Hi Deven, [FYI, it's a private test report for your RFC patch.] [auto build test WARNING on dm/for-next] [also build test WARNING on pcmoore-selinux/next linus/master v5.8-rc5 next-20200717] [cannot apply to security/next-testing] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/Deven-Bowers/Integrity-Policy-Enforcement-LSM-IPE/20200718-071232 base: https://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm.git for-next config: m68k-allmodconfig (attached as .config) compiler: m68k-linux-gcc (GCC) 9.3.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=m68k If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot All warnings (new ones prefixed by >>): In file included from arch/m68k/include/asm/io_mm.h:25, from arch/m68k/include/asm/io.h:8, from include/linux/scatterlist.h:9, from include/linux/dma-mapping.h:11, from include/linux/skbuff.h:31, from include/linux/lsm_audit.h:24, from security/ipe/ipe-property.h:9, from security/ipe/ipe-policy.h:7, from security/ipe/ipe-parse.h:6, from security/ipe/ipe-secfs.c:7: arch/m68k/include/asm/raw_io.h: In function 'raw_rom_outsb': arch/m68k/include/asm/raw_io.h:83:7: warning: variable '__w' set but not used [-Wunused-but-set-variable] 83 | ({u8 __w, __v = (b); u32 _addr = ((u32) (addr)); \ | ^~~ arch/m68k/include/asm/raw_io.h:430:3: note: in expansion of macro 'rom_out_8' 430 | rom_out_8(port, *buf++); | ^~~~~~~~~ arch/m68k/include/asm/raw_io.h: In function 'raw_rom_outsw': arch/m68k/include/asm/raw_io.h:86:8: warning: variable '__w' set but not used [-Wunused-but-set-variable] 86 | ({u16 __w, __v = (w); u32 _addr = ((u32) (addr)); \ | ^~~ arch/m68k/include/asm/raw_io.h:448:3: note: in expansion of macro 'rom_out_be16' 448 | rom_out_be16(port, *buf++); | ^~~~~~~~~~~~ arch/m68k/include/asm/raw_io.h: In function 'raw_rom_outsw_swapw': arch/m68k/include/asm/raw_io.h:90:8: warning: variable '__w' set but not used [-Wunused-but-set-variable] 90 | ({u16 __w, __v = (w); u32 _addr = ((u32) (addr)); \ | ^~~ arch/m68k/include/asm/raw_io.h:466:3: note: in expansion of macro 'rom_out_le16' 466 | rom_out_le16(port, *buf++); | ^~~~~~~~~~~~ In file included from include/linux/kernel.h:11, from include/linux/list.h:9, from include/linux/wait.h:7, from include/linux/wait_bit.h:8, from include/linux/fs.h:6, from security/ipe/ipe.h:12, from security/ipe/ipe-secfs.c:6: include/linux/scatterlist.h: In function 'sg_set_buf': arch/m68k/include/asm/page_mm.h:169:49: warning: ordered comparison of pointer with null pointer [-Wextra] 169 | #define virt_addr_valid(kaddr) ((void *)(kaddr) >= (void *)PAGE_OFFSET && (void *)(kaddr) < high_memory) | ^~ include/linux/compiler.h:78:42: note: in definition of macro 'unlikely' 78 | # define unlikely(x) __builtin_expect(!!(x), 0) | ^ include/linux/scatterlist.h:143:2: note: in expansion of macro 'BUG_ON' 143 | BUG_ON(!virt_addr_valid(buf)); | ^~~~~~ include/linux/scatterlist.h:143:10: note: in expansion of macro 'virt_addr_valid' 143 | BUG_ON(!virt_addr_valid(buf)); | ^~~~~~~~~~~~~~~ In file included from arch/m68k/include/asm/bug.h:32, from include/linux/bug.h:5, from include/linux/thread_info.h:12, from include/asm-generic/preempt.h:5, from ./arch/m68k/include/generated/asm/preempt.h:1, from include/linux/preempt.h:78, from include/linux/spinlock.h:51, from include/linux/wait.h:9, from include/linux/wait_bit.h:8, from include/linux/fs.h:6, from security/ipe/ipe.h:12, from security/ipe/ipe-secfs.c:6: include/linux/dma-mapping.h: In function 'dma_map_resource': arch/m68k/include/asm/page_mm.h:169:49: warning: ordered comparison of pointer with null pointer [-Wextra] 169 | #define virt_addr_valid(kaddr) ((void *)(kaddr) >= (void *)PAGE_OFFSET && (void *)(kaddr) < high_memory) | ^~ include/asm-generic/bug.h:144:27: note: in definition of macro 'WARN_ON_ONCE' 144 | int __ret_warn_once = !!(condition); \ | ^~~~~~~~~ arch/m68k/include/asm/page_mm.h:170:25: note: in expansion of macro 'virt_addr_valid' 170 | #define pfn_valid(pfn) virt_addr_valid(pfn_to_virt(pfn)) | ^~~~~~~~~~~~~~~ include/linux/dma-mapping.h:352:19: note: in expansion of macro 'pfn_valid' 352 | if (WARN_ON_ONCE(pfn_valid(PHYS_PFN(phys_addr)))) | ^~~~~~~~~ security/ipe/ipe-secfs.c: At top level: >> security/ipe/ipe-secfs.c:1021:5: warning: no previous prototype for 'ipe_build_policy_secfs_node' [-Wmissing-prototypes] 1021 | int ipe_build_policy_secfs_node(const u8 *data, size_t len) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ >> security/ipe/ipe-secfs.c:1116:12: warning: no previous prototype for 'ipe_build_secfs_root' [-Wmissing-prototypes] 1116 | int __init ipe_build_secfs_root(void) | ^~~~~~~~~~~~~~~~~~~~ >> security/ipe/ipe-secfs.c:1290:12: warning: no previous prototype for 'ipe_securityfs_init' [-Wmissing-prototypes] 1290 | int __init ipe_securityfs_init(void) | ^~~~~~~~~~~~~~~~~~~ vim +/ipe_build_policy_secfs_node +1021 security/ipe/ipe-secfs.c 1009 1010 /** 1011 * ipe_build_policy_secfs_node: Build a new securityfs node for IPE policies. 1012 * @data: Raw enveloped PKCS#7 data that represents the policy. 1013 * @len: Length of @data. 1014 * 1015 * Return: 1016 * 0 - OK 1017 * -EEXIST - Policy already exists 1018 * -EBADMSG - Invalid policy syntax 1019 * -ENOMEM - Out of memory 1020 */ > 1021 int ipe_build_policy_secfs_node(const u8 *data, size_t len) 1022 { 1023 int rc = 0; 1024 struct dentry *root = NULL; 1025 struct inode *root_i = NULL; 1026 struct crypto_shash *tfm = NULL; 1027 struct ipe_policy_node *node = NULL; 1028 1029 tfm = crypto_alloc_shash("sha1", 0, 0); 1030 if (IS_ERR(tfm)) { 1031 rc = PTR_ERR(tfm); 1032 goto out; 1033 } 1034 1035 node = ipe_alloc_policy_node(data, len); 1036 if (IS_ERR(node)) { 1037 rc = PTR_ERR(node); 1038 goto free_hash; 1039 } 1040 1041 root = securityfs_create_dir(node->parsed->policy_name, 1042 policies_root); 1043 if (IS_ERR(root)) { 1044 rc = PTR_ERR(root); 1045 goto free_private; 1046 } 1047 1048 root_i = d_inode(root); 1049 1050 inode_lock(root_i); 1051 root_i->i_private = node; 1052 ipe_audit_policy_load(node->parsed, node->data, node->data_len, tfm); 1053 inode_unlock(root_i); 1054 1055 rc = ipe_alloc_policy_tree(root); 1056 if (rc) 1057 goto free_secfs; 1058 1059 crypto_free_shash(tfm); 1060 return rc; 1061 1062 free_secfs: 1063 securityfs_remove(root); 1064 free_private: 1065 ipe_free_policy_node(node); 1066 free_hash: 1067 crypto_free_shash(tfm); 1068 out: 1069 return rc; 1070 } 1071 1072 /** 1073 * ipe_new_policy: Entry point of the securityfs node, "ipe/new_policy". 1074 * @f: File representing the securityfs entry. 1075 * @data: Raw enveloped PKCS#7 data that represents the policy. 1076 * @len: Length of @data. 1077 * @offset: Offset for @data. 1078 * 1079 * Return: 1080 * > 0 - OK 1081 * -EEXIST - Policy already exists 1082 * -EBADMSG - Invalid policy syntax 1083 * -ENOMEM - Out of memory 1084 * -EPERM - if a MAC subsystem is enabled, missing CAP_MAC_ADMIN 1085 */ 1086 static ssize_t ipe_new_policy(struct file *f, const char __user *data, 1087 size_t len, loff_t *offset) 1088 { 1089 ssize_t rc = 0; 1090 u8 *cpy = NULL; 1091 1092 if (!file_ns_capable(f, &init_user_ns, CAP_MAC_ADMIN)) 1093 return -EPERM; 1094 1095 cpy = memdup_user(data, len); 1096 if (IS_ERR(cpy)) 1097 return PTR_ERR(cpy); 1098 1099 rc = ipe_build_policy_secfs_node(cpy, len); 1100 1101 kfree(cpy); 1102 return rc < 0 ? rc : len; 1103 } 1104 1105 static const struct file_operations new_policy_ops = { 1106 .write = ipe_new_policy 1107 }; 1108 1109 /** 1110 * ipe_build_secfs_root: Build the root of securityfs for IPE. 1111 * 1112 * Return: 1113 * 0 - OK 1114 * !0 - See securityfs_create_dir and securityfs_create_file 1115 */ > 1116 int __init ipe_build_secfs_root(void) 1117 { 1118 int rc = 0; 1119 struct dentry *new = NULL; 1120 struct dentry *cfg = NULL; 1121 struct dentry *root = NULL; 1122 struct dentry *audit = NULL; 1123 struct dentry *enforce = NULL; 1124 struct dentry *policies = NULL; 1125 1126 root = securityfs_create_dir(IPE_ROOT, NULL); 1127 if (IS_ERR(root)) { 1128 rc = PTR_ERR(root); 1129 goto out; 1130 } 1131 1132 new = securityfs_create_file(NEW_POLICY, 0644, root, NULL, 1133 &new_policy_ops); 1134 if (IS_ERR(new)) { 1135 rc = PTR_ERR(new); 1136 goto out_free_root; 1137 } 1138 1139 policies = securityfs_create_dir(IPE_POLICIES, root); 1140 if (IS_ERR(policies)) { 1141 rc = PTR_ERR(policies); 1142 goto out_free_new; 1143 } 1144 1145 cfg = securityfs_create_file(IPE_PROPERTY_CFG, 0444, root, NULL, 1146 &prop_cfg_ops); 1147 if (IS_ERR(cfg)) { 1148 rc = PTR_ERR(cfg); 1149 goto out_free_policies; 1150 } 1151 1152 audit = securityfs_create_file(IPE_SUCCESS_AUDIT, 0644, root, NULL, 1153 &audit_ops); 1154 if (IS_ERR(cfg)) { 1155 rc = PTR_ERR(audit); 1156 goto out_free_cfg; 1157 } 1158 1159 enforce = ipe_init_enforce_node(root); 1160 if (IS_ERR(enforce)) { 1161 rc = PTR_ERR(audit); 1162 goto out_free_audit; 1163 } 1164 1165 securityfs_root = root; 1166 new_policy_node = new; 1167 policies_root = policies; 1168 property_cfg_node = cfg; 1169 success_audit_node = audit; 1170 enforce_node = enforce; 1171 1172 return rc; 1173 1174 out_free_audit: 1175 securityfs_remove(audit); 1176 out_free_cfg: 1177 securityfs_remove(cfg); 1178 out_free_policies: 1179 securityfs_remove(policies); 1180 out_free_new: 1181 securityfs_remove(new); 1182 out_free_root: 1183 securityfs_remove(root); 1184 out: 1185 return rc; 1186 } 1187 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org