| Message ID | 20230815205917.1504837-1-andrew.kanner@gmail.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | netlabel: KMSAN warning | expand |
On Tue, Aug 15, 2023 at 4:59 PM Andrew Kanner <andrew.kanner@gmail.com> wrote: > > Recently I started to use KMSAN and found the warning in > security/selinux/hooks.c which triggers each time I use the official > guide to run syzkaller reproducers > > Link: https://github.com/google/syzkaller/blob/master/docs/syzbot_assets.md#run-a-c-reproducer > > I'm not quiet confident what are the rules in security subsystem. It's > not a bug, but a warning which is triggered by KMSAN for the argument > of the security_net_peersid_resolve() which was not initialized. It > will not affect anything inside this function, at least with the > current order of checking the variables, which might eventually > change. > > Please reply if you're ok with such not-a-bug fixes. Otherwise I'll > just ignore this warning in my experiments with KMSAN. I think the answer is going to depend on the particular "bug" and the patch required to resolve it. In this particular case I think the patch is okay so I went ahead and merged it, although I did remove the "Fixes" tag as the current code isn't broken. In general, if a test tool dumps an error or warning for something under security/ and you aren't sure if it's valid or if we need to resolve it upstream, you can always send us an email and ask what to do :)
On Tue, Aug 15, 2023 at 06:27:43PM -0400, Paul Moore wrote: > > I think the answer is going to depend on the particular "bug" and the > patch required to resolve it. In this particular case I think the > patch is okay so I went ahead and merged it, although I did remove the > "Fixes" tag as the current code isn't broken. > > In general, if a test tool dumps an error or warning for something > under security/ and you aren't sure if it's valid or if we need to > resolve it upstream, you can always send us an email and ask what to > do :) > > -- > paul-moore.com Thanks, Paul. I got the idea.
Recently I started to use KMSAN and found the warning in security/selinux/hooks.c which triggers each time I use the official guide to run syzkaller reproducers Link: https://github.com/google/syzkaller/blob/master/docs/syzbot_assets.md#run-a-c-reproducer I'm not quiet confident what are the rules in security subsystem. It's not a bug, but a warning which is triggered by KMSAN for the argument of the security_net_peersid_resolve() which was not initialized. It will not affect anything inside this function, at least with the current order of checking the variables, which might eventually change. Please reply if you're ok with such not-a-bug fixes. Otherwise I'll just ignore this warning in my experiments with KMSAN. PS: most likely if fixes commit 220deb966ea5 ("SELinux: Better integration between peer labeling subsystems"). Not sure if this tag is needed for this patch. Andrew Kanner (1): selinux: netlabel: Prevent KMSAN warning in selinux_inet_conn_request() security/selinux/netlabel.c | 1 + 1 file changed, 1 insertion(+)