CC: l...@lists.linux.dev CC: kbuild-...@lists.01.org BCC: l...@intel.com CC: linux-ker...@vger.kernel.org TO: "Mickaël Salaün" <m...@linux.microsoft.com> CC: James Morris <jamor...@linux.microsoft.com>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master head: 1db333d9a51f3459fba1bcaa564d95befe79f0b3 commit: 265885daf3e5082eb9f6e2a23bdbf9ba4456a21b landlock: Add syscall implementations date: 11 months ago :::::: branch date: 4 hours ago :::::: commit date: 11 months ago config: mips-randconfig-c004-20220227 (https://download.01.org/0day-ci/archive/20220311/202203110046.u5f6ftwj-...@intel.com/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project d271fc04d5b97b12e6b797c6067d3c96a8d7470e) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install mips cross compiling tool for clang build # apt-get install binutils-mips-linux-gnu # https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=265885daf3e5082eb9f6e2a23bdbf9ba4456a21b git remote add linus https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git git fetch --no-tags linus master git checkout 265885daf3e5082eb9f6e2a23bdbf9ba4456a21b # save the config file to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=mips clang-analyzer If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <l...@intel.com> clang-analyzer warnings: (new ones prefixed by >>) if (!buf->data) ^~~~~~~~~~ include/linux/tpm.h:332:2: note: Taking false branch if (!buf->data) ^ include/linux/tpm.h:337:2: note: Returning zero, which participates in a condition later return 0; ^~~~~~~~ drivers/char/tpm/tpm1-cmd.c:488:7: note: Returning from 'tpm_buf_init' rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_CAP); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/char/tpm/tpm1-cmd.c:489:6: note: 'rc' is 0 if (rc) ^~ drivers/char/tpm/tpm1-cmd.c:489:2: note: Taking false branch if (rc) ^ drivers/char/tpm/tpm1-cmd.c:492:6: note: 'subcap_id' is not equal to TPM_CAP_VERSION_1_1 if (subcap_id == TPM_CAP_VERSION_1_1 || ^~~~~~~~~ drivers/char/tpm/tpm1-cmd.c:492:6: note: Left side of '||' is false drivers/char/tpm/tpm1-cmd.c:493:6: note: 'subcap_id' is not equal to TPM_CAP_VERSION_1_2 subcap_id == TPM_CAP_VERSION_1_2) { ^~~~~~~~~ drivers/char/tpm/tpm1-cmd.c:492:2: note: Taking false branch if (subcap_id == TPM_CAP_VERSION_1_1 || ^ drivers/char/tpm/tpm1-cmd.c:497:7: note: 'subcap_id' is not equal to TPM_CAP_FLAG_PERM if (subcap_id == TPM_CAP_FLAG_PERM || ^~~~~~~~~ drivers/char/tpm/tpm1-cmd.c:497:7: note: Left side of '||' is false drivers/char/tpm/tpm1-cmd.c:498:7: note: 'subcap_id' is not equal to TPM_CAP_FLAG_VOL subcap_id == TPM_CAP_FLAG_VOL) ^~~~~~~~~ drivers/char/tpm/tpm1-cmd.c:497:3: note: Taking false branch if (subcap_id == TPM_CAP_FLAG_PERM || ^ drivers/char/tpm/tpm1-cmd.c:506:7: note: Value assigned to field 'duration_adjusted', which participates in a condition later rc = tpm_transmit_cmd(chip, &buf, min_cap_length, desc); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/char/tpm/tpm1-cmd.c:507:6: note: Assuming 'rc' is 0, which participates in a condition later if (!rc) ^~~ drivers/char/tpm/tpm1-cmd.c:507:2: note: Taking true branch if (!rc) ^ drivers/char/tpm/tpm1-cmd.c:510:2: note: Returning zero (loaded from 'rc'), which participates in a condition later return rc; ^~~~~~~~~ drivers/char/tpm/tpm1-cmd.c:417:7: note: Returning from 'tpm1_getcap' rc = tpm1_getcap(chip, TPM_CAP_PROP_TIS_DURATION, &cap, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/char/tpm/tpm1-cmd.c:420:6: note: 'rc' is 0 if (rc) ^~ drivers/char/tpm/tpm1-cmd.c:420:2: note: Taking false branch if (rc) ^ drivers/char/tpm/tpm1-cmd.c:435:6: note: Assuming field 'update_durations' is null if (chip->ops->update_durations) ^~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/char/tpm/tpm1-cmd.c:435:2: note: Taking false branch if (chip->ops->update_durations) ^ drivers/char/tpm/tpm1-cmd.c:438:6: note: Assuming field 'duration_adjusted' is true if (chip->duration_adjusted) { ^~~~~~~~~~~~~~~~~~~~~~~ drivers/char/tpm/tpm1-cmd.c:438:2: note: Taking true branch if (chip->duration_adjusted) { ^ drivers/char/tpm/tpm1-cmd.c:440:29: note: Assigned value is garbage or undefined chip->duration[TPM_SHORT] = durations[0]; ^ ~~~~~~~~~~~~ drivers/char/tpm/tpm1-cmd.c:747:3: warning: Value stored to 'rc' is never read [clang-analyzer-deadcode.DeadStores] rc = tpm1_pcr_extend(chip, tpm_suspend_pcr, dummy_hash, ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/char/tpm/tpm1-cmd.c:747:3: note: Value stored to 'rc' is never read rc = tpm1_pcr_extend(chip, tpm_suspend_pcr, dummy_hash, ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Suppressed 7 warnings (6 in non-user code, 1 with check filters). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. security/device_cgroup.c:264:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(str, "*"); ^~~~~~ security/device_cgroup.c:264:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(str, "*"); ^~~~~~ Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 5 warnings generated. Suppressed 5 warnings (5 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 6 warnings generated. >> security/landlock/syscalls.c:329:6: warning: Branch condition evaluates to a >> garbage value [clang-analyzer-core.uninitialized.Branch] if (!path_beneath_attr.allowed_access) { ^ security/landlock/syscalls.c:295:1: note: Calling '__do_sys_landlock_add_rule' SYSCALL_DEFINE4(landlock_add_rule, ^ include/linux/syscalls.h:219:36: note: expanded from macro 'SYSCALL_DEFINE4' #define SYSCALL_DEFINE4(name, ...) SYSCALL_DEFINEx(4, _##name, __VA_ARGS__) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/syscalls.h:227:2: note: expanded from macro 'SYSCALL_DEFINEx' __SYSCALL_DEFINEx(x, sname, __VA_ARGS__) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/syscalls.h:248:14: note: expanded from macro '__SYSCALL_DEFINEx' long ret = __do_sys##name(__MAP(x,__SC_CAST,__VA_ARGS__));\ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ note: expanded from here security/landlock/syscalls.c:304:6: note: Assuming 'landlock_initialized' is true if (!landlock_initialized) ^~~~~~~~~~~~~~~~~~~~~ security/landlock/syscalls.c:304:2: note: Taking false branch if (!landlock_initialized) ^ security/landlock/syscalls.c:308:6: note: Assuming 'flags' is 0 if (flags) ^~~~~ security/landlock/syscalls.c:308:2: note: Taking false branch if (flags) ^ security/landlock/syscalls.c:311:6: note: Assuming 'rule_type' is equal to LANDLOCK_RULE_PATH_BENEATH if (rule_type != LANDLOCK_RULE_PATH_BENEATH) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ security/landlock/syscalls.c:311:2: note: Taking false branch if (rule_type != LANDLOCK_RULE_PATH_BENEATH) ^ security/landlock/syscalls.c:315:8: note: Calling 'copy_from_user' res = copy_from_user(&path_beneath_attr, rule_attr, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:191:2: note: Taking true branch if (likely(check_copy_size(to, n, false))) ^ include/linux/uaccess.h:192:7: note: Calling '_copy_from_user' n = _copy_from_user(to, from, n); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:157:7: note: Calling 'should_fail_usercopy' if (!should_fail_usercopy() && likely(access_ok(from, n))) { ^~~~~~~~~~~~~~~~~~~~~~ include/linux/fault-inject-usercopy.h:18:49: note: Returning zero, which participates in a condition later static inline bool should_fail_usercopy(void) { return false; } ^~~~~~~~~~~~ include/linux/uaccess.h:157:7: note: Returning from 'should_fail_usercopy' if (!should_fail_usercopy() && likely(access_ok(from, n))) { ^~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:157:6: note: Left side of '&&' is true if (!should_fail_usercopy() && likely(access_ok(from, n))) { ^ include/linux/uaccess.h:157:33: note: Assuming the condition is true if (!should_fail_usercopy() && likely(access_ok(from, n))) { ^ include/linux/compiler.h:77:20: note: expanded from macro 'likely' # define likely(x) __builtin_expect(!!(x), 1) ^~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:157:2: note: Taking true branch if (!should_fail_usercopy() && likely(access_ok(from, n))) { ^ include/linux/uaccess.h:159:9: note: Calling 'raw_copy_from_user' res = raw_copy_from_user(to, from, n); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ arch/mips/include/asm/uaccess.h:616:2: note: Taking false branch if (eva_kernel_access()) ^ arch/mips/include/asm/uaccess.h:619:3: note: Returning without writing to 'to->allowed_access' return __invoke_copy_from_user(to, from, n); ^ include/linux/uaccess.h:159:9: note: Returning from 'raw_copy_from_user' res = raw_copy_from_user(to, from, n); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:161:6: note: Assuming 'res' is 0, which participates in a condition later if (unlikely(res)) ^ include/linux/compiler.h:78:40: note: expanded from macro 'unlikely' # define unlikely(x) __builtin_expect(!!(x), 0) ^~~~ include/linux/uaccess.h:161:2: note: Taking false branch if (unlikely(res)) ^ include/linux/uaccess.h:163:2: note: Returning without writing to 'to->allowed_access' return res; ^ include/linux/uaccess.h:163:2: note: Returning zero (loaded from 'res'), which participates in a condition later return res; ^~~~~~~~~~ include/linux/uaccess.h:192:7: note: Returning from '_copy_from_user' n = _copy_from_user(to, from, n); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/uaccess.h:193:2: note: Returning without writing to 'to->allowed_access' return n; ^ include/linux/uaccess.h:193:2: note: Returning zero (loaded from 'n'), which participates in a condition later return n; ^~~~~~~~ security/landlock/syscalls.c:315:8: note: Returning from 'copy_from_user' vim +329 security/landlock/syscalls.c 265885daf3e508 Mickaël Salaün 2021-04-22 265 265885daf3e508 Mickaël Salaün 2021-04-22 266 /** 265885daf3e508 Mickaël Salaün 2021-04-22 267 * sys_landlock_add_rule - Add a new rule to a ruleset 265885daf3e508 Mickaël Salaün 2021-04-22 268 * 265885daf3e508 Mickaël Salaün 2021-04-22 269 * @ruleset_fd: File descriptor tied to the ruleset that should be extended 265885daf3e508 Mickaël Salaün 2021-04-22 270 * with the new rule. 265885daf3e508 Mickaël Salaün 2021-04-22 271 * @rule_type: Identify the structure type pointed to by @rule_attr (only 265885daf3e508 Mickaël Salaün 2021-04-22 272 * LANDLOCK_RULE_PATH_BENEATH for now). 265885daf3e508 Mickaël Salaün 2021-04-22 273 * @rule_attr: Pointer to a rule (only of type &struct 265885daf3e508 Mickaël Salaün 2021-04-22 274 * landlock_path_beneath_attr for now). 265885daf3e508 Mickaël Salaün 2021-04-22 275 * @flags: Must be 0. 265885daf3e508 Mickaël Salaün 2021-04-22 276 * 265885daf3e508 Mickaël Salaün 2021-04-22 277 * This system call enables to define a new rule and add it to an existing 265885daf3e508 Mickaël Salaün 2021-04-22 278 * ruleset. 265885daf3e508 Mickaël Salaün 2021-04-22 279 * 265885daf3e508 Mickaël Salaün 2021-04-22 280 * Possible returned errors are: 265885daf3e508 Mickaël Salaün 2021-04-22 281 * 265885daf3e508 Mickaël Salaün 2021-04-22 282 * - EOPNOTSUPP: Landlock is supported by the kernel but disabled at boot time; 265885daf3e508 Mickaël Salaün 2021-04-22 283 * - EINVAL: @flags is not 0, or inconsistent access in the rule (i.e. 265885daf3e508 Mickaël Salaün 2021-04-22 284 * &landlock_path_beneath_attr.allowed_access is not a subset of the rule's 265885daf3e508 Mickaël Salaün 2021-04-22 285 * accesses); 265885daf3e508 Mickaël Salaün 2021-04-22 286 * - ENOMSG: Empty accesses (e.g. &landlock_path_beneath_attr.allowed_access); 265885daf3e508 Mickaël Salaün 2021-04-22 287 * - EBADF: @ruleset_fd is not a file descriptor for the current thread, or a 265885daf3e508 Mickaël Salaün 2021-04-22 288 * member of @rule_attr is not a file descriptor as expected; 265885daf3e508 Mickaël Salaün 2021-04-22 289 * - EBADFD: @ruleset_fd is not a ruleset file descriptor, or a member of 265885daf3e508 Mickaël Salaün 2021-04-22 290 * @rule_attr is not the expected file descriptor type (e.g. file open 265885daf3e508 Mickaël Salaün 2021-04-22 291 * without O_PATH); 265885daf3e508 Mickaël Salaün 2021-04-22 292 * - EPERM: @ruleset_fd has no write access to the underlying ruleset; 265885daf3e508 Mickaël Salaün 2021-04-22 293 * - EFAULT: @rule_attr inconsistency. 265885daf3e508 Mickaël Salaün 2021-04-22 294 */ 265885daf3e508 Mickaël Salaün 2021-04-22 295 SYSCALL_DEFINE4(landlock_add_rule, 265885daf3e508 Mickaël Salaün 2021-04-22 296 const int, ruleset_fd, const enum landlock_rule_type, rule_type, 265885daf3e508 Mickaël Salaün 2021-04-22 297 const void __user *const, rule_attr, const __u32, flags) 265885daf3e508 Mickaël Salaün 2021-04-22 298 { 265885daf3e508 Mickaël Salaün 2021-04-22 299 struct landlock_path_beneath_attr path_beneath_attr; 265885daf3e508 Mickaël Salaün 2021-04-22 300 struct path path; 265885daf3e508 Mickaël Salaün 2021-04-22 301 struct landlock_ruleset *ruleset; 265885daf3e508 Mickaël Salaün 2021-04-22 302 int res, err; 265885daf3e508 Mickaël Salaün 2021-04-22 303 265885daf3e508 Mickaël Salaün 2021-04-22 304 if (!landlock_initialized) 265885daf3e508 Mickaël Salaün 2021-04-22 305 return -EOPNOTSUPP; 265885daf3e508 Mickaël Salaün 2021-04-22 306 265885daf3e508 Mickaël Salaün 2021-04-22 307 /* No flag for now. */ 265885daf3e508 Mickaël Salaün 2021-04-22 308 if (flags) 265885daf3e508 Mickaël Salaün 2021-04-22 309 return -EINVAL; 265885daf3e508 Mickaël Salaün 2021-04-22 310 265885daf3e508 Mickaël Salaün 2021-04-22 311 if (rule_type != LANDLOCK_RULE_PATH_BENEATH) 265885daf3e508 Mickaël Salaün 2021-04-22 312 return -EINVAL; 265885daf3e508 Mickaël Salaün 2021-04-22 313 265885daf3e508 Mickaël Salaün 2021-04-22 314 /* Copies raw user space buffer, only one type for now. */ 265885daf3e508 Mickaël Salaün 2021-04-22 315 res = copy_from_user(&path_beneath_attr, rule_attr, 265885daf3e508 Mickaël Salaün 2021-04-22 316 sizeof(path_beneath_attr)); 265885daf3e508 Mickaël Salaün 2021-04-22 317 if (res) 265885daf3e508 Mickaël Salaün 2021-04-22 318 return -EFAULT; 265885daf3e508 Mickaël Salaün 2021-04-22 319 265885daf3e508 Mickaël Salaün 2021-04-22 320 /* Gets and checks the ruleset. */ 265885daf3e508 Mickaël Salaün 2021-04-22 321 ruleset = get_ruleset_from_fd(ruleset_fd, FMODE_CAN_WRITE); 265885daf3e508 Mickaël Salaün 2021-04-22 322 if (IS_ERR(ruleset)) 265885daf3e508 Mickaël Salaün 2021-04-22 323 return PTR_ERR(ruleset); 265885daf3e508 Mickaël Salaün 2021-04-22 324 265885daf3e508 Mickaël Salaün 2021-04-22 325 /* 265885daf3e508 Mickaël Salaün 2021-04-22 326 * Informs about useless rule: empty allowed_access (i.e. deny rules) 265885daf3e508 Mickaël Salaün 2021-04-22 327 * are ignored in path walks. 265885daf3e508 Mickaël Salaün 2021-04-22 328 */ 265885daf3e508 Mickaël Salaün 2021-04-22 @329 if (!path_beneath_attr.allowed_access) { 265885daf3e508 Mickaël Salaün 2021-04-22 330 err = -ENOMSG; 265885daf3e508 Mickaël Salaün 2021-04-22 331 goto out_put_ruleset; 265885daf3e508 Mickaël Salaün 2021-04-22 332 } 265885daf3e508 Mickaël Salaün 2021-04-22 333 /* 265885daf3e508 Mickaël Salaün 2021-04-22 334 * Checks that allowed_access matches the @ruleset constraints 265885daf3e508 Mickaël Salaün 2021-04-22 335 * (ruleset->fs_access_masks[0] is automatically upgraded to 64-bits). 265885daf3e508 Mickaël Salaün 2021-04-22 336 */ 265885daf3e508 Mickaël Salaün 2021-04-22 337 if ((path_beneath_attr.allowed_access | ruleset->fs_access_masks[0]) != 265885daf3e508 Mickaël Salaün 2021-04-22 338 ruleset->fs_access_masks[0]) { 265885daf3e508 Mickaël Salaün 2021-04-22 339 err = -EINVAL; 265885daf3e508 Mickaël Salaün 2021-04-22 340 goto out_put_ruleset; 265885daf3e508 Mickaël Salaün 2021-04-22 341 } 265885daf3e508 Mickaël Salaün 2021-04-22 342 265885daf3e508 Mickaël Salaün 2021-04-22 343 /* Gets and checks the new rule. */ 265885daf3e508 Mickaël Salaün 2021-04-22 344 err = get_path_from_fd(path_beneath_attr.parent_fd, &path); 265885daf3e508 Mickaël Salaün 2021-04-22 345 if (err) 265885daf3e508 Mickaël Salaün 2021-04-22 346 goto out_put_ruleset; 265885daf3e508 Mickaël Salaün 2021-04-22 347 265885daf3e508 Mickaël Salaün 2021-04-22 348 /* Imports the new rule. */ 265885daf3e508 Mickaël Salaün 2021-04-22 349 err = landlock_append_fs_rule(ruleset, &path, 265885daf3e508 Mickaël Salaün 2021-04-22 350 path_beneath_attr.allowed_access); 265885daf3e508 Mickaël Salaün 2021-04-22 351 path_put(&path); 265885daf3e508 Mickaël Salaün 2021-04-22 352 265885daf3e508 Mickaël Salaün 2021-04-22 353 out_put_ruleset: 265885daf3e508 Mickaël Salaün 2021-04-22 354 landlock_put_ruleset(ruleset); 265885daf3e508 Mickaël Salaün 2021-04-22 355 return err; 265885daf3e508 Mickaël Salaün 2021-04-22 356 } 265885daf3e508 Mickaël Salaün 2021-04-22 357 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-...@lists.01.org _______________________________________________ kbuild mailing list -- kbuild@lists.01.org To unsubscribe send an email to kbuild-le...@lists.01.org