[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202104111312.lMnMvS3B-lkp@intel.com>
Date: Sun, 11 Apr 2021 14:02:49 +0800
From: kernel test robot <lkp@...el.com>
To: Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org
Cc: kbuild-all@...ts.01.org, Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH] LoadPin: Allow filesystem switch when not enforcing
Hi Kees,
I love your patch! Yet something to improve:
[auto build test ERROR on linux/master]
[also build test ERROR on kees/for-next/pstore linus/master v5.12-rc6 next-20210409]
[cannot apply to kees/for-next/loadpin]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Kees-Cook/LoadPin-Allow-filesystem-switch-when-not-enforcing/20210409-073059
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5e46d1b78a03d52306f21f77a4e4a144b6d31486
config: x86_64-allyesconfig (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
# https://github.com/0day-ci/linux/commit/3dc7289d9d15396745929884191874dc2cce1afc
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Kees-Cook/LoadPin-Allow-filesystem-switch-when-not-enforcing/20210409-073059
git checkout 3dc7289d9d15396745929884191874dc2cce1afc
# save the attached .config to linux build tree
make W=1 ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
All errors (new ones prefixed by >>):
In file included from include/linux/kernel.h:16,
from include/linux/list.h:9,
from include/linux/module.h:12,
from security/loadpin/loadpin.c:12:
security/loadpin/loadpin.c: In function 'report_writable':
>> security/loadpin/loadpin.c:106:4: error: 'load_root_writable' undeclared (first use in this function)
106 | load_root_writable ? "writable" : "read-only");
| ^~~~~~~~~~~~~~~~~~
include/linux/printk.h:373:34: note: in definition of macro 'pr_info'
373 | printk(KERN_INFO pr_fmt(fmt), ##__VA_ARGS__)
| ^~~~~~~~~~~
security/loadpin/loadpin.c:106:4: note: each undeclared identifier is reported only once for each function it appears in
106 | load_root_writable ? "writable" : "read-only");
| ^~~~~~~~~~~~~~~~~~
include/linux/printk.h:373:34: note: in definition of macro 'pr_info'
373 | printk(KERN_INFO pr_fmt(fmt), ##__VA_ARGS__)
| ^~~~~~~~~~~
security/loadpin/loadpin.c: In function 'loadpin_sb_free_security':
>> security/loadpin/loadpin.c:121:7: error: 'enforced' undeclared (first use in this function); did you mean 'enforce'?
121 | if (enforced) {
| ^~~~~~~~
| enforce
security/loadpin/loadpin.c: In function 'loadpin_read_file':
security/loadpin/loadpin.c:135:43: warning: variable 'sysctl_needed' set but not used [-Wunused-but-set-variable]
135 | bool load_root_writable, first_root_pin, sysctl_needed;
| ^~~~~~~~~~~~~
vim +/load_root_writable +106 security/loadpin/loadpin.c
96
97 static void report_writable(struct block_device *bdev)
98 {
99 if (bdev) {
100 char name[BDEVNAME_SIZE];
101
102 bdevname(bdev, name);
103 pr_info("%s (%u:%u): %s\n", name,
104 MAJOR(bdev->bd_dev),
105 MINOR(bdev->bd_dev),
> 106 load_root_writable ? "writable" : "read-only");
107 } else {
108 pr_info("pinned filesystem lacks block device, treating as: writable\n");
109 }
110 }
111
112 static void loadpin_sb_free_security(struct super_block *mnt_sb)
113 {
114 /*
115 * When unmounting the filesystem we were using for load
116 * pinning, we acknowledge the superblock release, but make sure
117 * no other modules or firmware can be loaded when we are in
118 * enforcing mode. Otherwise, allow the root to be reestablished.
119 */
120 if (!IS_ERR_OR_NULL(pinned_root) && mnt_sb == pinned_root) {
> 121 if (enforced) {
122 pinned_root = ERR_PTR(-EIO);
123 pr_info("umount pinned fs: refusing further loads\n");
124 } else {
125 pinned_root = NULL;
126 }
127 }
128 }
129
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
Download attachment ".config.gz" of type "application/gzip" (65020 bytes)
Powered by blists - more mailing lists