From: kernel test robot <lkp@intel.com>
To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
zohar@linux.ibm.com, stephen.smalley.work@gmail.com,
casey@schaufler-ca.com
Cc: kbuild-all@lists.01.org, jmorris@namei.org,
linux-integrity@vger.kernel.org, selinux@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 4/5] LSM: Define SELinux function to measure security state
Date: Sat, 18 Jul 2020 11:14:54 +0800 [thread overview]
Message-ID: <202007181027.UwJXCNXk%lkp@intel.com> (raw)
In-Reply-To: <20200717222819.26198-5-nramas@linux.microsoft.com>
[-- Attachment #1: Type: text/plain, Size: 3792 bytes --]
Hi Lakshmi,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on integrity/next-integrity]
[cannot apply to pcmoore-selinux/next security/next-testing linus/master v5.8-rc5 next-20200717]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Lakshmi-Ramasubramanian/LSM-Measure-security-module-state/20200718-063111
base: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
config: parisc-allyesconfig (attached as .config)
compiler: hppa-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=parisc
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
security/selinux/measure.c: In function 'selinux_measure_state':
security/selinux/measure.c:132:11: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits]
132 | if (curr >= 0 && curr < selinux_state_string_len)
| ^~
>> security/selinux/measure.c:148:2: error: implicit declaration of function 'vfree'; did you mean 'kvfree'? [-Werror=implicit-function-declaration]
148 | vfree(policy);
| ^~~~~
| kvfree
cc1: some warnings being treated as errors
vim +148 security/selinux/measure.c
94
95 void selinux_measure_state(struct selinux_state *selinux_state)
96 {
97 void *policy = NULL;
98 void *policy_hash = NULL;
99 size_t curr, buflen;
100 int i, policy_hash_len, rc = 0;
101
102 if (!selinux_initialized(selinux_state)) {
103 pr_warn("%s: SELinux not yet initialized.\n", __func__);
104 return;
105 }
106
107 if (!selinux_state_string) {
108 pr_warn("%s: Buffer for state not allocated.\n", __func__);
109 return;
110 }
111
112 curr = snprintf(selinux_state_string, selinux_state_string_len,
113 str_format, "enabled",
114 !selinux_disabled(selinux_state));
115 curr += snprintf((selinux_state_string + curr),
116 (selinux_state_string_len - curr),
117 str_format, "enforcing",
118 enforcing_enabled(selinux_state));
119 curr += snprintf((selinux_state_string + curr),
120 (selinux_state_string_len - curr),
121 str_format, "checkreqprot",
122 selinux_checkreqprot(selinux_state));
123
124 for (i = 3; i < selinux_state_count; i++) {
125 curr += snprintf((selinux_state_string + curr),
126 (selinux_state_string_len - curr),
127 str_format,
128 selinux_policycap_names[i - 3],
129 selinux_state->policycap[i - 3]);
130 }
131
> 132 if (curr >= 0 && curr < selinux_state_string_len)
133 ima_lsm_state("selinux-state", selinux_state_string, curr);
134 else {
135 rc = -EINVAL;
136 goto out;
137 }
138
139 rc = security_read_policy_kernel(selinux_state, &policy, &buflen);
140 if (!rc)
141 rc = selinux_hash_policy("sha256", policy, buflen,
142 &policy_hash, &policy_hash_len);
143 if (!rc)
144 ima_lsm_state("selinux-policy-hash", policy_hash,
145 policy_hash_len);
146
147 out:
> 148 vfree(policy);
149 kfree(policy_hash);
150 }
151
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 65334 bytes --]
WARNING: multiple messages have this Message-ID (diff)
From: kernel test robot <lkp@intel.com>
To: kbuild-all@lists.01.org
Subject: Re: [PATCH v3 4/5] LSM: Define SELinux function to measure security state
Date: Sat, 18 Jul 2020 11:14:54 +0800 [thread overview]
Message-ID: <202007181027.UwJXCNXk%lkp@intel.com> (raw)
In-Reply-To: <20200717222819.26198-5-nramas@linux.microsoft.com>
[-- Attachment #1: Type: text/plain, Size: 3893 bytes --]
Hi Lakshmi,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on integrity/next-integrity]
[cannot apply to pcmoore-selinux/next security/next-testing linus/master v5.8-rc5 next-20200717]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Lakshmi-Ramasubramanian/LSM-Measure-security-module-state/20200718-063111
base: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
config: parisc-allyesconfig (attached as .config)
compiler: hppa-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=parisc
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
security/selinux/measure.c: In function 'selinux_measure_state':
security/selinux/measure.c:132:11: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits]
132 | if (curr >= 0 && curr < selinux_state_string_len)
| ^~
>> security/selinux/measure.c:148:2: error: implicit declaration of function 'vfree'; did you mean 'kvfree'? [-Werror=implicit-function-declaration]
148 | vfree(policy);
| ^~~~~
| kvfree
cc1: some warnings being treated as errors
vim +148 security/selinux/measure.c
94
95 void selinux_measure_state(struct selinux_state *selinux_state)
96 {
97 void *policy = NULL;
98 void *policy_hash = NULL;
99 size_t curr, buflen;
100 int i, policy_hash_len, rc = 0;
101
102 if (!selinux_initialized(selinux_state)) {
103 pr_warn("%s: SELinux not yet initialized.\n", __func__);
104 return;
105 }
106
107 if (!selinux_state_string) {
108 pr_warn("%s: Buffer for state not allocated.\n", __func__);
109 return;
110 }
111
112 curr = snprintf(selinux_state_string, selinux_state_string_len,
113 str_format, "enabled",
114 !selinux_disabled(selinux_state));
115 curr += snprintf((selinux_state_string + curr),
116 (selinux_state_string_len - curr),
117 str_format, "enforcing",
118 enforcing_enabled(selinux_state));
119 curr += snprintf((selinux_state_string + curr),
120 (selinux_state_string_len - curr),
121 str_format, "checkreqprot",
122 selinux_checkreqprot(selinux_state));
123
124 for (i = 3; i < selinux_state_count; i++) {
125 curr += snprintf((selinux_state_string + curr),
126 (selinux_state_string_len - curr),
127 str_format,
128 selinux_policycap_names[i - 3],
129 selinux_state->policycap[i - 3]);
130 }
131
> 132 if (curr >= 0 && curr < selinux_state_string_len)
133 ima_lsm_state("selinux-state", selinux_state_string, curr);
134 else {
135 rc = -EINVAL;
136 goto out;
137 }
138
139 rc = security_read_policy_kernel(selinux_state, &policy, &buflen);
140 if (!rc)
141 rc = selinux_hash_policy("sha256", policy, buflen,
142 &policy_hash, &policy_hash_len);
143 if (!rc)
144 ima_lsm_state("selinux-policy-hash", policy_hash,
145 policy_hash_len);
146
147 out:
> 148 vfree(policy);
149 kfree(policy_hash);
150 }
151
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
[-- Attachment #2: config.gz --]
[-- Type: application/gzip, Size: 65334 bytes --]
next prev parent reply other threads:[~2020-07-18 3:16 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-17 22:28 [PATCH v3 0/5] LSM: Measure security module state Lakshmi Ramasubramanian
2020-07-17 22:28 ` [PATCH v3 1/5] IMA: Add LSM_STATE func to measure LSM data Lakshmi Ramasubramanian
2020-07-17 22:28 ` [PATCH v3 2/5] IMA: Define an IMA hook " Lakshmi Ramasubramanian
2020-07-17 22:28 ` [PATCH v3 3/5] LSM: Add security_measure_data in lsm_info struct Lakshmi Ramasubramanian
2020-07-17 22:28 ` [PATCH v3 4/5] LSM: Define SELinux function to measure security state Lakshmi Ramasubramanian
2020-07-18 3:14 ` kernel test robot [this message]
2020-07-18 3:14 ` kernel test robot
2020-07-20 2:04 ` Lakshmi Ramasubramanian
2020-07-18 3:38 ` kernel test robot
2020-07-18 3:38 ` kernel test robot
2020-07-18 15:31 ` kernel test robot
2020-07-18 15:31 ` kernel test robot
2020-07-18 15:31 ` [RFC PATCH] LSM: security_read_selinux_policy() can be static kernel test robot
2020-07-18 15:31 ` kernel test robot
2020-07-20 14:31 ` [PATCH v3 4/5] LSM: Define SELinux function to measure security state Stephen Smalley
2020-07-20 15:17 ` Lakshmi Ramasubramanian
2020-07-20 17:06 ` Stephen Smalley
2020-07-20 17:26 ` Mimi Zohar
2020-07-20 17:34 ` Lakshmi Ramasubramanian
2020-07-20 17:40 ` Stephen Smalley
2020-07-20 17:49 ` Stephen Smalley
2020-07-20 18:27 ` Lakshmi Ramasubramanian
2020-07-20 18:44 ` Stephen Smalley
2020-07-20 18:59 ` Lakshmi Ramasubramanian
2020-07-17 22:28 ` [PATCH v3 5/5] LSM: Define workqueue for measuring security module state Lakshmi Ramasubramanian
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202007181027.UwJXCNXk%lkp@intel.com \
--to=lkp@intel.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=kbuild-all@lists.01.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nramas@linux.microsoft.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.