[linux-next:master 5873/6649] security/integrity/ima/ima_policy.c:748:9: sparse: sparse: dereference of noderef expression

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head:   f8dc23b3dc0cc5b32dfd0c446e59377736d073a7
commit: 4079d72411f03de5cd73bbc9be38a30ebdae77e2 [5873/6649] ima: fix deadlock when traversing "ima_default_rules".
config: riscv-allyesconfig (attached as .config)
compiler: riscv64-linux-gcc (GCC) 11.2.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # apt-get install sparse
        # sparse version: v0.6.4-dirty
        # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4079d72411f03de5cd73bbc9be38a30ebdae77e2
        git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
        git fetch --no-tags linux-next master
        git checkout 4079d72411f03de5cd73bbc9be38a30ebdae77e2
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=riscv SHELL=/bin/bash security/integrity/ima/

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@xxxxxxxxx>


sparse warnings: (new ones prefixed by >>)
   security/integrity/ima/ima_policy.c:748:9: sparse: sparse: incompatible types in comparison expression (different address spaces):
   security/integrity/ima/ima_policy.c:748:9: sparse:    struct list_head *
   security/integrity/ima/ima_policy.c:748:9: sparse:    struct list_head [noderef] __rcu *
   security/integrity/ima/ima_policy.c:973:23: sparse: sparse: incompatible types in comparison expression (different address spaces):
   security/integrity/ima/ima_policy.c:973:23: sparse:    struct list_head [noderef] __rcu *
   security/integrity/ima/ima_policy.c:973:23: sparse:    struct list_head *
   security/integrity/ima/ima_policy.c:1066:31: sparse: sparse: incompatible types in comparison expression (different address spaces):
   security/integrity/ima/ima_policy.c:1066:31: sparse:    struct list_head [noderef] __rcu *
   security/integrity/ima/ima_policy.c:1066:31: sparse:    struct list_head *
>> security/integrity/ima/ima_policy.c:748:9: sparse: sparse: dereference of noderef expression

vim +748 security/integrity/ima/ima_policy.c

3323eec921efd8 Mimi Zohar    2009-02-04  726  
4f2946aa0c45c7 THOBY Simon   2021-08-16  727  /**
4f2946aa0c45c7 THOBY Simon   2021-08-16  728   * ima_update_policy_flags() - Update global IMA variables
4f2946aa0c45c7 THOBY Simon   2021-08-16  729   *
4f2946aa0c45c7 THOBY Simon   2021-08-16  730   * Update ima_policy_flag and ima_setxattr_allowed_hash_algorithms
4f2946aa0c45c7 THOBY Simon   2021-08-16  731   * based on the currently loaded policy.
4f2946aa0c45c7 THOBY Simon   2021-08-16  732   *
4f2946aa0c45c7 THOBY Simon   2021-08-16  733   * With ima_policy_flag, the decision to short circuit out of a function
4f2946aa0c45c7 THOBY Simon   2021-08-16  734   * or not call the function in the first place can be made earlier.
4f2946aa0c45c7 THOBY Simon   2021-08-16  735   *
4f2946aa0c45c7 THOBY Simon   2021-08-16  736   * With ima_setxattr_allowed_hash_algorithms, the policy can restrict the
4f2946aa0c45c7 THOBY Simon   2021-08-16  737   * set of hash algorithms accepted when updating the security.ima xattr of
4f2946aa0c45c7 THOBY Simon   2021-08-16  738   * a file.
4f2946aa0c45c7 THOBY Simon   2021-08-16  739   *
4f2946aa0c45c7 THOBY Simon   2021-08-16  740   * Context: called after a policy update and at system initialization.
a756024efea259 Roberto Sassu 2014-09-12  741   */
4f2946aa0c45c7 THOBY Simon   2021-08-16  742  void ima_update_policy_flags(void)
a756024efea259 Roberto Sassu 2014-09-12  743  {
a756024efea259 Roberto Sassu 2014-09-12  744  	struct ima_rule_entry *entry;
4f2946aa0c45c7 THOBY Simon   2021-08-16  745  	int new_policy_flag = 0;
a756024efea259 Roberto Sassu 2014-09-12  746  
4f2946aa0c45c7 THOBY Simon   2021-08-16  747  	rcu_read_lock();
a756024efea259 Roberto Sassu 2014-09-12 @748  	list_for_each_entry(entry, ima_rules, list) {
4f2946aa0c45c7 THOBY Simon   2021-08-16  749  		/*
4f2946aa0c45c7 THOBY Simon   2021-08-16  750  		 * SETXATTR_CHECK rules do not implement a full policy check
4f2946aa0c45c7 THOBY Simon   2021-08-16  751  		 * because rule checking would probably have an important
4f2946aa0c45c7 THOBY Simon   2021-08-16  752  		 * performance impact on setxattr(). As a consequence, only one
4f2946aa0c45c7 THOBY Simon   2021-08-16  753  		 * SETXATTR_CHECK can be active at a given time.
4f2946aa0c45c7 THOBY Simon   2021-08-16  754  		 * Because we want to preserve that property, we set out to use
4f2946aa0c45c7 THOBY Simon   2021-08-16  755  		 * atomic_cmpxchg. Either:
4f2946aa0c45c7 THOBY Simon   2021-08-16  756  		 * - the atomic was non-zero: a setxattr hash policy is
4f2946aa0c45c7 THOBY Simon   2021-08-16  757  		 *   already enforced, we do nothing
4f2946aa0c45c7 THOBY Simon   2021-08-16  758  		 * - the atomic was zero: no setxattr policy was set, enable
4f2946aa0c45c7 THOBY Simon   2021-08-16  759  		 *   the setxattr hash policy
4f2946aa0c45c7 THOBY Simon   2021-08-16  760  		 */
4f2946aa0c45c7 THOBY Simon   2021-08-16  761  		if (entry->func == SETXATTR_CHECK) {
4f2946aa0c45c7 THOBY Simon   2021-08-16  762  			atomic_cmpxchg(&ima_setxattr_allowed_hash_algorithms,
4f2946aa0c45c7 THOBY Simon   2021-08-16  763  				       0, entry->allowed_algos);
4f2946aa0c45c7 THOBY Simon   2021-08-16  764  			/* SETXATTR_CHECK doesn't impact ima_policy_flag */
4f2946aa0c45c7 THOBY Simon   2021-08-16  765  			continue;
4f2946aa0c45c7 THOBY Simon   2021-08-16  766  		}
4f2946aa0c45c7 THOBY Simon   2021-08-16  767  
a756024efea259 Roberto Sassu 2014-09-12  768  		if (entry->action & IMA_DO_MASK)
4f2946aa0c45c7 THOBY Simon   2021-08-16  769  			new_policy_flag |= entry->action;
a756024efea259 Roberto Sassu 2014-09-12  770  	}
4f2946aa0c45c7 THOBY Simon   2021-08-16  771  	rcu_read_unlock();
a756024efea259 Roberto Sassu 2014-09-12  772  
ef96837b0de4af Mimi Zohar    2018-07-13  773  	ima_appraise |= (build_ima_appraise | temp_ima_appraise);
a756024efea259 Roberto Sassu 2014-09-12  774  	if (!ima_appraise)
4f2946aa0c45c7 THOBY Simon   2021-08-16  775  		new_policy_flag &= ~IMA_APPRAISE;
4f2946aa0c45c7 THOBY Simon   2021-08-16  776  
4f2946aa0c45c7 THOBY Simon   2021-08-16  777  	ima_policy_flag = new_policy_flag;
a756024efea259 Roberto Sassu 2014-09-12  778  }
a756024efea259 Roberto Sassu 2014-09-12  779  

:::::: The code at line 748 was first introduced by commit
:::::: a756024efea259282e65f3a00f512b094e805d76 ima: added ima_policy_flag variable

:::::: TO: Roberto Sassu <roberto.sassu@xxxxxxxxx>
:::::: CC: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@xxxxxxxxxxxx

Attachment: .config.gz
Description: application/gzip

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux