From: kernel test robot <lkp@intel.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
casey.schaufler@intel.com, jmorris@namei.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: kbuild-all@lists.01.org, casey@schaufler-ca.com,
linux-audit@redhat.com, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
paul@paul-moore.com
Subject: Re: [PATCH v31 01/28] integrity: disassociate ima_filter_rule from security_audit_rule
Date: Tue, 14 Dec 2021 21:33:10 +0800 [thread overview]
Message-ID: <202112142134.jipW98iP-lkp@intel.com> (raw)
In-Reply-To: <20211213234034.111891-2-casey@schaufler-ca.com>
Hi Casey,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
[also build test ERROR on nf/master linus/master jmorris-security/next-testing v5.16-rc5]
[cannot apply to pcmoore-audit/next]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20211214-084057
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: openrisc-randconfig-r012-20211213 (https://download.01.org/0day-ci/archive/20211214/202112142134.jipW98iP-lkp@intel.com/config)
compiler: or1k-linux-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/dcedf3ce1784c565747e19c7917ddbcd3422b821
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20211214-084057
git checkout dcedf3ce1784c565747e19c7917ddbcd3422b821
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=openrisc SHELL=/bin/bash
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
security/integrity/ima/ima_policy.c: In function 'ima_lsm_free_rule':
>> security/integrity/ima/ima_policy.c:360:17: error: implicit declaration of function 'ima_filter_rule_free'; did you mean 'ima_file_free'? [-Werror=implicit-function-declaration]
360 | ima_filter_rule_free(entry->lsm[i].rule);
| ^~~~~~~~~~~~~~~~~~~~
| ima_file_free
security/integrity/ima/ima_policy.c: In function 'ima_lsm_copy_rule':
>> security/integrity/ima/ima_policy.c:409:17: error: implicit declaration of function 'ima_filter_rule_init' [-Werror=implicit-function-declaration]
409 | ima_filter_rule_init(nentry->lsm[i].type, Audit_equal,
| ^~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_policy.c: In function 'ima_match_rules':
>> security/integrity/ima/ima_policy.c:625:30: error: implicit declaration of function 'ima_filter_rule_match' [-Werror=implicit-function-declaration]
625 | rc = ima_filter_rule_match(osid, rule->lsm[i].type,
| ^~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
vim +360 security/integrity/ima/ima_policy.c
176377d97d6a3f Tyler Hicks 2020-08-11 354
b169424551930a Janne Karhunen 2019-06-14 355 static void ima_lsm_free_rule(struct ima_rule_entry *entry)
b169424551930a Janne Karhunen 2019-06-14 356 {
b169424551930a Janne Karhunen 2019-06-14 357 int i;
b169424551930a Janne Karhunen 2019-06-14 358
b169424551930a Janne Karhunen 2019-06-14 359 for (i = 0; i < MAX_LSM_RULES; i++) {
b8867eedcf76ca Tyler Hicks 2020-07-10 @360 ima_filter_rule_free(entry->lsm[i].rule);
b169424551930a Janne Karhunen 2019-06-14 361 kfree(entry->lsm[i].args_p);
b169424551930a Janne Karhunen 2019-06-14 362 }
465aee77aae857 Tyler Hicks 2020-07-09 363 }
465aee77aae857 Tyler Hicks 2020-07-09 364
465aee77aae857 Tyler Hicks 2020-07-09 365 static void ima_free_rule(struct ima_rule_entry *entry)
465aee77aae857 Tyler Hicks 2020-07-09 366 {
465aee77aae857 Tyler Hicks 2020-07-09 367 if (!entry)
465aee77aae857 Tyler Hicks 2020-07-09 368 return;
465aee77aae857 Tyler Hicks 2020-07-09 369
465aee77aae857 Tyler Hicks 2020-07-09 370 /*
465aee77aae857 Tyler Hicks 2020-07-09 371 * entry->template->fields may be allocated in ima_parse_rule() but that
465aee77aae857 Tyler Hicks 2020-07-09 372 * reference is owned by the corresponding ima_template_desc element in
465aee77aae857 Tyler Hicks 2020-07-09 373 * the defined_templates list and cannot be freed here
465aee77aae857 Tyler Hicks 2020-07-09 374 */
465aee77aae857 Tyler Hicks 2020-07-09 375 kfree(entry->fsname);
176377d97d6a3f Tyler Hicks 2020-08-11 376 ima_free_rule_opt_list(entry->keyrings);
465aee77aae857 Tyler Hicks 2020-07-09 377 ima_lsm_free_rule(entry);
b169424551930a Janne Karhunen 2019-06-14 378 kfree(entry);
b169424551930a Janne Karhunen 2019-06-14 379 }
b169424551930a Janne Karhunen 2019-06-14 380
b169424551930a Janne Karhunen 2019-06-14 381 static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry)
b169424551930a Janne Karhunen 2019-06-14 382 {
b169424551930a Janne Karhunen 2019-06-14 383 struct ima_rule_entry *nentry;
483ec26eed42bf Janne Karhunen 2020-01-15 384 int i;
b169424551930a Janne Karhunen 2019-06-14 385
b169424551930a Janne Karhunen 2019-06-14 386 /*
b169424551930a Janne Karhunen 2019-06-14 387 * Immutable elements are copied over as pointers and data; only
b169424551930a Janne Karhunen 2019-06-14 388 * lsm rules can change
b169424551930a Janne Karhunen 2019-06-14 389 */
f60c826d031817 Alex Dewar 2020-09-09 390 nentry = kmemdup(entry, sizeof(*nentry), GFP_KERNEL);
f60c826d031817 Alex Dewar 2020-09-09 391 if (!nentry)
f60c826d031817 Alex Dewar 2020-09-09 392 return NULL;
f60c826d031817 Alex Dewar 2020-09-09 393
c593642c8be046 Pankaj Bharadiya 2019-12-09 394 memset(nentry->lsm, 0, sizeof_field(struct ima_rule_entry, lsm));
b169424551930a Janne Karhunen 2019-06-14 395
b169424551930a Janne Karhunen 2019-06-14 396 for (i = 0; i < MAX_LSM_RULES; i++) {
483ec26eed42bf Janne Karhunen 2020-01-15 397 if (!entry->lsm[i].args_p)
b169424551930a Janne Karhunen 2019-06-14 398 continue;
b169424551930a Janne Karhunen 2019-06-14 399
b169424551930a Janne Karhunen 2019-06-14 400 nentry->lsm[i].type = entry->lsm[i].type;
39e5993d0d452b Tyler Hicks 2020-07-09 401 nentry->lsm[i].args_p = entry->lsm[i].args_p;
39e5993d0d452b Tyler Hicks 2020-07-09 402 /*
39e5993d0d452b Tyler Hicks 2020-07-09 403 * Remove the reference from entry so that the associated
39e5993d0d452b Tyler Hicks 2020-07-09 404 * memory will not be freed during a later call to
39e5993d0d452b Tyler Hicks 2020-07-09 405 * ima_lsm_free_rule(entry).
39e5993d0d452b Tyler Hicks 2020-07-09 406 */
39e5993d0d452b Tyler Hicks 2020-07-09 407 entry->lsm[i].args_p = NULL;
b169424551930a Janne Karhunen 2019-06-14 408
b8867eedcf76ca Tyler Hicks 2020-07-10 @409 ima_filter_rule_init(nentry->lsm[i].type, Audit_equal,
b169424551930a Janne Karhunen 2019-06-14 410 nentry->lsm[i].args_p,
b169424551930a Janne Karhunen 2019-06-14 411 &nentry->lsm[i].rule);
483ec26eed42bf Janne Karhunen 2020-01-15 412 if (!nentry->lsm[i].rule)
483ec26eed42bf Janne Karhunen 2020-01-15 413 pr_warn("rule for LSM \'%s\' is undefined\n",
aa0c0227d33171 Tyler Hicks 2020-07-09 414 nentry->lsm[i].args_p);
b169424551930a Janne Karhunen 2019-06-14 415 }
b169424551930a Janne Karhunen 2019-06-14 416 return nentry;
b169424551930a Janne Karhunen 2019-06-14 417 }
b169424551930a Janne Karhunen 2019-06-14 418
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
WARNING: multiple messages have this Message-ID (diff)
From: kernel test robot <lkp@intel.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
casey.schaufler@intel.com, jmorris@namei.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: john.johansen@canonical.com, kbuild-all@lists.01.org,
linux-audit@redhat.com
Subject: Re: [PATCH v31 01/28] integrity: disassociate ima_filter_rule from security_audit_rule
Date: Tue, 14 Dec 2021 21:33:10 +0800 [thread overview]
Message-ID: <202112142134.jipW98iP-lkp@intel.com> (raw)
In-Reply-To: <20211213234034.111891-2-casey@schaufler-ca.com>
Hi Casey,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
[also build test ERROR on nf/master linus/master jmorris-security/next-testing v5.16-rc5]
[cannot apply to pcmoore-audit/next]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20211214-084057
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: openrisc-randconfig-r012-20211213 (https://download.01.org/0day-ci/archive/20211214/202112142134.jipW98iP-lkp@intel.com/config)
compiler: or1k-linux-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/dcedf3ce1784c565747e19c7917ddbcd3422b821
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20211214-084057
git checkout dcedf3ce1784c565747e19c7917ddbcd3422b821
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=openrisc SHELL=/bin/bash
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
security/integrity/ima/ima_policy.c: In function 'ima_lsm_free_rule':
>> security/integrity/ima/ima_policy.c:360:17: error: implicit declaration of function 'ima_filter_rule_free'; did you mean 'ima_file_free'? [-Werror=implicit-function-declaration]
360 | ima_filter_rule_free(entry->lsm[i].rule);
| ^~~~~~~~~~~~~~~~~~~~
| ima_file_free
security/integrity/ima/ima_policy.c: In function 'ima_lsm_copy_rule':
>> security/integrity/ima/ima_policy.c:409:17: error: implicit declaration of function 'ima_filter_rule_init' [-Werror=implicit-function-declaration]
409 | ima_filter_rule_init(nentry->lsm[i].type, Audit_equal,
| ^~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_policy.c: In function 'ima_match_rules':
>> security/integrity/ima/ima_policy.c:625:30: error: implicit declaration of function 'ima_filter_rule_match' [-Werror=implicit-function-declaration]
625 | rc = ima_filter_rule_match(osid, rule->lsm[i].type,
| ^~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
vim +360 security/integrity/ima/ima_policy.c
176377d97d6a3f Tyler Hicks 2020-08-11 354
b169424551930a Janne Karhunen 2019-06-14 355 static void ima_lsm_free_rule(struct ima_rule_entry *entry)
b169424551930a Janne Karhunen 2019-06-14 356 {
b169424551930a Janne Karhunen 2019-06-14 357 int i;
b169424551930a Janne Karhunen 2019-06-14 358
b169424551930a Janne Karhunen 2019-06-14 359 for (i = 0; i < MAX_LSM_RULES; i++) {
b8867eedcf76ca Tyler Hicks 2020-07-10 @360 ima_filter_rule_free(entry->lsm[i].rule);
b169424551930a Janne Karhunen 2019-06-14 361 kfree(entry->lsm[i].args_p);
b169424551930a Janne Karhunen 2019-06-14 362 }
465aee77aae857 Tyler Hicks 2020-07-09 363 }
465aee77aae857 Tyler Hicks 2020-07-09 364
465aee77aae857 Tyler Hicks 2020-07-09 365 static void ima_free_rule(struct ima_rule_entry *entry)
465aee77aae857 Tyler Hicks 2020-07-09 366 {
465aee77aae857 Tyler Hicks 2020-07-09 367 if (!entry)
465aee77aae857 Tyler Hicks 2020-07-09 368 return;
465aee77aae857 Tyler Hicks 2020-07-09 369
465aee77aae857 Tyler Hicks 2020-07-09 370 /*
465aee77aae857 Tyler Hicks 2020-07-09 371 * entry->template->fields may be allocated in ima_parse_rule() but that
465aee77aae857 Tyler Hicks 2020-07-09 372 * reference is owned by the corresponding ima_template_desc element in
465aee77aae857 Tyler Hicks 2020-07-09 373 * the defined_templates list and cannot be freed here
465aee77aae857 Tyler Hicks 2020-07-09 374 */
465aee77aae857 Tyler Hicks 2020-07-09 375 kfree(entry->fsname);
176377d97d6a3f Tyler Hicks 2020-08-11 376 ima_free_rule_opt_list(entry->keyrings);
465aee77aae857 Tyler Hicks 2020-07-09 377 ima_lsm_free_rule(entry);
b169424551930a Janne Karhunen 2019-06-14 378 kfree(entry);
b169424551930a Janne Karhunen 2019-06-14 379 }
b169424551930a Janne Karhunen 2019-06-14 380
b169424551930a Janne Karhunen 2019-06-14 381 static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry)
b169424551930a Janne Karhunen 2019-06-14 382 {
b169424551930a Janne Karhunen 2019-06-14 383 struct ima_rule_entry *nentry;
483ec26eed42bf Janne Karhunen 2020-01-15 384 int i;
b169424551930a Janne Karhunen 2019-06-14 385
b169424551930a Janne Karhunen 2019-06-14 386 /*
b169424551930a Janne Karhunen 2019-06-14 387 * Immutable elements are copied over as pointers and data; only
b169424551930a Janne Karhunen 2019-06-14 388 * lsm rules can change
b169424551930a Janne Karhunen 2019-06-14 389 */
f60c826d031817 Alex Dewar 2020-09-09 390 nentry = kmemdup(entry, sizeof(*nentry), GFP_KERNEL);
f60c826d031817 Alex Dewar 2020-09-09 391 if (!nentry)
f60c826d031817 Alex Dewar 2020-09-09 392 return NULL;
f60c826d031817 Alex Dewar 2020-09-09 393
c593642c8be046 Pankaj Bharadiya 2019-12-09 394 memset(nentry->lsm, 0, sizeof_field(struct ima_rule_entry, lsm));
b169424551930a Janne Karhunen 2019-06-14 395
b169424551930a Janne Karhunen 2019-06-14 396 for (i = 0; i < MAX_LSM_RULES; i++) {
483ec26eed42bf Janne Karhunen 2020-01-15 397 if (!entry->lsm[i].args_p)
b169424551930a Janne Karhunen 2019-06-14 398 continue;
b169424551930a Janne Karhunen 2019-06-14 399
b169424551930a Janne Karhunen 2019-06-14 400 nentry->lsm[i].type = entry->lsm[i].type;
39e5993d0d452b Tyler Hicks 2020-07-09 401 nentry->lsm[i].args_p = entry->lsm[i].args_p;
39e5993d0d452b Tyler Hicks 2020-07-09 402 /*
39e5993d0d452b Tyler Hicks 2020-07-09 403 * Remove the reference from entry so that the associated
39e5993d0d452b Tyler Hicks 2020-07-09 404 * memory will not be freed during a later call to
39e5993d0d452b Tyler Hicks 2020-07-09 405 * ima_lsm_free_rule(entry).
39e5993d0d452b Tyler Hicks 2020-07-09 406 */
39e5993d0d452b Tyler Hicks 2020-07-09 407 entry->lsm[i].args_p = NULL;
b169424551930a Janne Karhunen 2019-06-14 408
b8867eedcf76ca Tyler Hicks 2020-07-10 @409 ima_filter_rule_init(nentry->lsm[i].type, Audit_equal,
b169424551930a Janne Karhunen 2019-06-14 410 nentry->lsm[i].args_p,
b169424551930a Janne Karhunen 2019-06-14 411 &nentry->lsm[i].rule);
483ec26eed42bf Janne Karhunen 2020-01-15 412 if (!nentry->lsm[i].rule)
483ec26eed42bf Janne Karhunen 2020-01-15 413 pr_warn("rule for LSM \'%s\' is undefined\n",
aa0c0227d33171 Tyler Hicks 2020-07-09 414 nentry->lsm[i].args_p);
b169424551930a Janne Karhunen 2019-06-14 415 }
b169424551930a Janne Karhunen 2019-06-14 416 return nentry;
b169424551930a Janne Karhunen 2019-06-14 417 }
b169424551930a Janne Karhunen 2019-06-14 418
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit
WARNING: multiple messages have this Message-ID (diff)
From: kernel test robot <lkp@intel.com>
To: kbuild-all@lists.01.org
Subject: Re: [PATCH v31 01/28] integrity: disassociate ima_filter_rule from security_audit_rule
Date: Tue, 14 Dec 2021 21:33:10 +0800 [thread overview]
Message-ID: <202112142134.jipW98iP-lkp@intel.com> (raw)
In-Reply-To: <20211213234034.111891-2-casey@schaufler-ca.com>
[-- Attachment #1: Type: text/plain, Size: 7912 bytes --]
Hi Casey,
I love your patch! Yet something to improve:
[auto build test ERROR on nf-next/master]
[also build test ERROR on nf/master linus/master jmorris-security/next-testing v5.16-rc5]
[cannot apply to pcmoore-audit/next]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20211214-084057
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
config: openrisc-randconfig-r012-20211213 (https://download.01.org/0day-ci/archive/20211214/202112142134.jipW98iP-lkp(a)intel.com/config)
compiler: or1k-linux-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/dcedf3ce1784c565747e19c7917ddbcd3422b821
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20211214-084057
git checkout dcedf3ce1784c565747e19c7917ddbcd3422b821
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=openrisc SHELL=/bin/bash
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
security/integrity/ima/ima_policy.c: In function 'ima_lsm_free_rule':
>> security/integrity/ima/ima_policy.c:360:17: error: implicit declaration of function 'ima_filter_rule_free'; did you mean 'ima_file_free'? [-Werror=implicit-function-declaration]
360 | ima_filter_rule_free(entry->lsm[i].rule);
| ^~~~~~~~~~~~~~~~~~~~
| ima_file_free
security/integrity/ima/ima_policy.c: In function 'ima_lsm_copy_rule':
>> security/integrity/ima/ima_policy.c:409:17: error: implicit declaration of function 'ima_filter_rule_init' [-Werror=implicit-function-declaration]
409 | ima_filter_rule_init(nentry->lsm[i].type, Audit_equal,
| ^~~~~~~~~~~~~~~~~~~~
security/integrity/ima/ima_policy.c: In function 'ima_match_rules':
>> security/integrity/ima/ima_policy.c:625:30: error: implicit declaration of function 'ima_filter_rule_match' [-Werror=implicit-function-declaration]
625 | rc = ima_filter_rule_match(osid, rule->lsm[i].type,
| ^~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
vim +360 security/integrity/ima/ima_policy.c
176377d97d6a3f Tyler Hicks 2020-08-11 354
b169424551930a Janne Karhunen 2019-06-14 355 static void ima_lsm_free_rule(struct ima_rule_entry *entry)
b169424551930a Janne Karhunen 2019-06-14 356 {
b169424551930a Janne Karhunen 2019-06-14 357 int i;
b169424551930a Janne Karhunen 2019-06-14 358
b169424551930a Janne Karhunen 2019-06-14 359 for (i = 0; i < MAX_LSM_RULES; i++) {
b8867eedcf76ca Tyler Hicks 2020-07-10 @360 ima_filter_rule_free(entry->lsm[i].rule);
b169424551930a Janne Karhunen 2019-06-14 361 kfree(entry->lsm[i].args_p);
b169424551930a Janne Karhunen 2019-06-14 362 }
465aee77aae857 Tyler Hicks 2020-07-09 363 }
465aee77aae857 Tyler Hicks 2020-07-09 364
465aee77aae857 Tyler Hicks 2020-07-09 365 static void ima_free_rule(struct ima_rule_entry *entry)
465aee77aae857 Tyler Hicks 2020-07-09 366 {
465aee77aae857 Tyler Hicks 2020-07-09 367 if (!entry)
465aee77aae857 Tyler Hicks 2020-07-09 368 return;
465aee77aae857 Tyler Hicks 2020-07-09 369
465aee77aae857 Tyler Hicks 2020-07-09 370 /*
465aee77aae857 Tyler Hicks 2020-07-09 371 * entry->template->fields may be allocated in ima_parse_rule() but that
465aee77aae857 Tyler Hicks 2020-07-09 372 * reference is owned by the corresponding ima_template_desc element in
465aee77aae857 Tyler Hicks 2020-07-09 373 * the defined_templates list and cannot be freed here
465aee77aae857 Tyler Hicks 2020-07-09 374 */
465aee77aae857 Tyler Hicks 2020-07-09 375 kfree(entry->fsname);
176377d97d6a3f Tyler Hicks 2020-08-11 376 ima_free_rule_opt_list(entry->keyrings);
465aee77aae857 Tyler Hicks 2020-07-09 377 ima_lsm_free_rule(entry);
b169424551930a Janne Karhunen 2019-06-14 378 kfree(entry);
b169424551930a Janne Karhunen 2019-06-14 379 }
b169424551930a Janne Karhunen 2019-06-14 380
b169424551930a Janne Karhunen 2019-06-14 381 static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry)
b169424551930a Janne Karhunen 2019-06-14 382 {
b169424551930a Janne Karhunen 2019-06-14 383 struct ima_rule_entry *nentry;
483ec26eed42bf Janne Karhunen 2020-01-15 384 int i;
b169424551930a Janne Karhunen 2019-06-14 385
b169424551930a Janne Karhunen 2019-06-14 386 /*
b169424551930a Janne Karhunen 2019-06-14 387 * Immutable elements are copied over as pointers and data; only
b169424551930a Janne Karhunen 2019-06-14 388 * lsm rules can change
b169424551930a Janne Karhunen 2019-06-14 389 */
f60c826d031817 Alex Dewar 2020-09-09 390 nentry = kmemdup(entry, sizeof(*nentry), GFP_KERNEL);
f60c826d031817 Alex Dewar 2020-09-09 391 if (!nentry)
f60c826d031817 Alex Dewar 2020-09-09 392 return NULL;
f60c826d031817 Alex Dewar 2020-09-09 393
c593642c8be046 Pankaj Bharadiya 2019-12-09 394 memset(nentry->lsm, 0, sizeof_field(struct ima_rule_entry, lsm));
b169424551930a Janne Karhunen 2019-06-14 395
b169424551930a Janne Karhunen 2019-06-14 396 for (i = 0; i < MAX_LSM_RULES; i++) {
483ec26eed42bf Janne Karhunen 2020-01-15 397 if (!entry->lsm[i].args_p)
b169424551930a Janne Karhunen 2019-06-14 398 continue;
b169424551930a Janne Karhunen 2019-06-14 399
b169424551930a Janne Karhunen 2019-06-14 400 nentry->lsm[i].type = entry->lsm[i].type;
39e5993d0d452b Tyler Hicks 2020-07-09 401 nentry->lsm[i].args_p = entry->lsm[i].args_p;
39e5993d0d452b Tyler Hicks 2020-07-09 402 /*
39e5993d0d452b Tyler Hicks 2020-07-09 403 * Remove the reference from entry so that the associated
39e5993d0d452b Tyler Hicks 2020-07-09 404 * memory will not be freed during a later call to
39e5993d0d452b Tyler Hicks 2020-07-09 405 * ima_lsm_free_rule(entry).
39e5993d0d452b Tyler Hicks 2020-07-09 406 */
39e5993d0d452b Tyler Hicks 2020-07-09 407 entry->lsm[i].args_p = NULL;
b169424551930a Janne Karhunen 2019-06-14 408
b8867eedcf76ca Tyler Hicks 2020-07-10 @409 ima_filter_rule_init(nentry->lsm[i].type, Audit_equal,
b169424551930a Janne Karhunen 2019-06-14 410 nentry->lsm[i].args_p,
b169424551930a Janne Karhunen 2019-06-14 411 &nentry->lsm[i].rule);
483ec26eed42bf Janne Karhunen 2020-01-15 412 if (!nentry->lsm[i].rule)
483ec26eed42bf Janne Karhunen 2020-01-15 413 pr_warn("rule for LSM \'%s\' is undefined\n",
aa0c0227d33171 Tyler Hicks 2020-07-09 414 nentry->lsm[i].args_p);
b169424551930a Janne Karhunen 2019-06-14 415 }
b169424551930a Janne Karhunen 2019-06-14 416 return nentry;
b169424551930a Janne Karhunen 2019-06-14 417 }
b169424551930a Janne Karhunen 2019-06-14 418
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
next prev parent reply other threads:[~2021-12-14 13:34 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20211213234034.111891-1-casey.ref@schaufler-ca.com>
2021-12-13 23:40 ` [PATCH v31 00/28] LSM: Module stacking for AppArmor Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 01/28] integrity: disassociate ima_filter_rule from security_audit_rule Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-14 13:33 ` kernel test robot [this message]
2021-12-14 13:33 ` kernel test robot
2021-12-14 13:33 ` kernel test robot
2021-12-13 23:40 ` [PATCH v31 02/28] LSM: Infrastructure management of the sock security Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 03/28] LSM: Add the lsmblob data structure Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 04/28] LSM: provide lsm name and id slot mappings Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 05/28] IMA: avoid label collisions with stacked LSMs Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 06/28] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 07/28] LSM: Use lsmblob in security_kernel_act_as Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 08/28] LSM: Use lsmblob in security_secctx_to_secid Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 09/28] LSM: Use lsmblob in security_secid_to_secctx Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 10/28] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 11/28] LSM: Use lsmblob in security_task_getsecid Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 12/28] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 13/28] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-15 9:14 ` kernel test robot
2021-12-15 9:14 ` kernel test robot
2021-12-15 9:14 ` kernel test robot
2021-12-13 23:40 ` [PATCH v31 14/28] LSM: Specify which LSM to display Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-14 18:38 ` Christian Göttsche
2021-12-14 18:38 ` Christian Göttsche
2021-12-14 18:49 ` Casey Schaufler
2021-12-14 18:49 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 15/28] LSM: Ensure the correct LSM context releaser Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 16/28] LSM: Use lsmcontext in security_secid_to_secctx Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 17/28] LSM: Use lsmcontext in security_inode_getsecctx Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 18/28] LSM: security_secid_to_secctx in netlink netfilter Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 19/28] NET: Store LSM netlabel data in a lsmblob Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 20/28] binder: Pass LSM identifier for confirmation Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 21/28] LSM: Extend security_secid_to_secctx to include module selection Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 22/28] Audit: Keep multiple LSM data in audit_names Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 23/28] Audit: Create audit_stamp structure Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 24/28] Audit: Add framework for auxiliary records Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 25/28] Audit: Add record for multiple task security contexts Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 26/28] Audit: Add record for multiple object " Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-14 13:12 ` kernel test robot
2021-12-14 13:12 ` kernel test robot
2021-12-14 13:12 ` kernel test robot
2021-12-14 13:22 ` kernel test robot
2021-12-14 13:22 ` kernel test robot
2021-12-14 13:22 ` kernel test robot
2021-12-13 23:40 ` [PATCH v31 27/28] LSM: Add /proc attr entry for full LSM context Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
2021-12-13 23:40 ` [PATCH v31 28/28] AppArmor: Remove the exclusive flag Casey Schaufler
2021-12-13 23:40 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202112142134.jipW98iP-lkp@intel.com \
--to=lkp@intel.com \
--cc=casey.schaufler@intel.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=kbuild-all@lists.01.org \
--cc=keescook@chromium.org \
--cc=linux-audit@redhat.com \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.