All of lore.kernel.org
 help / color / mirror / Atom feed
* [dhowells-fs:keys-acl 1/5] security/smack/smack_lsm.c:4258:3: error: 'auth_can_override' undeclared
@ 2020-07-16 20:52 kernel test robot
  0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2020-07-16 20:52 UTC (permalink / raw)
  To: kbuild-all

[-- Attachment #1: Type: text/plain, Size: 6404 bytes --]

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-acl
head:   2a3c3edfc979691a7dc4733da827f508da90995a
commit: 0c172f6031ad95d98e74806335feb64d461816b8 [1/5] keys: Move permissions checking decisions into the checking code
config: i386-allyesconfig (attached as .config)
compiler: gcc-9 (Debian 9.3.0-14) 9.3.0
reproduce (this is a W=1 build):
        git checkout 0c172f6031ad95d98e74806335feb64d461816b8
        # save the attached .config to linux build tree
        make W=1 ARCH=i386 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All error/warnings (new ones prefixed by >>):

   security/smack/smack_lsm.c: In function 'smack_key_permission':
>> security/smack/smack_lsm.c:4258:3: error: 'auth_can_override' undeclared (first use in this function)
    4258 |   auth_can_override = true;
         |   ^~~~~~~~~~~~~~~~~
   security/smack/smack_lsm.c:4258:3: note: each undeclared identifier is reported only once for each function it appears in
>> security/smack/smack_lsm.c:4309:10: error: dereferencing pointer to incomplete type 'struct request_key_auth'
    4309 |   if (rka->target_key == key)
         |          ^~
>> security/smack/smack_lsm.c:4309:26: error: 'key' undeclared (first use in this function)
    4309 |   if (rka->target_key == key)
         |                          ^~~
>> security/smack/smack_lsm.c:4310:5: error: '_perm' undeclared (first use in this function)
    4310 |    *_perm = 0;
         |     ^~~~~
--
   security/selinux/hooks.c: In function 'selinux_keyperm_to_av':
>> security/selinux/hooks.c:6548:7: warning: variable 'sysadmin_can_override' set but not used [-Wunused-but-set-variable]
    6548 |  bool sysadmin_can_override = false;
         |       ^~~~~~~~~~~~~~~~~~~~~
   In file included from arch/x86/include/asm/page_32.h:35,
                    from arch/x86/include/asm/page.h:14,
                    from arch/x86/include/asm/thread_info.h:12,
                    from include/linux/thread_info.h:38,
                    from arch/x86/include/asm/preempt.h:7,
                    from include/linux/preempt.h:78,
                    from include/linux/rcupdate.h:27,
                    from include/linux/rculist.h:11,
                    from include/linux/pid.h:5,
                    from include/linux/sched.h:14,
                    from include/linux/tracehook.h:46,
                    from security/selinux/hooks.c:27:
   In function 'strncpy',
       inlined from 'selinux_ib_endport_manage_subnet' at security/selinux/hooks.c:6769:2:
   include/linux/string.h:297:30: warning: '__builtin_strncpy' specified bound 64 equals destination size [-Wstringop-truncation]
     297 | #define __underlying_strncpy __builtin_strncpy
         |                              ^
   include/linux/string.h:307:9: note: in expansion of macro '__underlying_strncpy'
     307 |  return __underlying_strncpy(p, q, size);
         |         ^~~~~~~~~~~~~~~~~~~~

vim +/auth_can_override +4258 security/smack/smack_lsm.c

  4212	
  4213	/**
  4214	 * smack_key_permission - Smack access on a key
  4215	 * @key_ref: gets to the object
  4216	 * @cred: the credentials to use
  4217	 * @need_perm: requested key permission
  4218	 *
  4219	 * Return 0 if the task has read and write to the object,
  4220	 * an error code otherwise
  4221	 */
  4222	static int smack_key_permission(key_ref_t key_ref,
  4223					const struct cred *cred,
  4224					enum key_need_perm need_perm,
  4225					unsigned int flags)
  4226	{
  4227		struct key *keyp;
  4228		struct smk_audit_info ad;
  4229		struct smack_known *tkp = smk_of_task(smack_cred(cred));
  4230		int request = 0;
  4231		int rc;
  4232	
  4233		keyp = key_ref_to_ptr(key_ref);
  4234		if (keyp == NULL)
  4235			return -EINVAL;
  4236		/*
  4237		 * If the key hasn't been initialized give it access so that
  4238		 * it may do so.
  4239		 */
  4240		if (keyp->security == NULL)
  4241			return 0;
  4242		/*
  4243		 * This should not occur
  4244		 */
  4245		if (tkp == NULL)
  4246			return -EACCES;
  4247	
  4248		/*
  4249		 * Validate requested permissions
  4250		 */
  4251		switch (need_perm) {
  4252		case KEY_NEED_ASSUME_AUTHORITY:
  4253			return 0;
  4254	
  4255		case KEY_NEED_DESCRIBE:
  4256		case KEY_NEED_GET_SECURITY:
  4257			request |= MAY_READ;
> 4258			auth_can_override = true;
  4259			break;
  4260	
  4261		case KEY_NEED_CHOWN:
  4262		case KEY_NEED_INVALIDATE:
  4263		case KEY_NEED_JOIN:
  4264		case KEY_NEED_LINK:
  4265		case KEY_NEED_KEYRING_ADD:
  4266		case KEY_NEED_KEYRING_CLEAR:
  4267		case KEY_NEED_KEYRING_DELETE:
  4268		case KEY_NEED_REVOKE:
  4269		case KEY_NEED_SETPERM:
  4270		case KEY_NEED_SET_RESTRICTION:
  4271		case KEY_NEED_UPDATE:
  4272			request |= MAY_WRITE;
  4273			break;
  4274	
  4275		case KEY_NEED_INSTANTIATE:
  4276			auth_can_override = true;
  4277			break;
  4278	
  4279		case KEY_NEED_READ:
  4280		case KEY_NEED_SEARCH:
  4281		case KEY_NEED_USE:
  4282		case KEY_NEED_WATCH:
  4283			request |= MAY_READ;
  4284			break;
  4285	
  4286		case KEY_NEED_SET_TIMEOUT:
  4287			request |= MAY_WRITE;
  4288			auth_can_override = true;
  4289			break;
  4290	
  4291		case KEY_NEED_UNLINK:
  4292			return 0; /* Mustn't prevent this; KEY_FLAG_KEEP is already
  4293				   * dealt with. */
  4294	
  4295		default:
  4296			WARN_ON(1);
  4297			return -EINVAL;
  4298		}
  4299	
  4300		/* Just allow the operation if the process has an authorisation token.
  4301		 * The presence of the token means that the kernel delegated
  4302		 * instantiation of a key to the process - which is problematic if we
  4303		 * then say that the process isn't allowed to get the description of
  4304		 * the key or actually instantiate it.
  4305		 */
  4306		if (auth_can_override && cred->request_key_auth) {
  4307			struct request_key_auth *rka =
  4308				cred->request_key_auth->payload.data[0];
> 4309			if (rka->target_key == key)
> 4310				*_perm = 0;
  4311		}
  4312	
  4313		if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred))
  4314			return 0;
  4315	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org

[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 74068 bytes --]

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2020-07-16 20:52 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-16 20:52 [dhowells-fs:keys-acl 1/5] security/smack/smack_lsm.c:4258:3: error: 'auth_can_override' undeclared kernel test robot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.