Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp135642imm;
        Tue, 9 Oct 2018 15:12:27 -0700 (PDT)
X-Google-Smtp-Source: ACcGV60N9qc/+chheSUkSIS7B4GwPmlAmk4bgpg0l5T6SxGlQAZW1YlUAVEYiRRcwRyUp3BoVTdx
X-Received: by 2002:a62:41d6:: with SMTP id g83-v6mr31877153pfd.44.1539123147514;
        Tue, 09 Oct 2018 15:12:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539123147; cv=none;
        d=google.com; s=arc-20160816;
        b=qteVH1D0YM+OjxsUMbK9i2GIhKrml9iqw0rC2VxfcJ5Z34zxPOxSK1VXBy9r2/ZgAE
         FMt/T3Tw4UMvTLIg1gfL2TSdqw4Pjr+mDgn4TqcrWEucfGbbP6YkG3XLNkep/vyS7T7u
         AbMeAJ0DGc7V1Sp9cSu/j1ljTwhDvoO9+dGsqOEBel4OWbFud7aeqIQzQozLMlhM+3Gf
         NvD1/AgD8wBdTOX5snK+dd09nWbJT70Vi58VbJjP9OPP9PpfkljhLdgBw0kxUF6oi0/W
         gId8DNJpwU0N1CwOA8eZJUwTj/kjR9A74ULYZx62ERPMxJZBE2OF3AIzv6lvwgQC6mBU
         T4ow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :mime-version:dkim-signature;
        bh=o4TYvoO88LvQpX4BrPrq3xfIUSnUOO0k84kAP8T/g20=;
        b=YqkCg3AjTc6YoZPFDUIs2DBX7WgXB7BFNslcU95YVnN7QliduwjW8o3gFQKdrXbmIB
         a/WV9zrGubRmnQ/phH6E4z3A5ET84fbqv6KmoneRl021hppQxoLcaw8RO4CRAn1zbkm6
         AhXipSb8D+2tkkYy/HFpi9SPs8fGzwGnp8EtT+u+RijNpzbt1EProQHl7AjhAfTTw0aF
         xqD+C/HvLPoeJO1IVajHbv3xiP5c6mHIRyRwPCoNJNsGRLtUnvj6ahek9yRJSeSXRUGk
         dQz1xWrb4ql5WkvZedj+oDNepXSFus4dJ6/ZPmuTcALnSACgk/NGLElYa0zjMhrnylke
         BxdA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=qe4UXvTL;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m15-v6si21835182pga.114.2018.10.09.15.12.12;
        Tue, 09 Oct 2018 15:12:27 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=qe4UXvTL;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727658AbeJJFaz (ORCPT <rfc822;shmalave.kernel@gmail.com>
        + 99 others); Wed, 10 Oct 2018 01:30:55 -0400
Received: from mail-pf1-f196.google.com ([209.85.210.196]:45698 "EHLO
        mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725837AbeJJFay (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 10 Oct 2018 01:30:54 -0400
Received: by mail-pf1-f196.google.com with SMTP id u12-v6so1531515pfn.12
        for <linux-kernel@vger.kernel.org>; Tue, 09 Oct 2018 15:11:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to:cc;
        bh=o4TYvoO88LvQpX4BrPrq3xfIUSnUOO0k84kAP8T/g20=;
        b=qe4UXvTLt1Dovekp2e6sfCc1K4VMdymoZS9LBw7b3hQOsizdV4qLCWCaQfIfSbr9f+
         S6qiVM3nF5+7NObXK0yOxvv5HUw8Ln+nRVqgCWS5oZmuq5hJsxbQxJi50u+2jSv4MrVk
         W7pjSQSZjFn+smYqQe5M0AB1ZetG7EXR8JOYhczEHdBaeEJfrC23TQt3XEW4Up1PxfJc
         ZhlJAh8XYOWF6yy5SFdYCREDRHE6xZ5OyGyO6qA13p8kUT+5Z+T6lRtYKzVDbdvyPGX4
         kFQZc26y2vaMBRcfz4UELDxx9bpc/hVtUHhsqukOCrWDhC8SMgMsEGFIONeRjcI6Euin
         D75A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc;
        bh=o4TYvoO88LvQpX4BrPrq3xfIUSnUOO0k84kAP8T/g20=;
        b=CA4tvP2K6fsIMaBHBu3mRX5hOkTj1PB2JFsv5WzRdKdwFTZMJ7efA2qNqhS57gGjZS
         sG3sISdunllkdnMKAI56DZsJAOw71CAB0auCPsUWE1KLkfStj6kiLGFAPun1F46S4sz5
         WnD0eLRPZZCE1FTa1rNdeIVVKerd5L3/OB4TOPJi1bFlFV0O1f+PRp628avhMnklCxPI
         YirajlDVoqdaPlrAvg83tdo0IzinYGfpQHiloZgjsz51zEytLJiSnfwQDWFDZb+SRx3C
         Fgo6UgVcP+hqUydxqCowyJ7nuguQyEj6gQbMCcPdn1gEwZ5PRP0PTvJ9oTfgToVXXyOv
         /QDg==
X-Gm-Message-State: ABuFfoioc/Ce9oOxncWRjuwXiOo5TeW2x5Wnv/dyEQzbQl+GM3Se6y78
        hAek/SEIjevDALizy6yz1vqjdIRI0400LE9/K5TOsw==
X-Received: by 2002:a65:4882:: with SMTP id n2-v6mr26084917pgs.225.1539123110476;
 Tue, 09 Oct 2018 15:11:50 -0700 (PDT)
MIME-Version: 1.0
From:   Nick Desaulniers <ndesaulniers@google.com>
Date:   Tue, 9 Oct 2018 15:11:39 -0700
Message-ID: <CAKwvOdkqtfAyDdxkac=NtfSiskiGyOhN1PPzkxBYpR_JEBTRbw@mail.gmail.com>
Subject: undefined behavior (-Wvarargs) in security/keys/trusted.c#TSS_authhmac()
To:     "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>,
        zohar@linux.vnet.ibm.com, dhowells@redhat.com, jmorris@namei.org,
        serge@hallyn.com
Cc:     linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        LKML <linux-kernel@vger.kernel.org>,
        Nathan Chancellor <natechancellor@gmail.com>,
        Eric Biggers <ebiggers@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hello,
I noticed that compiling with
CONFIG_TCG_TPM=y
CONFIG_HW_RANDOM_TPM=y
and Clang produced the warning:

  CC      security/keys/trusted.o
security/keys/trusted.c:146:17: warning: passing an object that
undergoes default
      argument promotion to 'va_start' has undefined behavior [-Wvarargs]
        va_start(argp, h3);
                       ^
security/keys/trusted.c:126:37: note: parameter of type 'unsigned
char' is declared here
unsigned char *h2, unsigned char h3, ...)
                               ^

Specifically, it seems that both the C90 (4.8.1.1) and C11 (7.16.1.4)
standards explicitly call this out as undefined behavior:

The parameter parmN is the identifier of the rightmost parameter in
the variable parameter list in the function definition (the one just
before the ...). If the parameter parmN is declared with ... or with a
type that is not compatible with the type that results after
application of the default argument promotions, the behavior is
undefined.

So if I understand my C promotion/conversion rules correctly, unsigned
char would be promoted to int?

We had a few ideas for possible fixes in:
https://github.com/ClangBuiltLinux/linux/issues/41

Do the maintainers have feedback on these suggestions or a more appropriate fix?

Note: https://www.gnu.org/software/libc/manual/html_node/Calling-Variadics.html
and `man 3 va_start` mention more about promotions, but just for
va_arg, not va_start. But the standard seems explicit about parmN
which is passed to va_start.

https://www.eskimo.com/~scs/cclass/int/sx11c.html is also an
interesting read on the subject, which states: `Finally, for vaguely
related reasons, the last fixed argument (the one whose name is passed
as the second argument to the va_start() macro) should not be of type
char, short int, or float, either.`
-- 
Thanks,
~Nick Desaulniers