diff mbox series

[v2,13/13] security/integrity/ima: converts stats to seqnum_ops

Message ID 581db581b900a01887ecfc3ec6b92e19d54cd2d9.1605287778.git.skhan@linuxfoundation.org (mailing list archive)
State New
Headers show
Series Introduce seqnum_ops | expand

Commit Message

Shuah Khan Nov. 13, 2020, 5:46 p.m. UTC
Sequence Number api provides interfaces for unsigned atomic up counters
leveraging atomic_t and atomic64_t ops underneath. Convert it to use
seqnum_ops.

atomic_t variables used for ima_htable.violations and number of stored
measurements and ios_threshold are atomic counters. Convert them to
seqnum_ops.

Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
---
 security/integrity/ima/ima.h       | 5 +++--
 security/integrity/ima/ima_api.c   | 3 ++-
 security/integrity/ima/ima_fs.c    | 5 +++--
 security/integrity/ima/ima_queue.c | 7 ++++---
 4 files changed, 12 insertions(+), 8 deletions(-)

Comments

kernel test robot Nov. 14, 2020, 4:11 p.m. UTC | #1
Hi Shuah,

I love your patch! Yet something to improve:

[auto build test ERROR on staging/staging-testing]
[also build test ERROR on integrity/next-integrity char-misc/char-misc-testing usb/usb-testing linus/master v5.10-rc3 next-20201113]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Shuah-Khan/Introduce-seqnum_ops/20201114-014959
base:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git f4acd33c446b2ba97f1552a4da90050109d01ca7
config: nios2-randconfig-r023-20201114 (attached as .config)
compiler: nios2-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/b86077d3629fe6d16070d95b8331344258dcaed2
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Shuah-Khan/Introduce-seqnum_ops/20201114-014959
        git checkout b86077d3629fe6d16070d95b8331344258dcaed2
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=nios2 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All error/warnings (new ones prefixed by >>):

   In file included from security/integrity/ima/ima_fs.c:26:
   security/integrity/ima/ima.h:178:18: error: field 'len' has incomplete type
     178 |  struct seqnum64 len; /* number of stored measurements in the list */
         |                  ^~~
   security/integrity/ima/ima.h:179:18: error: field 'violations' has incomplete type
     179 |  struct seqnum64 violations;
         |                  ^~~~~~~~~~
   security/integrity/ima/ima_fs.c: In function 'ima_show_htable_value':
>> security/integrity/ima/ima_fs.c:48:52: error: implicit declaration of function 'seqnum64_fetch'; did you mean 'seqnum32_fetch'? [-Werror=implicit-function-declaration]
      48 |  len = scnprintf(tmpbuf, sizeof(tmpbuf), "%llu\n", seqnum64_fetch(val));
         |                                                    ^~~~~~~~~~~~~~
         |                                                    seqnum32_fetch
>> security/integrity/ima/ima_fs.c:48:46: warning: format '%llu' expects argument of type 'long long unsigned int', but argument 4 has type 'int' [-Wformat=]
      48 |  len = scnprintf(tmpbuf, sizeof(tmpbuf), "%llu\n", seqnum64_fetch(val));
         |                                           ~~~^     ~~~~~~~~~~~~~~~~~~~
         |                                              |     |
         |                                              |     int
         |                                              long long unsigned int
         |                                           %u
   security/integrity/ima/ima_fs.c: In function 'ima_show_htable_violations':
   security/integrity/ima/ima_fs.c:57:1: error: control reaches end of non-void function [-Werror=return-type]
      57 | }
         | ^
   security/integrity/ima/ima_fs.c: In function 'ima_show_measurements_count':
   security/integrity/ima/ima_fs.c:70:1: error: control reaches end of non-void function [-Werror=return-type]
      70 | }
         | ^
   cc1: some warnings being treated as errors
--
   In file included from security/integrity/ima/ima_queue.c:21:
   security/integrity/ima/ima.h:178:18: error: field 'len' has incomplete type
     178 |  struct seqnum64 len; /* number of stored measurements in the list */
         |                  ^~~
   security/integrity/ima/ima.h:179:18: error: field 'violations' has incomplete type
     179 |  struct seqnum64 violations;
         |                  ^~~~~~~~~~
   In file included from security/integrity/ima/ima_queue.c:20:
   include/linux/seqnum_ops.h:40:27: error: field name not in record or union initializer
      40 | #define SEQNUM_INIT(i)  { .seqnum = ATOMIC_INIT(i) }
         |                           ^
   security/integrity/ima/ima_queue.c:37:9: note: in expansion of macro 'SEQNUM_INIT'
      37 |  .len = SEQNUM_INIT(0),
         |         ^~~~~~~~~~~
   include/linux/seqnum_ops.h:40:27: note: (near initialization for 'ima_htable.len')
      40 | #define SEQNUM_INIT(i)  { .seqnum = ATOMIC_INIT(i) }
         |                           ^
   security/integrity/ima/ima_queue.c:37:9: note: in expansion of macro 'SEQNUM_INIT'
      37 |  .len = SEQNUM_INIT(0),
         |         ^~~~~~~~~~~
   include/linux/seqnum_ops.h:40:27: error: field name not in record or union initializer
      40 | #define SEQNUM_INIT(i)  { .seqnum = ATOMIC_INIT(i) }
         |                           ^
   security/integrity/ima/ima_queue.c:38:16: note: in expansion of macro 'SEQNUM_INIT'
      38 |  .violations = SEQNUM_INIT(0),
         |                ^~~~~~~~~~~
   include/linux/seqnum_ops.h:40:27: note: (near initialization for 'ima_htable.violations')
      40 | #define SEQNUM_INIT(i)  { .seqnum = ATOMIC_INIT(i) }
         |                           ^
   security/integrity/ima/ima_queue.c:38:16: note: in expansion of macro 'SEQNUM_INIT'
      38 |  .violations = SEQNUM_INIT(0),
         |                ^~~~~~~~~~~
   security/integrity/ima/ima_queue.c: In function 'ima_add_digest_entry':
>> security/integrity/ima/ima_queue.c:110:2: error: implicit declaration of function 'seqnum64_inc_return'; did you mean 'seqnum32_inc_return'? [-Werror=implicit-function-declaration]
     110 |  seqnum64_inc_return(&ima_htable.len);
         |  ^~~~~~~~~~~~~~~~~~~
         |  seqnum32_inc_return
   cc1: some warnings being treated as errors
--
   In file included from security/integrity/ima/ima_api.c:19:
   security/integrity/ima/ima.h:178:18: error: field 'len' has incomplete type
     178 |  struct seqnum64 len; /* number of stored measurements in the list */
         |                  ^~~
   security/integrity/ima/ima.h:179:18: error: field 'violations' has incomplete type
     179 |  struct seqnum64 violations;
         |                  ^~~~~~~~~~
   security/integrity/ima/ima_api.c: In function 'ima_add_violation':
>> security/integrity/ima/ima_api.c:148:2: error: implicit declaration of function 'seqnum64_inc_return'; did you mean 'seqnum32_inc_return'? [-Werror=implicit-function-declaration]
     148 |  seqnum64_inc_return(&ima_htable.violations);
         |  ^~~~~~~~~~~~~~~~~~~
         |  seqnum32_inc_return
   cc1: some warnings being treated as errors

vim +48 security/integrity/ima/ima_fs.c

    41	
    42	static ssize_t ima_show_htable_value(char __user *buf, size_t count,
    43					     loff_t *ppos, struct seqnum64 *val)
    44	{
    45		char tmpbuf[32];	/* greater than largest 'long' string value */
    46		ssize_t len;
    47	
  > 48		len = scnprintf(tmpbuf, sizeof(tmpbuf), "%llu\n", seqnum64_fetch(val));
    49		return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
    50	}
    51	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
diff mbox series

Patch

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 6ebefec616e4..55fe1d14c67a 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -21,6 +21,7 @@ 
 #include <linux/tpm.h>
 #include <linux/audit.h>
 #include <crypto/hash_info.h>
+#include <linux/seqnum_ops.h>
 
 #include "../integrity.h"
 
@@ -174,8 +175,8 @@  int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event,
 extern spinlock_t ima_queue_lock;
 
 struct ima_h_table {
-	atomic_long_t len;	/* number of stored measurements in the list */
-	atomic_long_t violations;
+	struct seqnum64 len;	/* number of stored measurements in the list */
+	struct seqnum64 violations;
 	struct hlist_head queue[IMA_MEASURE_HTABLE_SIZE];
 };
 extern struct ima_h_table ima_htable;
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 4f39fb93f278..c6c442b93ce3 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -14,6 +14,7 @@ 
 #include <linux/xattr.h>
 #include <linux/evm.h>
 #include <linux/iversion.h>
+#include <linux/seqnum_ops.h>
 
 #include "ima.h"
 
@@ -144,7 +145,7 @@  void ima_add_violation(struct file *file, const unsigned char *filename,
 	int result;
 
 	/* can overflow, only indicator */
-	atomic_long_inc(&ima_htable.violations);
+	seqnum64_inc_return(&ima_htable.violations);
 
 	result = ima_alloc_init_template(&event_data, &entry, NULL);
 	if (result < 0) {
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index ea8ff8a07b36..83a0d33e6f70 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -21,6 +21,7 @@ 
 #include <linux/rcupdate.h>
 #include <linux/parser.h>
 #include <linux/vmalloc.h>
+#include <linux/seqnum_ops.h>
 
 #include "ima.h"
 
@@ -39,12 +40,12 @@  __setup("ima_canonical_fmt", default_canonical_fmt_setup);
 static int valid_policy = 1;
 
 static ssize_t ima_show_htable_value(char __user *buf, size_t count,
-				     loff_t *ppos, atomic_long_t *val)
+				     loff_t *ppos, struct seqnum64 *val)
 {
 	char tmpbuf[32];	/* greater than largest 'long' string value */
 	ssize_t len;
 
-	len = scnprintf(tmpbuf, sizeof(tmpbuf), "%li\n", atomic_long_read(val));
+	len = scnprintf(tmpbuf, sizeof(tmpbuf), "%llu\n", seqnum64_fetch(val));
 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
 }
 
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index c096ef8945c7..38c31bc62358 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -17,6 +17,7 @@ 
 
 #include <linux/rculist.h>
 #include <linux/slab.h>
+#include <linux/seqnum_ops.h>
 #include "ima.h"
 
 #define AUDIT_CAUSE_LEN_MAX 32
@@ -33,8 +34,8 @@  static unsigned long binary_runtime_size = ULONG_MAX;
 
 /* key: inode (before secure-hashing a file) */
 struct ima_h_table ima_htable = {
-	.len = ATOMIC_LONG_INIT(0),
-	.violations = ATOMIC_LONG_INIT(0),
+	.len = SEQNUM_INIT(0),
+	.violations = SEQNUM_INIT(0),
 	.queue[0 ... IMA_MEASURE_HTABLE_SIZE - 1] = HLIST_HEAD_INIT
 };
 
@@ -106,7 +107,7 @@  static int ima_add_digest_entry(struct ima_template_entry *entry,
 	INIT_LIST_HEAD(&qe->later);
 	list_add_tail_rcu(&qe->later, &ima_measurements);
 
-	atomic_long_inc(&ima_htable.len);
+	seqnum64_inc_return(&ima_htable.len);
 	if (update_htable) {
 		key = ima_hash_key(entry->digests[ima_hash_algo_idx].digest);
 		hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);