Re: [PATCH v5 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy

From: kernel test robot
Date: Mon Jul 14 2025 - 14:08:04 EST

Next message: Dan Carpenter: "Re: [PATCH v8 1/3] staging: media: atomisp: fix indentation in aa"
Previous message: Dan Carpenter: "Re: [PATCH net-next] net/rose: Remove unnecessary if check in rose_dev_first()"
In reply to: Tetsuo Handa: "Re: [PATCH v5 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy"
Next in thread: Maxime Bélair: "[PATCH v5 1/3] Wire up lsm_config_self_policy and lsm_config_system_policy syscalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Maxime,

kernel test robot noticed the following build warnings:

[auto build test WARNING on 9c32cda43eb78f78c73aee4aa344b777714e259b]

url: https://github.com/intel-lab-lkp/linux/commits/Maxime-B-lair/Wire-up-lsm_config_self_policy-and-lsm_config_system_policy-syscalls/20250709-160720
base: 9c32cda43eb78f78c73aee4aa344b777714e259b
patch link: https://lore.kernel.org/r/20250709080220.110947-4-maxime.belair%40canonical.com
patch subject: [PATCH v5 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy
config: hexagon-randconfig-r072-20250714 (https://download.01.org/0day-ci/archive/20250715/202507150132.xWRFcZgf-lkp@xxxxxxxxx/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-kbuild-all/202507150132.xWRFcZgf-lkp@xxxxxxxxx/

smatch warnings:
security/apparmor/lsm.c:1348 apparmor_lsm_config_system_policy() warn: unsigned 'ns_size' is never less than zero.

vim +/ns_size +1348 security/apparmor/lsm.c

1319
1320 /**
1321 * apparmor_lsm_config_system_policy - Load or replace a system policy
1322 * @lsm_id: AppArmor ID (LSM_ID_APPARMOR). Unused here
1323 * @op: operation to perform. Currently, only LSM_POLICY_LOAD is supported
1324 * @buf: user-supplied buffer in the form "<ns>\0<policy>"
1325 * <ns> is the namespace to load the policy into (empty string for root)
1326 * <policy> is the policy to load
1327 * @size: size of @buf
1328 * @flags: reserved for future uses; must be zero
1329 *
1330 * Returns: 0 on success, negative value on error
1331 */
1332 static int apparmor_lsm_config_system_policy(u32 lsm_id, u32 op, void __user *buf,
1333 size_t size, u32 flags)
1334 {
1335 loff_t pos = 0; // Partial writing is not currently supported
1336 char ns_name[AA_PROFILE_NAME_MAX_SIZE];
1337 size_t ns_size;
1338 size_t max_ns_size = min(size, AA_PROFILE_NAME_MAX_SIZE);
1339
1340 if (op != LSM_POLICY_LOAD || flags)
1341 return -EOPNOTSUPP;
1342 if (size < 2)
1343 return -EINVAL;
1344 if (size > AA_PROFILE_MAX_SIZE)
1345 return -E2BIG;
1346
1347 ns_size = strncpy_from_user(ns_name, buf, max_ns_size);
> 1348 if (ns_size < 0)
1349 return ns_size;
1350 if (ns_size == max_ns_size)
1351 return -E2BIG;
1352
1353 return aa_profile_load_ns_name(ns_name, ns_size, buf + ns_size + 1,
1354 size - ns_size - 1, &pos);
1355 }
1356

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Next message: Dan Carpenter: "Re: [PATCH v8 1/3] staging: media: atomisp: fix indentation in aa"
Previous message: Dan Carpenter: "Re: [PATCH net-next] net/rose: Remove unnecessary if check in rose_dev_first()"
In reply to: Tetsuo Handa: "Re: [PATCH v5 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy"
Next in thread: Maxime Bélair: "[PATCH v5 1/3] Wire up lsm_config_self_policy and lsm_config_system_policy syscalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]