Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3061744imu;
        Mon, 17 Dec 2018 12:34:55 -0800 (PST)
X-Google-Smtp-Source: AFSGD/UwVrFUWKPdRfdvcY6V/01TF/FBQrrSmkvETD9Hm3H67B+yPc4JW5WbcVW4TYrNZyrzZ7hE
X-Received: by 2002:a63:42c1:: with SMTP id p184mr13266503pga.202.1545078895432;
        Mon, 17 Dec 2018 12:34:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1545078895; cv=none;
        d=google.com; s=arc-20160816;
        b=X7s9lqaFyeaH55d7oDJIxLk2JgZLiQKgH8KfPRfaqa1VCwG5+GLDUy06CnH2+AEPwA
         JEmDYbwdp0zlkOqAdhj8VwJBkJ3fgeVFwOPW59del1s8FIQ1agtRr5mTFMN6pMoLG4ae
         kIRTevuPCDivfABQEoyi7YdR9XWWDOEDOIG7r9fLOimpiJqvowJuQY1FC54wDg7xDLVy
         gYxg4xH9ENSV6SdNURsyZqvuNhCv1548+8MWWlVf5rzAqJXG1zrEPznPSiflL2Y/HmF9
         Ab4OctXb6ZUB6QxXzwVwX0HMRMJF6yTWpuNF0GB6QwmP209QVuDJXnyNIEs2oU8UKfOR
         JBhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=rEnf8BOxdkJJxo/cVEOROCN53dFtvimEQANJp2zz15A=;
        b=YN/+B3Zr/d2HoXE2Uo3/4WAzDvm5bwwbtLkBvM2HhxGL/cln0gW2uZSKOH3JSRn7gh
         hoPp4XU04wAOQ80YPxXs7zPR/FyGJB6l22lUQbgYpSEcsmS+jawNlcVhilXy0mVVmzPI
         lQ2wKMLZdwNGyQr6agn1gGxMKVYX53I+VXbrdMu466tbBppRgpnY8CCxEFlsEyU4wKES
         Ig0U3O7izF3GExW7pmrcfEk4wtEyWmstmfTlQsZ+RJsBSJZz13Zx+A/0GRCj8dPxX8xs
         pugrXhlTnIfSsQ/R1JT1sWt6QXMU+mEg8+izoEaCIdJc13U5TGZLQGcehlZ81hWG4RrZ
         kCDw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=YTGzxmWJ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e4si11600526pgk.127.2018.12.17.12.34.40;
        Mon, 17 Dec 2018 12:34:55 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=google header.b=YTGzxmWJ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1733225AbeLQTHI (ORCPT <rfc822;kernelgary@gmail.com>
        + 99 others); Mon, 17 Dec 2018 14:07:08 -0500
Received: from mail-lj1-f194.google.com ([209.85.208.194]:43279 "EHLO
        mail-lj1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732616AbeLQTHI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 17 Dec 2018 14:07:08 -0500
Received: by mail-lj1-f194.google.com with SMTP id q2-v6so854425lji.10
        for <linux-kernel@vger.kernel.org>; Mon, 17 Dec 2018 11:07:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=rEnf8BOxdkJJxo/cVEOROCN53dFtvimEQANJp2zz15A=;
        b=YTGzxmWJelPouStvH0lOFN7Qv0mH+zJVkzq7seT513lbBKjpP6tjTV42mIPVzsCRMt
         zteT9wyT4pU2QAobTw7Htkh0tjPied3KeaC1SJhxVREzv7gjxCcu0iE1LfdlgdsLEE4t
         B41cJn5qGz7eIa7fpTKYBGoGEG6tCoIjE9lNc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=rEnf8BOxdkJJxo/cVEOROCN53dFtvimEQANJp2zz15A=;
        b=AUh6XCrLp/JtkswmL0sS2loK+Onov+PjzxJFBxUDjGRLM+t6m06zwZYv0ZXxmX7lM4
         7qNNN75QLFZRyT1WfGL9L6MqV/N4Dd992VWx91cQ7JjuXJwgN4kCMzAKTMWuUH7kxryQ
         P8ySzjZpsFPFhzao5ot2aRGrq6pOV9YsaomCR/k6llgKv5X1QXIWSWFdVJJ1nv6e/Si/
         S62aG7Gt6EC1uVKYYGvtjZ8J8ZcOQGRIdwQt1AIMWCjhaxER+m7WbKWOXfh6MKNEDgsK
         g/gomTlpR8V2Z6YhMDlNjvVbwaC2nrGAJb7hc8svDQ95IYbtXP3jkIqnN/cXi9AjF6YL
         rcPA==
X-Gm-Message-State: AA+aEWZYoFFquWnZpA2J9VYFxoVX3PZP5atTlJmfzGagRiLhC9PBei51
        j+Zd4jy9f2naPxDvdnaUdCDr+HHVPUw=
X-Received: by 2002:a2e:841:: with SMTP id g1-v6mr9055367ljd.21.1545073624973;
        Mon, 17 Dec 2018 11:07:04 -0800 (PST)
Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com. [209.85.167.48])
        by smtp.gmail.com with ESMTPSA id k68-v6sm2718209ljb.35.2018.12.17.11.07.03
        for <linux-kernel@vger.kernel.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 17 Dec 2018 11:07:03 -0800 (PST)
Received: by mail-lf1-f48.google.com with SMTP id u18so10291429lff.10
        for <linux-kernel@vger.kernel.org>; Mon, 17 Dec 2018 11:07:03 -0800 (PST)
X-Received: by 2002:a19:c014:: with SMTP id q20mr7620540lff.16.1545073623201;
 Mon, 17 Dec 2018 11:07:03 -0800 (PST)
MIME-Version: 1.0
References: <20181128232019.GC131170@gmail.com> <20181217181244.220052-1-ebiggers@kernel.org>
 <CAHk-=whmh8WdcKHdYjioJNjyeewv=fO1H0hxXqDh6kiX0YvzmQ@mail.gmail.com> <CAHk-=wi8iGD8zHuPr38m9MUwDwf3qy2FYSbyoQ_Ygky+D-pU1Q@mail.gmail.com>
In-Reply-To: <CAHk-=wi8iGD8zHuPr38m9MUwDwf3qy2FYSbyoQ_Ygky+D-pU1Q@mail.gmail.com>
From:   Linus Torvalds <torvalds@linux-foundation.org>
Date:   Mon, 17 Dec 2018 11:06:46 -0800
X-Gmail-Original-Message-ID: <CAHk-=wjsMJeEkJbE3QhM3SY-DT9VsnMWNQKMNsG9TetnjREWDQ@mail.gmail.com>
Message-ID: <CAHk-=wjsMJeEkJbE3QhM3SY-DT9VsnMWNQKMNsG9TetnjREWDQ@mail.gmail.com>
Subject: Re: [PATCH RESEND] KEYS: fix parsing invalid pkey info string
To:     ebiggers@kernel.org, James Morris James Morris <jmorris@namei.org>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        Peter Huewe <peterhuewe@gmx.de>
Cc:     David Howells <dhowells@redhat.com>, keyrings@vger.kernel.org,
        Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
        syzkaller-bugs@googlegroups.com
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Dec 17, 2018 at 10:49 AM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> So the *simplest* fix would seem to be to literally remove all those
> "= -1" for the Opt_err initialization.  Making the code smaller,
> simpler, and fixing the bug in the process.

Something like this

    git  grep -l 'Opt_err = -1' | xargs sed -i 's/Opt_err = -1/Opt_err/'

would do it, but I also notice that
security/integrity/ima/ima_policy.c then has some truly funky code
that plays around with the enum numbers , ie

  #define pt(token)     policy_tokens[token + Opt_err].pattern

which actually depends on the ordering of policy_tokens[], and depends
on the exact values, ie it literally (and quite insanely) sets Opt_err
to -1, and then Opt_measure to 1, and leaves 0 unused. That code
seriously makes no sense at all, and is fundamentally broken.

It would be better to use

    #define pt(token)     policy_tokens[token - Opt_measure].pattern

instead, but even then you should have a huge comment about how the
policy_tokens[] array absolutely has to be properly ordered.

Honestly, for being about "security", all of this code seems to be
doing some really questionable things with all those Opt_xyz enums.

                     Linus