| Message ID | 20220407212230.12893-12-casey@schaufler-ca.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | None | expand |
Hi Casey,
I love your patch! Perhaps something to improve:
[auto build test WARNING on pcmoore-selinux/next]
[also build test WARNING on linus/master v5.18-rc1 next-20220407]
[cannot apply to pcmoore-audit/next jmorris-security/next-testing]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220408-062243
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git next
config: arm-randconfig-c002-20220408 (https://download.01.org/0day-ci/archive/20220408/202204081146.DPLvGqQ7-lkp@intel.com/config)
compiler: arm-linux-gnueabi-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/0d4df6ae86e123057cb18eeb5ba1b1eff2641fe4
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220408-062243
git checkout 0d4df6ae86e123057cb18eeb5ba1b1eff2641fe4
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=arm SHELL=/bin/bash security/integrity/ima/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
security/integrity/ima/ima_appraise.c: In function 'ima_must_appraise':
>> security/integrity/ima/ima_appraise.c:81:16: warning: array subscript 0 is outside array bounds of 'u32[0]' {aka 'unsigned int[]'} [-Warray-bounds]
81 | return ima_match_policy(mnt_userns, inode, current_cred(),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
82 | blob.secid[0], func, mask,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
83 | IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
84 | NULL);
| ~~~~~
In file included from include/linux/ima.h:12,
from security/integrity/ima/ima_appraise.c:14:
include/linux/security.h:150:17: note: while referencing 'secid'
150 | u32 secid[LSMBLOB_ENTRIES];
| ^~~~~
security/integrity/ima/ima_appraise.c:74:24: note: defined here 'blob'
74 | struct lsmblob blob;
| ^~~~
vim +81 security/integrity/ima/ima_appraise.c
65
66 /*
67 * ima_must_appraise - set appraise flag
68 *
69 * Return 1 to appraise or hash
70 */
71 int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode,
72 int mask, enum ima_hooks func)
73 {
74 struct lsmblob blob;
75
76 if (!ima_appraise)
77 return 0;
78
79 security_current_getsecid_subj(&blob);
80 /* scaffolding the .secid[0] */
> 81 return ima_match_policy(mnt_userns, inode, current_cred(),
82 blob.secid[0], func, mask,
83 IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL,
84 NULL);
85 }
86
Hi Casey,
I love your patch! Perhaps something to improve:
[auto build test WARNING on pcmoore-selinux/next]
[also build test WARNING on linus/master v5.18-rc1 next-20220407]
[cannot apply to pcmoore-audit/next jmorris-security/next-testing]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220408-062243
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git next
config: mips-randconfig-r002-20220408 (https://download.01.org/0day-ci/archive/20220408/202204081233.FUUgdt5c-lkp@intel.com/config)
compiler: mips64el-linux-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/0d4df6ae86e123057cb18eeb5ba1b1eff2641fe4
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220408-062243
git checkout 0d4df6ae86e123057cb18eeb5ba1b1eff2641fe4
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=mips SHELL=/bin/bash security/integrity/ima/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
security/integrity/ima/ima_main.c: In function 'ima_file_check':
>> security/integrity/ima/ima_main.c:521:16: warning: array subscript 0 is outside array bounds of 'u32[0]' {aka 'unsigned int[]'} [-Warray-bounds]
521 | return process_measurement(file, current_cred(), blob.secid[0], NULL, 0,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
522 | mask & (MAY_READ | MAY_WRITE | MAY_EXEC |
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
523 | MAY_APPEND), FILE_CHECK);
| ~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/ima.h:12,
from security/integrity/ima/ima_main.c:26:
include/linux/security.h:150:17: note: while referencing 'secid'
150 | u32 secid[LSMBLOB_ENTRIES];
| ^~~~~
security/integrity/ima/ima_main.c:517:24: note: defined here 'blob'
517 | struct lsmblob blob;
| ^~~~
security/integrity/ima/ima_main.c: In function 'ima_file_mmap':
security/integrity/ima/ima_main.c:413:24: warning: array subscript 0 is outside array bounds of 'u32[0]' {aka 'unsigned int[]'} [-Warray-bounds]
413 | return process_measurement(file, current_cred(), blob.secid[0],
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
414 | NULL, 0, MAY_EXEC, MMAP_CHECK);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/ima.h:12,
from security/integrity/ima/ima_main.c:26:
include/linux/security.h:150:17: note: while referencing 'secid'
150 | u32 secid[LSMBLOB_ENTRIES];
| ^~~~~
security/integrity/ima/ima_main.c:408:24: note: defined here 'blob'
408 | struct lsmblob blob;
| ^~~~
security/integrity/ima/ima_main.c: In function 'ima_file_mprotect':
security/integrity/ima/ima_main.c:453:18: warning: array subscript 0 is outside array bounds of 'u32[0]' {aka 'unsigned int[]'} [-Warray-bounds]
453 | action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
454 | current_cred(), blob.secid[0], MAY_EXEC,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
455 | MMAP_CHECK, &pcr, &template, NULL, NULL);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/ima.h:12,
from security/integrity/ima/ima_main.c:26:
include/linux/security.h:150:17: note: while referencing 'secid'
150 | u32 secid[LSMBLOB_ENTRIES];
| ^~~~~
security/integrity/ima/ima_main.c:441:24: note: defined here 'blob'
441 | struct lsmblob blob;
| ^~~~
security/integrity/ima/ima_main.c: In function 'ima_bprm_check':
security/integrity/ima/ima_main.c:495:15: warning: array subscript 0 is outside array bounds of 'u32[0]' {aka 'unsigned int[]'} [-Warray-bounds]
495 | ret = process_measurement(bprm->file, current_cred(), blob.secid[0],
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
496 | NULL, 0, MAY_EXEC, BPRM_CHECK);
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/ima.h:12,
from security/integrity/ima/ima_main.c:26:
include/linux/security.h:150:17: note: while referencing 'secid'
150 | u32 secid[LSMBLOB_ENTRIES];
| ^~~~~
security/integrity/ima/ima_main.c:491:24: note: defined here 'blob'
491 | struct lsmblob blob;
| ^~~~
security/integrity/ima/ima_main.c: In function 'ima_read_file':
security/integrity/ima/ima_main.c:739:16: warning: array subscript 0 is outside array bounds of 'u32[0]' {aka 'unsigned int[]'} [-Warray-bounds]
739 | return process_measurement(file, current_cred(), blob.secid[0], NULL,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
740 | 0, MAY_READ, func);
| ~~~~~~~~~~~~~~~~~~
In file included from include/linux/ima.h:12,
from security/integrity/ima/ima_main.c:26:
include/linux/security.h:150:17: note: while referencing 'secid'
150 | u32 secid[LSMBLOB_ENTRIES];
| ^~~~~
security/integrity/ima/ima_main.c:717:24: note: defined here 'blob'
717 | struct lsmblob blob;
| ^~~~
security/integrity/ima/ima_main.c: In function 'ima_post_read_file':
security/integrity/ima/ima_main.c:783:16: warning: array subscript 0 is outside array bounds of 'u32[0]' {aka 'unsigned int[]'} [-Warray-bounds]
783 | return process_measurement(file, current_cred(), blob.secid[0], buf,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
784 | size, MAY_READ, func);
| ~~~~~~~~~~~~~~~~~~~~~
In file included from include/linux/ima.h:12,
from security/integrity/ima/ima_main.c:26:
include/linux/security.h:150:17: note: while referencing 'secid'
150 | u32 secid[LSMBLOB_ENTRIES];
| ^~~~~
security/integrity/ima/ima_main.c:768:24: note: defined here 'blob'
768 | struct lsmblob blob;
| ^~~~
security/integrity/ima/ima_main.c: In function 'process_buffer_measurement':
security/integrity/ima/ima_main.c:934:26: warning: array subscript 0 is outside array bounds of 'u32[0]' {aka 'unsigned int[]'} [-Warray-bounds]
934 | action = ima_get_action(mnt_userns, inode, current_cred(),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
935 | blob.secid[0], 0, func, &pcr, &template,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
936 | func_data, NULL);
| ~~~~~~~~~~~~~~~~
In file included from include/linux/ima.h:12,
from security/integrity/ima/ima_main.c:26:
include/linux/security.h:150:17: note: while referencing 'secid'
150 | u32 secid[LSMBLOB_ENTRIES];
| ^~~~~
security/integrity/ima/ima_main.c:909:24: note: defined here 'blob'
--
security/integrity/ima/ima_appraise.c: In function 'ima_must_appraise':
>> security/integrity/ima/ima_appraise.c:81:16: warning: array subscript 0 is outside array bounds of 'u32[0]' {aka 'unsigned int[]'} [-Warray-bounds]
81 | return ima_match_policy(mnt_userns, inode, current_cred(),
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
82 | blob.secid[0], func, mask,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~
83 | IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
84 | NULL);
| ~~~~~
In file included from include/linux/ima.h:12,
from security/integrity/ima/ima_appraise.c:14:
include/linux/security.h:150:17: note: while referencing 'secid'
150 | u32 secid[LSMBLOB_ENTRIES];
| ^~~~~
security/integrity/ima/ima_appraise.c:74:24: note: defined here 'blob'
74 | struct lsmblob blob;
| ^~~~
vim +521 security/integrity/ima/ima_main.c
504
505 /**
506 * ima_file_check - based on policy, collect/store measurement.
507 * @file: pointer to the file to be measured
508 * @mask: contains MAY_READ, MAY_WRITE, MAY_EXEC or MAY_APPEND
509 *
510 * Measure files based on the ima_must_measure() policy decision.
511 *
512 * On success return 0. On integrity appraisal error, assuming the file
513 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
514 */
515 int ima_file_check(struct file *file, int mask)
516 {
517 struct lsmblob blob;
518
519 security_current_getsecid_subj(&blob);
520 /* scaffolding until process_measurement changes */
> 521 return process_measurement(file, current_cred(), blob.secid[0], NULL, 0,
522 mask & (MAY_READ | MAY_WRITE | MAY_EXEC |
523 MAY_APPEND), FILE_CHECK);
524 }
525 EXPORT_SYMBOL_GPL(ima_file_check);
526
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: 0d4df6ae86e123057cb18eeb5ba1b1eff2641fe4 ("[PATCH v34 11/29] LSM: Use lsmblob in security_current_getsecid")
url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220408-062243
base: https://git.kernel.org/cgit/linux/kernel/git/pcmoore/selinux.git next
patch link: https://lore.kernel.org/linux-security-module/20220407212230.12893-12-casey@schaufler-ca.com
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@intel.com>
[ 2.199476][ T1] BUG: KASAN: stack-out-of-bounds in netlbl_unlabel_defconf (net/netlabel/netlabel_unlabeled.c:1572)
[ 2.199476][ T1] Read of size 4 at addr ffffc9000001fca0 by task swapper/0/1
[ 2.199476][ T1]
[ 2.199476][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.18.0-rc1-00014-g0d4df6ae86e1 #1
[ 2.199476][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2.199476][ T1] Call Trace:
[ 2.199476][ T1] <TASK>
[ 2.199476][ T1] ? netlbl_unlabel_defconf (net/netlabel/netlabel_unlabeled.c:1572)
[ 2.199476][ T1] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))
[ 2.199476][ T1] print_address_description+0x1f/0x200
[ 2.199476][ T1] ? netlbl_unlabel_defconf (net/netlabel/netlabel_unlabeled.c:1572)
[ 2.199476][ T1] print_report.cold (mm/kasan/report.c:430)
[ 2.199476][ T1] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:82 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)
[ 2.199476][ T1] kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493)
[ 2.199476][ T1] ? netlbl_unlabel_defconf (net/netlabel/netlabel_unlabeled.c:1572)
[ 2.199476][ T1] netlbl_unlabel_defconf (net/netlabel/netlabel_unlabeled.c:1572)
[ 2.199476][ T1] ? netlbl_unlabel_init (net/netlabel/netlabel_unlabeled.c:1561)
[ 2.199476][ T1] ? register_netdevice_notifier (net/core/dev.c:1743)
[ 2.199476][ T1] ? netlbl_netlink_init (net/netlabel/netlabel_kapi.c:1494)
[ 2.199476][ T1] netlbl_init (net/netlabel/netlabel_kapi.c:1514)
[ 2.199476][ T1] do_one_initcall (init/main.c:1298)
[ 2.199476][ T1] ? trace_event_raw_event_initcall_level (init/main.c:1289)
[ 2.199476][ T1] ? parse_one (kernel/params.c:170)
[ 2.199476][ T1] ? sysvec_call_function_single (arch/x86/kernel/smp.c:243 (discriminator 14))
[ 2.199476][ T1] ? kasan_unpoison (mm/kasan/shadow.c:108 mm/kasan/shadow.c:142)
[ 2.199476][ T1] do_initcalls (init/main.c:1370 init/main.c:1387)
[ 2.199476][ T1] kernel_init_freeable (init/main.c:1617)
[ 2.199476][ T1] ? console_on_rootfs (init/main.c:1584)
[ 2.199476][ T1] ? usleep_range_state (kernel/time/timer.c:1843)
[ 2.199476][ T1] ? _raw_spin_lock_bh (kernel/locking/spinlock.c:169)
[ 2.199476][ T1] ? rest_init (init/main.c:1494)
[ 2.199476][ T1] kernel_init (init/main.c:1504)
[ 2.199476][ T1] ret_from_fork (arch/x86/entry/entry_64.S:304)
[ 2.199476][ T1] </TASK>
[ 2.199476][ T1]
[ 2.199476][ T1] The buggy address belongs to stack of task swapper/0/1
[ 2.199476][ T1] and is located at offset 64 in frame:
[ 2.199476][ T1] netlbl_unlabel_defconf (net/netlabel/netlabel_unlabeled.c:1561)
[ 2.199476][ T1]
[ 2.199476][ T1] This frame has 2 objects:
[ 2.199476][ T1] [32, 44) 'audit_info'
[ 2.199476][ T1] [64, 65) 'blob'
[ 2.199476][ T1]
[ 2.199476][ T1] The buggy address belongs to the virtual mapping at
[ 2.199476][ T1] [ffffc90000018000, ffffc90000021000) created by:
[ 2.199476][ T1] dup_task_struct (kernel/fork.c:979)
[ 2.199476][ T1]
[ 2.199476][ T1] Memory state around the buggy address:
[ 2.199476][ T1] ffffc9000001fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2.199476][ T1] ffffc9000001fc00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[ 2.199476][ T1] >ffffc9000001fc80: 00 04 f2 f2 01 f3 f3 f3 00 00 00 00 00 00 00 00
[ 2.199476][ T1] ^
[ 2.199476][ T1] ffffc9000001fd00: 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 f3
[ 2.199476][ T1] ffffc9000001fd80: f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 2.199476][ T1] ==================================================================
[ 2.199494][ T1] Disabling lock debugging due to kernel taint
[ 2.200283][ T1] NetLabel: unlabeled traffic allowed by default
[ 2.200485][ T1] PCI: Using ACPI for IRQ routing
[ 2.201121][ T1] PCI: pci_cache_line_size set to 64 bytes
[ 2.201558][ T1] e820: reserve RAM buffer [mem 0x0009fc00-0x0009ffff]
[ 2.202409][ T1] e820: reserve RAM buffer [mem 0xbffe0000-0xbfffffff]
[ 2.202667][ T1] pci 0000:00:02.0: vgaarb: setting as boot VGA device
[ 2.203405][ T1] pci 0000:00:02.0: vgaarb: bridge control possible
[ 2.203476][ T1] pci 0000:00:02.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none
[ 2.203493][ T1] vgaarb: loaded
[ 2.204802][ T1] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
[ 2.205484][ T1] hpet0: 3 comparators, 64-bit 100.000000 MHz counter
[ 2.209625][ T1] clocksource: Switched to clocksource kvm-clock
[ 2.434510][ T1] VFS: Disk quotas dquot_6.6.0
[ 2.435843][ T1] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[ 2.438323][ T1] pnp: PnP ACPI init
[ 2.440593][ T1] pnp 00:03: [dma 2]
[ 2.446897][ T1] pnp: PnP ACPI: found 7 devices
[ 2.470334][ T1] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns
[ 2.471970][ T1] NET: Registered PF_INET protocol family
[ 2.473702][ T1] IP idents hash table entries: 262144 (order: 9, 2097152 bytes, linear)
[ 2.479786][ T1] tcp_listen_portaddr_hash hash table entries: 8192 (order: 5, 131072 bytes, linear)
[ 2.481650][ T1] TCP established hash table entries: 131072 (order: 8, 1048576 bytes, linear)
[ 2.483134][ T1] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes, linear)
[ 2.484812][ T1] TCP: Hash tables configured (established 131072 bind 65536)
[ 2.485964][ T1] UDP hash table entries: 8192 (order: 6, 262144 bytes, linear)
[ 2.487066][ T1] UDP-Lite hash table entries: 8192 (order: 6, 262144 bytes, linear)
[ 2.488433][ T1] NET: Registered PF_UNIX/PF_LOCAL protocol family
[ 2.490263][ T1] RPC: Registered named UNIX socket transport module.
[ 2.491166][ T1] RPC: Registered udp transport module.
[ 2.492286][ T1] RPC: Registered tcp transport module.
[ 2.493335][ T1] RPC: Registered tcp NFSv4.1 backchannel transport module.
[ 2.494370][ T1] NET: Registered PF_XDP protocol family
[ 2.495404][ T1] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window]
[ 2.496291][ T1] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window]
[ 2.497200][ T1] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window]
[ 2.498213][ T1] pci_bus 0000:00: resource 7 [mem 0xc0000000-0xfebfffff window]
[ 2.499296][ T1] pci_bus 0000:00: resource 8 [mem 0x440000000-0x4bfffffff window]
[ 2.500830][ T1] pci 0000:00:01.0: PIIX3: Enabling Passive Release
[ 2.501688][ T1] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[ 2.502577][ T1] pci 0000:00:01.0: Activating ISA DMA hang workarounds
[ 2.503535][ T1] PCI: CLS 0 bytes, default 64
[ 2.504618][ T8] Trying to unpack rootfs image as initramfs...
[ 10.282566][ T8] Freeing initrd memory: 122800K
[ 10.283858][ T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
[ 10.285337][ T1] software IO TLB: mapped [mem 0x00000000bbfe0000-0x00000000bffe0000] (64MB)
To reproduce:
# build kernel
cd linux
cp config-5.18.0-rc1-00014-g0d4df6ae86e1 .config
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 381a4fddd4a5..bae8440ffc73 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2980,16 +2980,16 @@ static void binder_transaction(struct binder_proc *proc, t->priority = task_nice(current); if (target_node && target_node->txn_security_ctx) { - u32 secid; struct lsmblob blob; size_t added_size; + u32 secid; security_cred_getsecid(proc->cred, &secid); /* - * Later in this patch set security_task_getsecid() will + * Later in this patch set security_cred_getsecid() will * provide a lsmblob instead of a secid. lsmblob_init * is used to ensure that all the secids in the lsmblob - * get the value returned from security_task_getsecid(), + * get the value returned from security_cred_getsecid(), * which means that the one expected by * security_secid_to_secctx() will be set. */ diff --git a/include/linux/security.h b/include/linux/security.h index 4646ca90f457..10ff7db2232e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -502,8 +502,8 @@ int security_task_fix_setgid(struct cred *new, const struct cred *old, int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); -void security_current_getsecid_subj(u32 *secid); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid); +void security_current_getsecid_subj(struct lsmblob *blob); +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -1199,14 +1199,15 @@ static inline int security_task_getsid(struct task_struct *p) return 0; } -static inline void security_current_getsecid_subj(u32 *secid) +static inline void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } -static inline void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +static inline void security_task_getsecid_obj(struct task_struct *p, + struct lsmblob *blob) { - *secid = 0; + lsmblob_init(blob, 0); } static inline int security_task_setnice(struct task_struct *p, int nice) diff --git a/kernel/audit.c b/kernel/audit.c index 2acf95cf9895..0a7869c9c9ad 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2178,19 +2178,12 @@ int audit_log_task_context(struct audit_buffer *ab) char *ctx = NULL; unsigned len; int error; - u32 sid; struct lsmblob blob; - security_current_getsecid_subj(&sid); - if (!sid) + security_current_getsecid_subj(&blob); + if (!lsmblob_is_set(&blob)) return 0; - /* - * lsmblob_init sets all values in the lsmblob to sid. - * This is temporary until security_task_getsecid is converted - * to use a lsmblob, which happens later in this patch set. - */ - lsmblob_init(&blob, sid); error = security_secid_to_secctx(&blob, &ctx, &len); if (error) { @@ -2399,6 +2392,7 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; + struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2409,7 +2403,9 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&audit_sig_sid); + security_current_getsecid_subj(&blob); + /* scaffolding until audit_sig_sid is converted */ + audit_sig_sid = blob.secid[0]; } return audit_signal_info_syscall(t); diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 15cd4fe35e9c..39ded5cb2429 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1339,7 +1339,6 @@ int audit_filter(int msgtype, unsigned int listtype) struct audit_field *f = &e->rule.fields[i]; struct lsmblob blob; pid_t pid; - u32 sid; switch (f->type) { case AUDIT_PID: @@ -1369,8 +1368,7 @@ int audit_filter(int msgtype, unsigned int listtype) case AUDIT_SUBJ_SEN: case AUDIT_SUBJ_CLR: if (f->lsm_str) { - security_current_getsecid_subj(&sid); - lsmblob_init(&blob, sid); + security_current_getsecid_subj(&blob); result = security_audit_rule_match( &blob, f->type, f->op, &f->lsm_rules); diff --git a/kernel/auditsc.c b/kernel/auditsc.c index d125dba69a76..5ad606cc4814 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -467,7 +467,6 @@ static int audit_filter_rules(struct task_struct *tsk, { const struct cred *cred; int i, need_sid = 1; - u32 sid; struct lsmblob blob; unsigned int sessionid; @@ -676,17 +675,9 @@ static int audit_filter_rules(struct task_struct *tsk, * here even though it always refs * @current's creds */ - security_current_getsecid_subj(&sid); + security_current_getsecid_subj(&blob); need_sid = 0; } - /* - * lsmblob_init sets all values in the lsmblob - * to sid. This is temporary until - * security_task_getsecid() is converted to - * provide a lsmblob, which happens later in - * this patch set. - */ - lsmblob_init(&blob, sid); result = security_audit_rule_match(&blob, f->type, f->op, &f->lsm_rules); @@ -2764,12 +2755,15 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); + struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &context->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding - until target_sid is converted */ + context->target_sid = blob.secid[0]; memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2785,6 +2779,7 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); + struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2796,7 +2791,9 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &ctx->target_sid); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + ctx->target_sid = blob.secid[0]; memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2817,7 +2814,9 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &axp->target_sid[axp->pid_count]); + security_task_getsecid_obj(t, &blob); + /* scaffolding until target_sid is converted */ + axp->target_sid[axp->pid_count] = blob.secid[0]; memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 0a99663e6edb..c86df6ead742 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -1562,11 +1562,14 @@ int __init netlbl_unlabel_defconf(void) int ret_val; struct netlbl_dom_map *entry; struct netlbl_audit audit_info; + struct lsmblob blob; /* Only the kernel is allowed to call this function and the only time * it is called is at bootup before the audit subsystem is reporting * messages so don't worry to much about these values. */ - security_current_getsecid_subj(&audit_info.secid); + security_current_getsecid_subj(&blob); + /* scaffolding until audit_info.secid is converted */ + audit_info.secid = blob.secid[0]; audit_info.loginuid = GLOBAL_ROOT_UID; audit_info.sessionid = 0; diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h index d6c5b31eb4eb..3d5610ed5f0e 100644 --- a/net/netlabel/netlabel_user.h +++ b/net/netlabel/netlabel_user.h @@ -32,7 +32,11 @@ */ static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info) { - security_current_getsecid_subj(&audit_info->secid); + struct lsmblob blob; + + security_current_getsecid_subj(&blob); + /* scaffolding until secid is converted */ + audit_info->secid = blob.secid[0]; audit_info->loginuid = audit_get_loginuid(current); audit_info->sessionid = audit_get_sessionid(current); } diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 17232bbfb9f9..217d20c60e1d 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -71,15 +71,17 @@ bool is_ima_appraise_enabled(void) int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, int mask, enum ima_hooks func) { - u32 secid; + struct lsmblob blob; if (!ima_appraise) return 0; - security_current_getsecid_subj(&secid); - return ima_match_policy(mnt_userns, inode, current_cred(), secid, - func, mask, IMA_APPRAISE | IMA_HASH, NULL, - NULL, NULL, NULL); + security_current_getsecid_subj(&blob); + /* scaffolding the .secid[0] */ + return ima_match_policy(mnt_userns, inode, current_cred(), + blob.secid[0], func, mask, + IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, + NULL); } static int ima_fix_xattr(struct dentry *dentry, diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 3d3f8c5c502b..2d99cb996d5f 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -405,12 +405,13 @@ static int process_measurement(struct file *file, const struct cred *cred, */ int ima_file_mmap(struct file *file, unsigned long prot) { - u32 secid; + struct lsmblob blob; if (file && (prot & PROT_EXEC)) { - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, - 0, MAY_EXEC, MMAP_CHECK); + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, MMAP_CHECK); } return 0; @@ -437,9 +438,9 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) char *pathbuf = NULL; const char *pathname = NULL; struct inode *inode; + struct lsmblob blob; int result = 0; int action; - u32 secid; int pcr; /* Is mprotect making an mmap'ed file executable? */ @@ -447,11 +448,11 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC)) return 0; - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); inode = file_inode(vma->vm_file); action = ima_get_action(file_mnt_user_ns(vma->vm_file), inode, - current_cred(), secid, MAY_EXEC, MMAP_CHECK, - &pcr, &template, NULL, NULL); + current_cred(), blob.secid[0], MAY_EXEC, + MMAP_CHECK, &pcr, &template, NULL, NULL); /* Is the mmap'ed file in policy? */ if (!(action & (IMA_MEASURE | IMA_APPRAISE_SUBMASK))) @@ -487,10 +488,12 @@ int ima_bprm_check(struct linux_binprm *bprm) { int ret; u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - ret = process_measurement(bprm->file, current_cred(), secid, NULL, 0, - MAY_EXEC, BPRM_CHECK); + security_current_getsecid_subj(&blob); + /* scaffolding until process_measurement changes */ + ret = process_measurement(bprm->file, current_cred(), blob.secid[0], + NULL, 0, MAY_EXEC, BPRM_CHECK); if (ret) return ret; @@ -511,10 +514,11 @@ int ima_bprm_check(struct linux_binprm *bprm) */ int ima_file_check(struct file *file, int mask) { - u32 secid; + struct lsmblob blob; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, 0, + security_current_getsecid_subj(&blob); + /* scaffolding until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, mask & (MAY_READ | MAY_WRITE | MAY_EXEC | MAY_APPEND), FILE_CHECK); } @@ -710,7 +714,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, bool contents) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* * Do devices using pre-allocated memory run the risk of the @@ -730,8 +734,9 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id, /* Read entire file for all partial reads. */ func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, NULL, + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], NULL, 0, MAY_READ, func); } @@ -760,7 +765,7 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, enum kernel_read_file_id read_id) { enum ima_hooks func; - u32 secid; + struct lsmblob blob; /* permit signed certs */ if (!file && read_id == READING_X509_CERTIFICATE) @@ -773,9 +778,10 @@ int ima_post_read_file(struct file *file, void *buf, loff_t size, } func = read_idmap[read_id] ?: FILE_CHECK; - security_current_getsecid_subj(&secid); - return process_measurement(file, current_cred(), secid, buf, size, - MAY_READ, func); + security_current_getsecid_subj(&blob); + /* scaffolding - until process_measurement changes */ + return process_measurement(file, current_cred(), blob.secid[0], buf, + size, MAY_READ, func); } /** @@ -900,7 +906,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; int action = 0; - u32 secid; + struct lsmblob blob; if (digest && digest_len < digest_hash_len) return -EINVAL; @@ -923,9 +929,10 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, * buffer measurements. */ if (func) { - security_current_getsecid_subj(&secid); + security_current_getsecid_subj(&blob); + /* scaffolding */ action = ima_get_action(mnt_userns, inode, current_cred(), - secid, 0, func, &pcr, &template, + blob.secid[0], 0, func, &pcr, &template, func_data, NULL); if (!(action & IMA_MEASURE) && !digest) return -ENOENT; diff --git a/security/security.c b/security/security.c index 131c851dd681..eae5b7f3a0db 100644 --- a/security/security.c +++ b/security/security.c @@ -1922,17 +1922,30 @@ int security_task_getsid(struct task_struct *p) return call_int_hook(task_getsid, 0, p); } -void security_current_getsecid_subj(u32 *secid) +void security_current_getsecid_subj(struct lsmblob *blob) { - *secid = 0; - call_void_hook(current_getsecid_subj, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.current_getsecid_subj, + list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.current_getsecid_subj(&blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_current_getsecid_subj); -void security_task_getsecid_obj(struct task_struct *p, u32 *secid) +void security_task_getsecid_obj(struct task_struct *p, struct lsmblob *blob) { - *secid = 0; - call_void_hook(task_getsecid_obj, p, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.task_getsecid_obj, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.task_getsecid_obj(p, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_task_getsecid_obj);