1. Patchew
  2. linux
  3. View series

[PATCH 0/1] netlabel: KMSAN warning

Andrew Kanner posted 1 patch 2 years, 4 months ago 
security/selinux/netlabel.c | 1 +
1 file changed, 1 insertion(+)
[PATCH 0/1] netlabel: KMSAN warning
Posted by Andrew Kanner 2 years, 4 months ago 
Recently I started to use KMSAN and found the warning in
security/selinux/hooks.c which triggers each time I use the official
guide to run syzkaller reproducers

Link: https://github.com/google/syzkaller/blob/master/docs/syzbot_assets.md#run-a-c-reproducer

I'm not quiet confident what are the rules in security subsystem. It's
not a bug, but a warning which is triggered by KMSAN for the argument
of the security_net_peersid_resolve() which was not initialized. It
will not affect anything inside this function, at least with the
current order of checking the variables, which might eventually
change.

Please reply if you're ok with such not-a-bug fixes. Otherwise I'll
just ignore this warning in my experiments with KMSAN.

PS: most likely if fixes commit 220deb966ea5 ("SELinux: Better
integration between peer labeling subsystems"). Not sure if this tag
is needed for this patch.

Andrew Kanner (1):
  selinux: netlabel: Prevent KMSAN warning in
    selinux_inet_conn_request()

 security/selinux/netlabel.c | 1 +
 1 file changed, 1 insertion(+)

-- 
2.39.3
Re: [PATCH 0/1] netlabel: KMSAN warning
Posted by Paul Moore 2 years, 4 months ago 
On Tue, Aug 15, 2023 at 4:59 PM Andrew Kanner <andrew.kanner@gmail.com> wrote:
>
> Recently I started to use KMSAN and found the warning in
> security/selinux/hooks.c which triggers each time I use the official
> guide to run syzkaller reproducers
>
> Link: https://github.com/google/syzkaller/blob/master/docs/syzbot_assets.md#run-a-c-reproducer
>
> I'm not quiet confident what are the rules in security subsystem. It's
> not a bug, but a warning which is triggered by KMSAN for the argument
> of the security_net_peersid_resolve() which was not initialized. It
> will not affect anything inside this function, at least with the
> current order of checking the variables, which might eventually
> change.
>
> Please reply if you're ok with such not-a-bug fixes. Otherwise I'll
> just ignore this warning in my experiments with KMSAN.

I think the answer is going to depend on the particular "bug" and the
patch required to resolve it.  In this particular case I think the
patch is okay so I went ahead and merged it, although I did remove the
"Fixes" tag as the current code isn't broken.

In general, if a test tool dumps an error or warning for something
under security/ and you aren't sure if it's valid or if we need to
resolve it upstream, you can always send us an email and ask what to
do :)

-- 
paul-moore.com
Re: [PATCH 0/1] netlabel: KMSAN warning
Posted by Andrew Kanner 2 years, 4 months ago 
On Tue, Aug 15, 2023 at 06:27:43PM -0400, Paul Moore wrote:
> 
> I think the answer is going to depend on the particular "bug" and the
> patch required to resolve it.  In this particular case I think the
> patch is okay so I went ahead and merged it, although I did remove the
> "Fixes" tag as the current code isn't broken.
> 
> In general, if a test tool dumps an error or warning for something
> under security/ and you aren't sure if it's valid or if we need to
> resolve it upstream, you can always send us an email and ask what to
> do :)
> 
> -- 
> paul-moore.com

Thanks, Paul.
I got the idea.

-- 
Andrew Kanner

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.