Received: by 10.223.164.202 with SMTP id h10csp3844080wrb;
        Mon, 20 Nov 2017 06:01:29 -0800 (PST)
X-Google-Smtp-Source: AGs4zMbxd9LrAwt7gMSVUeleIIcRb1Vk2DkCeyfD904i0Gue2VZ684TJd13X2XQ+rgkYQuWk3T46
X-Received: by 10.101.98.198 with SMTP id m6mr14121044pgv.410.1511186489396;
        Mon, 20 Nov 2017 06:01:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1511186489; cv=none;
        d=google.com; s=arc-20160816;
        b=UMCvEwMj0GW0EQcM5YTVeCYG7GwlwpwofMBzu7IOv5mQZrocc2Amr4jzVgGN3+OR7Y
         XisIquz5lWUPMXUtwRaWj35aCPhQfpDQm8+fjwArymvQQheLVqhH1rnjXi1xZR5h3933
         E6GOe6hyjW/W6skO6U2AyE+k+Hi6MyzfxxOZE+LtVOsCE3p0HliL6ZqEYvP0Exapxkuj
         29mZxR7A160d7fw/h4z1EUWYjfEeEei6NpZqbZwPfUFLLe6+4pnUjJuv2RH/drlkRHuW
         ZbRTYNpGYSzAScPHnk5duDn4mg7CZaOL7wt1SR4LGNNqxht50uWoeD+xeG/WB/+4wpwZ
         Rr3A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=LUe0RQ5bsgHop4eUsmLc3XNJfL7jX/z0+hr8RqqQVcA=;
        b=dKB6+cmsyRRWx23reBv8XT2xRgiPdfIv6FF9AcLukYYT3qLzJUBzMC5vWd225vbIuC
         y5ZcoKzdB18qAZ193uEJ+YQdlQZN++q2HzvqkzCgAeH/7eVjK+73sPw11GNUdzGkIet9
         HP8k7rN2l8YCJ3dmqeaPng+OovwdsZzeR4F3bWSl6EJwIBhc7s7+krtZx589gt4xZhxT
         B0R6Zcn+MGELin29r4CVA+e3/kUhSS3r6evDDiXr6KdvFHKOmhFiXKp/8Wwo22/M85Sk
         tdQCeILv3m5aZ2N0m6huMqgsqKRYJV/qo6T0i7XoHyX7JmFoVuBkylTPVkA5WEFpXdMG
         HodA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=KRYp7flB;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f7si9157419pff.45.2017.11.20.06.01.18;
        Mon, 20 Nov 2017 06:01:29 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@gmail.com header.s=20161025 header.b=KRYp7flB;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751173AbdKTOAk (ORCPT <rfc822;morganleezd2003@gmail.com>
        + 66 others); Mon, 20 Nov 2017 09:00:40 -0500
Received: from mail-oi0-f67.google.com ([209.85.218.67]:45205 "EHLO
        mail-oi0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751100AbdKTOAi (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 20 Nov 2017 09:00:38 -0500
Received: by mail-oi0-f67.google.com with SMTP id v123so6192892oif.12;
        Mon, 20 Nov 2017 06:00:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=LUe0RQ5bsgHop4eUsmLc3XNJfL7jX/z0+hr8RqqQVcA=;
        b=KRYp7flBcGsrVSqwEBvTM1UzaQnRMnlaAxMZB41v4jajGSeuag74IPl6Vf5xAfwhgH
         fNGbXhVxBIv1dpMMas2vYEyakafCHx72mHTmHb+XTU9OYOLHaFCL/ic18tqkptXZHSZu
         uwTp/HWQyVGLIfJQogho9Ittgo4bOWFeBf2jTk+sKNPRtQ92c/edBCGiHyM6HC5Wby5P
         fqsRb9QfoRbvts1Ue6/szZiVmDTp+1HlvVNStb0LvWiX+44tlQScl4ySMrg7cYkVWdWC
         onRwnrkWjpGICgheVhpHljKMYZRAyIW63XyquKYTTln7LS9tm0QkdQrV6B5LYSpPRu9/
         RfdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=LUe0RQ5bsgHop4eUsmLc3XNJfL7jX/z0+hr8RqqQVcA=;
        b=DS9zGdDOgGXhRrnkMXkI8gU5uhqqob6zCUZqE/7dqEPdIRARRaT5JcJCFI1tpeSU4H
         S7fhtpeqWifSA8j0OQ9yUcPeGFZ1GckaJAvk7RXzTZ+xKMDuqFXY905gbfj8iIaLHLxt
         rEZVTZAwhUWu7uTDhT3mZ7ua70EcHdEPzrguhVhGzj1S6cKIyBu+m+y/5TR/Lm9wszgg
         4KNt7UucjqN5ilDx9jCyWCgIveOpW7qdp8HoBHNYXiRcFlyPH6jo/NNJVzTcb1GxDnBI
         rxoBxyYrc6DwO8ckPW3UYE5yjf77wYnpO7ZXGPcgXij9pFhhZWJK5UptjFjn24/J9S5N
         anZQ==
X-Gm-Message-State: AJaThX69BUpl9vOzxai9KWxbeOJ6BzHw4NKWZOvZLIqWRgBoU+h5/Yil
        TaHzfE5DwxWTm9qUEXy+J78BQhQZfhy+gMn2slwlEg==
X-Received: by 10.202.215.130 with SMTP id o124mr7444772oig.228.1511186437637;
 Mon, 20 Nov 2017 06:00:37 -0800 (PST)
MIME-Version: 1.0
Received: by 10.157.43.3 with HTTP; Mon, 20 Nov 2017 06:00:37 -0800 (PST)
In-Reply-To: <a94bac78-769a-e8bc-9a98-83a401534935@canonical.com>
References: <20170915195620.1561044-1-arnd@arndb.de> <a94bac78-769a-e8bc-9a98-83a401534935@canonical.com>
From:   Arnd Bergmann <arnd@arndb.de>
Date:   Mon, 20 Nov 2017 15:00:37 +0100
X-Google-Sender-Auth: KVs6QkJ6il6kDv5wAyZXjMe_pso
Message-ID: <CAK8P3a2SFStvycD4CX+4xtogaoiDXWB0tpeCDKNsYfxD9nDQcw@mail.gmail.com>
Subject: Re: [PATCH] apparmor: initialized returned struct aa_perms
To:     John Johansen <john.johansen@canonical.com>
Cc:     James Morris <james.l.morris@oracle.com>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        Kees Cook <keescook@chromium.org>,
        Stephen Rothwell <sfr@canb.auug.org.au>,
        Seth Arnold <seth.arnold@canonical.com>,
        Michal Hocko <mhocko@suse.com>,
        Vlastimil Babka <vbabka@suse.cz>,
        LSM List <linux-security-module@vger.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Sep 25, 2017 at 4:29 PM, John Johansen
<john.johansen@canonical.com> wrote:
> On 09/15/2017 03:55 PM, Arnd Bergmann wrote:
>> gcc-4.4 points out suspicious code in compute_mnt_perms, where
>> the aa_perms structure is only partially initialized before getting
>> returned:
>>
>> security/apparmor/mount.c: In function 'compute_mnt_perms':
>> security/apparmor/mount.c:227: error: 'perms.prompt' is used uninitialized in this function
>> security/apparmor/mount.c:227: error: 'perms.hide' is used uninitialized in this function
>> security/apparmor/mount.c:227: error: 'perms.cond' is used uninitialized in this function
>> security/apparmor/mount.c:227: error: 'perms.complain' is used uninitialized in this function
>> security/apparmor/mount.c:227: error: 'perms.stop' is used uninitialized in this function
>> security/apparmor/mount.c:227: error: 'perms.deny' is used uninitialized in this function
>>
>> Returning or assigning partially initialized structures is a bit tricky,
>> in particular it is explicitly allowed in c99 to assign a partially
>> intialized structure to another, as long as only members are read that
>> have been initialized earlier. Looking at what various compilers do here,
>> the version that produced the warning copied unintialized stack data,
>> while newer versions (and also clang) either set the other members to
>> zero or don't update the parts of the return buffer that are not modified
>> in the temporary structure, but they never warn about this.
>>
>> In case of apparmor, it seems better to be a little safer and always
>> initialize the aa_perms structure. Most users already do that, this
>> changes the remaining ones, including the one instance that I got the
>> warning for.
>>
>> Fixes: fa488437d0f9 ("apparmor: add mount mediation")
>> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
>
> I've pulled this into apparmor-next

It apparently never made it into mainline. What happened?

        Arnd

From 1579527684126685979@xxx Mon Sep 25 15:56:24 +0000 2017
X-GM-THRID: 1578636895757947351
X-Gmail-Labels: Inbox,Category Forums