lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202208111453.iWFQgZet-lkp@intel.com>
Date:   Thu, 11 Aug 2022 14:33:25 +0800
From:   kernel test robot <lkp@...el.com>
To:     zhoun <zhounan@...china.com>, john.johansen@...onical.com,
        paul@...l-moore.com, jmorris@...ei.org, serge@...lyn.com
Cc:     llvm@...ts.linux.dev, kbuild-all@...ts.01.org,
        linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org, zhounan <zhounan@...china.com>
Subject: Re: [PATCH] remove unnecessary type casting

Hi zhoun,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on linus/master]
[also build test ERROR on v5.19 next-20220811]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/zhoun/remove-unnecessary-type-casting/20220810-164202
base:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git d4252071b97d2027d246f6a82cbee4d52f618b47
config: x86_64-randconfig-a016 (https://download.01.org/0day-ci/archive/20220811/202208111453.iWFQgZet-lkp@intel.com/config)
compiler: clang version 16.0.0 (https://github.com/llvm/llvm-project 5f1c7e2cc5a3c07cbc2412e851a7283c1841f520)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/intel-lab-lkp/linux/commit/644349c963daf046bc5ed629711825d917f1fcfc
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review zhoun/remove-unnecessary-type-casting/20220810-164202
        git checkout 644349c963daf046bc5ed629711825d917f1fcfc
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@...el.com>

All errors (new ones prefixed by >>):

>> security/apparmor/policy.c:1006:23: error: incompatible pointer types initializing 'struct aa_profile *' with an expression of type 'struct aa_policy *' [-Werror,-Wincompatible-pointer-types]
                           struct aa_profile *p = policy;
                                              ^   ~~~~~~
   1 error generated.


vim +1006 security/apparmor/policy.c

   882	
   883	/**
   884	 * aa_replace_profiles - replace profile(s) on the profile list
   885	 * @policy_ns: namespace load is occurring on
   886	 * @label: label that is attempting to load/replace policy
   887	 * @mask: permission mask
   888	 * @udata: serialized data stream  (NOT NULL)
   889	 *
   890	 * unpack and replace a profile on the profile list and uses of that profile
   891	 * by any task creds via invalidating the old version of the profile, which
   892	 * tasks will notice to update their own cred.  If the profile does not exist
   893	 * on the profile list it is added.
   894	 *
   895	 * Returns: size of data consumed else error code on failure.
   896	 */
   897	ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label,
   898				    u32 mask, struct aa_loaddata *udata)
   899	{
   900		const char *ns_name = NULL, *info = NULL;
   901		struct aa_ns *ns = NULL;
   902		struct aa_load_ent *ent, *tmp;
   903		struct aa_loaddata *rawdata_ent;
   904		const char *op;
   905		ssize_t count, error;
   906		LIST_HEAD(lh);
   907	
   908		op = mask & AA_MAY_REPLACE_POLICY ? OP_PROF_REPL : OP_PROF_LOAD;
   909		aa_get_loaddata(udata);
   910		/* released below */
   911		error = aa_unpack(udata, &lh, &ns_name);
   912		if (error)
   913			goto out;
   914	
   915		/* ensure that profiles are all for the same ns
   916		 * TODO: update locking to remove this constaint. All profiles in
   917		 *       the load set must succeed as a set or the load will
   918		 *       fail. Sort ent list and take ns locks in hierarchy order
   919		 */
   920		count = 0;
   921		list_for_each_entry(ent, &lh, list) {
   922			if (ns_name) {
   923				if (ent->ns_name &&
   924				    strcmp(ent->ns_name, ns_name) != 0) {
   925					info = "policy load has mixed namespaces";
   926					error = -EACCES;
   927					goto fail;
   928				}
   929			} else if (ent->ns_name) {
   930				if (count) {
   931					info = "policy load has mixed namespaces";
   932					error = -EACCES;
   933					goto fail;
   934				}
   935				ns_name = ent->ns_name;
   936			} else
   937				count++;
   938		}
   939		if (ns_name) {
   940			ns = aa_prepare_ns(policy_ns ? policy_ns : labels_ns(label),
   941					   ns_name);
   942			if (IS_ERR(ns)) {
   943				op = OP_PROF_LOAD;
   944				info = "failed to prepare namespace";
   945				error = PTR_ERR(ns);
   946				ns = NULL;
   947				ent = NULL;
   948				goto fail;
   949			}
   950		} else
   951			ns = aa_get_ns(policy_ns ? policy_ns : labels_ns(label));
   952	
   953		mutex_lock_nested(&ns->lock, ns->level);
   954		/* check for duplicate rawdata blobs: space and file dedup */
   955		list_for_each_entry(rawdata_ent, &ns->rawdata_list, list) {
   956			if (aa_rawdata_eq(rawdata_ent, udata)) {
   957				struct aa_loaddata *tmp;
   958	
   959				tmp = __aa_get_loaddata(rawdata_ent);
   960				/* check we didn't fail the race */
   961				if (tmp) {
   962					aa_put_loaddata(udata);
   963					udata = tmp;
   964					break;
   965				}
   966			}
   967		}
   968		/* setup parent and ns info */
   969		list_for_each_entry(ent, &lh, list) {
   970			struct aa_policy *policy;
   971	
   972			ent->new->rawdata = aa_get_loaddata(udata);
   973			error = __lookup_replace(ns, ent->new->base.hname,
   974						 !(mask & AA_MAY_REPLACE_POLICY),
   975						 &ent->old, &info);
   976			if (error)
   977				goto fail_lock;
   978	
   979			if (ent->new->rename) {
   980				error = __lookup_replace(ns, ent->new->rename,
   981							!(mask & AA_MAY_REPLACE_POLICY),
   982							&ent->rename, &info);
   983				if (error)
   984					goto fail_lock;
   985			}
   986	
   987			/* released when @new is freed */
   988			ent->new->ns = aa_get_ns(ns);
   989	
   990			if (ent->old || ent->rename)
   991				continue;
   992	
   993			/* no ref on policy only use inside lock */
   994			policy = __lookup_parent(ns, ent->new->base.hname);
   995			if (!policy) {
   996				struct aa_profile *p;
   997				p = __list_lookup_parent(&lh, ent->new);
   998				if (!p) {
   999					error = -ENOENT;
  1000					info = "parent does not exist";
  1001					goto fail_lock;
  1002				}
  1003				rcu_assign_pointer(ent->new->parent, aa_get_profile(p));
  1004			} else if (policy != &ns->base) {
  1005				/* released on profile replacement or free_profile */
> 1006				struct aa_profile *p = policy;
  1007				rcu_assign_pointer(ent->new->parent, aa_get_profile(p));
  1008			}
  1009		}
  1010	
  1011		/* create new fs entries for introspection if needed */
  1012		if (!udata->dents[AAFS_LOADDATA_DIR]) {
  1013			error = __aa_fs_create_rawdata(ns, udata);
  1014			if (error) {
  1015				info = "failed to create raw_data dir and files";
  1016				ent = NULL;
  1017				goto fail_lock;
  1018			}
  1019		}
  1020		list_for_each_entry(ent, &lh, list) {
  1021			if (!ent->old) {
  1022				struct dentry *parent;
  1023				if (rcu_access_pointer(ent->new->parent)) {
  1024					struct aa_profile *p;
  1025					p = aa_deref_parent(ent->new);
  1026					parent = prof_child_dir(p);
  1027				} else
  1028					parent = ns_subprofs_dir(ent->new->ns);
  1029				error = __aafs_profile_mkdir(ent->new, parent);
  1030			}
  1031	
  1032			if (error) {
  1033				info = "failed to create";
  1034				goto fail_lock;
  1035			}
  1036		}
  1037	
  1038		/* Done with checks that may fail - do actual replacement */
  1039		__aa_bump_ns_revision(ns);
  1040		__aa_loaddata_update(udata, ns->revision);
  1041		list_for_each_entry_safe(ent, tmp, &lh, list) {
  1042			list_del_init(&ent->list);
  1043			op = (!ent->old && !ent->rename) ? OP_PROF_LOAD : OP_PROF_REPL;
  1044	
  1045			if (ent->old && ent->old->rawdata == ent->new->rawdata) {
  1046				/* dedup actual profile replacement */
  1047				audit_policy(label, op, ns_name, ent->new->base.hname,
  1048					     "same as current profile, skipping",
  1049					     error);
  1050				/* break refcount cycle with proxy. */
  1051				aa_put_proxy(ent->new->label.proxy);
  1052				ent->new->label.proxy = NULL;
  1053				goto skip;
  1054			}
  1055	
  1056			/*
  1057			 * TODO: finer dedup based on profile range in data. Load set
  1058			 * can differ but profile may remain unchanged
  1059			 */
  1060			audit_policy(label, op, ns_name, ent->new->base.hname, NULL,
  1061				     error);
  1062	
  1063			if (ent->old) {
  1064				share_name(ent->old, ent->new);
  1065				__replace_profile(ent->old, ent->new);
  1066			} else {
  1067				struct list_head *lh;
  1068	
  1069				if (rcu_access_pointer(ent->new->parent)) {
  1070					struct aa_profile *parent;
  1071	
  1072					parent = update_to_newest_parent(ent->new);
  1073					lh = &parent->base.profiles;
  1074				} else
  1075					lh = &ns->base.profiles;
  1076				__add_profile(lh, ent->new);
  1077			}
  1078		skip:
  1079			aa_load_ent_free(ent);
  1080		}
  1081		__aa_labelset_update_subtree(ns);
  1082		mutex_unlock(&ns->lock);
  1083	
  1084	out:
  1085		aa_put_ns(ns);
  1086		aa_put_loaddata(udata);
  1087		kfree(ns_name);
  1088	
  1089		if (error)
  1090			return error;
  1091		return udata->size;
  1092	
  1093	fail_lock:
  1094		mutex_unlock(&ns->lock);
  1095	
  1096		/* audit cause of failure */
  1097		op = (ent && !ent->old) ? OP_PROF_LOAD : OP_PROF_REPL;
  1098	fail:
  1099		  audit_policy(label, op, ns_name, ent ? ent->new->base.hname : NULL,
  1100			       info, error);
  1101		/* audit status that rest of profiles in the atomic set failed too */
  1102		info = "valid profile in failed atomic policy load";
  1103		list_for_each_entry(tmp, &lh, list) {
  1104			if (tmp == ent) {
  1105				info = "unchecked profile in failed atomic policy load";
  1106				/* skip entry that caused failure */
  1107				continue;
  1108			}
  1109			op = (!tmp->old) ? OP_PROF_LOAD : OP_PROF_REPL;
  1110			audit_policy(label, op, ns_name, tmp->new->base.hname, info,
  1111				     error);
  1112		}
  1113		list_for_each_entry_safe(ent, tmp, &lh, list) {
  1114			list_del_init(&ent->list);
  1115			aa_load_ent_free(ent);
  1116		}
  1117	
  1118		goto out;
  1119	}
  1120	

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ