* [kpsingh:static_calls_type_1 6/6] security/security.c:5298:5: warning: 'security_xfrm_decode_session' defined but not used
@ 2024-05-08 1:06 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2024-05-08 1:06 UTC (permalink / raw)
To: kpsingh; +Cc: oe-kbuild-all
tree: https://git.kernel.org/pub/scm/linux/kernel/git/kpsingh/linux.git static_calls_type_1
head: dafa5a9ade0b77e70e942cb20ac68c41da19916b
commit: dafa5a9ade0b77e70e942cb20ac68c41da19916b [6/6] failed delta
config: arc-allyesconfig (https://download.01.org/0day-ci/archive/20240508/202405080824.FsDR6dOP-lkp@intel.com/config)
compiler: arceb-elf-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240508/202405080824.FsDR6dOP-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202405080824.FsDR6dOP-lkp@intel.com/
All warnings (new ones prefixed by >>):
security/security.c:4048:13: warning: unused variable 'rc' [-Wunused-variable]
4048 | int rc;
| ^~
security/security.c:4046:14: warning: variable 'single' set but not used [-Wunused-but-set-variable]
4046 | bool single = false;
| ^~~~~~
security/security.c:4044:13: warning: variable 'left' set but not used [-Wunused-but-set-variable]
4044 | u32 left;
| ^~~~
security/security.c:4042:13: warning: unused variable 'entrysize' [-Wunused-variable]
4042 | u32 entrysize;
| ^~~~~~~~~
security/security.c:4041:20: warning: unused variable 'base' [-Wunused-variable]
4041 | u8 __user *base = (u8 __user *)uctx;
| ^~~~
security/security.c: At top level:
security/security.c:5742:5: warning: 'security_uring_cmd' defined but not used [-Wunused-function]
5742 | int security_uring_cmd(struct io_uring_cmd *ioucmd)
| ^~~~~~~~~~~~~~~~~~
security/security.c:5729:5: warning: 'security_uring_sqpoll' defined but not used [-Wunused-function]
5729 | int security_uring_sqpoll(void)
| ^~~~~~~~~~~~~~~~~~~~~
security/security.c:5716:5: warning: 'security_uring_override_creds' defined but not used [-Wunused-function]
5716 | int security_uring_override_creds(const struct cred *new)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5700:5: warning: 'security_perf_event_write' defined but not used [-Wunused-function]
5700 | int security_perf_event_write(struct perf_event *event)
| ^~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5687:5: warning: 'security_perf_event_read' defined but not used [-Wunused-function]
5687 | int security_perf_event_read(struct perf_event *event)
| ^~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5674:6: warning: 'security_perf_event_free' defined but not used [-Wunused-function]
5674 | void security_perf_event_free(struct perf_event *event)
| ^~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5663:5: warning: 'security_perf_event_alloc' defined but not used [-Wunused-function]
5663 | int security_perf_event_alloc(struct perf_event *event)
| ^~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5650:5: warning: 'security_perf_event_open' defined but not used [-Wunused-function]
5650 | int security_perf_event_open(struct perf_event_attr *attr, int type)
| ^~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5619:6: warning: 'security_bpf_token_free' defined but not used [-Wunused-function]
5619 | void security_bpf_token_free(struct bpf_token *token)
| ^~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5608:6: warning: 'security_bpf_prog_free' defined but not used [-Wunused-function]
5608 | void security_bpf_prog_free(struct bpf_prog *prog)
| ^~~~~~~~~~~~~~~~~~~~~~
security/security.c:5597:6: warning: 'security_bpf_map_free' defined but not used [-Wunused-function]
5597 | void security_bpf_map_free(struct bpf_map *map)
| ^~~~~~~~~~~~~~~~~~~~~
security/security.c:5586:5: warning: 'security_bpf_token_capable' defined but not used [-Wunused-function]
5586 | int security_bpf_token_capable(const struct bpf_token *token, int cap)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5570:5: warning: 'security_bpf_token_cmd' defined but not used [-Wunused-function]
5570 | int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
| ^~~~~~~~~~~~~~~~~~~~~~
security/security.c:5553:5: warning: 'security_bpf_token_create' defined but not used [-Wunused-function]
5553 | int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
| ^~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5536:5: warning: 'security_bpf_prog_load' defined but not used [-Wunused-function]
5536 | int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
| ^~~~~~~~~~~~~~~~~~~~~~
security/security.c:5518:5: warning: 'security_bpf_map_create' defined but not used [-Wunused-function]
5518 | int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr,
| ^~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5502:5: warning: 'security_bpf_prog' defined but not used [-Wunused-function]
5502 | int security_bpf_prog(struct bpf_prog *prog)
| ^~~~~~~~~~~~~~~~~
security/security.c:5488:5: warning: 'security_bpf_map' defined but not used [-Wunused-function]
5488 | int security_bpf_map(struct bpf_map *map, fmode_t fmode)
| ^~~~~~~~~~~~~~~~
security/security.c:5473:5: warning: 'security_bpf' defined but not used [-Wunused-function]
5473 | int security_bpf(int cmd, union bpf_attr *attr, unsigned int size)
| ^~~~~~~~~~~~
security/security.c:5454:5: warning: 'security_audit_rule_match' defined but not used [-Wunused-function]
5454 | int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule)
| ^~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5436:6: warning: 'security_audit_rule_free' defined but not used [-Wunused-function]
5436 | void security_audit_rule_free(void *lsmrule)
| ^~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5424:5: warning: 'security_audit_rule_known' defined but not used [-Wunused-function]
5424 | int security_audit_rule_known(struct audit_krule *krule)
| ^~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5410:5: warning: 'security_audit_rule_init' defined but not used [-Wunused-function]
5410 | int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
| ^~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5388:6: warning: 'security_key_post_create_or_update' defined but not used [-Wunused-function]
5388 | void security_key_post_create_or_update(struct key *keyring, struct key *key,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5371:5: warning: 'security_key_getsecurity' defined but not used [-Wunused-function]
5371 | int security_key_getsecurity(struct key *key, char **buffer)
| ^~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5352:5: warning: 'security_key_permission' defined but not used [-Wunused-function]
5352 | int security_key_permission(key_ref_t key_ref, const struct cred *cred,
| ^~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5337:6: warning: 'security_key_free' defined but not used [-Wunused-function]
5337 | void security_key_free(struct key *key)
| ^~~~~~~~~~~~~~~~~
security/security.c:5325:5: warning: 'security_key_alloc' defined but not used [-Wunused-function]
5325 | int security_key_alloc(struct key *key, const struct cred *cred,
| ^~~~~~~~~~~~~~~~~~
>> security/security.c:5298:5: warning: 'security_xfrm_decode_session' defined but not used [-Wunused-function]
5298 | int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> security/security.c:5276:5: warning: 'security_xfrm_state_pol_flow_match' defined but not used [-Wunused-function]
5276 | int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> security/security.c:5261:5: warning: 'security_xfrm_policy_lookup' defined but not used [-Wunused-function]
5261 | int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
>> security/security.c:5244:6: warning: 'security_xfrm_state_free' defined but not used [-Wunused-function]
5244 | void security_xfrm_state_free(struct xfrm_state *x)
| ^~~~~~~~~~~~~~~~~~~~~~~~
>> security/security.c:5218:5: warning: 'security_xfrm_state_alloc_acquire' defined but not used [-Wunused-function]
5218 | int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> security/security.c:5183:5: warning: 'security_xfrm_policy_delete' defined but not used [-Wunused-function]
5183 | int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
>> security/security.c:5157:5: warning: 'security_xfrm_policy_clone' defined but not used [-Wunused-function]
5157 | int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:5059:5: warning: 'security_mptcp_add_subflow' defined but not used [-Wunused-function]
5059 | int security_mptcp_add_subflow(struct sock *sk, struct sock *ssk)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:4835:6: warning: 'security_inet_csk_clone' defined but not used [-Wunused-function]
4835 | void security_inet_csk_clone(struct sock *newsk,
| ^~~~~~~~~~~~~~~~~~~~~~~
security/security.c:4752:6: warning: 'security_sk_free' defined but not used [-Wunused-function]
4752 | void security_sk_free(struct sock *sk)
| ^~~~~~~~~~~~~~~~
security/security.c:4741:5: warning: 'security_sk_alloc' defined but not used [-Wunused-function]
4741 | int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
| ^~~~~~~~~~~~~~~~~
security/security.c:4702:5: warning: 'security_socket_getpeersec_stream' defined but not used [-Wunused-function]
4702 | int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:4664:5: warning: 'security_socket_shutdown' defined but not used [-Wunused-function]
4664 | int security_socket_shutdown(struct socket *sock, int how)
| ^~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:4649:5: warning: 'security_socket_setsockopt' defined but not used [-Wunused-function]
4649 | int security_socket_setsockopt(struct socket *sock, int level, int optname)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:4634:5: warning: 'security_socket_getsockopt' defined but not used [-Wunused-function]
4634 | int security_socket_getsockopt(struct socket *sock, int level, int optname)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:4618:5: warning: 'security_socket_getpeername' defined but not used [-Wunused-function]
4618 | int security_socket_getpeername(struct socket *sock)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:4605:5: warning: 'security_socket_getsockname' defined but not used [-Wunused-function]
4605 | int security_socket_getsockname(struct socket *sock)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:4590:5: warning: 'security_socket_recvmsg' defined but not used [-Wunused-function]
4590 | int security_socket_recvmsg(struct socket *sock, struct msghdr *msg,
| ^~~~~~~~~~~~~~~~~~~~~~~
security/security.c:4574:5: warning: 'security_socket_sendmsg' defined but not used [-Wunused-function]
4574 | int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size)
| ^~~~~~~~~~~~~~~~~~~~~~~
security/security.c:4559:5: warning: 'security_socket_accept' defined but not used [-Wunused-function]
4559 | int security_socket_accept(struct socket *sock, struct socket *newsock)
| ^~~~~~~~~~~~~~~~~~~~~~
security/security.c:4543:5: warning: 'security_socket_listen' defined but not used [-Wunused-function]
4543 | int security_socket_listen(struct socket *sock, int backlog)
| ^~~~~~~~~~~~~~~~~~~~~~
security/security.c:4528:5: warning: 'security_socket_connect' defined but not used [-Wunused-function]
4528 | int security_socket_connect(struct socket *sock,
| ^~~~~~~~~~~~~~~~~~~~~~~
security/security.c:4511:5: warning: 'security_socket_bind' defined but not used [-Wunused-function]
4511 | int security_socket_bind(struct socket *sock,
| ^~~~~~~~~~~~~~~~~~~~
security/security.c:4476:5: warning: 'security_socket_post_create' defined but not used [-Wunused-function]
4476 | int security_socket_post_create(struct socket *sock, int family,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:4453:5: warning: 'security_socket_create' defined but not used [-Wunused-function]
4453 | int security_socket_create(int family, int type, int protocol, int kern)
| ^~~~~~~~~~~~~~~~~~~~~~
>> security/security.c:4381:5: warning: 'security_watch_key' defined but not used [-Wunused-function]
4381 | int security_watch_key(struct key *key)
| ^~~~~~~~~~~~~~~~~~
>> security/security.c:4363:5: warning: 'security_post_notification' defined but not used [-Wunused-function]
4363 | int security_post_notification(const struct cred *w_cred,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
security/security.c:4211:5: warning: 'security_netlink_send' defined but not used [-Wunused-function]
4211 | int security_netlink_send(struct sock *sk, struct sk_buff *skb)
| ^~~~~~~~~~~~~~~~~~~~~
security/security.c:4193:5: warning: 'security_setprocattr' defined but not used [-Wunused-function]
4193 | int security_setprocattr(int lsmid, const char *name, void *value, size_t size)
| ^~~~~~~~~~~~~~~~~~~~
security/security.c:4175:5: warning: 'security_getprocattr' defined but not used [-Wunused-function]
4175 | int security_getprocattr(struct task_struct *p, int lsmid, const char *name,
| ^~~~~~~~~~~~~~~~~~~~
vim +/security_xfrm_decode_session +5298 security/security.c
20510f2f4e2dab James Morris 2007-10-16 5146
742b99456e86aa Paul Moore 2023-02-15 5147 /**
742b99456e86aa Paul Moore 2023-02-15 5148 * security_xfrm_policy_clone() - Clone xfrm policy LSM state
742b99456e86aa Paul Moore 2023-02-15 5149 * @old_ctx: xfrm security context
742b99456e86aa Paul Moore 2023-02-15 5150 * @new_ctxp: target xfrm security context
742b99456e86aa Paul Moore 2023-02-15 5151 *
742b99456e86aa Paul Moore 2023-02-15 5152 * Allocate a security structure in new_ctxp that contains the information from
742b99456e86aa Paul Moore 2023-02-15 5153 * the old_ctx structure.
742b99456e86aa Paul Moore 2023-02-15 5154 *
742b99456e86aa Paul Moore 2023-02-15 5155 * Return: Return 0 if operation was successful.
742b99456e86aa Paul Moore 2023-02-15 5156 */
03e1ad7b5d871d Paul Moore 2008-04-12 @5157 int security_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
03e1ad7b5d871d Paul Moore 2008-04-12 5158 struct xfrm_sec_ctx **new_ctxp)
20510f2f4e2dab James Morris 2007-10-16 5159 {
260017f31a8c38 Ondrej Mosnacek 2024-01-30 5160 return call_int_hook(xfrm_policy_clone_security, old_ctx, new_ctxp);
20510f2f4e2dab James Morris 2007-10-16 5161 }
20510f2f4e2dab James Morris 2007-10-16 5162
742b99456e86aa Paul Moore 2023-02-15 5163 /**
742b99456e86aa Paul Moore 2023-02-15 5164 * security_xfrm_policy_free() - Free a xfrm security context
742b99456e86aa Paul Moore 2023-02-15 5165 * @ctx: xfrm security context
742b99456e86aa Paul Moore 2023-02-15 5166 *
742b99456e86aa Paul Moore 2023-02-15 5167 * Free LSM resources associated with @ctx.
742b99456e86aa Paul Moore 2023-02-15 5168 */
03e1ad7b5d871d Paul Moore 2008-04-12 5169 void security_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
20510f2f4e2dab James Morris 2007-10-16 5170 {
f25fce3e8f1f15 Casey Schaufler 2015-05-02 5171 call_void_hook(xfrm_policy_free_security, ctx);
20510f2f4e2dab James Morris 2007-10-16 5172 }
20510f2f4e2dab James Morris 2007-10-16 5173 EXPORT_SYMBOL(security_xfrm_policy_free);
20510f2f4e2dab James Morris 2007-10-16 5174
742b99456e86aa Paul Moore 2023-02-15 5175 /**
742b99456e86aa Paul Moore 2023-02-15 5176 * security_xfrm_policy_delete() - Check if deleting a xfrm policy is allowed
742b99456e86aa Paul Moore 2023-02-15 5177 * @ctx: xfrm security context
742b99456e86aa Paul Moore 2023-02-15 5178 *
742b99456e86aa Paul Moore 2023-02-15 5179 * Authorize deletion of a SPD entry.
742b99456e86aa Paul Moore 2023-02-15 5180 *
742b99456e86aa Paul Moore 2023-02-15 5181 * Return: Returns 0 if permission is granted.
742b99456e86aa Paul Moore 2023-02-15 5182 */
03e1ad7b5d871d Paul Moore 2008-04-12 @5183 int security_xfrm_policy_delete(struct xfrm_sec_ctx *ctx)
20510f2f4e2dab James Morris 2007-10-16 5184 {
260017f31a8c38 Ondrej Mosnacek 2024-01-30 5185 return call_int_hook(xfrm_policy_delete_security, ctx);
20510f2f4e2dab James Morris 2007-10-16 5186 }
20510f2f4e2dab James Morris 2007-10-16 5187
742b99456e86aa Paul Moore 2023-02-15 5188 /**
742b99456e86aa Paul Moore 2023-02-15 5189 * security_xfrm_state_alloc() - Allocate a xfrm state LSM blob
742b99456e86aa Paul Moore 2023-02-15 5190 * @x: xfrm state being added to the SAD
742b99456e86aa Paul Moore 2023-02-15 5191 * @sec_ctx: security label provided by userspace
742b99456e86aa Paul Moore 2023-02-15 5192 *
742b99456e86aa Paul Moore 2023-02-15 5193 * Allocate a security structure to the @x->security field; the security field
742b99456e86aa Paul Moore 2023-02-15 5194 * is initialized to NULL when the xfrm_state is allocated. Set the context to
742b99456e86aa Paul Moore 2023-02-15 5195 * correspond to @sec_ctx.
742b99456e86aa Paul Moore 2023-02-15 5196 *
742b99456e86aa Paul Moore 2023-02-15 5197 * Return: Return 0 if operation was successful.
742b99456e86aa Paul Moore 2023-02-15 5198 */
2e5aa86609ec1c Paul Moore 2013-07-23 5199 int security_xfrm_state_alloc(struct xfrm_state *x,
2e5aa86609ec1c Paul Moore 2013-07-23 5200 struct xfrm_user_sec_ctx *sec_ctx)
20510f2f4e2dab James Morris 2007-10-16 5201 {
260017f31a8c38 Ondrej Mosnacek 2024-01-30 5202 return call_int_hook(xfrm_state_alloc, x, sec_ctx);
20510f2f4e2dab James Morris 2007-10-16 5203 }
20510f2f4e2dab James Morris 2007-10-16 5204 EXPORT_SYMBOL(security_xfrm_state_alloc);
20510f2f4e2dab James Morris 2007-10-16 5205
742b99456e86aa Paul Moore 2023-02-15 5206 /**
742b99456e86aa Paul Moore 2023-02-15 5207 * security_xfrm_state_alloc_acquire() - Allocate a xfrm state LSM blob
742b99456e86aa Paul Moore 2023-02-15 5208 * @x: xfrm state being added to the SAD
742b99456e86aa Paul Moore 2023-02-15 5209 * @polsec: associated policy's security context
742b99456e86aa Paul Moore 2023-02-15 5210 * @secid: secid from the flow
742b99456e86aa Paul Moore 2023-02-15 5211 *
742b99456e86aa Paul Moore 2023-02-15 5212 * Allocate a security structure to the x->security field; the security field
742b99456e86aa Paul Moore 2023-02-15 5213 * is initialized to NULL when the xfrm_state is allocated. Set the context to
742b99456e86aa Paul Moore 2023-02-15 5214 * correspond to secid.
742b99456e86aa Paul Moore 2023-02-15 5215 *
742b99456e86aa Paul Moore 2023-02-15 5216 * Return: Returns 0 if operation was successful.
742b99456e86aa Paul Moore 2023-02-15 5217 */
20510f2f4e2dab James Morris 2007-10-16 @5218 int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
20510f2f4e2dab James Morris 2007-10-16 5219 struct xfrm_sec_ctx *polsec, u32 secid)
20510f2f4e2dab James Morris 2007-10-16 5220 {
260017f31a8c38 Ondrej Mosnacek 2024-01-30 5221 return call_int_hook(xfrm_state_alloc_acquire, x, polsec, secid);
20510f2f4e2dab James Morris 2007-10-16 5222 }
20510f2f4e2dab James Morris 2007-10-16 5223
742b99456e86aa Paul Moore 2023-02-15 5224 /**
742b99456e86aa Paul Moore 2023-02-15 5225 * security_xfrm_state_delete() - Check if deleting a xfrm state is allowed
742b99456e86aa Paul Moore 2023-02-15 5226 * @x: xfrm state
742b99456e86aa Paul Moore 2023-02-15 5227 *
742b99456e86aa Paul Moore 2023-02-15 5228 * Authorize deletion of x->security.
742b99456e86aa Paul Moore 2023-02-15 5229 *
742b99456e86aa Paul Moore 2023-02-15 5230 * Return: Returns 0 if permission is granted.
742b99456e86aa Paul Moore 2023-02-15 5231 */
20510f2f4e2dab James Morris 2007-10-16 5232 int security_xfrm_state_delete(struct xfrm_state *x)
20510f2f4e2dab James Morris 2007-10-16 5233 {
260017f31a8c38 Ondrej Mosnacek 2024-01-30 5234 return call_int_hook(xfrm_state_delete_security, x);
20510f2f4e2dab James Morris 2007-10-16 5235 }
20510f2f4e2dab James Morris 2007-10-16 5236 EXPORT_SYMBOL(security_xfrm_state_delete);
20510f2f4e2dab James Morris 2007-10-16 5237
742b99456e86aa Paul Moore 2023-02-15 5238 /**
742b99456e86aa Paul Moore 2023-02-15 5239 * security_xfrm_state_free() - Free a xfrm state
742b99456e86aa Paul Moore 2023-02-15 5240 * @x: xfrm state
742b99456e86aa Paul Moore 2023-02-15 5241 *
742b99456e86aa Paul Moore 2023-02-15 5242 * Deallocate x->security.
742b99456e86aa Paul Moore 2023-02-15 5243 */
20510f2f4e2dab James Morris 2007-10-16 @5244 void security_xfrm_state_free(struct xfrm_state *x)
20510f2f4e2dab James Morris 2007-10-16 5245 {
f25fce3e8f1f15 Casey Schaufler 2015-05-02 5246 call_void_hook(xfrm_state_free_security, x);
20510f2f4e2dab James Morris 2007-10-16 5247 }
20510f2f4e2dab James Morris 2007-10-16 5248
742b99456e86aa Paul Moore 2023-02-15 5249 /**
742b99456e86aa Paul Moore 2023-02-15 5250 * security_xfrm_policy_lookup() - Check if using a xfrm policy is allowed
742b99456e86aa Paul Moore 2023-02-15 5251 * @ctx: target xfrm security context
742b99456e86aa Paul Moore 2023-02-15 5252 * @fl_secid: flow secid used to authorize access
742b99456e86aa Paul Moore 2023-02-15 5253 *
742b99456e86aa Paul Moore 2023-02-15 5254 * Check permission when a flow selects a xfrm_policy for processing XFRMs on a
742b99456e86aa Paul Moore 2023-02-15 5255 * packet. The hook is called when selecting either a per-socket policy or a
742b99456e86aa Paul Moore 2023-02-15 5256 * generic xfrm policy.
742b99456e86aa Paul Moore 2023-02-15 5257 *
742b99456e86aa Paul Moore 2023-02-15 5258 * Return: Return 0 if permission is granted, -ESRCH otherwise, or -errno on
742b99456e86aa Paul Moore 2023-02-15 5259 * other errors.
742b99456e86aa Paul Moore 2023-02-15 5260 */
8a922805fb0950 Zhongjun Tan 2021-04-09 @5261 int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid)
20510f2f4e2dab James Morris 2007-10-16 5262 {
260017f31a8c38 Ondrej Mosnacek 2024-01-30 5263 return call_int_hook(xfrm_policy_lookup, ctx, fl_secid);
20510f2f4e2dab James Morris 2007-10-16 5264 }
20510f2f4e2dab James Morris 2007-10-16 5265
742b99456e86aa Paul Moore 2023-02-15 5266 /**
742b99456e86aa Paul Moore 2023-02-15 5267 * security_xfrm_state_pol_flow_match() - Check for a xfrm match
742b99456e86aa Paul Moore 2023-02-15 5268 * @x: xfrm state to match
1e2523d745cff3 Paul Moore 2023-03-08 5269 * @xp: xfrm policy to check for a match
742b99456e86aa Paul Moore 2023-02-15 5270 * @flic: flow to check for a match.
742b99456e86aa Paul Moore 2023-02-15 5271 *
742b99456e86aa Paul Moore 2023-02-15 5272 * Check @xp and @flic for a match with @x.
742b99456e86aa Paul Moore 2023-02-15 5273 *
742b99456e86aa Paul Moore 2023-02-15 5274 * Return: Returns 1 if there is a match.
742b99456e86aa Paul Moore 2023-02-15 5275 */
20510f2f4e2dab James Morris 2007-10-16 @5276 int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
e33f770426674a David S. Miller 2011-02-22 5277 struct xfrm_policy *xp,
3df98d79215ace Paul Moore 2020-09-27 5278 const struct flowi_common *flic)
20510f2f4e2dab James Morris 2007-10-16 5279 {
b1d9e6b0646d0e Casey Schaufler 2015-05-02 5280 /*
b1d9e6b0646d0e Casey Schaufler 2015-05-02 5281 * Since this function is expected to return 0 or 1, the judgment
b1d9e6b0646d0e Casey Schaufler 2015-05-02 5282 * becomes difficult if multiple LSMs supply this call. Fortunately,
b1d9e6b0646d0e Casey Schaufler 2015-05-02 5283 * we can use the first LSM's judgment because currently only SELinux
b1d9e6b0646d0e Casey Schaufler 2015-05-02 5284 * supplies this call.
b1d9e6b0646d0e Casey Schaufler 2015-05-02 5285 */
126d968c88f643 kpsingh 2024-04-26 5286 return call_int_hook(xfrm_state_pol_flow_match, x, xp, flic);
20510f2f4e2dab James Morris 2007-10-16 5287 }
20510f2f4e2dab James Morris 2007-10-16 5288
742b99456e86aa Paul Moore 2023-02-15 5289 /**
742b99456e86aa Paul Moore 2023-02-15 5290 * security_xfrm_decode_session() - Determine the xfrm secid for a packet
742b99456e86aa Paul Moore 2023-02-15 5291 * @skb: xfrm packet
742b99456e86aa Paul Moore 2023-02-15 5292 * @secid: secid
742b99456e86aa Paul Moore 2023-02-15 5293 *
742b99456e86aa Paul Moore 2023-02-15 5294 * Decode the packet in @skb and return the security label in @secid.
742b99456e86aa Paul Moore 2023-02-15 5295 *
742b99456e86aa Paul Moore 2023-02-15 5296 * Return: Return 0 if all xfrms used have the same secid.
742b99456e86aa Paul Moore 2023-02-15 5297 */
20510f2f4e2dab James Morris 2007-10-16 @5298 int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
20510f2f4e2dab James Morris 2007-10-16 5299 {
260017f31a8c38 Ondrej Mosnacek 2024-01-30 5300 return call_int_hook(xfrm_decode_session, skb, secid, 1);
20510f2f4e2dab James Morris 2007-10-16 5301 }
20510f2f4e2dab James Morris 2007-10-16 5302
3df98d79215ace Paul Moore 2020-09-27 5303 void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic)
20510f2f4e2dab James Morris 2007-10-16 5304 {
260017f31a8c38 Ondrej Mosnacek 2024-01-30 5305 int rc = call_int_hook(xfrm_decode_session, skb, &flic->flowic_secid,
f25fce3e8f1f15 Casey Schaufler 2015-05-02 5306 0);
20510f2f4e2dab James Morris 2007-10-16 5307
20510f2f4e2dab James Morris 2007-10-16 5308 BUG_ON(rc);
20510f2f4e2dab James Morris 2007-10-16 5309 }
20510f2f4e2dab James Morris 2007-10-16 5310 EXPORT_SYMBOL(security_skb_classify_flow);
20510f2f4e2dab James Morris 2007-10-16 5311 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
20510f2f4e2dab James Morris 2007-10-16 5312
20510f2f4e2dab James Morris 2007-10-16 5313 #ifdef CONFIG_KEYS
ecc419a4453530 Paul Moore 2023-02-15 5314 /**
ecc419a4453530 Paul Moore 2023-02-15 5315 * security_key_alloc() - Allocate and initialize a kernel key LSM blob
ecc419a4453530 Paul Moore 2023-02-15 5316 * @key: key
ecc419a4453530 Paul Moore 2023-02-15 5317 * @cred: credentials
ecc419a4453530 Paul Moore 2023-02-15 5318 * @flags: allocation flags
ecc419a4453530 Paul Moore 2023-02-15 5319 *
ecc419a4453530 Paul Moore 2023-02-15 5320 * Permit allocation of a key and assign security data. Note that key does not
ecc419a4453530 Paul Moore 2023-02-15 5321 * have a serial number assigned at this point.
ecc419a4453530 Paul Moore 2023-02-15 5322 *
ecc419a4453530 Paul Moore 2023-02-15 5323 * Return: Return 0 if permission is granted, -ve error otherwise.
ecc419a4453530 Paul Moore 2023-02-15 5324 */
d84f4f992cbd76 David Howells 2008-11-14 @5325 int security_key_alloc(struct key *key, const struct cred *cred,
d84f4f992cbd76 David Howells 2008-11-14 5326 unsigned long flags)
20510f2f4e2dab James Morris 2007-10-16 5327 {
260017f31a8c38 Ondrej Mosnacek 2024-01-30 5328 return call_int_hook(key_alloc, key, cred, flags);
20510f2f4e2dab James Morris 2007-10-16 5329 }
20510f2f4e2dab James Morris 2007-10-16 5330
ecc419a4453530 Paul Moore 2023-02-15 5331 /**
ecc419a4453530 Paul Moore 2023-02-15 5332 * security_key_free() - Free a kernel key LSM blob
ecc419a4453530 Paul Moore 2023-02-15 5333 * @key: key
ecc419a4453530 Paul Moore 2023-02-15 5334 *
ecc419a4453530 Paul Moore 2023-02-15 5335 * Notification of destruction; free security data.
ecc419a4453530 Paul Moore 2023-02-15 5336 */
20510f2f4e2dab James Morris 2007-10-16 @5337 void security_key_free(struct key *key)
20510f2f4e2dab James Morris 2007-10-16 5338 {
f25fce3e8f1f15 Casey Schaufler 2015-05-02 5339 call_void_hook(key_free, key);
20510f2f4e2dab James Morris 2007-10-16 5340 }
20510f2f4e2dab James Morris 2007-10-16 5341
ecc419a4453530 Paul Moore 2023-02-15 5342 /**
ecc419a4453530 Paul Moore 2023-02-15 5343 * security_key_permission() - Check if a kernel key operation is allowed
ecc419a4453530 Paul Moore 2023-02-15 5344 * @key_ref: key reference
ecc419a4453530 Paul Moore 2023-02-15 5345 * @cred: credentials of actor requesting access
ecc419a4453530 Paul Moore 2023-02-15 5346 * @need_perm: requested permissions
ecc419a4453530 Paul Moore 2023-02-15 5347 *
ecc419a4453530 Paul Moore 2023-02-15 5348 * See whether a specific operational right is granted to a process on a key.
ecc419a4453530 Paul Moore 2023-02-15 5349 *
ecc419a4453530 Paul Moore 2023-02-15 5350 * Return: Return 0 if permission is granted, -ve error otherwise.
ecc419a4453530 Paul Moore 2023-02-15 5351 */
8c0637e950d689 David Howells 2020-05-12 @5352 int security_key_permission(key_ref_t key_ref, const struct cred *cred,
8c0637e950d689 David Howells 2020-05-12 5353 enum key_need_perm need_perm)
20510f2f4e2dab James Morris 2007-10-16 5354 {
260017f31a8c38 Ondrej Mosnacek 2024-01-30 5355 return call_int_hook(key_permission, key_ref, cred, need_perm);
20510f2f4e2dab James Morris 2007-10-16 5356 }
20510f2f4e2dab James Morris 2007-10-16 5357
:::::: The code at line 5298 was first introduced by commit
:::::: 20510f2f4e2dabb0ff6c13901807627ec9452f98 security: Convert LSM into a static interface
:::::: TO: James Morris <jmorris@namei.org>
:::::: CC: Linus Torvalds <torvalds@woody.linux-foundation.org>
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-05-08 1:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-05-08 1:06 [kpsingh:static_calls_type_1 6/6] security/security.c:5298:5: warning: 'security_xfrm_decode_session' defined but not used kernel test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).