[integrity:next-integrity-queued 22/22] security/integrity/evm/evm_crypto.c:99:10: error: implicit declaration of function 'crypto_alloc_shash'; did you mean 'crypto_alloc_base'?
kbuild test robot
lkp at intel.com
Fri Jun 15 11:18:07 UTC 2018
tree: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity-queued
head: 26cfe10d4228820b110b2cd223c77a51fcf2cf41
commit: 26cfe10d4228820b110b2cd223c77a51fcf2cf41 [22/22] evm: Allow non-SHA1 digital signatures
config: x86_64-randconfig-x012-201823 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
git checkout 26cfe10d4228820b110b2cd223c77a51fcf2cf41
# save the attached .config to linux build tree
make ARCH=x86_64
All error/warnings (new ones prefixed by >>):
security/integrity/evm/evm_crypto.c: In function 'init_desc':
>> security/integrity/evm/evm_crypto.c:99:10: error: implicit declaration of function 'crypto_alloc_shash'; did you mean 'crypto_alloc_base'? [-Werror=implicit-function-declaration]
*tfm = crypto_alloc_shash(algo, 0,
^~~~~~~~~~~~~~~~~~
crypto_alloc_base
>> security/integrity/evm/evm_crypto.c:99:8: warning: assignment makes pointer from integer without a cast [-Wint-conversion]
*tfm = crypto_alloc_shash(algo, 0,
^
>> security/integrity/evm/evm_crypto.c:109:9: error: implicit declaration of function 'crypto_shash_setkey'; did you mean 'crypto_cipher_setkey'? [-Werror=implicit-function-declaration]
rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len);
^~~~~~~~~~~~~~~~~~~
crypto_cipher_setkey
>> security/integrity/evm/evm_crypto.c:111:5: error: implicit declaration of function 'crypto_free_shash'; did you mean 'crypto_free_comp'? [-Werror=implicit-function-declaration]
crypto_free_shash(*tfm);
^~~~~~~~~~~~~~~~~
crypto_free_comp
>> security/integrity/evm/evm_crypto.c:121:24: error: dereferencing pointer to incomplete type 'struct shash_desc'
desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm),
^~~~~
>> security/integrity/evm/evm_crypto.c:121:33: error: implicit declaration of function 'crypto_shash_descsize'; did you mean 'crypto_sha1_update'? [-Werror=implicit-function-declaration]
desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm),
^~~~~~~~~~~~~~~~~~~~~
crypto_sha1_update
>> security/integrity/evm/evm_crypto.c:129:7: error: implicit declaration of function 'crypto_shash_init'; did you mean 'crypto_sha1_finup'? [-Werror=implicit-function-declaration]
rc = crypto_shash_init(desc);
^~~~~~~~~~~~~~~~~
crypto_sha1_finup
security/integrity/evm/evm_crypto.c: In function 'hmac_add_misc':
>> security/integrity/evm/evm_crypto.c:173:2: error: implicit declaration of function 'crypto_shash_update'; did you mean 'crypto_sha1_update'? [-Werror=implicit-function-declaration]
crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc));
^~~~~~~~~~~~~~~~~~~
crypto_sha1_update
>> security/integrity/evm/evm_crypto.c:178:2: error: implicit declaration of function 'crypto_shash_final'; did you mean 'crypto_sha1_finup'? [-Werror=implicit-function-declaration]
crypto_shash_final(desc, digest);
^~~~~~~~~~~~~~~~~~
crypto_sha1_finup
security/integrity/evm/evm_crypto.c: In function 'evm_calc_hmac_or_hash':
>> security/integrity/evm/evm_crypto.c:210:21: error: implicit declaration of function 'crypto_shash_digestsize'; did you mean 'crypto_sha1_update'? [-Werror=implicit-function-declaration]
data->hdr.length = crypto_shash_digestsize(desc->tfm);
^~~~~~~~~~~~~~~~~~~~~~~
crypto_sha1_update
cc1: some warnings being treated as errors
vim +99 security/integrity/evm/evm_crypto.c
762667632 Dmitry Kasatkin 2015-10-22 75
26cfe10d4 Matthew Garrett 2018-06-08 76 static struct shash_desc *init_desc(char type, uint8_t hash_algo)
66dbc325a Mimi Zohar 2011-03-15 77 {
143b01d33 Dmitry Kasatkin 2011-12-05 78 long rc;
26cfe10d4 Matthew Garrett 2018-06-08 79 const char *algo;
15647eb39 Dmitry Kasatkin 2011-09-01 80 struct crypto_shash **tfm;
d46eb3699 Dmitry Kasatkin 2011-03-09 81 struct shash_desc *desc;
d46eb3699 Dmitry Kasatkin 2011-03-09 82
15647eb39 Dmitry Kasatkin 2011-09-01 83 if (type == EVM_XATTR_HMAC) {
26ddabfe9 Dmitry Kasatkin 2015-10-22 84 if (!(evm_initialized & EVM_INIT_HMAC)) {
0485d066d Matthew Garrett 2017-10-11 85 pr_err_once("HMAC key is not set\n");
26ddabfe9 Dmitry Kasatkin 2015-10-22 86 return ERR_PTR(-ENOKEY);
26ddabfe9 Dmitry Kasatkin 2015-10-22 87 }
15647eb39 Dmitry Kasatkin 2011-09-01 88 tfm = &hmac_tfm;
15647eb39 Dmitry Kasatkin 2011-09-01 89 algo = evm_hmac;
15647eb39 Dmitry Kasatkin 2011-09-01 90 } else {
26cfe10d4 Matthew Garrett 2018-06-08 91 tfm = &evm_tfm[hash_algo];
26cfe10d4 Matthew Garrett 2018-06-08 92 algo = hash_algo_name[hash_algo];
15647eb39 Dmitry Kasatkin 2011-09-01 93 }
15647eb39 Dmitry Kasatkin 2011-09-01 94
15647eb39 Dmitry Kasatkin 2011-09-01 95 if (*tfm == NULL) {
97426f985 Dmitry Kasatkin 2011-12-05 96 mutex_lock(&mutex);
143b01d33 Dmitry Kasatkin 2011-12-05 97 if (*tfm)
97426f985 Dmitry Kasatkin 2011-12-05 98 goto out;
fdc33c29b Matthew Garrett 2018-06-08 @99 *tfm = crypto_alloc_shash(algo, 0,
fdc33c29b Matthew Garrett 2018-06-08 100 CRYPTO_ALG_ASYNC | CRYPTO_NOLOAD);
15647eb39 Dmitry Kasatkin 2011-09-01 101 if (IS_ERR(*tfm)) {
15647eb39 Dmitry Kasatkin 2011-09-01 102 rc = PTR_ERR(*tfm);
143b01d33 Dmitry Kasatkin 2011-12-05 103 pr_err("Can not allocate %s (reason: %ld)\n", algo, rc);
15647eb39 Dmitry Kasatkin 2011-09-01 104 *tfm = NULL;
97426f985 Dmitry Kasatkin 2011-12-05 105 mutex_unlock(&mutex);
d46eb3699 Dmitry Kasatkin 2011-03-09 106 return ERR_PTR(rc);
d46eb3699 Dmitry Kasatkin 2011-03-09 107 }
88d7ed350 Dmitry Kasatkin 2011-12-05 108 if (type == EVM_XATTR_HMAC) {
88d7ed350 Dmitry Kasatkin 2011-12-05 @109 rc = crypto_shash_setkey(*tfm, evmkey, evmkey_len);
d21b59451 Dmitry Kasatkin 2011-12-05 110 if (rc) {
88d7ed350 Dmitry Kasatkin 2011-12-05 @111 crypto_free_shash(*tfm);
88d7ed350 Dmitry Kasatkin 2011-12-05 112 *tfm = NULL;
97426f985 Dmitry Kasatkin 2011-12-05 113 mutex_unlock(&mutex);
d21b59451 Dmitry Kasatkin 2011-12-05 114 return ERR_PTR(rc);
d21b59451 Dmitry Kasatkin 2011-12-05 115 }
88d7ed350 Dmitry Kasatkin 2011-12-05 116 }
97426f985 Dmitry Kasatkin 2011-12-05 117 out:
97426f985 Dmitry Kasatkin 2011-12-05 118 mutex_unlock(&mutex);
66dbc325a Mimi Zohar 2011-03-15 119 }
d46eb3699 Dmitry Kasatkin 2011-03-09 120
15647eb39 Dmitry Kasatkin 2011-09-01 @121 desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(*tfm),
d46eb3699 Dmitry Kasatkin 2011-03-09 122 GFP_KERNEL);
d46eb3699 Dmitry Kasatkin 2011-03-09 123 if (!desc)
d46eb3699 Dmitry Kasatkin 2011-03-09 124 return ERR_PTR(-ENOMEM);
d46eb3699 Dmitry Kasatkin 2011-03-09 125
15647eb39 Dmitry Kasatkin 2011-09-01 126 desc->tfm = *tfm;
d46eb3699 Dmitry Kasatkin 2011-03-09 127 desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
d46eb3699 Dmitry Kasatkin 2011-03-09 128
d46eb3699 Dmitry Kasatkin 2011-03-09 @129 rc = crypto_shash_init(desc);
d46eb3699 Dmitry Kasatkin 2011-03-09 130 if (rc) {
d46eb3699 Dmitry Kasatkin 2011-03-09 131 kfree(desc);
d46eb3699 Dmitry Kasatkin 2011-03-09 132 return ERR_PTR(rc);
d46eb3699 Dmitry Kasatkin 2011-03-09 133 }
d46eb3699 Dmitry Kasatkin 2011-03-09 134 return desc;
66dbc325a Mimi Zohar 2011-03-15 135 }
66dbc325a Mimi Zohar 2011-03-15 136
66dbc325a Mimi Zohar 2011-03-15 137 /* Protect against 'cutting & pasting' security.evm xattr, include inode
66dbc325a Mimi Zohar 2011-03-15 138 * specific info.
66dbc325a Mimi Zohar 2011-03-15 139 *
66dbc325a Mimi Zohar 2011-03-15 140 * (Additional directory/file metadata needs to be added for more complete
66dbc325a Mimi Zohar 2011-03-15 141 * protection.)
66dbc325a Mimi Zohar 2011-03-15 142 */
d46eb3699 Dmitry Kasatkin 2011-03-09 143 static void hmac_add_misc(struct shash_desc *desc, struct inode *inode,
50b977481 Matthew Garrett 2017-11-07 144 char type, char *digest)
66dbc325a Mimi Zohar 2011-03-15 145 {
66dbc325a Mimi Zohar 2011-03-15 146 struct h_misc {
66dbc325a Mimi Zohar 2011-03-15 147 unsigned long ino;
66dbc325a Mimi Zohar 2011-03-15 148 __u32 generation;
66dbc325a Mimi Zohar 2011-03-15 149 uid_t uid;
66dbc325a Mimi Zohar 2011-03-15 150 gid_t gid;
66dbc325a Mimi Zohar 2011-03-15 151 umode_t mode;
66dbc325a Mimi Zohar 2011-03-15 152 } hmac_misc;
66dbc325a Mimi Zohar 2011-03-15 153
2bb930abc Dmitry Kasatkin 2014-03-04 154 memset(&hmac_misc, 0, sizeof(hmac_misc));
50b977481 Matthew Garrett 2017-11-07 155 /* Don't include the inode or generation number in portable
50b977481 Matthew Garrett 2017-11-07 156 * signatures
50b977481 Matthew Garrett 2017-11-07 157 */
50b977481 Matthew Garrett 2017-11-07 158 if (type != EVM_XATTR_PORTABLE_DIGSIG) {
66dbc325a Mimi Zohar 2011-03-15 159 hmac_misc.ino = inode->i_ino;
66dbc325a Mimi Zohar 2011-03-15 160 hmac_misc.generation = inode->i_generation;
50b977481 Matthew Garrett 2017-11-07 161 }
19339c251 Eric W. Biederman 2016-12-02 162 /* The hmac uid and gid must be encoded in the initial user
19339c251 Eric W. Biederman 2016-12-02 163 * namespace (not the filesystems user namespace) as encoding
19339c251 Eric W. Biederman 2016-12-02 164 * them in the filesystems user namespace allows an attack
19339c251 Eric W. Biederman 2016-12-02 165 * where first they are written in an unprivileged fuse mount
19339c251 Eric W. Biederman 2016-12-02 166 * of a filesystem and then the system is tricked to mount the
19339c251 Eric W. Biederman 2016-12-02 167 * filesystem for real on next boot and trust it because
19339c251 Eric W. Biederman 2016-12-02 168 * everything is signed.
19339c251 Eric W. Biederman 2016-12-02 169 */
19339c251 Eric W. Biederman 2016-12-02 170 hmac_misc.uid = from_kuid(&init_user_ns, inode->i_uid);
19339c251 Eric W. Biederman 2016-12-02 171 hmac_misc.gid = from_kgid(&init_user_ns, inode->i_gid);
66dbc325a Mimi Zohar 2011-03-15 172 hmac_misc.mode = inode->i_mode;
2bb930abc Dmitry Kasatkin 2014-03-04 @173 crypto_shash_update(desc, (const u8 *)&hmac_misc, sizeof(hmac_misc));
50b977481 Matthew Garrett 2017-11-07 174 if ((evm_hmac_attrs & EVM_ATTR_FSUUID) &&
50b977481 Matthew Garrett 2017-11-07 175 type != EVM_XATTR_PORTABLE_DIGSIG)
85787090a Christoph Hellwig 2017-05-10 176 crypto_shash_update(desc, &inode->i_sb->s_uuid.b[0],
74de66842 Dmitry Kasatkin 2012-09-10 177 sizeof(inode->i_sb->s_uuid));
d46eb3699 Dmitry Kasatkin 2011-03-09 @178 crypto_shash_final(desc, digest);
66dbc325a Mimi Zohar 2011-03-15 179 }
66dbc325a Mimi Zohar 2011-03-15 180
66dbc325a Mimi Zohar 2011-03-15 181 /*
66dbc325a Mimi Zohar 2011-03-15 182 * Calculate the HMAC value across the set of protected security xattrs.
66dbc325a Mimi Zohar 2011-03-15 183 *
66dbc325a Mimi Zohar 2011-03-15 184 * Instead of retrieving the requested xattr, for performance, calculate
66dbc325a Mimi Zohar 2011-03-15 185 * the hmac using the requested xattr value. Don't alloc/free memory for
66dbc325a Mimi Zohar 2011-03-15 186 * each xattr, but attempt to re-use the previously allocated memory.
66dbc325a Mimi Zohar 2011-03-15 187 */
15647eb39 Dmitry Kasatkin 2011-09-01 188 static int evm_calc_hmac_or_hash(struct dentry *dentry,
15647eb39 Dmitry Kasatkin 2011-09-01 189 const char *req_xattr_name,
15647eb39 Dmitry Kasatkin 2011-09-01 190 const char *req_xattr_value,
15647eb39 Dmitry Kasatkin 2011-09-01 191 size_t req_xattr_value_len,
26cfe10d4 Matthew Garrett 2018-06-08 192 uint8_t type, struct evm_digest *data)
66dbc325a Mimi Zohar 2011-03-15 193 {
c6f493d63 David Howells 2015-03-17 194 struct inode *inode = d_backing_inode(dentry);
21af76631 Matthew Garrett 2018-05-11 195 struct xattr_list *xattr;
d46eb3699 Dmitry Kasatkin 2011-03-09 196 struct shash_desc *desc;
66dbc325a Mimi Zohar 2011-03-15 197 size_t xattr_size = 0;
66dbc325a Mimi Zohar 2011-03-15 198 char *xattr_value = NULL;
66dbc325a Mimi Zohar 2011-03-15 199 int error;
66dbc325a Mimi Zohar 2011-03-15 200 int size;
50b977481 Matthew Garrett 2017-11-07 201 bool ima_present = false;
66dbc325a Mimi Zohar 2011-03-15 202
5d6c31910 Andreas Gruenbacher 2016-09-29 203 if (!(inode->i_opflags & IOP_XATTR))
66dbc325a Mimi Zohar 2011-03-15 204 return -EOPNOTSUPP;
5d6c31910 Andreas Gruenbacher 2016-09-29 205
26cfe10d4 Matthew Garrett 2018-06-08 206 desc = init_desc(type, data->hdr.algo);
d46eb3699 Dmitry Kasatkin 2011-03-09 207 if (IS_ERR(desc))
d46eb3699 Dmitry Kasatkin 2011-03-09 208 return PTR_ERR(desc);
66dbc325a Mimi Zohar 2011-03-15 209
26cfe10d4 Matthew Garrett 2018-06-08 @210 data->hdr.length = crypto_shash_digestsize(desc->tfm);
26cfe10d4 Matthew Garrett 2018-06-08 211
66dbc325a Mimi Zohar 2011-03-15 212 error = -ENODATA;
fa516b66a Matthew Garrett 2018-05-15 213 list_for_each_entry_rcu(xattr, &evm_config_xattrnames, list) {
50b977481 Matthew Garrett 2017-11-07 214 bool is_ima = false;
50b977481 Matthew Garrett 2017-11-07 215
21af76631 Matthew Garrett 2018-05-11 216 if (strcmp(xattr->name, XATTR_NAME_IMA) == 0)
50b977481 Matthew Garrett 2017-11-07 217 is_ima = true;
50b977481 Matthew Garrett 2017-11-07 218
66dbc325a Mimi Zohar 2011-03-15 219 if ((req_xattr_name && req_xattr_value)
21af76631 Matthew Garrett 2018-05-11 220 && !strcmp(xattr->name, req_xattr_name)) {
66dbc325a Mimi Zohar 2011-03-15 221 error = 0;
d46eb3699 Dmitry Kasatkin 2011-03-09 222 crypto_shash_update(desc, (const u8 *)req_xattr_value,
d46eb3699 Dmitry Kasatkin 2011-03-09 223 req_xattr_value_len);
50b977481 Matthew Garrett 2017-11-07 224 if (is_ima)
50b977481 Matthew Garrett 2017-11-07 225 ima_present = true;
66dbc325a Mimi Zohar 2011-03-15 226 continue;
66dbc325a Mimi Zohar 2011-03-15 227 }
21af76631 Matthew Garrett 2018-05-11 228 size = vfs_getxattr_alloc(dentry, xattr->name,
66dbc325a Mimi Zohar 2011-03-15 229 &xattr_value, xattr_size, GFP_NOFS);
66dbc325a Mimi Zohar 2011-03-15 230 if (size == -ENOMEM) {
66dbc325a Mimi Zohar 2011-03-15 231 error = -ENOMEM;
66dbc325a Mimi Zohar 2011-03-15 232 goto out;
66dbc325a Mimi Zohar 2011-03-15 233 }
66dbc325a Mimi Zohar 2011-03-15 234 if (size < 0)
66dbc325a Mimi Zohar 2011-03-15 235 continue;
66dbc325a Mimi Zohar 2011-03-15 236
66dbc325a Mimi Zohar 2011-03-15 237 error = 0;
66dbc325a Mimi Zohar 2011-03-15 238 xattr_size = size;
d46eb3699 Dmitry Kasatkin 2011-03-09 239 crypto_shash_update(desc, (const u8 *)xattr_value, xattr_size);
50b977481 Matthew Garrett 2017-11-07 240 if (is_ima)
50b977481 Matthew Garrett 2017-11-07 241 ima_present = true;
66dbc325a Mimi Zohar 2011-03-15 242 }
26cfe10d4 Matthew Garrett 2018-06-08 243 hmac_add_misc(desc, inode, type, data->digest);
d46eb3699 Dmitry Kasatkin 2011-03-09 244
50b977481 Matthew Garrett 2017-11-07 245 /* Portable EVM signatures must include an IMA hash */
50b977481 Matthew Garrett 2017-11-07 246 if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present)
50b977481 Matthew Garrett 2017-11-07 247 return -EPERM;
66dbc325a Mimi Zohar 2011-03-15 248 out:
d46eb3699 Dmitry Kasatkin 2011-03-09 249 kfree(xattr_value);
d46eb3699 Dmitry Kasatkin 2011-03-09 250 kfree(desc);
66dbc325a Mimi Zohar 2011-03-15 251 return error;
66dbc325a Mimi Zohar 2011-03-15 252 }
66dbc325a Mimi Zohar 2011-03-15 253
:::::: The code at line 99 was first introduced by commit
:::::: fdc33c29b022dd4ee9ba8af722b5ba8fec40549f evm: Don't deadlock if a crypto algorithm is unavailable
:::::: TO: Matthew Garrett <mjg59 at google.com>
:::::: CC: Mimi Zohar <zohar at linux.vnet.ibm.com>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
More information about the Linux-security-module-archive
mailing list