| Message ID | 20220418145945.38797-14-casey@schaufler-ca.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [v35,01/29] integrity: disassociate ima_filter_rule from security_audit_rule | expand |
Hi Casey,
I love your patch! Yet something to improve:
[auto build test ERROR on pcmoore-selinux/next]
[also build test ERROR on linus/master v5.18-rc3 next-20220414]
[cannot apply to pcmoore-audit/next jmorris-security/next-testing]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220419-000109
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git next
config: i386-tinyconfig (https://download.01.org/0day-ci/archive/20220419/202204190104.VspbI376-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.2.0-19) 11.2.0
reproduce (this is a W=1 build):
# https://github.com/intel-lab-lkp/linux/commit/2fa01492487f9135e9ea9e59924289cc23a66576
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220419-000109
git checkout 2fa01492487f9135e9ea9e59924289cc23a66576
# save the config file to linux build tree
mkdir build_dir
make W=1 O=build_dir ARCH=i386 SHELL=/bin/bash kernel/sched/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
In file included from include/linux/perf_event.h:61,
from include/linux/trace_events.h:10,
from include/trace/syscall.h:7,
from include/linux/syscalls.h:88,
from include/linux/syscalls_api.h:1,
from kernel/sched/core.c:13:
include/linux/security.h: In function 'security_cred_getsecid':
>> include/linux/security.h:1147:10: error: 'secid' undeclared (first use in this function)
1147 | *secid = 0;
| ^~~~~
include/linux/security.h:1147:10: note: each undeclared identifier is reported only once for each function it appears in
kernel/sched/core.c: At top level:
kernel/sched/core.c:5235:20: warning: no previous prototype for 'task_sched_runtime' [-Wmissing-prototypes]
5235 | unsigned long long task_sched_runtime(struct task_struct *p)
| ^~~~~~~~~~~~~~~~~~
kernel/sched/core.c:9420:13: warning: no previous prototype for 'sched_init_smp' [-Wmissing-prototypes]
9420 | void __init sched_init_smp(void)
| ^~~~~~~~~~~~~~
kernel/sched/core.c:9448:13: warning: no previous prototype for 'sched_init' [-Wmissing-prototypes]
9448 | void __init sched_init(void)
| ^~~~~~~~~~
--
In file included from include/linux/perf_event.h:61,
from include/linux/trace_events.h:10,
from include/trace/syscall.h:7,
from include/linux/syscalls.h:88,
from include/linux/syscalls_api.h:1,
from kernel/sched/sched.h:60,
from kernel/sched/fair.c:53:
include/linux/security.h: In function 'security_cred_getsecid':
>> include/linux/security.h:1147:10: error: 'secid' undeclared (first use in this function)
1147 | *secid = 0;
| ^~~~~
include/linux/security.h:1147:10: note: each undeclared identifier is reported only once for each function it appears in
kernel/sched/fair.c: At top level:
kernel/sched/fair.c:5530:6: warning: no previous prototype for 'init_cfs_bandwidth' [-Wmissing-prototypes]
5530 | void init_cfs_bandwidth(struct cfs_bandwidth *cfs_b) {}
| ^~~~~~~~~~~~~~~~~~
kernel/sched/fair.c:11757:6: warning: no previous prototype for 'free_fair_sched_group' [-Wmissing-prototypes]
11757 | void free_fair_sched_group(struct task_group *tg) { }
| ^~~~~~~~~~~~~~~~~~~~~
kernel/sched/fair.c:11759:5: warning: no previous prototype for 'alloc_fair_sched_group' [-Wmissing-prototypes]
11759 | int alloc_fair_sched_group(struct task_group *tg, struct task_group *parent)
| ^~~~~~~~~~~~~~~~~~~~~~
kernel/sched/fair.c:11764:6: warning: no previous prototype for 'online_fair_sched_group' [-Wmissing-prototypes]
11764 | void online_fair_sched_group(struct task_group *tg) { }
| ^~~~~~~~~~~~~~~~~~~~~~~
kernel/sched/fair.c:11766:6: warning: no previous prototype for 'unregister_fair_sched_group' [-Wmissing-prototypes]
11766 | void unregister_fair_sched_group(struct task_group *tg) { }
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~
--
In file included from include/linux/perf_event.h:61,
from include/linux/trace_events.h:10,
from include/trace/syscall.h:7,
from include/linux/syscalls.h:88,
from include/linux/syscalls_api.h:1,
from kernel/sched/sched.h:60,
from kernel/sched/build_policy.c:33:
include/linux/security.h: In function 'security_cred_getsecid':
>> include/linux/security.h:1147:10: error: 'secid' undeclared (first use in this function)
1147 | *secid = 0;
| ^~~~~
include/linux/security.h:1147:10: note: each undeclared identifier is reported only once for each function it appears in
In file included from kernel/sched/build_policy.c:43:
kernel/sched/rt.c: At top level:
kernel/sched/rt.c:259:6: warning: no previous prototype for 'unregister_rt_sched_group' [-Wmissing-prototypes]
259 | void unregister_rt_sched_group(struct task_group *tg) { }
| ^~~~~~~~~~~~~~~~~~~~~~~~~
kernel/sched/rt.c:261:6: warning: no previous prototype for 'free_rt_sched_group' [-Wmissing-prototypes]
261 | void free_rt_sched_group(struct task_group *tg) { }
| ^~~~~~~~~~~~~~~~~~~
kernel/sched/rt.c:263:5: warning: no previous prototype for 'alloc_rt_sched_group' [-Wmissing-prototypes]
263 | int alloc_rt_sched_group(struct task_group *tg, struct task_group *parent)
| ^~~~~~~~~~~~~~~~~~~~
kernel/sched/rt.c:666:6: warning: no previous prototype for 'sched_rt_bandwidth_account' [-Wmissing-prototypes]
666 | bool sched_rt_bandwidth_account(struct rt_rq *rt_rq)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
--
In file included from kernel/sched/build_utility.c:39:
include/linux/security.h: In function 'security_cred_getsecid':
>> include/linux/security.h:1147:10: error: 'secid' undeclared (first use in this function)
1147 | *secid = 0;
| ^~~~~
include/linux/security.h:1147:10: note: each undeclared identifier is reported only once for each function it appears in
vim +/secid +1147 include/linux/security.h
ee18d64c1f6320 David Howells 2009-09-02 1143
2fa01492487f91 Casey Schaufler 2022-04-18 1144 static inline void security_cred_getsecid(const struct cred *c,
2fa01492487f91 Casey Schaufler 2022-04-18 1145 struct lsmblob *blob)
4d5b5539742d25 Todd Kjos 2021-10-12 1146 {
4d5b5539742d25 Todd Kjos 2021-10-12 @1147 *secid = 0;
4d5b5539742d25 Todd Kjos 2021-10-12 1148 }
4d5b5539742d25 Todd Kjos 2021-10-12 1149
Hi Casey,
I love your patch! Yet something to improve:
[auto build test ERROR on pcmoore-selinux/next]
[also build test ERROR on linus/master v5.18-rc3 next-20220414]
[cannot apply to pcmoore-audit/next jmorris-security/next-testing]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220419-000109
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git next
config: arm-milbeaut_m10v_defconfig (https://download.01.org/0day-ci/archive/20220419/202204190850.dXILQlrb-lkp@intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 429cbac0390654f90bba18a41799464adf31a5ec)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://github.com/intel-lab-lkp/linux/commit/2fa01492487f9135e9ea9e59924289cc23a66576
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220419-000109
git checkout 2fa01492487f9135e9ea9e59924289cc23a66576
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=arm SHELL=/bin/bash
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
In file included from drivers/firmware/efi/efi.c:33:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
drivers/firmware/efi/efi.c:169:16: warning: no previous prototype for function 'efi_attr_is_visible' [-Wmissing-prototypes]
umode_t __weak efi_attr_is_visible(struct kobject *kobj, struct attribute *attr,
^
drivers/firmware/efi/efi.c:169:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
umode_t __weak efi_attr_is_visible(struct kobject *kobj, struct attribute *attr,
^
static
1 warning and 1 error generated.
--
In file included from fs/iomap/trace.c:12:
In file included from fs/iomap/./trace.h:190:
In file included from include/trace/define_trace.h:102:
In file included from include/trace/trace_events.h:21:
In file included from include/linux/trace_events.h:10:
In file included from include/linux/perf_event.h:61:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
1 error generated.
--
In file included from init/main.c:21:
In file included from include/linux/syscalls.h:88:
In file included from include/trace/syscall.h:7:
In file included from include/linux/trace_events.h:10:
In file included from include/linux/perf_event.h:61:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
init/main.c:769:20: warning: no previous prototype for function 'arch_post_acpi_subsys_init' [-Wmissing-prototypes]
void __init __weak arch_post_acpi_subsys_init(void) { }
^
init/main.c:769:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void __init __weak arch_post_acpi_subsys_init(void) { }
^
static
init/main.c:781:20: warning: no previous prototype for function 'mem_encrypt_init' [-Wmissing-prototypes]
void __init __weak mem_encrypt_init(void) { }
^
init/main.c:781:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void __init __weak mem_encrypt_init(void) { }
^
static
init/main.c:783:20: warning: no previous prototype for function 'poking_init' [-Wmissing-prototypes]
void __init __weak poking_init(void) { }
^
init/main.c:783:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void __init __weak poking_init(void) { }
^
static
3 warnings and 1 error generated.
--
In file included from arch/arm/kernel/ptrace.c:17:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
arch/arm/kernel/ptrace.c:852:16: warning: no previous prototype for function 'syscall_trace_enter' [-Wmissing-prototypes]
asmlinkage int syscall_trace_enter(struct pt_regs *regs)
^
arch/arm/kernel/ptrace.c:852:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage int syscall_trace_enter(struct pt_regs *regs)
^
static
arch/arm/kernel/ptrace.c:880:17: warning: no previous prototype for function 'syscall_trace_exit' [-Wmissing-prototypes]
asmlinkage void syscall_trace_exit(struct pt_regs *regs)
^
arch/arm/kernel/ptrace.c:880:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage void syscall_trace_exit(struct pt_regs *regs)
^
static
2 warnings and 1 error generated.
--
In file included from arch/arm/kernel/signal.c:14:
In file included from include/linux/syscalls.h:88:
In file included from include/trace/syscall.h:7:
In file included from include/linux/trace_events.h:10:
In file included from include/linux/perf_event.h:61:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
arch/arm/kernel/signal.c:186:16: warning: no previous prototype for function 'sys_sigreturn' [-Wmissing-prototypes]
asmlinkage int sys_sigreturn(struct pt_regs *regs)
^
arch/arm/kernel/signal.c:186:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage int sys_sigreturn(struct pt_regs *regs)
^
static
arch/arm/kernel/signal.c:216:16: warning: no previous prototype for function 'sys_rt_sigreturn' [-Wmissing-prototypes]
asmlinkage int sys_rt_sigreturn(struct pt_regs *regs)
^
arch/arm/kernel/signal.c:216:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage int sys_rt_sigreturn(struct pt_regs *regs)
^
static
arch/arm/kernel/signal.c:601:1: warning: no previous prototype for function 'do_work_pending' [-Wmissing-prototypes]
do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall)
^
arch/arm/kernel/signal.c:600:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage int
^
static
3 warnings and 1 error generated.
--
In file included from arch/arm/kernel/sys_arm.c:20:
In file included from include/linux/syscalls.h:88:
In file included from include/trace/syscall.h:7:
In file included from include/linux/trace_events.h:10:
In file included from include/linux/perf_event.h:61:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
In file included from arch/arm/kernel/sys_arm.c:21:
include/linux/mman.h:158:9: warning: division by zero is undefined [-Wdivision-by-zero]
_calc_vm_trans(flags, MAP_SYNC, VM_SYNC ) |
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/mman.h:136:21: note: expanded from macro '_calc_vm_trans'
: ((x) & (bit1)) / ((bit1) / (bit2))))
^ ~~~~~~~~~~~~~~~~~
arch/arm/kernel/sys_arm.c:32:17: warning: no previous prototype for function 'sys_arm_fadvise64_64' [-Wmissing-prototypes]
asmlinkage long sys_arm_fadvise64_64(int fd, int advice,
^
arch/arm/kernel/sys_arm.c:32:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage long sys_arm_fadvise64_64(int fd, int advice,
^
static
2 warnings and 1 error generated.
--
In file included from arch/arm/kernel/smp.c:52:
In file included from include/trace/events/ipi.h:90:
In file included from include/trace/define_trace.h:102:
In file included from include/trace/trace_events.h:21:
In file included from include/linux/trace_events.h:10:
In file included from include/linux/perf_event.h:61:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
arch/arm/kernel/smp.c:582:6: warning: no previous prototype for function 'arch_irq_work_raise' [-Wmissing-prototypes]
void arch_irq_work_raise(void)
^
arch/arm/kernel/smp.c:582:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void arch_irq_work_raise(void)
^
static
arch/arm/kernel/smp.c:793:5: warning: no previous prototype for function 'setup_profiling_timer' [-Wmissing-prototypes]
int setup_profiling_timer(unsigned int multiplier)
^
arch/arm/kernel/smp.c:793:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
int setup_profiling_timer(unsigned int multiplier)
^
static
2 warnings and 1 error generated.
--
In file included from arch/arm/mm/fault.c:19:
In file included from include/linux/perf_event.h:61:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
arch/arm/mm/fault.c:535:1: warning: no previous prototype for function 'do_DataAbort' [-Wmissing-prototypes]
do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
^
arch/arm/mm/fault.c:534:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage void
^
static
arch/arm/mm/fault.c:565:1: warning: no previous prototype for function 'do_PrefetchAbort' [-Wmissing-prototypes]
do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs)
^
arch/arm/mm/fault.c:564:12: note: declare 'static' if the function is not intended to be used outside of this translation unit
asmlinkage void
^
static
2 warnings and 1 error generated.
--
In file included from kernel/fork.c:51:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
kernel/fork.c:163:13: warning: no previous prototype for function 'arch_release_task_struct' [-Wmissing-prototypes]
void __weak arch_release_task_struct(struct task_struct *tsk)
^
kernel/fork.c:163:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void __weak arch_release_task_struct(struct task_struct *tsk)
^
static
kernel/fork.c:853:20: warning: no previous prototype for function 'arch_task_cache_init' [-Wmissing-prototypes]
void __init __weak arch_task_cache_init(void) { }
^
kernel/fork.c:853:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
void __init __weak arch_task_cache_init(void) { }
^
static
kernel/fork.c:948:12: warning: no previous prototype for function 'arch_dup_task_struct' [-Wmissing-prototypes]
int __weak arch_dup_task_struct(struct task_struct *dst,
^
kernel/fork.c:948:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
int __weak arch_dup_task_struct(struct task_struct *dst,
^
static
3 warnings and 1 error generated.
--
In file included from kernel/signal.c:29:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
kernel/signal.c:137:37: warning: array index 3 is past the end of the array (which contains 2 elements) [-Warray-bounds]
case 4: ready = signal->sig[3] &~ blocked->sig[3];
^ ~
arch/arm/include/asm/signal.h:17:2: note: array 'sig' declared here
unsigned long sig[_NSIG_WORDS];
^
kernel/signal.c:137:19: warning: array index 3 is past the end of the array (which contains 2 elements) [-Warray-bounds]
case 4: ready = signal->sig[3] &~ blocked->sig[3];
^ ~
arch/arm/include/asm/signal.h:17:2: note: array 'sig' declared here
unsigned long sig[_NSIG_WORDS];
^
kernel/signal.c:138:30: warning: array index 2 is past the end of the array (which contains 2 elements) [-Warray-bounds]
ready |= signal->sig[2] &~ blocked->sig[2];
^ ~
arch/arm/include/asm/signal.h:17:2: note: array 'sig' declared here
unsigned long sig[_NSIG_WORDS];
^
kernel/signal.c:138:12: warning: array index 2 is past the end of the array (which contains 2 elements) [-Warray-bounds]
ready |= signal->sig[2] &~ blocked->sig[2];
^ ~
arch/arm/include/asm/signal.h:17:2: note: array 'sig' declared here
unsigned long sig[_NSIG_WORDS];
^
4 warnings and 1 error generated.
--
In file included from kernel/kallsyms.c:25:
In file included from include/linux/filter.h:20:
In file included from include/linux/if_vlan.h:10:
In file included from include/linux/netdevice.h:46:
In file included from include/uapi/linux/neighbour.h:6:
In file included from include/linux/netlink.h:9:
In file included from include/net/scm.h:8:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
kernel/kallsyms.c:591:12: warning: no previous prototype for function 'arch_get_kallsym' [-Wmissing-prototypes]
int __weak arch_get_kallsym(unsigned int symnum, unsigned long *value,
^
kernel/kallsyms.c:591:1: note: declare 'static' if the function is not intended to be used outside of this translation unit
int __weak arch_get_kallsym(unsigned int symnum, unsigned long *value,
^
static
1 warning and 1 error generated.
..
vim +/secid +1147 include/linux/security.h
ee18d64c1f6320 David Howells 2009-09-02 1143
2fa01492487f91 Casey Schaufler 2022-04-18 1144 static inline void security_cred_getsecid(const struct cred *c,
2fa01492487f91 Casey Schaufler 2022-04-18 1145 struct lsmblob *blob)
4d5b5539742d25 Todd Kjos 2021-10-12 1146 {
4d5b5539742d25 Todd Kjos 2021-10-12 @1147 *secid = 0;
4d5b5539742d25 Todd Kjos 2021-10-12 1148 }
4d5b5539742d25 Todd Kjos 2021-10-12 1149
Hi Casey,
I love your patch! Yet something to improve:
[auto build test ERROR on pcmoore-selinux/next]
[also build test ERROR on linus/master v5.18-rc3 next-20220414]
[cannot apply to pcmoore-audit/next jmorris-security/next-testing]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220419-000109
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git next
config: s390-randconfig-r044-20220418 (https://download.01.org/0day-ci/archive/20220419/202204190819.XVXsdhdo-lkp@intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 429cbac0390654f90bba18a41799464adf31a5ec)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install s390 cross compiling tool for clang build
# apt-get install binutils-s390x-linux-gnu
# https://github.com/intel-lab-lkp/linux/commit/2fa01492487f9135e9ea9e59924289cc23a66576
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220419-000109
git checkout 2fa01492487f9135e9ea9e59924289cc23a66576
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=s390 SHELL=/bin/bash drivers/net/ethernet/broadcom/bnx2x/ drivers/net/ethernet/hisilicon/hns/ drivers/net/ethernet/marvell/octeontx2/nic/ drivers/net/ethernet/netronome/nfp/ drivers/net/ethernet/pensando/ionic/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All error/warnings (new ones prefixed by >>):
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c:31:
In file included from include/linux/pci.h:39:
In file included from include/linux/io.h:13:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:464:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __raw_readb(PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:477:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:37:59: note: expanded from macro '__le16_to_cpu'
#define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
^
include/uapi/linux/swab.h:102:54: note: expanded from macro '__swab16'
#define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
^
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c:31:
In file included from include/linux/pci.h:39:
In file included from include/linux/io.h:13:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:490:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:35:59: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
^
include/uapi/linux/swab.h:115:54: note: expanded from macro '__swab32'
#define __swab32(x) (__u32)__builtin_bswap32((__u32)(x))
^
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c:31:
In file included from include/linux/pci.h:39:
In file included from include/linux/io.h:13:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:501:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writeb(value, PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:511:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:521:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:609:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:617:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:625:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:634:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:643:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:652:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c:34:
In file included from include/linux/netdevice.h:46:
In file included from include/uapi/linux/neighbour.h:6:
In file included from include/linux/netlink.h:9:
In file included from include/net/scm.h:8:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c:13117:49: warning: shift count >= width of type [-Wshift-count-overflow]
rc = dma_set_mask_and_coherent(&bp->pdev->dev, DMA_BIT_MASK(64));
^~~~~~~~~~~~~~~~
include/linux/dma-mapping.h:76:54: note: expanded from macro 'DMA_BIT_MASK'
#define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1))
^ ~~~
>> drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c:15204:26: warning: shift count >= width of type [-Wshift-count-overflow]
bp->cyclecounter.mask = CYCLECOUNTER_MASK(64);
^~~~~~~~~~~~~~~~~~~~~
include/linux/timecounter.h:14:59: note: expanded from macro 'CYCLECOUNTER_MASK'
#define CYCLECOUNTER_MASK(bits) (u64)((bits) < 64 ? ((1ULL<<(bits))-1) : -1)
^ ~~~~~~
14 warnings and 1 error generated.
--
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c:23:
In file included from include/linux/pci.h:39:
In file included from include/linux/io.h:13:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:464:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __raw_readb(PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:477:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:37:59: note: expanded from macro '__le16_to_cpu'
#define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
^
include/uapi/linux/swab.h:102:54: note: expanded from macro '__swab16'
#define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
^
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c:23:
In file included from include/linux/pci.h:39:
In file included from include/linux/io.h:13:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:490:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:35:59: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
^
include/uapi/linux/swab.h:115:54: note: expanded from macro '__swab32'
#define __swab32(x) (__u32)__builtin_bswap32((__u32)(x))
^
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c:23:
In file included from include/linux/pci.h:39:
In file included from include/linux/io.h:13:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:501:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writeb(value, PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:511:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:521:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:609:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:617:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:625:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:634:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:643:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:652:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
In file included from drivers/net/ethernet/broadcom/bnx2x/bnx2x_link.c:24:
In file included from include/linux/netdevice.h:46:
In file included from include/uapi/linux/neighbour.h:6:
In file included from include/linux/netlink.h:9:
In file included from include/net/scm.h:8:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
12 warnings and 1 error generated.
--
In file included from drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c:12:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:40:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:464:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __raw_readb(PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:477:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:37:59: note: expanded from macro '__le16_to_cpu'
#define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
^
include/uapi/linux/swab.h:102:54: note: expanded from macro '__swab16'
#define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
^
In file included from drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c:12:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:40:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:490:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:35:59: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
^
include/uapi/linux/swab.h:115:54: note: expanded from macro '__swab32'
#define __swab32(x) (__u32)__builtin_bswap32((__u32)(x))
^
In file included from drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c:12:
In file included from include/linux/netdevice.h:38:
In file included from include/net/net_namespace.h:40:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:501:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writeb(value, PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:511:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:521:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:609:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:617:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:625:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:634:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:643:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:652:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
In file included from drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c:12:
In file included from include/linux/netdevice.h:46:
In file included from include/uapi/linux/neighbour.h:6:
In file included from include/linux/netlink.h:9:
In file included from include/net/scm.h:8:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
>> drivers/net/ethernet/hisilicon/hns/hns_dsaf_main.c:200:48: warning: shift count >= width of type [-Wshift-count-overflow]
if (!dma_set_mask_and_coherent(dsaf_dev->dev, DMA_BIT_MASK(64ULL)))
^~~~~~~~~~~~~~~~~~~
include/linux/dma-mapping.h:76:54: note: expanded from macro 'DMA_BIT_MASK'
#define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1))
^ ~~~
13 warnings and 1 error generated.
--
In file included from drivers/net/ethernet/hisilicon/hns/hns_enet.c:8:
In file included from include/linux/etherdevice.h:20:
In file included from include/linux/if_ether.h:19:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:464:31: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __raw_readb(PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:477:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le16_to_cpu((__le16 __force)__raw_readw(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:37:59: note: expanded from macro '__le16_to_cpu'
#define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
^
include/uapi/linux/swab.h:102:54: note: expanded from macro '__swab16'
#define __swab16(x) (__u16)__builtin_bswap16((__u16)(x))
^
In file included from drivers/net/ethernet/hisilicon/hns/hns_enet.c:8:
In file included from include/linux/etherdevice.h:20:
In file included from include/linux/if_ether.h:19:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:490:61: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
val = __le32_to_cpu((__le32 __force)__raw_readl(PCI_IOBASE + addr));
~~~~~~~~~~ ^
include/uapi/linux/byteorder/big_endian.h:35:59: note: expanded from macro '__le32_to_cpu'
#define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
^
include/uapi/linux/swab.h:115:54: note: expanded from macro '__swab32'
#define __swab32(x) (__u32)__builtin_bswap32((__u32)(x))
^
In file included from drivers/net/ethernet/hisilicon/hns/hns_enet.c:8:
In file included from include/linux/etherdevice.h:20:
In file included from include/linux/if_ether.h:19:
In file included from include/linux/skbuff.h:31:
In file included from include/linux/dma-mapping.h:10:
In file included from include/linux/scatterlist.h:9:
In file included from arch/s390/include/asm/io.h:75:
include/asm-generic/io.h:501:33: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writeb(value, PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:511:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writew((u16 __force)cpu_to_le16(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:521:59: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
__raw_writel((u32 __force)cpu_to_le32(value), PCI_IOBASE + addr);
~~~~~~~~~~ ^
include/asm-generic/io.h:609:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:617:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:625:20: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
readsl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:634:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesb(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:643:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesw(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
include/asm-generic/io.h:652:21: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
writesl(PCI_IOBASE + addr, buffer, count);
~~~~~~~~~~ ^
In file included from drivers/net/ethernet/hisilicon/hns/hns_enet.c:8:
In file included from include/linux/etherdevice.h:21:
In file included from include/linux/netdevice.h:46:
In file included from include/uapi/linux/neighbour.h:6:
In file included from include/linux/netlink.h:9:
In file included from include/net/scm.h:8:
>> include/linux/security.h:1147:3: error: use of undeclared identifier 'secid'
*secid = 0;
^
drivers/net/ethernet/hisilicon/hns/hns_enet.c:2355:38: warning: shift count >= width of type [-Wshift-count-overflow]
if (!dma_set_mask_and_coherent(dev, DMA_BIT_MASK(64)))
^~~~~~~~~~~~~~~~
include/linux/dma-mapping.h:76:54: note: expanded from macro 'DMA_BIT_MASK'
#define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1))
^ ~~~
13 warnings and 1 error generated.
..
vim +/secid +1147 include/linux/security.h
ee18d64c1f6320 David Howells 2009-09-02 1143
2fa01492487f91 Casey Schaufler 2022-04-18 1144 static inline void security_cred_getsecid(const struct cred *c,
2fa01492487f91 Casey Schaufler 2022-04-18 1145 struct lsmblob *blob)
4d5b5539742d25 Todd Kjos 2021-10-12 1146 {
4d5b5539742d25 Todd Kjos 2021-10-12 @1147 *secid = 0;
4d5b5539742d25 Todd Kjos 2021-10-12 1148 }
4d5b5539742d25 Todd Kjos 2021-10-12 1149
diff --git a/drivers/android/binder.c b/drivers/android/binder.c index bae8440ffc73..26838061defb 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -2982,18 +2982,8 @@ static void binder_transaction(struct binder_proc *proc, if (target_node && target_node->txn_security_ctx) { struct lsmblob blob; size_t added_size; - u32 secid; - security_cred_getsecid(proc->cred, &secid); - /* - * Later in this patch set security_cred_getsecid() will - * provide a lsmblob instead of a secid. lsmblob_init - * is used to ensure that all the secids in the lsmblob - * get the value returned from security_cred_getsecid(), - * which means that the one expected by - * security_secid_to_secctx() will be set. - */ - lsmblob_init(&blob, secid); + security_cred_getsecid(proc->cred, &blob); ret = security_secid_to_secctx(&blob, &secctx, &secctx_sz); if (ret) { return_error = BR_FAILED_REPLY; diff --git a/include/linux/security.h b/include/linux/security.h index 781b1a2374c0..fa413a5a2ccb 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -501,7 +501,7 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); void security_transfer_creds(struct cred *new, const struct cred *old); -void security_cred_getsecid(const struct cred *c, u32 *secid); +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob); int security_kernel_act_as(struct cred *new, struct lsmblob *blob); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); @@ -1141,7 +1141,8 @@ static inline void security_transfer_creds(struct cred *new, { } -static inline void security_cred_getsecid(const struct cred *c, u32 *secid) +static inline void security_cred_getsecid(const struct cred *c, + struct lsmblob *blob) { *secid = 0; } diff --git a/kernel/audit.c b/kernel/audit.c index 2834e55844db..2b670ac129be 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -125,7 +125,7 @@ static u32 audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME; /* The identity of the user shutting down the audit system. */ static kuid_t audit_sig_uid = INVALID_UID; static pid_t audit_sig_pid = -1; -static u32 audit_sig_sid; +struct lsmblob audit_sig_lsm; /* Records can be lost in several ways: 0) [suppressed in audit_alloc] @@ -1463,29 +1463,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) } case AUDIT_SIGNAL_INFO: len = 0; - if (audit_sig_sid) { - struct lsmblob blob; - - /* - * lsmblob_init sets all values in the lsmblob - * to audit_sig_sid. This is temporary until - * audit_sig_sid is converted to a lsmblob, which - * happens later in this patch set. - */ - lsmblob_init(&blob, audit_sig_sid); - err = security_secid_to_secctx(&blob, &ctx, &len); + if (lsmblob_is_set(&audit_sig_lsm)) { + err = security_secid_to_secctx(&audit_sig_lsm, &ctx, + &len); if (err) return err; } sig_data = kmalloc(struct_size(sig_data, ctx, len), GFP_KERNEL); if (!sig_data) { - if (audit_sig_sid) + if (lsmblob_is_set(&audit_sig_lsm)) security_release_secctx(ctx, len); return -ENOMEM; } sig_data->uid = from_kuid(&init_user_ns, audit_sig_uid); sig_data->pid = audit_sig_pid; - if (audit_sig_sid) { + if (lsmblob_is_set(&audit_sig_lsm)) { memcpy(sig_data->ctx, ctx, len); security_release_secctx(ctx, len); } @@ -2392,7 +2384,6 @@ int audit_set_loginuid(kuid_t loginuid) int audit_signal_info(int sig, struct task_struct *t) { kuid_t uid = current_uid(), auid; - struct lsmblob blob; if (auditd_test_task(t) && (sig == SIGTERM || sig == SIGHUP || @@ -2403,9 +2394,7 @@ int audit_signal_info(int sig, struct task_struct *t) audit_sig_uid = auid; else audit_sig_uid = uid; - security_current_getsecid_subj(&blob); - /* scaffolding until audit_sig_sid is converted */ - audit_sig_sid = lsmblob_first(&blob); + security_current_getsecid_subj(&audit_sig_lsm); } return audit_signal_info_syscall(t); diff --git a/kernel/audit.h b/kernel/audit.h index 58b66543b4d5..316fac62d5f7 100644 --- a/kernel/audit.h +++ b/kernel/audit.h @@ -12,6 +12,7 @@ #include <linux/fs.h> #include <linux/audit.h> #include <linux/skbuff.h> +#include <linux/security.h> #include <uapi/linux/mqueue.h> #include <linux/tty.h> #include <uapi/linux/openat2.h> // struct open_how @@ -143,7 +144,7 @@ struct audit_context { kuid_t target_auid; kuid_t target_uid; unsigned int target_sessionid; - u32 target_sid; + struct lsmblob target_lsm; char target_comm[TASK_COMM_LEN]; struct audit_tree_refs *trees, *first_trees; diff --git a/kernel/auditsc.c b/kernel/auditsc.c index fb8c4c61189d..52ea8da8462f 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -99,7 +99,7 @@ struct audit_aux_data_pids { kuid_t target_auid[AUDIT_AUX_PIDS]; kuid_t target_uid[AUDIT_AUX_PIDS]; unsigned int target_sessionid[AUDIT_AUX_PIDS]; - u32 target_sid[AUDIT_AUX_PIDS]; + struct lsmblob target_lsm[AUDIT_AUX_PIDS]; char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; int pid_count; }; @@ -1018,7 +1018,7 @@ static void audit_reset_context(struct audit_context *ctx) ctx->target_pid = 0; ctx->target_auid = ctx->target_uid = KUIDT_INIT(0); ctx->target_sessionid = 0; - ctx->target_sid = 0; + lsmblob_init(&ctx->target_lsm, 0); ctx->target_comm[0] = '\0'; unroll_tree_refs(ctx, NULL, 0); WARN_ON(!list_empty(&ctx->killed_trees)); @@ -1116,14 +1116,14 @@ static inline void audit_free_context(struct audit_context *context) } static int audit_log_pid_context(struct audit_context *context, pid_t pid, - kuid_t auid, kuid_t uid, unsigned int sessionid, - u32 sid, char *comm) + kuid_t auid, kuid_t uid, + unsigned int sessionid, + struct lsmblob *blob, char *comm) { struct audit_buffer *ab; char *ctx = NULL; u32 len; int rc = 0; - struct lsmblob blob; ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); if (!ab) @@ -1132,9 +1132,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, from_kuid(&init_user_ns, auid), from_kuid(&init_user_ns, uid), sessionid); - if (sid) { - lsmblob_init(&blob, sid); - if (security_secid_to_secctx(&blob, &ctx, &len)) { + if (lsmblob_is_set(blob)) { + if (security_secid_to_secctx(blob, &ctx, &len)) { audit_log_format(ab, " obj=(none)"); rc = 1; } else { @@ -1814,7 +1813,7 @@ static void audit_log_exit(void) axs->target_auid[i], axs->target_uid[i], axs->target_sessionid[i], - axs->target_sid[i], + &axs->target_lsm[i], axs->target_comm[i])) call_panic = 1; } @@ -1823,7 +1822,7 @@ static void audit_log_exit(void) audit_log_pid_context(context, context->target_pid, context->target_auid, context->target_uid, context->target_sessionid, - context->target_sid, context->target_comm)) + &context->target_lsm, context->target_comm)) call_panic = 1; if (context->pwd.dentry && context->pwd.mnt) { @@ -2759,15 +2758,12 @@ int __audit_sockaddr(int len, void *a) void __audit_ptrace(struct task_struct *t) { struct audit_context *context = audit_context(); - struct lsmblob blob; context->target_pid = task_tgid_nr(t); context->target_auid = audit_get_loginuid(t); context->target_uid = task_uid(t); context->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding - until target_sid is converted */ - context->target_sid = lsmblob_first(&blob); + security_task_getsecid_obj(t, &context->target_lsm); memcpy(context->target_comm, t->comm, TASK_COMM_LEN); } @@ -2783,7 +2779,6 @@ int audit_signal_info_syscall(struct task_struct *t) struct audit_aux_data_pids *axp; struct audit_context *ctx = audit_context(); kuid_t t_uid = task_uid(t); - struct lsmblob blob; if (!audit_signals || audit_dummy_context()) return 0; @@ -2795,9 +2790,7 @@ int audit_signal_info_syscall(struct task_struct *t) ctx->target_auid = audit_get_loginuid(t); ctx->target_uid = t_uid; ctx->target_sessionid = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - ctx->target_sid = lsmblob_first(&blob); + security_task_getsecid_obj(t, &ctx->target_lsm); memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); return 0; } @@ -2818,9 +2811,7 @@ int audit_signal_info_syscall(struct task_struct *t) axp->target_auid[axp->pid_count] = audit_get_loginuid(t); axp->target_uid[axp->pid_count] = t_uid; axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t); - security_task_getsecid_obj(t, &blob); - /* scaffolding until target_sid is converted */ - axp->target_sid[axp->pid_count] = lsmblob_first(&blob); + security_task_getsecid_obj(t, &axp->target_lsm[axp->pid_count]); memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); axp->pid_count++; diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 3d8d9162a5e3..b9ef0f493041 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -489,7 +489,6 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot) int ima_bprm_check(struct linux_binprm *bprm) { int ret; - u32 secid; struct lsmblob blob; security_current_getsecid_subj(&blob); @@ -500,9 +499,10 @@ int ima_bprm_check(struct linux_binprm *bprm) if (ret) return ret; - security_cred_getsecid(bprm->cred, &secid); - return process_measurement(bprm->file, bprm->cred, secid, NULL, 0, - MAY_EXEC, CREDS_CHECK); + security_cred_getsecid(bprm->cred, &blob); + /* scaffolding until process_measurement changes */ + return process_measurement(bprm->file, bprm->cred, blob.secid[0], + NULL, 0, MAY_EXEC, CREDS_CHECK); } /** diff --git a/security/security.c b/security/security.c index 297a6be2e23a..2ad0d4eb24b3 100644 --- a/security/security.c +++ b/security/security.c @@ -1816,10 +1816,16 @@ void security_transfer_creds(struct cred *new, const struct cred *old) call_void_hook(cred_transfer, new, old); } -void security_cred_getsecid(const struct cred *c, u32 *secid) +void security_cred_getsecid(const struct cred *c, struct lsmblob *blob) { - *secid = 0; - call_void_hook(cred_getsecid, c, secid); + struct security_hook_list *hp; + + lsmblob_init(blob, 0); + hlist_for_each_entry(hp, &security_hook_heads.cred_getsecid, list) { + if (WARN_ON(hp->lsmid->slot < 0 || hp->lsmid->slot >= lsm_slot)) + continue; + hp->hook.cred_getsecid(c, &blob->secid[hp->lsmid->slot]); + } } EXPORT_SYMBOL(security_cred_getsecid);