selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: kernel test robot <lkp@intel.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
	casey.schaufler@intel.com, jmorris@namei.org,
	linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: kbuild-all@lists.01.org, casey@schaufler-ca.com,
	linux-audit@redhat.com, keescook@chromium.org,
	john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
	paul@paul-moore.com, stephen.smalley.work@gmail.com,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v37 18/33] LSM: Use lsmcontext in security_dentry_init_security
Date: Tue, 28 Jun 2022 16:44:19 +0800	[thread overview]
Message-ID: <202206281633.LuFVQ9tq-lkp@intel.com> (raw)
In-Reply-To: <20220628005611.13106-19-casey@schaufler-ca.com>

Hi Casey,

I love your patch! Yet something to improve:

[auto build test ERROR on pcmoore-audit/next]
[also build test ERROR on pcmoore-selinux/next linus/master v5.19-rc4 next-20220627]
[cannot apply to jmorris-security/next-testing]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220628-095614
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
config: x86_64-randconfig-r022-20220627 (https://download.01.org/0day-ci/archive/20220628/202206281633.LuFVQ9tq-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.3.0-3) 11.3.0
reproduce (this is a W=1 build):
        # https://github.com/intel-lab-lkp/linux/commit/c930a07cebde69363d3633fba8bd4cac46dd1520
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220628-095614
        git checkout c930a07cebde69363d3633fba8bd4cac46dd1520
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   security/security.c: In function 'security_setprocattr':
>> security/security.c:2319:45: error: 'lsm_slotlist' undeclared (first use in this function); did you mean 'lsm_slot'?
    2319 |                         if (!strcmp(termed, lsm_slotlist[slot]->lsm)) {
         |                                             ^~~~~~~~~~~~
         |                                             lsm_slot
   security/security.c:2319:45: note: each undeclared identifier is reported only once for each function it appears in
   security/security.c:2285:21: warning: variable 'slotname' set but not used [-Wunused-but-set-variable]
    2285 |         const char *slotname;
         |                     ^~~~~~~~
   At top level:
   security/security.c:763:12: warning: 'lsm_sock_alloc' defined but not used [-Wunused-function]
     763 | static int lsm_sock_alloc(struct sock *sock, gfp_t priority)
         |            ^~~~~~~~~~~~~~


vim +2319 security/security.c

20510f2f4e2dab James Morris    2007-10-16  2266  
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2267  /**
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2268   * security_setprocattr - Set process attributes via /proc
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2269   * @lsm: name of module involved, or NULL
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2270   * @name: name of the attribute
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2271   * @value: value to set the attribute to
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2272   * @size: size of the value
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2273   *
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2274   * Set the process attribute for the specified security module
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2275   * to the specified value. Note that this can only be used to set
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2276   * the process attributes for the current, or "self" process.
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2277   * The /proc code has already done this check.
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2278   *
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2279   * Returns 0 on success, an appropriate code otherwise.
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2280   */
6d9c939dbe4d0b Casey Schaufler 2018-09-21  2281  int security_setprocattr(const char *lsm, const char *name, void *value,
6d9c939dbe4d0b Casey Schaufler 2018-09-21  2282  			 size_t size)
20510f2f4e2dab James Morris    2007-10-16  2283  {
6d9c939dbe4d0b Casey Schaufler 2018-09-21  2284  	struct security_hook_list *hp;
c930a07cebde69 Casey Schaufler 2022-06-27  2285  	const char *slotname;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2286  	char *termed;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2287  	char *copy;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2288  	int *ilsm = current->security;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2289  	int rc = -EINVAL;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2290  	int slot = 0;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2291  
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2292  	if (!strcmp(name, "interface_lsm")) {
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2293  		/*
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2294  		 * Change the "interface_lsm" value only if all the security
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2295  		 * modules that support setting a procattr allow it.
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2296  		 * It is assumed that all such security modules will be
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2297  		 * cooperative.
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2298  		 */
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2299  		if (size == 0)
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2300  			return -EINVAL;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2301  
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2302  		hlist_for_each_entry(hp, &security_hook_heads.setprocattr,
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2303  				     list) {
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2304  			rc = hp->hook.setprocattr(name, value, size);
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2305  			if (rc < 0 && rc != LSM_RET_DEFAULT(setprocattr))
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2306  				return rc;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2307  		}
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2308  
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2309  		rc = -EINVAL;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2310  
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2311  		copy = kmemdup_nul(value, size, GFP_KERNEL);
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2312  		if (copy == NULL)
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2313  			return -ENOMEM;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2314  
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2315  		termed = strsep(&copy, " \n");
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2316  
c930a07cebde69 Casey Schaufler 2022-06-27  2317  		for (slot = 0; slot < lsm_slot; slot++) {
c930a07cebde69 Casey Schaufler 2022-06-27  2318  			slotname = lsm_slot_to_name(slot);
a87b0b9fe463f0 Casey Schaufler 2022-06-27 @2319  			if (!strcmp(termed, lsm_slotlist[slot]->lsm)) {
c930a07cebde69 Casey Schaufler 2022-06-27  2320  				*ilsm = slot;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2321  				rc = size;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2322  				break;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2323  			}
c930a07cebde69 Casey Schaufler 2022-06-27  2324  		}
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2325  
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2326  		kfree(termed);
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2327  		return rc;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2328  	}
6d9c939dbe4d0b Casey Schaufler 2018-09-21  2329  
6d9c939dbe4d0b Casey Schaufler 2018-09-21  2330  	hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) {
ac35545bc102bf Casey Schaufler 2022-06-27  2331  		if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm))
6d9c939dbe4d0b Casey Schaufler 2018-09-21  2332  			continue;
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2333  		if (lsm == NULL && *ilsm != LSMBLOB_INVALID &&
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2334  		    *ilsm != hp->lsmid->slot)
a87b0b9fe463f0 Casey Schaufler 2022-06-27  2335  			continue;
6d9c939dbe4d0b Casey Schaufler 2018-09-21  2336  		return hp->hook.setprocattr(name, value, size);
6d9c939dbe4d0b Casey Schaufler 2018-09-21  2337  	}
98e828a0650f34 KP Singh        2020-03-29  2338  	return LSM_RET_DEFAULT(setprocattr);
20510f2f4e2dab James Morris    2007-10-16  2339  }
20510f2f4e2dab James Morris    2007-10-16  2340  

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

  parent reply	other threads:[~2022-06-28  8:45 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20220628005611.13106-1-casey.ref@schaufler-ca.com>
2022-06-28  0:55 ` [PATCH v37 00/33] LSM: Module stacking for AppArmor Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 01/33] integrity: disassociate ima_filter_rule from security_audit_rule Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 02/33] LSM: Infrastructure management of the sock security Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 03/33] LSM: Add the lsmblob data structure Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 04/33] LSM: provide lsm name and id slot mappings Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 05/33] IMA: avoid label collisions with stacked LSMs Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 06/33] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 07/33] LSM: Use lsmblob in security_kernel_act_as Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 08/33] LSM: Use lsmblob in security_secctx_to_secid Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 09/33] LSM: Use lsmblob in security_secid_to_secctx Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 10/33] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 11/33] LSM: Use lsmblob in security_current_getsecid Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 12/33] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 13/33] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 14/33] LSM: Specify which LSM to display Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 15/33] LSM: Ensure the correct LSM context releaser Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 16/33] LSM: Use lsmcontext in security_secid_to_secctx Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 17/33] LSM: Use lsmcontext in security_inode_getsecctx Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 18/33] LSM: Use lsmcontext in security_dentry_init_security Casey Schaufler
2022-06-28  5:36     ` kernel test robot
2022-06-28  8:44     ` kernel test robot [this message]
2022-06-28 11:24     ` kernel test robot
2022-06-28  0:55   ` [PATCH v37 19/33] LSM: security_secid_to_secctx in netlink netfilter Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 20/33] NET: Store LSM netlabel data in a lsmblob Casey Schaufler
2022-06-28  0:55   ` [PATCH v37 21/33] binder: Pass LSM identifier for confirmation Casey Schaufler
2022-06-28  0:56   ` [PATCH v37 22/33] LSM: security_secid_to_secctx module selection Casey Schaufler
2022-06-28  0:56   ` [PATCH v37 23/33] Audit: Keep multiple LSM data in audit_names Casey Schaufler
2022-06-28  0:56   ` [PATCH v37 24/33] Audit: Create audit_stamp structure Casey Schaufler
2022-06-28  0:56   ` [PATCH v37 25/33] LSM: Add a function to report multiple LSMs Casey Schaufler
2022-06-28  0:56   ` [PATCH v37 26/33] Audit: Allow multiple records in an audit_buffer Casey Schaufler
2022-06-28  0:56   ` [PATCH v37 27/33] Audit: Add record for multiple task security contexts Casey Schaufler
2022-06-28  0:56   ` [PATCH v37 28/33] audit: multiple subject lsm values for netlabel Casey Schaufler
2022-06-28  0:56   ` [PATCH v37 29/33] Audit: Add record for multiple object contexts Casey Schaufler
2022-06-28  0:56   ` [PATCH v37 30/33] netlabel: Use a struct lsmblob in audit data Casey Schaufler
2022-06-28  0:56   ` [PATCH v37 31/33] LSM: Removed scaffolding function lsmcontext_init Casey Schaufler
2022-06-28  0:56   ` [PATCH v37 32/33] LSM: Add /proc attr entry for full LSM context Casey Schaufler
2022-06-28  0:56   ` [PATCH v37 33/33] AppArmor: Remove the exclusive flag Casey Schaufler
2022-07-12 21:42   ` [PATCH v37 00/33] LSM: Module stacking for AppArmor John Johansen
2022-07-12 21:58     ` Casey Schaufler

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202206281633.LuFVQ9tq-lkp@intel.com \
    --to=lkp@intel.com \
    --cc=casey.schaufler@intel.com \
    --cc=casey@schaufler-ca.com \
    --cc=jmorris@namei.org \
    --cc=john.johansen@canonical.com \
    --cc=kbuild-all@lists.01.org \
    --cc=keescook@chromium.org \
    --cc=linux-audit@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=selinux@vger.kernel.org \
    --cc=stephen.smalley.work@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).