lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202004300526.H4rF1lW2%lkp@intel.com>
Date:   Thu, 30 Apr 2020 05:24:15 +0800
From:   kbuild test robot <lkp@...el.com>
To:     Mimi Zohar <zohar@...ux.ibm.com>, linux-integrity@...r.kernel.org
Cc:     kbuild-all@...ts.01.org, Mimi Zohar <zohar@...ux.ibm.com>,
        Mickael Salaun <mic@...ikod.net>,
        Steve Grubb <sgrubb@...hat.com>, Jann Horn <jannh@...gle.com>,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] ima: add policy support for the new file open
 MAY_OPENEXEC flag

Hi Mimi,

I love your patch! Yet something to improve:

[auto build test ERROR on integrity/next-integrity]
[also build test ERROR on linus/master v5.7-rc3 next-20200429]
[cannot apply to security/next-testing]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system. BTW, we also suggest to use '--base' option to specify the
base tree in git format-patch, please see https://stackoverflow.com/a/37406982]

url:    https://github.com/0day-ci/linux/commits/Mimi-Zohar/ima-extending-IMA-policy-to-support-interpreters/20200430-030608
base:   https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
config: arc-allyesconfig (attached as .config)
compiler: arc-elf-gcc (GCC) 9.3.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day GCC_VERSION=9.3.0 make.cross ARCH=arc 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kbuild test robot <lkp@...el.com>

All error/warnings (new ones prefixed by >>):

   security/integrity/ima/ima_main.c: In function 'ima_file_check':
>> security/integrity/ima/ima_main.c:442:20: error: 'MAY_OPENEXEC' undeclared (first use in this function); did you mean 'MAY_OPEN'?
     442 |         MAY_EXEC | MAY_OPENEXEC |
         |                    ^~~~~~~~~~~~
         |                    MAY_OPEN
   security/integrity/ima/ima_main.c:442:20: note: each undeclared identifier is reported only once for each function it appears in
>> security/integrity/ima/ima_main.c:444:1: warning: control reaches end of non-void function [-Wreturn-type]
     444 | }
         | ^
--
   security/integrity/ima/ima_policy.c: In function 'ima_parse_rule':
>> security/integrity/ima/ima_policy.c:1100:19: error: 'MAY_OPENEXEC' undeclared (first use in this function); did you mean 'MAY_OPEN'?
    1100 |     entry->mask = MAY_OPENEXEC;
         |                   ^~~~~~~~~~~~
         |                   MAY_OPEN
   security/integrity/ima/ima_policy.c:1100:19: note: each undeclared identifier is reported only once for each function it appears in
   security/integrity/ima/ima_policy.c: In function 'ima_policy_show':
   security/integrity/ima/ima_policy.c:1535:21: error: 'MAY_OPENEXEC' undeclared (first use in this function); did you mean 'MAY_OPEN'?
    1535 |   if (entry->mask & MAY_OPENEXEC)
         |                     ^~~~~~~~~~~~
         |                     MAY_OPEN

vim +442 security/integrity/ima/ima_main.c

   424	
   425	/**
   426	 * ima_path_check - based on policy, collect/store measurement.
   427	 * @file: pointer to the file to be measured
   428	 * @mask: contains MAY_READ, MAY_WRITE, MAY_EXEC or MAY_APPEND
   429	 *
   430	 * Measure files based on the ima_must_measure() policy decision.
   431	 *
   432	 * On success return 0.  On integrity appraisal error, assuming the file
   433	 * is in policy and IMA-appraisal is in enforcing mode, return -EACCES.
   434	 */
   435	int ima_file_check(struct file *file, int mask)
   436	{
   437		u32 secid;
   438	
   439		security_task_getsecid(current, &secid);
   440		return process_measurement(file, current_cred(), secid, NULL, 0,
   441					   mask & (MAY_READ | MAY_WRITE |
 > 442						   MAY_EXEC | MAY_OPENEXEC |
   443						   MAY_APPEND), FILE_CHECK);
 > 444	}
   445	EXPORT_SYMBOL_GPL(ima_file_check);
   446	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Download attachment ".config.gz" of type "application/gzip" (61946 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ