Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp5665898ybi; Tue, 4 Jun 2019 10:05:02 -0700 (PDT) X-Google-Smtp-Source: APXvYqxEfRcqLX7J1rBRCQ10/vaLFxls31Ci/QYCe6VeyM9/5wASuveLWC8ArlewhqwFaZERTFGD X-Received: by 2002:a63:1b0e:: with SMTP id b14mr37220624pgb.365.1559667902283; Tue, 04 Jun 2019 10:05:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559667902; cv=none; d=google.com; s=arc-20160816; b=EbLoQNOIZt4XTO5oqN0HNZInc7kTK5c1cEKoSoMTxLeSdNK+VIejn8V3SO8HSDVs2D C0iTV9zSA03swHcWMnxl0vAjmUxl9aLjSdLRQ8ypPrdICPIIxZGQfP3Yo+QIZsmL3eqV 8DemjOr4S1HjCAMXzu6v/6J9JJfS1QxYZUiCjOMyObkquAij2MHIMtVvgI564WOFJZbA V4PsFsAVGQtJ8vqQVuSA2qd+ZPwtfMeBUWbWbDp22edcpXVkR2TXRmq6xAC1VVb3Kwu5 qKUtR3/q3qUY7ZrUf+vRFQvhbXMEdalADpqGwQD/Clt8kP3RywduTmzfPxFjU+z21dY4 YfSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=rXMpeJuEOdKOx/HQKDVkHmCBlz8jhse9a4h820958SA=; b=LPK8jh6R+QLQ8gerVkU37xq6g3jlp8LiEx2uX2XxiRphk79feTeun5mMfssK1cc3it AId2EW17uAnTZqcnD4V7lgyM3My4inb1T/oSU/1tLZ4qhaTTDUq+1lAio7rpt0B97PSi Y0jjlhbA8N1EH/igVKm9MdrYHkoK2uwJ9zgsULmSbnybx9uVeY5hVBcGo9nOHJqDPiOZ 84yjefN6mREZOH+qJPzgctpGuldN/O2nmafhFhg0XQes7gjnF4eZU9JV9KEoMAlYnIMH 1Zkz0QECG6+K7AKGTHOwBVEPoKzXy9IP7sLuIcPyViJzq+zGJTHgHrIQ9mVZhBJT96NU 5Lfw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=kCYP3ZkP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h3si16858793plt.306.2019.06.04.10.04.45; Tue, 04 Jun 2019 10:05:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=kCYP3ZkP; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728041AbfFDRCM (ORCPT + 99 others); Tue, 4 Jun 2019 13:02:12 -0400 Received: from mail-lf1-f51.google.com ([209.85.167.51]:38439 "EHLO mail-lf1-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727809AbfFDRCL (ORCPT ); Tue, 4 Jun 2019 13:02:11 -0400 Received: by mail-lf1-f51.google.com with SMTP id b11so17010859lfa.5 for ; Tue, 04 Jun 2019 10:02:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rXMpeJuEOdKOx/HQKDVkHmCBlz8jhse9a4h820958SA=; b=kCYP3ZkPc2TvMg2Wi6ykhEAq4aOHidw2VC3+oseBzc57ug/iY8JEtSMAXw6A6MUtF1 S9yL/tH/xkUNlN3qJW4dF10MPEQnzpcwNq7tvbstlGF03df00RR1u0SOhWMo+8mu6Aro fwkZkPVtKFpCmx/STkQFd0upVUm2ETInWkqTgH+hEAGeH2C72eInDqu1Ky2MX/QdjMjF dsqpTezlmEfIEMQO3UtEtcObUWMcTUp4e3piA1yK6iYuemvPhS+Ge3PGBVDG0ecFXmb9 c9JZwoRR02YUqGoN/2rOvmNEDw35p5/PZsL4p7Zo5PkE1hPFiUQsIlX3me9epNMjMa7d nmbg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rXMpeJuEOdKOx/HQKDVkHmCBlz8jhse9a4h820958SA=; b=DecN7swQ6/zw870b/ZNhg079plA96koh2jIzc6agxWNYow4SPyJmBxkn4HwqWoHzsU AaVDHZ4XyoYe8afEaIlEj6aJl/OoOgaReA4hMRMg2G/+E40MvVxNFUL49ibt/QGQO/3q 7MJmGhvpcnidiIyI7fU5YPfP7zzD+27pAX0jPy94trmAq6Me2ZVK5g40aCPgL+Bph6d1 hOvFBLLopkd9xYHI5ZUO/YTvc8Ao5QzAI1xpSMM6+x4qEeNY8YWbIAvWyB5feSxBAcy8 idHPhaw/2u30bap+ucKkGm32yJbyyTwDVXqPJ8b0QvZXlri7JVcqEANL2b+cxBkXDFym g6MA== X-Gm-Message-State: APjAAAV6fAFSb8Dtj69UcBFI3LZRt6T1u10hCRcSErLFvjVtu5GPAg2i ButEZFbIYudHc+PAQOngeIvbGII2UAzYzF7YOIC6kA== X-Received: by 2002:a05:6512:30a:: with SMTP id t10mr1839716lfp.22.1559667729967; Tue, 04 Jun 2019 10:02:09 -0700 (PDT) MIME-Version: 1.0 References: <73fac64c-fe49-4738-49a4-0afe668eed94@canonical.com> <201905310740.522B3A7C1@keescook> <201905311330.EA6B6E5F@keescook> In-Reply-To: <201905311330.EA6B6E5F@keescook> From: Ke Wu Date: Tue, 4 Jun 2019 10:01:58 -0700 Message-ID: Subject: Re: security/loadpin: Allow to exclude specific file types To: Kees Cook Cc: Colin Ian King , James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org, "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I sent out a new patch according to your last suggestion. Please take a look. Thanks! On Fri, May 31, 2019 at 1:33 PM Kees Cook wrote: > > On Fri, May 31, 2019 at 11:03:17AM -0700, Ke Wu wrote: > > I think Coverity is correct. Note that it's the size of > > kernel_read_file_str (rather than exclude_read_files) doesn't equal to > > ignore_read_file_id. > > > > This is because READING_MAX_ID is also an element in > > kernel_read_file_str, which makes the size of kernel_read_file_str to > > be READING_MAX_ID+1. I will send a new patch to fix the issue. Thanks > > for the analysis! > > Ah! Yes, I see now. I was looking at the wrong things. It should be > possible to just do: > > > > >> 209 for (j = 0; j < ARRAY_SIZE(kernel_read_file_str); j++) { > > for (j = 0; j < ARRAY_SIZE(ignore_read_file_id); j++) > > and add a > > BUILD_BUG_ON(ARRAY_SIZE(kernel_read_file_str) < ARRAY_SIZE(ignore_read_file_id)) > > for future robustness checking. > > Thanks for looking at this more closely! > > -Kees > > > > >> 210 if (strcmp(cur, kernel_read_file_str[j]) == 0) { > > > >> 211 pr_info("excluding: %s\n", > > > >> 212 kernel_read_file_str[j]); > > > >> > > > >> CID 81977 (#1 of 1): Out-of-bounds write > > > >> overrun-local: Overrunning array ignore_read_file_id of 8 4-byte > > > >> elements at element index 8 (byte offset 35) using index j (which > > > >> evaluates to 8). > > > >> > > > >> 213 ignore_read_file_id[j] = 1; > > > >> > > > >> According to Coverity ignore_read_file_id is an array of 8 integers. > > > >> However, ARRAY_SIZE(kernel_read_file_str) is 9, so we have an out of > > > >> bounds write on ignore_read_file[j] when j is 8. > > > > > > > > What am I missing? This doesn't fail the build: > > > > > > > > + BUILD_BUG_ON(ARRAY_SIZE(exclude_read_files) != > > > > + ARRAY_SIZE(ignore_read_file_id)); > > > > > > > > They have the same number of elements. > > > > > > > > > > Yep, that's very true. I'll discuss this with Coverity as this seems > > > like a weird false positive. > > > > > > Apologies for the noise. > > > > > > Colin > > > > > > > > -- > > Ke Wu | Software Engineer | mikewu@google.com | Google Inc. > > -- > Kees Cook -- Ke Wu | Software Engineer | mikewu@google.com | Google Inc.