* [dhowells-fs:keys-acl 1/5] security/smack/smack_lsm.c:4258:3: error: 'auth_can_override' undeclared
@ 2020-07-16 20:52 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2020-07-16 20:52 UTC (permalink / raw)
To: kbuild-all
[-- Attachment #1: Type: text/plain, Size: 6404 bytes --]
tree: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-acl
head: 2a3c3edfc979691a7dc4733da827f508da90995a
commit: 0c172f6031ad95d98e74806335feb64d461816b8 [1/5] keys: Move permissions checking decisions into the checking code
config: i386-allyesconfig (attached as .config)
compiler: gcc-9 (Debian 9.3.0-14) 9.3.0
reproduce (this is a W=1 build):
git checkout 0c172f6031ad95d98e74806335feb64d461816b8
# save the attached .config to linux build tree
make W=1 ARCH=i386
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All error/warnings (new ones prefixed by >>):
security/smack/smack_lsm.c: In function 'smack_key_permission':
>> security/smack/smack_lsm.c:4258:3: error: 'auth_can_override' undeclared (first use in this function)
4258 | auth_can_override = true;
| ^~~~~~~~~~~~~~~~~
security/smack/smack_lsm.c:4258:3: note: each undeclared identifier is reported only once for each function it appears in
>> security/smack/smack_lsm.c:4309:10: error: dereferencing pointer to incomplete type 'struct request_key_auth'
4309 | if (rka->target_key == key)
| ^~
>> security/smack/smack_lsm.c:4309:26: error: 'key' undeclared (first use in this function)
4309 | if (rka->target_key == key)
| ^~~
>> security/smack/smack_lsm.c:4310:5: error: '_perm' undeclared (first use in this function)
4310 | *_perm = 0;
| ^~~~~
--
security/selinux/hooks.c: In function 'selinux_keyperm_to_av':
>> security/selinux/hooks.c:6548:7: warning: variable 'sysadmin_can_override' set but not used [-Wunused-but-set-variable]
6548 | bool sysadmin_can_override = false;
| ^~~~~~~~~~~~~~~~~~~~~
In file included from arch/x86/include/asm/page_32.h:35,
from arch/x86/include/asm/page.h:14,
from arch/x86/include/asm/thread_info.h:12,
from include/linux/thread_info.h:38,
from arch/x86/include/asm/preempt.h:7,
from include/linux/preempt.h:78,
from include/linux/rcupdate.h:27,
from include/linux/rculist.h:11,
from include/linux/pid.h:5,
from include/linux/sched.h:14,
from include/linux/tracehook.h:46,
from security/selinux/hooks.c:27:
In function 'strncpy',
inlined from 'selinux_ib_endport_manage_subnet' at security/selinux/hooks.c:6769:2:
include/linux/string.h:297:30: warning: '__builtin_strncpy' specified bound 64 equals destination size [-Wstringop-truncation]
297 | #define __underlying_strncpy __builtin_strncpy
| ^
include/linux/string.h:307:9: note: in expansion of macro '__underlying_strncpy'
307 | return __underlying_strncpy(p, q, size);
| ^~~~~~~~~~~~~~~~~~~~
vim +/auth_can_override +4258 security/smack/smack_lsm.c
4212
4213 /**
4214 * smack_key_permission - Smack access on a key
4215 * @key_ref: gets to the object
4216 * @cred: the credentials to use
4217 * @need_perm: requested key permission
4218 *
4219 * Return 0 if the task has read and write to the object,
4220 * an error code otherwise
4221 */
4222 static int smack_key_permission(key_ref_t key_ref,
4223 const struct cred *cred,
4224 enum key_need_perm need_perm,
4225 unsigned int flags)
4226 {
4227 struct key *keyp;
4228 struct smk_audit_info ad;
4229 struct smack_known *tkp = smk_of_task(smack_cred(cred));
4230 int request = 0;
4231 int rc;
4232
4233 keyp = key_ref_to_ptr(key_ref);
4234 if (keyp == NULL)
4235 return -EINVAL;
4236 /*
4237 * If the key hasn't been initialized give it access so that
4238 * it may do so.
4239 */
4240 if (keyp->security == NULL)
4241 return 0;
4242 /*
4243 * This should not occur
4244 */
4245 if (tkp == NULL)
4246 return -EACCES;
4247
4248 /*
4249 * Validate requested permissions
4250 */
4251 switch (need_perm) {
4252 case KEY_NEED_ASSUME_AUTHORITY:
4253 return 0;
4254
4255 case KEY_NEED_DESCRIBE:
4256 case KEY_NEED_GET_SECURITY:
4257 request |= MAY_READ;
> 4258 auth_can_override = true;
4259 break;
4260
4261 case KEY_NEED_CHOWN:
4262 case KEY_NEED_INVALIDATE:
4263 case KEY_NEED_JOIN:
4264 case KEY_NEED_LINK:
4265 case KEY_NEED_KEYRING_ADD:
4266 case KEY_NEED_KEYRING_CLEAR:
4267 case KEY_NEED_KEYRING_DELETE:
4268 case KEY_NEED_REVOKE:
4269 case KEY_NEED_SETPERM:
4270 case KEY_NEED_SET_RESTRICTION:
4271 case KEY_NEED_UPDATE:
4272 request |= MAY_WRITE;
4273 break;
4274
4275 case KEY_NEED_INSTANTIATE:
4276 auth_can_override = true;
4277 break;
4278
4279 case KEY_NEED_READ:
4280 case KEY_NEED_SEARCH:
4281 case KEY_NEED_USE:
4282 case KEY_NEED_WATCH:
4283 request |= MAY_READ;
4284 break;
4285
4286 case KEY_NEED_SET_TIMEOUT:
4287 request |= MAY_WRITE;
4288 auth_can_override = true;
4289 break;
4290
4291 case KEY_NEED_UNLINK:
4292 return 0; /* Mustn't prevent this; KEY_FLAG_KEEP is already
4293 * dealt with. */
4294
4295 default:
4296 WARN_ON(1);
4297 return -EINVAL;
4298 }
4299
4300 /* Just allow the operation if the process has an authorisation token.
4301 * The presence of the token means that the kernel delegated
4302 * instantiation of a key to the process - which is problematic if we
4303 * then say that the process isn't allowed to get the description of
4304 * the key or actually instantiate it.
4305 */
4306 if (auth_can_override && cred->request_key_auth) {
4307 struct request_key_auth *rka =
4308 cred->request_key_auth->payload.data[0];
> 4309 if (rka->target_key == key)
> 4310 *_perm = 0;
4311 }
4312
4313 if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred))
4314 return 0;
4315
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 74068 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-07-16 20:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-16 20:52 [dhowells-fs:keys-acl 1/5] security/smack/smack_lsm.c:4258:3: error: 'auth_can_override' undeclared kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.