[zohar-integrity:next-integrity-testing 1/1] security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



tree:   https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity-testing
head:   836f7b6ca082b7031d2687b3493eefd104ddc060
commit: 836f7b6ca082b7031d2687b3493eefd104ddc060 [1/1] ima: fix deadlock when traversing "ima_default_rules".
config: x86_64-rhel-8.3-kselftests (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce:
        # apt-get install sparse
        # sparse version: v0.6.4-dirty
        # https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git/commit/?id=836f7b6ca082b7031d2687b3493eefd104ddc060
        git remote add zohar-integrity https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git
        git fetch --no-tags zohar-integrity next-integrity-testing
        git checkout 836f7b6ca082b7031d2687b3493eefd104ddc060
        # save the attached .config to linux build tree
        make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=x86_64 SHELL=/bin/bash

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>


sparse warnings: (new ones prefixed by >>)
>> security/integrity/ima/ima_policy.c:684:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
>> security/integrity/ima/ima_policy.c:684:25: sparse:    struct list_head [noderef] __rcu *
>> security/integrity/ima/ima_policy.c:684:25: sparse:    struct list_head *
   security/integrity/ima/ima_policy.c:976:17: sparse: sparse: incompatible types in comparison expression (different address spaces):
   security/integrity/ima/ima_policy.c:976:17: sparse:    struct list_head [noderef] __rcu *
   security/integrity/ima/ima_policy.c:976:17: sparse:    struct list_head *
   security/integrity/ima/ima_policy.c:1776:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
   security/integrity/ima/ima_policy.c:1776:25: sparse:    struct list_head [noderef] __rcu *
   security/integrity/ima/ima_policy.c:1776:25: sparse:    struct list_head *
   security/integrity/ima/ima_policy.c:2030:25: sparse: sparse: incompatible types in comparison expression (different address spaces):
   security/integrity/ima/ima_policy.c:2030:25: sparse:    struct list_head [noderef] __rcu *
   security/integrity/ima/ima_policy.c:2030:25: sparse:    struct list_head *

vim +684 security/integrity/ima/ima_policy.c

   648	
   649	/**
   650	 * ima_match_policy - decision based on LSM and other conditions
   651	 * @mnt_userns:	user namespace of the mount the inode was found from
   652	 * @inode: pointer to an inode for which the policy decision is being made
   653	 * @cred: pointer to a credentials structure for which the policy decision is
   654	 *        being made
   655	 * @secid: LSM secid of the task to be validated
   656	 * @func: IMA hook identifier
   657	 * @mask: requested action (MAY_READ | MAY_WRITE | MAY_APPEND | MAY_EXEC)
   658	 * @pcr: set the pcr to extend
   659	 * @template_desc: the template that should be used for this rule
   660	 * @func_data: func specific data, may be NULL
   661	 * @allowed_algos: allowlist of hash algorithms for the IMA xattr
   662	 *
   663	 * Measure decision based on func/mask/fsmagic and LSM(subj/obj/type)
   664	 * conditions.
   665	 *
   666	 * Since the IMA policy may be updated multiple times we need to lock the
   667	 * list when walking it.  Reads are many orders of magnitude more numerous
   668	 * than writes so ima_match_policy() is classical RCU candidate.
   669	 */
   670	int ima_match_policy(struct user_namespace *mnt_userns, struct inode *inode,
   671			     const struct cred *cred, u32 secid, enum ima_hooks func,
   672			     int mask, int flags, int *pcr,
   673			     struct ima_template_desc **template_desc,
   674			     const char *func_data, unsigned int *allowed_algos)
   675	{
   676		struct ima_rule_entry *entry;
   677		int action = 0, actmask = flags | (flags << 1);
   678		struct list_head *ima_rules_tmp;
   679	
   680		if (template_desc && !*template_desc)
   681			*template_desc = ima_template_desc_current();
   682	
   683		rcu_read_lock();
 > 684		ima_rules_tmp = rcu_dereference(ima_rules);
   685		list_for_each_entry_rcu(entry, ima_rules_tmp, list) {
   686	
   687			if (!(entry->action & actmask))
   688				continue;
   689	
   690			if (!ima_match_rules(entry, mnt_userns, inode, cred, secid,
   691					     func, mask, func_data))
   692				continue;
   693	
   694			action |= entry->flags & IMA_ACTION_FLAGS;
   695	
   696			action |= entry->action & IMA_DO_MASK;
   697			if (entry->action & IMA_APPRAISE) {
   698				action |= get_subaction(entry, func);
   699				action &= ~IMA_HASH;
   700				if (ima_fail_unverifiable_sigs)
   701					action |= IMA_FAIL_UNVERIFIABLE_SIGS;
   702	
   703				if (allowed_algos &&
   704				    entry->flags & IMA_VALIDATE_ALGOS)
   705					*allowed_algos = entry->allowed_algos;
   706			}
   707	
   708			if (entry->action & IMA_DO_MASK)
   709				actmask &= ~(entry->action | entry->action << 1);
   710			else
   711				actmask &= ~(entry->action | entry->action >> 1);
   712	
   713			if ((pcr) && (entry->flags & IMA_PCR))
   714				*pcr = entry->pcr;
   715	
   716			if (template_desc && entry->template)
   717				*template_desc = entry->template;
   718	
   719			if (!actmask)
   720				break;
   721		}
   722		rcu_read_unlock();
   723	
   724		return action;
   725	}
   726	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux