Re: [PATCH RFC] selinux: provide __le variables explicitly

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, May 08, 2019 at 05:47:32PM -0400, Paul Moore wrote:
> On Wed, May 8, 2019 at 2:27 AM Nicholas Mc Guire <hofrat@xxxxxxxxx> wrote:
> > While the endiannes is being handled properly sparse was unable to verify
> > this due to type inconsistency. So introduce an additional __le32
> > respectively _le64 variable to be passed to le32/64_to_cpu() to allow
> > sparse to verify proper typing. Note that this patch does not change
> > the generated binary on little-endian systems - on 32bit powerpc it
> > does change the binary.
> >
> > Signed-off-by: Nicholas Mc Guire <hofrat@xxxxxxxxx>
> > ---
> >
> > Problem located by an experimental coccinelle script to locate
> > patters that make sparse unhappy (false positives):
> >
> > sparse complaints on different architectures fixed by this patch are:
> >
> > ppc6xx_defconfig
> >   CHECK   security/selinux/ss/ebitmap.c
> > security/selinux/ss/ebitmap.c:389:28: warning: cast to restricted __le32
> > security/selinux/ss/ebitmap.c:389:28: warning: cast to restricted __le32
> > security/selinux/ss/ebitmap.c:389:28: warning: cast to restricted __le32
> > security/selinux/ss/ebitmap.c:389:28: warning: cast to restricted __le32
> > security/selinux/ss/ebitmap.c:389:28: warning: cast to restricted __le32
> > security/selinux/ss/ebitmap.c:389:28: warning: cast to restricted __le32
> > security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
> > security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
> > security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
> > security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
> > security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
> > security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
> > security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
> > security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
> > security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
> > security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
> >
> > Little-endian systems:
> >
> > loongson3_defconfig
> > security/selinux/ss/ebitmap.c:389:28: warning: cast to restricted __le32
> > security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
> >
> > x86_64_defconfig
> > security/selinux/ss/ebitmap.c:389:28: warning: cast to restricted __le32
> > security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
> >
> > Patch was compile-tested with: x86_64_defconfig,loongson3_defconfig (both
> > little-endian) and ppc603_defconfig (big-endian).
> >
> > On little-endian systems the patch has no impact on the generated binary
> > (which is expected) but on the 32bit powerpc it does change the binary
> > which is not expected but since I'm not able to generate the .lst files
> > in security/selinux/ss/ due to the lack of a Makefile it is not clear
> > if this is an unexpected side-effect or due only to the introduction of
> > the additional variables. From my understanding the patch does not change
> > the program logic so if the code was correct on big-endian systems before
> > it should still be correct now.
> 
> This is a bit worrisome, but I tend to agree that this patch *should*
> be correct.  I'm thinking you're probably right in that the resulting
> binary difference could be due to the extra variable.  Have you tried
> any other big-endian arches?
>

just tried ppc64_defconfig + AUDIT=y, SECURITY=y, SECURITY_NETWORK=y, SECURITY_SELINUX=y

sparse will complain in the original version about:
  CHECK   security/selinux/ss/ebitmap.c
security/selinux/ss/ebitmap.c:389:28: warning: cast to restricted __le32
security/selinux/ss/ebitmap.c:389:28: warning: cast to restricted __le32
security/selinux/ss/ebitmap.c:389:28: warning: cast to restricted __le32
security/selinux/ss/ebitmap.c:389:28: warning: cast to restricted __le32
security/selinux/ss/ebitmap.c:389:28: warning: cast to restricted __le32
security/selinux/ss/ebitmap.c:389:28: warning: cast to restricted __le32
security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64
security/selinux/ss/ebitmap.c:431:23: warning: cast to restricted __le64

which is the same as 32bit ppc - after the patch is applied that is resolved
and and the generated ebitmap.o files are binary identical.

I just had chosen ppc6xx_defconfig as my big-endian test-target as SELINUX
was on there by default so I assumed it would be the most reasonable
compile-test target.

thx!
hofrat
 
> > Patch is against 5.1 (localversion-next is next-20190506)
> >
> >  security/selinux/ss/ebitmap.c | 10 ++++++----
> >  1 file changed, 6 insertions(+), 4 deletions(-)
> >
> > diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
> > index 8f624f8..09929fc 100644
> > --- a/security/selinux/ss/ebitmap.c
> > +++ b/security/selinux/ss/ebitmap.c
> > @@ -347,7 +347,9 @@ int ebitmap_read(struct ebitmap *e, void *fp)
> >  {
> >         struct ebitmap_node *n = NULL;
> >         u32 mapunit, count, startbit, index;
> > +       __le32 ebitmap_start;
> >         u64 map;
> > +       __le64 mapbits;
> >         __le32 buf[3];
> >         int rc, i;
> >
> > @@ -381,12 +383,12 @@ int ebitmap_read(struct ebitmap *e, void *fp)
> >                 goto bad;
> >
> >         for (i = 0; i < count; i++) {
> > -               rc = next_entry(&startbit, fp, sizeof(u32));
> > +               rc = next_entry(&ebitmap_start, fp, sizeof(u32));
> >                 if (rc < 0) {
> >                         pr_err("SELinux: ebitmap: truncated map\n");
> >                         goto bad;
> >                 }
> > -               startbit = le32_to_cpu(startbit);
> > +               startbit = le32_to_cpu(ebitmap_start);
> >
> >                 if (startbit & (mapunit - 1)) {
> >                         pr_err("SELinux: ebitmap start bit (%d) is "
> > @@ -423,12 +425,12 @@ int ebitmap_read(struct ebitmap *e, void *fp)
> >                         goto bad;
> >                 }
> >
> > -               rc = next_entry(&map, fp, sizeof(u64));
> > +               rc = next_entry(&mapbits, fp, sizeof(u64));
> >                 if (rc < 0) {
> >                         pr_err("SELinux: ebitmap: truncated map\n");
> >                         goto bad;
> >                 }
> > -               map = le64_to_cpu(map);
> > +               map = le64_to_cpu(mapbits);
> >
> >                 index = (startbit - n->startbit) / EBITMAP_UNIT_SIZE;
> >                 while (map) {
> > --
> > 2.1.4
> >
> 
> 
> -- 
> paul moore
> www.paul-moore.com



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux