:::::: :::::: Manual check reason: "low confidence static check warning: fs/fuse/dir.c:482:6: warning: Branch condition evaluates to a garbage value [clang-analyzer-core.uninitialized.Branch]" ::::::
CC: [email protected] CC: [email protected] BCC: [email protected] In-Reply-To: <[email protected]> References: <[email protected]> TO: Casey Schaufler <[email protected]> TO: [email protected] TO: [email protected] TO: [email protected] TO: [email protected] CC: [email protected] CC: [email protected] CC: [email protected] CC: [email protected] CC: [email protected] CC: [email protected] CC: [email protected] CC: [email protected] Hi Casey, I love your patch! Perhaps something to improve: [auto build test WARNING on pcmoore-audit/next] [also build test WARNING on pcmoore-selinux/next linus/master v5.19-rc2 next-20220610] [cannot apply to jmorris-security/next-testing] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220610-080129 base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next :::::: branch date: 4 days ago :::::: commit date: 4 days ago config: s390-randconfig-c005-20220613 (https://download.01.org/0day-ci/archive/20220614/[email protected]/config) compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project d378268ead93c85803c270277f0243737b536ae7) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install s390 cross compiling tool for clang build # apt-get install binutils-s390x-linux-gnu # https://github.com/intel-lab-lkp/linux/commit/86d33e271bed739fe32367e703b054ea253bb471 git remote add linux-review https://github.com/intel-lab-lkp/linux git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220610-080129 git checkout 86d33e271bed739fe32367e703b054ea253bb471 # save the config file COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=s390 clang-analyzer If you fix the issue, kindly add following tag where applicable Reported-by: kernel test robot <[email protected]> clang-analyzer warnings: (new ones prefixed by >>) ^~~~~~~ lib/kunit/test.c:371:2: warning: Dereference of null pointer [clang-analyzer-core.NullDereference] current->kunit_test = test; ^ arch/s390/include/asm/current.h:17:45: note: expanded from macro 'current' #define current ((struct task_struct *const)S390_lowcore.current_task) ^~~~~~~~~~~~~~~~~~~~~~~~~ arch/s390/include/asm/lowcore.h:213:22: note: expanded from macro 'S390_lowcore' #define S390_lowcore (*((struct lowcore *) 0)) ^ lib/kunit/test.c:371:2: note: Dereference of null pointer current->kunit_test = test; ^ arch/s390/include/asm/current.h:17:45: note: expanded from macro 'current' #define current ((struct task_struct *const)S390_lowcore.current_task) ^~~~~~~~~~~~~~~~~~~~~~~~~ arch/s390/include/asm/lowcore.h:213:22: note: expanded from macro 'S390_lowcore' #define S390_lowcore (*((struct lowcore *) 0)) ^ lib/kunit/test.c:535:6: warning: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] snprintf(param_desc, sizeof(param_desc), ^~~~~~~~ lib/kunit/test.c:535:6: note: Call to function 'snprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'snprintf_s' in case of C11 snprintf(param_desc, sizeof(param_desc), ^~~~~~~~ lib/kunit/test.c:699:2: warning: Dereference of null pointer [clang-analyzer-core.NullDereference] current->kunit_test = NULL; ^ arch/s390/include/asm/current.h:17:45: note: expanded from macro 'current' #define current ((struct task_struct *const)S390_lowcore.current_task) ^ arch/s390/include/asm/lowcore.h:213:22: note: expanded from macro 'S390_lowcore' #define S390_lowcore (*((struct lowcore *) 0)) ^ lib/kunit/test.c:390:6: note: Assuming 'try_exit_code' is 0 if (try_exit_code) { ^~~~~~~~~~~~~ lib/kunit/test.c:390:2: note: Taking false branch if (try_exit_code) { ^ lib/kunit/test.c:413:2: note: Calling 'kunit_run_case_cleanup' kunit_run_case_cleanup(test, suite); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ lib/kunit/test.c:352:6: note: Assuming field 'exit' is null if (suite->exit) ^~~~~~~~~~~ lib/kunit/test.c:352:2: note: Taking false branch if (suite->exit) ^ lib/kunit/test.c:355:2: note: Calling 'kunit_case_internal_cleanup' kunit_case_internal_cleanup(test); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ lib/kunit/test.c:342:2: note: Calling 'kunit_cleanup' kunit_cleanup(test); ^~~~~~~~~~~~~~~~~~~ lib/kunit/test.c:682:2: note: Loop condition is true. Entering loop body while (true) { ^ lib/kunit/test.c:683:3: note: Loop condition is false. Exiting loop spin_lock_irqsave(&test->lock, flags); ^ include/linux/spinlock.h:379:2: note: expanded from macro 'spin_lock_irqsave' raw_spin_lock_irqsave(spinlock_check(lock), flags); \ ^ include/linux/spinlock.h:240:2: note: expanded from macro 'raw_spin_lock_irqsave' do { \ ^ lib/kunit/test.c:683:3: note: Loop condition is false. Exiting loop spin_lock_irqsave(&test->lock, flags); ^ include/linux/spinlock.h:377:43: note: expanded from macro 'spin_lock_irqsave' #define spin_lock_irqsave(lock, flags) \ ^ lib/kunit/test.c:684:7: note: Assuming the condition is true if (list_empty(&test->resources)) { ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ lib/kunit/test.c:684:3: note: Taking true branch if (list_empty(&test->resources)) { ^ lib/kunit/test.c:686:4: note: Execution continues on line 699 break; ^ lib/kunit/test.c:699:2: note: Dereference of null pointer current->kunit_test = NULL; ^ arch/s390/include/asm/current.h:17:45: note: expanded from macro 'current' #define current ((struct task_struct *const)S390_lowcore.current_task) ^~~~~~~~~~~~~~~~~~~~~~~~~ arch/s390/include/asm/lowcore.h:213:22: note: expanded from macro 'S390_lowcore' #define S390_lowcore (*((struct lowcore *) 0)) ^ Suppressed 36 warnings (36 in non-user code). Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well. 66 warnings generated. fs/fuse/dir.c:179:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(outarg, 0, sizeof(struct fuse_entry_out)); ^~~~~~ fs/fuse/dir.c:179:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(outarg, 0, sizeof(struct fuse_entry_out)); ^~~~~~ >> fs/fuse/dir.c:482:6: warning: Branch condition evaluates to a garbage value >> [clang-analyzer-core.uninitialized.Branch] if (lsmctx.len) { ^ fs/fuse/dir.c:831:9: note: Calling 'create_new_entry' return create_new_entry(fm, &args, dir, entry, S_IFLNK); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/fuse/dir.c:702:2: note: Taking false branch if (fuse_is_bad(dir)) ^ fs/fuse/dir.c:706:6: note: Assuming 'forget' is non-null if (!forget) ^~~~~~~ fs/fuse/dir.c:706:2: note: Taking false branch if (!forget) ^ fs/fuse/dir.c:715:6: note: Assuming field 'init_security' is not equal to 0 if (fm->fc->init_security && args->opcode != FUSE_LINK) { ^~~~~~~~~~~~~~~~~~~~~ fs/fuse/dir.c:715:6: note: Left side of '&&' is true fs/fuse/dir.c:715:37: note: Field 'opcode' is not equal to FUSE_LINK if (fm->fc->init_security && args->opcode != FUSE_LINK) { ^ fs/fuse/dir.c:715:2: note: Taking true branch if (fm->fc->init_security && args->opcode != FUSE_LINK) { ^ fs/fuse/dir.c:716:9: note: Calling 'get_security_context' err = get_security_context(entry, mode, &security_ctx, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/fuse/dir.c:474:8: note: Calling 'security_dentry_init_security' err = security_dentry_init_security(entry, mode, &entry->d_name, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/security.h:893:2: note: Returning without writing to 'lsmcxt->len' return -EOPNOTSUPP; ^ include/linux/security.h:893:2: note: Returning the value -95, which participates in a condition later return -EOPNOTSUPP; ^~~~~~~~~~~~~~~~~~ fs/fuse/dir.c:474:8: note: Returning from 'security_dentry_init_security' err = security_dentry_init_security(entry, mode, &entry->d_name, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ fs/fuse/dir.c:476:6: note: 'err' is -95 if (err) { ^~~ fs/fuse/dir.c:476:2: note: Taking true branch if (err) { ^ fs/fuse/dir.c:477:3: note: Taking false branch if (err != -EOPNOTSUPP) ^ fs/fuse/dir.c:482:6: note: Branch condition evaluates to a garbage value if (lsmctx.len) { ^~~~~~~~~~ fs/fuse/dir.c:506:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy] strcpy(ptr, name); ^~~~~~ fs/fuse/dir.c:506:3: note: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 strcpy(ptr, name); ^~~~~~ fs/fuse/dir.c:509:3: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memcpy(ptr, lsmctx.context, lsmctx.len); ^~~~~~ fs/fuse/dir.c:509:3: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 memcpy(ptr, lsmctx.context, lsmctx.len); ^~~~~~ fs/fuse/dir.c:560:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(&inarg, 0, sizeof(inarg)); ^~~~~~ fs/fuse/dir.c:560:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(&inarg, 0, sizeof(inarg)); ^~~~~~ fs/fuse/dir.c:561:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(&outentry, 0, sizeof(outentry)); ^~~~~~ fs/fuse/dir.c:561:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(&outentry, 0, sizeof(outentry)); ^~~~~~ fs/fuse/dir.c:709:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] memset(&outarg, 0, sizeof(outarg)); ^~~~~~ fs/fuse/dir.c:709:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 memset(&outarg, 0, sizeof(outarg)); ^~~~~~ fs/fuse/dir.c:764:2: warning: Address of stack memory associated with local variable 'outarg' is still referred to by the stack variable 'args' upon returning to the caller. This will be a dangling reference [clang-analyzer-core.StackAddressEscape] return err; ^ fs/fuse/dir.c:649:2: note: Taking false branch if (fuse_is_bad(dir)) ^ fs/fuse/dir.c:652:6: note: Assuming the condition is true if (d_in_lookup(entry)) { ^~~~~~~~~~~~~~~~~~ fs/fuse/dir.c:652:2: note: Taking true branch if (d_in_lookup(entry)) { ^ fs/fuse/dir.c:654:3: note: Taking false branch if (IS_ERR(res)) ^ fs/fuse/dir.c:657:7: note: Assuming 'res' is null if (res) ^~~ fs/fuse/dir.c:657:3: note: Taking false branch vim +482 fs/fuse/dir.c e5e5558e923f35 Miklos Szeredi 2005-09-09 461 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 462 static int get_security_context(struct dentry *entry, umode_t mode, 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 463 void **security_ctx, u32 *security_ctxlen) 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 464 { 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 465 struct fuse_secctx *fctx; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 466 struct fuse_secctx_header *header; 86d33e271bed73 Casey Schaufler 2022-06-09 467 struct lsmcontext lsmctx; 86d33e271bed73 Casey Schaufler 2022-06-09 468 void *ptr; 86d33e271bed73 Casey Schaufler 2022-06-09 469 u32 total_len = sizeof(*header); 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 470 int err, nr_ctx = 0; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 471 const char *name; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 472 size_t namelen; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 473 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 474 err = security_dentry_init_security(entry, mode, &entry->d_name, 86d33e271bed73 Casey Schaufler 2022-06-09 475 &name, &lsmctx); 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 476 if (err) { 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 477 if (err != -EOPNOTSUPP) 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 478 goto out_err; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 479 /* No LSM is supporting this security hook. Ignore error */ 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 480 } 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 481 86d33e271bed73 Casey Schaufler 2022-06-09 @482 if (lsmctx.len) { 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 483 nr_ctx = 1; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 484 namelen = strlen(name) + 1; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 485 err = -EIO; 86d33e271bed73 Casey Schaufler 2022-06-09 486 if (WARN_ON(namelen > XATTR_NAME_MAX + 1 || 86d33e271bed73 Casey Schaufler 2022-06-09 487 lsmctx.len > S32_MAX)) 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 488 goto out_err; 86d33e271bed73 Casey Schaufler 2022-06-09 489 total_len += FUSE_REC_ALIGN(sizeof(*fctx) + namelen + 86d33e271bed73 Casey Schaufler 2022-06-09 490 lsmctx.len); 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 491 } 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 492 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 493 err = -ENOMEM; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 494 header = ptr = kzalloc(total_len, GFP_KERNEL); 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 495 if (!ptr) 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 496 goto out_err; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 497 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 498 header->nr_secctx = nr_ctx; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 499 header->size = total_len; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 500 ptr += sizeof(*header); 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 501 if (nr_ctx) { 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 502 fctx = ptr; 86d33e271bed73 Casey Schaufler 2022-06-09 503 fctx->size = lsmctx.len; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 504 ptr += sizeof(*fctx); 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 505 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 506 strcpy(ptr, name); 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 507 ptr += namelen; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 508 86d33e271bed73 Casey Schaufler 2022-06-09 509 memcpy(ptr, lsmctx.context, lsmctx.len); 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 510 } 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 511 *security_ctxlen = total_len; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 512 *security_ctx = header; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 513 err = 0; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 514 out_err: 86d33e271bed73 Casey Schaufler 2022-06-09 515 if (nr_ctx) 86d33e271bed73 Casey Schaufler 2022-06-09 516 security_release_secctx(&lsmctx); 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 517 return err; 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 518 } 3e2b6fdbdc9ab5 Vivek Goyal 2021-11-11 519 -- 0-DAY CI Kernel Test Service https://01.org/lkp _______________________________________________ kbuild mailing list -- [email protected] To unsubscribe send an email to [email protected]
