Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp939370ybi; Fri, 31 May 2019 11:05:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqwKzUhXDiGSijC1Xlrxgduk+0DtPomo3qPaZWpXFVNkdwHsGyxbXeop8gjGkuPXScVzBsxX X-Received: by 2002:aa7:8d43:: with SMTP id s3mr11780757pfe.5.1559325915623; Fri, 31 May 2019 11:05:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559325915; cv=none; d=google.com; s=arc-20160816; b=FrEYyrN7Mmlt1OHKi9NiEGNBNC1UHUoH4S369OAIwQaITXGkjyc+1dDbV2EelDtFo0 /O+kGir/1oT5X6u3vRVCM0UxShz8iS3ezHFRaH4LuFcL3xXesllZ6NOCotSuz/O27ibv PT82e5gHMB9kVuBXzFPUiPU/M2OxoCX0PhdkT/qTC+++SNjVmpKXjpP4eQPHcrrEph4S /pJax8GROVMF+/jNvbVvYTtHVWyXRMvwgZhib5H1iAiGMeaRybA8+TBcJ99IBXV98eqB PkszhSjblCiF9DJGCbbMIK27dp4aXLXaFj0uhfZin7vDhqnW3k6icF5Iq2zITbEAdYOu 5exw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Te9nW14r9oz600HemwX1PmP5UfiH0eDOXlPAanGjnDs=; b=tYSHVIo+wAuulRBVZ8zbK3ULdycIefb9eOZS3gVwxEDYm4mFB1twTSaUZaKU3j7TjK 0bKzP9gJ+XfGETS1UsbryBPo0XIT5tk/s7L2b7FHIxVqZcHESnsdhQl41X+s2kvkHExo K+fZbixgYQgm+ir5SAgKkgDwqwl0kJczYzw9TGdZQtfK6kutVUCAsG65BvvNAq+Y7Hun db3bBr2NNQIQNg7nLm8MQwJpNlnXgSeCmFJFDE6YcPpvycGNGp6wL+kYMesHteNltzYg t0zcIJ2oEchJIALaX83griYbTKBhAi4LNu68zxaxVPaNjpz4KcCDgx9KeZ2mYtXIqTr5 nXsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XSfRpR2t; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a25si6825622pgl.44.2019.05.31.11.04.56; Fri, 31 May 2019 11:05:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XSfRpR2t; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726955AbfEaSDc (ORCPT + 99 others); Fri, 31 May 2019 14:03:32 -0400 Received: from mail-lf1-f67.google.com ([209.85.167.67]:40166 "EHLO mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726652AbfEaSDb (ORCPT ); Fri, 31 May 2019 14:03:31 -0400 Received: by mail-lf1-f67.google.com with SMTP id a9so7218507lff.7 for ; Fri, 31 May 2019 11:03:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Te9nW14r9oz600HemwX1PmP5UfiH0eDOXlPAanGjnDs=; b=XSfRpR2tO/BuTcazDlkiBewUCbPn0tL4l/aNQHFAX2+7RPe0p71r/h84aaLhjLI/nI anB5omipRVYMmFmVkPtXSsmYU8GE34D/nGaKQw0VdVu3ciu5gglCK30rOGq5pdEMGBQp rg4wzQBI7wl5JqqCvsaxxLrXLH10mFZzikcq18MI90GCv0DC5ZW9nq44BnM6wWAHMnE7 siGh/86QBqzG7pkatKqoiErX4m/Y9F1G9moDMbXfSuQJtN8BgqBA1SnZ1fDhNciI/Cpz To8cL2ZZGK9RH4fClo3mlKn/Dkm3EAcNTdWlxm4h0Fs/tobJfMIAOfJP3x6IB4bdZLzg dQOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Te9nW14r9oz600HemwX1PmP5UfiH0eDOXlPAanGjnDs=; b=LC4UOm/XcYDVVbS2onLX/mUvk+XO3YCSHjRDYHvJi+uXUC+oAJrgeMq3twmM4gqs82 k4IQoRR0mr2b4KZhkmlQHqQ0eIDDxNxUDw/Km835mR6noiL7LMiflCWN8LUqOHpcVK2E xTypv/VQRRoqmzxst4RKD4SGiKT9BwALAp20Gis5Ldfkgm2kQdsu28ITGg1bfF8JVjBN fCva1JADxgkMGead29aGJ4ZuHRBIm4oSxpKcprxV+O3bp8i1PaTFV66EoyVAQEuFMlJC QMZEhs5yxjPdOAkAJmrjybvAD5kIMyXFdz+nZlnzygIzYcDFuClCOwO2EtDK0ellO+7O BzRA== X-Gm-Message-State: APjAAAXRzjzX5CvO/OYaNPE7sTbrQHx5ozFG5yxgWjv9mmvPT+sTwmpT ILDkVeRF4CNjD1gYnKNaKx4l+I+ogA2S5i2S69uq4g== X-Received: by 2002:a19:ca02:: with SMTP id a2mr4358970lfg.88.1559325809340; Fri, 31 May 2019 11:03:29 -0700 (PDT) MIME-Version: 1.0 References: <73fac64c-fe49-4738-49a4-0afe668eed94@canonical.com> <201905310740.522B3A7C1@keescook> In-Reply-To: From: Ke Wu Date: Fri, 31 May 2019 11:03:17 -0700 Message-ID: Subject: Re: security/loadpin: Allow to exclude specific file types To: Colin Ian King Cc: Kees Cook , James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org, "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I think Coverity is correct. Note that it's the size of kernel_read_file_str (rather than exclude_read_files) doesn't equal to ignore_read_file_id. This is because READING_MAX_ID is also an element in kernel_read_file_str, which makes the size of kernel_read_file_str to be READING_MAX_ID+1. I will send a new patch to fix the issue. Thanks for the analysis! On Fri, May 31, 2019 at 7:49 AM Colin Ian King wrote: > > On 31/05/2019 15:44, Kees Cook wrote: > > On Fri, May 31, 2019 at 11:46:29AM +0100, Colin Ian King wrote: > >> Hi, > >> > >> Static analysis with Coverity on linux-next has found a potential issue > >> with the following commit: > >> > >> commit 1633a4f04cc171fc638deb5c95af96032d3c591b > >> Author: Ke Wu > >> Date: Thu May 30 12:22:08 2019 -0700 > >> > >> security/loadpin: Allow to exclude specific file types > >> > >> > >> 209 for (j = 0; j < ARRAY_SIZE(kernel_read_file_str); j++) { > >> 210 if (strcmp(cur, kernel_read_file_str[j]) == 0) { > >> 211 pr_info("excluding: %s\n", > >> 212 kernel_read_file_str[j]); > >> > >> CID 81977 (#1 of 1): Out-of-bounds write > >> overrun-local: Overrunning array ignore_read_file_id of 8 4-byte > >> elements at element index 8 (byte offset 35) using index j (which > >> evaluates to 8). > >> > >> 213 ignore_read_file_id[j] = 1; > >> > >> According to Coverity ignore_read_file_id is an array of 8 integers. > >> However, ARRAY_SIZE(kernel_read_file_str) is 9, so we have an out of > >> bounds write on ignore_read_file[j] when j is 8. > > > > What am I missing? This doesn't fail the build: > > > > + BUILD_BUG_ON(ARRAY_SIZE(exclude_read_files) != > > + ARRAY_SIZE(ignore_read_file_id)); > > > > They have the same number of elements. > > > > Yep, that's very true. I'll discuss this with Coverity as this seems > like a weird false positive. > > Apologies for the noise. > > Colin -- Ke Wu | Software Engineer | mikewu@google.com | Google Inc.