| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202507150132.xWRFcZgf-lkp@intel.com>
Date: Tue, 15 Jul 2025 02:07:38 +0800
From: kernel test robot <lkp@...el.com>
To: Maxime Bélair <maxime.belair@...onical.com>,
linux-security-module@...r.kernel.org
Cc: oe-kbuild-all@...ts.linux.dev, john.johansen@...onical.com,
paul@...l-moore.com, jmorris@...ei.org, serge@...lyn.com,
mic@...ikod.net, kees@...nel.org, stephen.smalley.work@...il.com,
casey@...aufler-ca.com, takedakn@...data.co.jp,
penguin-kernel@...ove.sakura.ne.jp, song@...nel.org,
rdunlap@...radead.org, linux-api@...r.kernel.org,
apparmor@...ts.ubuntu.com, linux-kernel@...r.kernel.org,
Maxime Bélair <maxime.belair@...onical.com>
Subject: Re: [PATCH v5 3/3] AppArmor: add support for lsm_config_self_policy
and lsm_config_system_policy
Hi Maxime,
kernel test robot noticed the following build warnings:
[auto build test WARNING on 9c32cda43eb78f78c73aee4aa344b777714e259b]
url: https://github.com/intel-lab-lkp/linux/commits/Maxime-B-lair/Wire-up-lsm_config_self_policy-and-lsm_config_system_policy-syscalls/20250709-160720
base: 9c32cda43eb78f78c73aee4aa344b777714e259b
patch link: https://lore.kernel.org/r/20250709080220.110947-4-maxime.belair%40canonical.com
patch subject: [PATCH v5 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy
config: hexagon-randconfig-r072-20250714 (https://download.01.org/0day-ci/archive/20250715/202507150132.xWRFcZgf-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@...el.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202507150132.xWRFcZgf-lkp@intel.com/
smatch warnings:
security/apparmor/lsm.c:1348 apparmor_lsm_config_system_policy() warn: unsigned 'ns_size' is never less than zero.
vim +/ns_size +1348 security/apparmor/lsm.c
1319
1320 /**
1321 * apparmor_lsm_config_system_policy - Load or replace a system policy
1322 * @lsm_id: AppArmor ID (LSM_ID_APPARMOR). Unused here
1323 * @op: operation to perform. Currently, only LSM_POLICY_LOAD is supported
1324 * @buf: user-supplied buffer in the form "<ns>\0<policy>"
1325 * <ns> is the namespace to load the policy into (empty string for root)
1326 * <policy> is the policy to load
1327 * @size: size of @buf
1328 * @flags: reserved for future uses; must be zero
1329 *
1330 * Returns: 0 on success, negative value on error
1331 */
1332 static int apparmor_lsm_config_system_policy(u32 lsm_id, u32 op, void __user *buf,
1333 size_t size, u32 flags)
1334 {
1335 loff_t pos = 0; // Partial writing is not currently supported
1336 char ns_name[AA_PROFILE_NAME_MAX_SIZE];
1337 size_t ns_size;
1338 size_t max_ns_size = min(size, AA_PROFILE_NAME_MAX_SIZE);
1339
1340 if (op != LSM_POLICY_LOAD || flags)
1341 return -EOPNOTSUPP;
1342 if (size < 2)
1343 return -EINVAL;
1344 if (size > AA_PROFILE_MAX_SIZE)
1345 return -E2BIG;
1346
1347 ns_size = strncpy_from_user(ns_name, buf, max_ns_size);
> 1348 if (ns_size < 0)
1349 return ns_size;
1350 if (ns_size == max_ns_size)
1351 return -E2BIG;
1352
1353 return aa_profile_load_ns_name(ns_name, ns_size, buf + ns_size + 1,
1354 size - ns_size - 1, &pos);
1355 }
1356
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists