From: kernel test robot <lkp@intel.com>
To: Roberto Sassu <roberto.sassu@huawei.com>,
ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
kpsingh@kernel.org
Cc: kbuild-all@lists.01.org, bpf@vger.kernel.org,
netdev@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-kernel@vger.kernel.org,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: Re: [PATCH 1/3] bpf: Add BPF_F_VERIFY_ELEM to require signature verification on map values
Date: Thu, 26 May 2022 02:50:29 +0800 [thread overview]
Message-ID: <202205260201.H6HGWRhl-lkp@intel.com> (raw)
In-Reply-To: <20220525132115.896698-2-roberto.sassu@huawei.com>
Hi Roberto,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on bpf-next/master]
[also build test ERROR on bpf/master horms-ipvs/master net/master net-next/master v5.18 next-20220525]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/intel-lab-lkp/linux/commits/Roberto-Sassu/bpf-Add-support-for-maps-with-authenticated-values/20220525-212552
base: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master
config: m68k-defconfig (https://download.01.org/0day-ci/archive/20220526/202205260201.H6HGWRhl-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 11.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/196e68e5ddfa50f40efaf20c8df37f3420e38b72
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Roberto-Sassu/bpf-Add-support-for-maps-with-authenticated-values/20220525-212552
git checkout 196e68e5ddfa50f40efaf20c8df37f3420e38b72
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.3.0 make.cross W=1 O=build_dir ARCH=m68k SHELL=/bin/bash
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
kernel/bpf/syscall.c: In function 'bpf_map_verify_value_sig':
>> kernel/bpf/syscall.c:1415:23: error: implicit declaration of function 'verify_pkcs7_signature' [-Werror=implicit-function-declaration]
1415 | ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
| ^~~~~~~~~~~~~~~~~~~~~~
kernel/bpf/syscall.c: At top level:
kernel/bpf/syscall.c:5271:13: warning: no previous prototype for 'unpriv_ebpf_notify' [-Wmissing-prototypes]
5271 | void __weak unpriv_ebpf_notify(int new_state)
| ^~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
vim +/verify_pkcs7_signature +1415 kernel/bpf/syscall.c
1369
1370 int bpf_map_verify_value_sig(const void *mod, size_t modlen, bool verify)
1371 {
1372 const size_t marker_len = strlen(MODULE_SIG_STRING);
1373 struct module_signature ms;
1374 size_t sig_len;
1375 u32 _modlen;
1376 int ret;
1377
1378 /*
1379 * Format of mod:
1380 *
1381 * verified data+sig size (be32), verified data, sig, unverified data
1382 */
1383 if (modlen <= sizeof(u32))
1384 return -ENOENT;
1385
1386 _modlen = be32_to_cpu(*(u32 *)(mod));
1387
1388 if (_modlen > modlen - sizeof(u32))
1389 return -EINVAL;
1390
1391 modlen = _modlen;
1392 mod += sizeof(u32);
1393
1394 if (modlen <= marker_len)
1395 return -ENOENT;
1396
1397 if (memcmp(mod + modlen - marker_len, MODULE_SIG_STRING, marker_len))
1398 return -ENOENT;
1399
1400 modlen -= marker_len;
1401
1402 if (modlen <= sizeof(ms))
1403 return -EBADMSG;
1404
1405 memcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms));
1406
1407 ret = mod_check_sig(&ms, modlen, "bpf_map_value");
1408 if (ret)
1409 return ret;
1410
1411 sig_len = be32_to_cpu(ms.sig_len);
1412 modlen -= sig_len + sizeof(ms);
1413
1414 if (verify) {
> 1415 ret = verify_pkcs7_signature(mod, modlen, mod + modlen, sig_len,
1416 VERIFY_USE_SECONDARY_KEYRING,
1417 VERIFYING_UNSPECIFIED_SIGNATURE,
1418 NULL, NULL);
1419 if (ret < 0)
1420 return ret;
1421 }
1422
1423 return modlen;
1424 }
1425 EXPORT_SYMBOL_GPL(bpf_map_verify_value_sig);
1426
--
0-DAY CI Kernel Test Service
https://01.org/lkp
next prev parent reply other threads:[~2022-05-25 18:51 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-25 13:21 [PATCH 0/3] bpf: Add support for maps with authenticated values Roberto Sassu
2022-05-25 13:21 ` [PATCH 1/3] bpf: Add BPF_F_VERIFY_ELEM to require signature verification on map values Roberto Sassu
2022-05-25 16:51 ` kernel test robot
2022-05-25 18:50 ` kernel test robot [this message]
2022-05-25 22:53 ` kernel test robot
2022-06-03 12:07 ` KP Singh
2022-06-03 13:11 ` Roberto Sassu
2022-06-03 15:17 ` KP Singh
2022-06-03 15:43 ` Roberto Sassu
2022-06-04 9:32 ` Alexei Starovoitov
2022-05-25 13:21 ` [PATCH 2/3] bpf: Introduce bpf_map_verified_data_size() helper Roberto Sassu
2022-05-25 13:21 ` [PATCH 3/3] bpf: Add tests for signed map values Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202205260201.H6HGWRhl-lkp@intel.com \
--to=lkp@intel.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kbuild-all@lists.01.org \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=roberto.sassu@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).