mbox series

[0/1] netlabel: KMSAN warning

Message ID 20230815205917.1504837-1-andrew.kanner@gmail.com (mailing list archive)
Headers show
Series netlabel: KMSAN warning | expand

Message

Andrew Kanner Aug. 15, 2023, 8:59 p.m. UTC
Recently I started to use KMSAN and found the warning in
security/selinux/hooks.c which triggers each time I use the official
guide to run syzkaller reproducers

Link: https://github.com/google/syzkaller/blob/master/docs/syzbot_assets.md#run-a-c-reproducer

I'm not quiet confident what are the rules in security subsystem. It's
not a bug, but a warning which is triggered by KMSAN for the argument
of the security_net_peersid_resolve() which was not initialized. It
will not affect anything inside this function, at least with the
current order of checking the variables, which might eventually
change.

Please reply if you're ok with such not-a-bug fixes. Otherwise I'll
just ignore this warning in my experiments with KMSAN.

PS: most likely if fixes commit 220deb966ea5 ("SELinux: Better
integration between peer labeling subsystems"). Not sure if this tag
is needed for this patch.

Andrew Kanner (1):
  selinux: netlabel: Prevent KMSAN warning in
    selinux_inet_conn_request()

 security/selinux/netlabel.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Paul Moore Aug. 15, 2023, 10:27 p.m. UTC | #1
On Tue, Aug 15, 2023 at 4:59 PM Andrew Kanner <andrew.kanner@gmail.com> wrote:
>
> Recently I started to use KMSAN and found the warning in
> security/selinux/hooks.c which triggers each time I use the official
> guide to run syzkaller reproducers
>
> Link: https://github.com/google/syzkaller/blob/master/docs/syzbot_assets.md#run-a-c-reproducer
>
> I'm not quiet confident what are the rules in security subsystem. It's
> not a bug, but a warning which is triggered by KMSAN for the argument
> of the security_net_peersid_resolve() which was not initialized. It
> will not affect anything inside this function, at least with the
> current order of checking the variables, which might eventually
> change.
>
> Please reply if you're ok with such not-a-bug fixes. Otherwise I'll
> just ignore this warning in my experiments with KMSAN.

I think the answer is going to depend on the particular "bug" and the
patch required to resolve it.  In this particular case I think the
patch is okay so I went ahead and merged it, although I did remove the
"Fixes" tag as the current code isn't broken.

In general, if a test tool dumps an error or warning for something
under security/ and you aren't sure if it's valid or if we need to
resolve it upstream, you can always send us an email and ask what to
do :)
Andrew Kanner Aug. 16, 2023, 7:05 a.m. UTC | #2
On Tue, Aug 15, 2023 at 06:27:43PM -0400, Paul Moore wrote:
> 
> I think the answer is going to depend on the particular "bug" and the
> patch required to resolve it.  In this particular case I think the
> patch is okay so I went ahead and merged it, although I did remove the
> "Fixes" tag as the current code isn't broken.
> 
> In general, if a test tool dumps an error or warning for something
> under security/ and you aren't sure if it's valid or if we need to
> resolve it upstream, you can always send us an email and ask what to
> do :)
> 
> -- 
> paul-moore.com

Thanks, Paul.
I got the idea.