed323646d2240eb70913841ef06c94d6e9a5 [13/13] evm: output EVM digest calculation info
config: riscv-randconfig-r003-20210618 (attached as .config)
compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project 64720f57bea6a6bf033feef4a5751ab9c0c3b401)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install riscv cross compiling tool for clang build
        # apt-get install binutils-riscv64-linux-gnu
        # https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/commit/?id=5b5aed323646d2240eb70913841ef06c94d6e9a5
        git remote add integrity https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
        git fetch --no-tags integrity next-integrity-testing
        git checkout 5b5aed323646d2240eb70913841ef06c94d6e9a5
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=riscv 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>

All warnings (new ones prefixed by >>):

>> security/integrity/evm/evm_crypto.c:181:41: warning: format specifies type 'unsigned long' but the argument has type 'unsigned int' [-Wformat]
           pr_debug("hmac_misc: (%lu) [%*phN]\n", sizeof(struct h_misc),
                                 ~~~              ^~~~~~~~~~~~~~~~~~~~~
                                 %u
   include/linux/printk.h:430:38: note: expanded from macro 'pr_debug'
           no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
                                       ~~~     ^~~~~~~~~~~
   include/linux/printk.h:140:17: note: expanded from macro 'no_printk'
                   printk(fmt, ##__VA_ARGS__);             \
                          ~~~    ^~~~~~~~~~~
>> security/integrity/evm/evm_crypto.c:261:7: warning: format specifies type 'unsigned long' but the argument has type 'size_t' (aka 'unsigned int') [-Wformat]
                                            req_xattr_value_len,
                                            ^~~~~~~~~~~~~~~~~~~
   include/linux/printk.h:430:38: note: expanded from macro 'pr_debug'
           no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
                                       ~~~     ^~~~~~~~~~~
   include/linux/printk.h:140:17: note: expanded from macro 'no_printk'
                   printk(fmt, ##__VA_ARGS__);             \
                          ~~~    ^~~~~~~~~~~
   security/integrity/evm/evm_crypto.c:286:47: warning: format specifies type 'unsigned long' but the argument has type 'size_t' (aka 'unsigned int') [-Wformat]
                           pr_debug("%s: (%lu) [%*phN]", xattr->name, xattr_size,
                                          ~~~                         ^~~~~~~~~~
                                          %u
   include/linux/printk.h:430:38: note: expanded from macro 'pr_debug'
           no_printk(KERN_DEBUG pr_fmt(fmt), ##__VA_ARGS__)
                                       ~~~     ^~~~~~~~~~~
   include/linux/printk.h:140:17: note: expanded from macro 'no_printk'
                   printk(fmt, ##__VA_ARGS__);             \
                          ~~~    ^~~~~~~~~~~
   3 warnings generated.


vim +181 security/integrity/evm/evm_crypto.c

   138	
   139	/* Protect against 'cutting & pasting' security.evm xattr, include inode
   140	 * specific info.
   141	 *
   142	 * (Additional directory/file metadata needs to be added for more complete
   143	 * protection.)
   144	 */
   145	static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
   146				  char type, char *digest)
   147	{
   148		struct h_misc {
   149			unsigned long ino;
   150			__u32 generation;
   151			uid_t uid;
   152			gid_t gid;
   153			umode_t mode;
   154		} hmac_misc;
   155	
   156		memset(&hmac_misc, 0, sizeof(hmac_misc));
   157		/* Don't include the inode or generation number in portable
   158		 * signatures
   159		 */
   160		if (type != EVM_XATTR_PORTABLE_DIGSIG) {
   161			hmac_misc.ino = inode->i_ino;
   162			hmac_misc.generation = inode->i_generation;
   163		}
   164		/* The hmac uid and gid must be encoded in the initial user
   165		 * namespace (not the filesystems user namespace) as encoding
   166		 * them in the filesystems user namespace allows an attack
   167		 * where first they are written in an unprivileged fuse mount
   168		 * of a filesystem and then the system is tricked to mount the
   169		 * filesystem for real on next boot and trust it because
   170		 * everything is signed.
   171		 */
   172		hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid);
   173		hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid);
   174		hmac_misc.mode = inode->i_mode;
   175		crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc));
   176		if ((evm_hmac_attrs & EVM_ATTR_FSUUID) &&
   177		    type != EVM_XATTR_PORTABLE_DIGSIG)
   178			crypto_shash_update(desc, (u8 *)&inode->i_sb->s_uuid, UUID_SIZE);
   179		crypto_shash_final(desc, digest);
   180	
 > 181		pr_debug("hmac_misc: (%lu) [%*phN]\n", sizeof(struct h_misc),
   182			 (int) sizeof(struct h_misc), &hmac_misc);
   183	}
   184	
   185	/*
   186	 * Dump large security xattr values as a continuous ascii hexademical string.
   187	 * (pr_debug is limited to 64 bytes.)
   188	 */
   189	static void dump_security_xattr(const char *prefix, const void *src, size_t count)
   190	{
   191	#if defined(DEBUG) || defined(CONFIG_DYNAMIC_DEBUG)
   192		char *asciihex, *p;
   193	
   194		p = asciihex = kmalloc(count * 2 + 1, GFP_KERNEL);
   195		if (!asciihex)
   196			return;
   197	
   198		p = bin2hex(p, src, count);
   199		*p = 0;
   200		pr_debug("%s: (%lu) %.*s\n", prefix, count, (int) count * 2, asciihex);
   201		kfree(asciihex);
   202	#endif
   203	}
   204	
   205	/*
   206	 * Calculate the HMAC value across the set of protected security xattrs.
   207	 *
   208	 * Instead of retrieving the requested xattr, for performance, calculate
   209	 * the hmac using the requested xattr value. Don't alloc/free memory for
   210	 * each xattr, but attempt to re-use the previously allocated memory.
   211	 */
   212	static int evm_calc_hmac_or_hash(struct dentry *dentry,
   213					 const char *req_xattr_name,
   214					 const char *req_xattr_value,
   215					 size_t req_xattr_value_len,
   216					 uint8_t type, struct evm_digest *data)
   217	{
   218		struct inode *inode = d_backing_inode(dentry);
   219		struct xattr_list *xattr;
   220		struct shash_desc *desc;
   221		size_t xattr_size = 0;
   222		char *xattr_value = NULL;
   223		int error;
   224		int size;
   225		bool ima_present = false;
   226	
   227		if (!(inode->i_opflags & IOP_XATTR) ||
   228		    inode->i_sb->s_user_ns != &init_user_ns)
   229			return -EOPNOTSUPP;
   230	
   231		desc = init_desc(type, data->hdr.algo);
   232		if (IS_ERR(desc))
   233			return PTR_ERR(desc);
   234	
   235		data->hdr.length = crypto_shash_digestsize(desc->tfm);
   236	
   237		error = -ENODATA;
   238		list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
   239			bool is_ima = false;
   240	
   241			if (strcmp(xattr->name, XATTR_NAME_IMA) == 0)
   242				is_ima = true;
   243	
   244			/*
   245			 * Skip non-enabled xattrs for locally calculated
   246			 * signatures/HMACs.
   247			 */
   248			if (type != EVM_XATTR_PORTABLE_DIGSIG && !xattr->enabled)
   249				continue;
   250	
   251			if ((req_xattr_name && req_xattr_value)
   252			    && !strcmp(xattr->name, req_xattr_name)) {
   253				error = 0;
   254				crypto_shash_update(desc, (const u8 *)req_xattr_value,
   255						     req_xattr_value_len);
   256				if (is_ima)
   257					ima_present = true;
   258	
   259				if (req_xattr_value_len < 64)
   260					pr_debug("%s: (%lu) [%*phN]\n", req_xattr_name,
 > 261						 req_xattr_value_len,
   262						 (int)req_xattr_value_len,
   263						 req_xattr_value);
   264				else
   265					dump_security_xattr(req_xattr_name,
   266							    req_xattr_value,
   267							    req_xattr_value_len);
   268				continue;
   269			}
   270			size = vfs_getxattr_alloc(&init_user_ns, dentry, xattr->name,
   271						  &xattr_value, xattr_size, GFP_NOFS);
   272			if (size == -ENOMEM) {
   273				error = -ENOMEM;
   274				goto out;
   275			}
   276			if (size < 0)
   277				continue;
   278	
   279			error = 0;
   280			xattr_size = size;
   281			crypto_shash_update(desc, (const u8 *)xattr_value, xattr_size);
   282			if (is_ima)
   283				ima_present = true;
   284	
   285			if (xattr_size < 64)
   286				pr_debug("%s: (%lu) [%*phN]", xattr->name, xattr_size,
   287					 (int)xattr_size, xattr_value);
   288			else
   289				dump_security_xattr(xattr->name, xattr_value,
   290						    xattr_size);
   291		}
   292		hmac_add_misc(desc, inode, type, data->digest);
   293	
   294		/* Portable EVM signatures must include an IMA hash */
   295		if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present)
   296			error = -EPERM;
   297	out:
   298		kfree(xattr_value);
   299		kfree(desc);
   300		return error;
   301	}
   302	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux