Received: by 10.223.164.202 with SMTP id h10csp3986583wrb; Mon, 20 Nov 2017 08:07:02 -0800 (PST) X-Google-Smtp-Source: AGs4zMZZ03eR2DW73UUoFkJmDz0+D7eBG3ceedmpnG3rqjQINURy45SqPmlslMuhMOj0QZF/dVLO X-Received: by 10.99.106.71 with SMTP id f68mr14307969pgc.251.1511194021915; Mon, 20 Nov 2017 08:07:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1511194021; cv=none; d=google.com; s=arc-20160816; b=wp82JgrGvt/5hkWlIGxFPWZYElmU/Q0AtRF30C50LVMteai5CleR1EXsM4aoOKmV2H XTE04HDACZ/5UX/XT6JDkjVyn5jJJ4tP0PKUfTqBfjNxBRBupMcJFvQ/QALhQGd8qtCA XonMLyWyNe1YTq+vph31czlpLwfKKO9kYImozfEhlK2g73/K889wqXoL0sPUATPvcP6v RescOJTFDX7sZ7bMlMxixUvVKPazUFIUrSyBSbRrktGISrd4MntsaSkU1VJUb3ZMUrT6 Qv6AJ2gPT2+bgBb3Z9IxYAaI7ctFPXh+YT9vxfe1T5XVOoDFHnSlyMreIeHBEKQLFfNU RUxw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=hy/8Yt9+s6diGEWGcfEYkwKfmINyTCcelKtuK+rPHDk=; b=BOz8uAbhIYsTEVbnxiOPvdytTD65pWVisfCBsvzugiBx4BNUquWdS/u+NTaEKrcZh7 EJs8I0BpvXHond+ssBcWcOlYJNQKZuLd6D5Avd4pPyzR9KlkdG48Rjych1ZzwP+cta0G YE50ug+xyBceOowcTrhjo1tnKmFWprOJGIDvHWHdRFKwHBTl4jddDUxMJ3sB3xwJ86lG U/klxKS2D9OdLr4NWstT07uFacC/Mzqko36fxZHR/LsUai5pSJKFdkPIjkzemcgZWfSB D46fPMoa62Xi7yJHs2vpX/ggxdGUQxKF2DKUG7lH0soDH9xTQnrQyUlHhxE6jOrstOyT BQMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=LNngOYIx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f14si8453795pgr.65.2017.11.20.08.06.51; Mon, 20 Nov 2017 08:07:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=LNngOYIx; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751609AbdKTQFk (ORCPT + 66 others); Mon, 20 Nov 2017 11:05:40 -0500 Received: from mail-oi0-f66.google.com ([209.85.218.66]:34630 "EHLO mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751350AbdKTQFi (ORCPT ); Mon, 20 Nov 2017 11:05:38 -0500 Received: by mail-oi0-f66.google.com with SMTP id a75so6495062oib.1; Mon, 20 Nov 2017 08:05:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=hy/8Yt9+s6diGEWGcfEYkwKfmINyTCcelKtuK+rPHDk=; b=LNngOYIxFj5POFRlZDaNHLopel/ueo3ha5/Gc0FAaUhZ5jkef0rQVh/5p8m4TTMJQW aKewbiYwLLDygYxvvJ+GBTIcyhCMV55ZVXXzmjFYXnOPdbSwVPBnCaM5VFO1HGfXKCAI HS+5FgLk9jNqiB6z5G5qfEjVbfThLTrAhRi3ku1Ou3FyuCt9odkFWS4Xu2q5yOU7ossy F913ZqsnGxA3pJistRlHXFZhUeB1l4ECNL3jA/QwZKW4DEaU3E+sHy7ww0Ue9NUJc6nu 7UdPGBvRsIpU5ZnBqWBGCg1PXGdsZib7z4N2emsV3nZzk1AeVuSM+uwE5tbLPkpNTPbV X4MA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=hy/8Yt9+s6diGEWGcfEYkwKfmINyTCcelKtuK+rPHDk=; b=bYbtmisBPu5Z2wnW1AmwzAbqeXoo6eTje71FGZJceLK6fwrOQoLYWBJhwEm8Ht1QvF /bbegzMO2G5z15KIa7nTP7oUBQuyBEm6n5pWLi9o/3bFLMZZ/GQxzWQAPIROGllQD+kk gCpWLmj4ee+rwVqMBYEIMK83PG5pBl0LvCu8e9kJrq58agfAwu7/nMpTnR9Hd84w0L7j TmzKrijF7/43tTiNCpbknfg8vqecqEV99vxDBJ3/Ic08E5mPKpHicVR9fFimvK/Swx0J VkbCUDDO/ImTIRo4ILHHrqprQpihuy5O15On+pJHCn4zsBujelKnR7zLUEyH4TKNnl/i KZrQ== X-Gm-Message-State: AJaThX5ScY0YGYnl4yxsBwSQZmkX58jGWDXO6nGfhvELSFaOa8dsS9nR nHjI/ydkblVm+XxIAetynHtAsbt9LBWOWXESEqc= X-Received: by 10.202.8.82 with SMTP id 79mr7741075oii.98.1511193937522; Mon, 20 Nov 2017 08:05:37 -0800 (PST) MIME-Version: 1.0 Received: by 10.157.43.3 with HTTP; Mon, 20 Nov 2017 08:05:36 -0800 (PST) In-Reply-To: <4759b591-6603-7424-1758-fd0d23e6efed@canonical.com> References: <20170915195620.1561044-1-arnd@arndb.de> <4759b591-6603-7424-1758-fd0d23e6efed@canonical.com> From: Arnd Bergmann Date: Mon, 20 Nov 2017 17:05:36 +0100 X-Google-Sender-Auth: 65EUklgSmuqo9XTL_pkOxLDtEeI Message-ID: Subject: Re: [PATCH] apparmor: initialized returned struct aa_perms To: John Johansen Cc: James Morris , "Serge E. Hallyn" , Kees Cook , Stephen Rothwell , Seth Arnold , Michal Hocko , Vlastimil Babka , LSM List , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 20, 2017 at 4:47 PM, John Johansen wrote: > On 11/20/2017 06:00 AM, Arnd Bergmann wrote: >> On Mon, Sep 25, 2017 at 4:29 PM, John Johansen >> wrote: >>> On 09/15/2017 03:55 PM, Arnd Bergmann wrote: >>>> gcc-4.4 points out suspicious code in compute_mnt_perms, where >>>> the aa_perms structure is only partially initialized before getting >>>> returned: >>>> >>>> security/apparmor/mount.c: In function 'compute_mnt_perms': >>>> security/apparmor/mount.c:227: error: 'perms.prompt' is used uninitialized in this function >>>> security/apparmor/mount.c:227: error: 'perms.hide' is used uninitialized in this function >>>> security/apparmor/mount.c:227: error: 'perms.cond' is used uninitialized in this function >>>> security/apparmor/mount.c:227: error: 'perms.complain' is used uninitialized in this function >>>> security/apparmor/mount.c:227: error: 'perms.stop' is used uninitialized in this function >>>> security/apparmor/mount.c:227: error: 'perms.deny' is used uninitialized in this function >>>> >>>> Returning or assigning partially initialized structures is a bit tricky, >>>> in particular it is explicitly allowed in c99 to assign a partially >>>> intialized structure to another, as long as only members are read that >>>> have been initialized earlier. Looking at what various compilers do here, >>>> the version that produced the warning copied unintialized stack data, >>>> while newer versions (and also clang) either set the other members to >>>> zero or don't update the parts of the return buffer that are not modified >>>> in the temporary structure, but they never warn about this. >>>> >>>> In case of apparmor, it seems better to be a little safer and always >>>> initialize the aa_perms structure. Most users already do that, this >>>> changes the remaining ones, including the one instance that I got the >>>> warning for. >>>> >>>> Fixes: fa488437d0f9 ("apparmor: add mount mediation") >>>> Signed-off-by: Arnd Bergmann >>> >>> I've pulled this into apparmor-next >> >> It apparently never made it into mainline. What happened? >> > Its in apparmor-next and is going with today's pull request Ok, thanks for checking. I see it in linux-next now, but didn't see it a linux-next tree from early last week, or in mainline. Arnd From 1584600594281238716@xxx Mon Nov 20 15:48:08 +0000 2017 X-GM-THRID: 1578636895757947351 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread