lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <ea11fea30810291127h3d5ade4btcd3b327863e7b210@mail.gmail.com>
Date:	Wed, 29 Oct 2008 23:57:44 +0530
From:	"Manish Katiyar" <mkatiyar@...il.com>
To:	"Paul Moore" <paul.moore@...com>, netdev@...r.kernel.org,
	kernel-janitors@...r.kernel.org
Cc:	mkatiyar@...il.com
Subject: Re: [PATCH] : Fix compilation warnings in net/netlabel/netlabel_addrlist.c

On Wed, Oct 29, 2008 at 9:05 PM, Paul Moore <paul.moore@...com> wrote:
> On Wednesday 29 October 2008 11:18:36 am you wrote:
>> On Wed, Oct 29, 2008 at 7:19 PM, Paul Moore <paul.moore@...com> wrote:
>> > On Wednesday 29 October 2008 4:06:09 am Manish Katiyar wrote:
>> >> Below patch fixes the following warning.
>> >> net/netlabel/netlabel_addrlist.c:335: warning: unused variable
>> >> 'dir' net/netlabel/netlabel_addrlist.c:369: warning: unused
>> >> variable 'dir'
>> >>
>> >>
>> >> Signed-off-by: Manish Katiyar <mkatiyar@...il.com>
>> >
>> > Hi Manish,
>> >
>> > Good catch, I ran compile tests with different
>> > SECURITY/NETLABEL/IPV6 options enabled/disabled but forgot about
>> > AUDIT.  I appreciate your help finding this and submitting a
>> > possible solution but I think the better approach would be to
>> > conditionally compile out the
>> > netlbl_af{4,6}list_audit_addr() functions similarly to what we do
>> > with several of the NetLabel kernel API functions in
>> > include/net/netlabel.h, see netlbl_enabled() for a simple example.
>>
>> Hi Paul,
>>
>> Thanks a lot. I didn't understand your suggestion, but this is also
>> the first time I am looking in net directory :-).
>
> There is a first time for everything :)
>
>> Even if you compile
>> netlbl_af{4,6}list_audit_add conditionally based on CONFIG_IPV6 and
>> others, you still need to have CONFIG_AUDIT for audit_log_format().
>> Isn't it ??
>
> Yes, but the idea is to conditionally compile the
> netlbl_af{4,6}list_audit_add() functions based on CONFIG_AUDIT.  Below
> is a simple example using myfunc():
>
> In the source file you define the function:
>
>  void myfunc(int myarg)
>  {
>        /* bunch of audit stuff */
>  }
>
> In the header file you have a conditional prototype declaration:
>
>  #ifdef CONFIG_AUDIT
>  void myfunc(int myarg);
>  #else
>  static inline void myfunc(int myarg)
>  {
>        return;
>  }
>  #endif
>
> This way the code compiles correctly regardless of if CONFIG_AUDIT is
> defined and has the benefit of not including unnecessary code in the
> kernel binary.

Hi Paul,

Does this look better ?? Appreciate your help. Patch compile tested.

Enable netlabel auditing functions only when CONFIG_AUDIT is set

Signed-off-by: Manish Katiyar <mkatiyar@...il.com>
---
 net/netlabel/netlabel_addrlist.c |    2 ++
 net/netlabel/netlabel_addrlist.h |   20 ++++++++++++++++++++
 2 files changed, 22 insertions(+), 0 deletions(-)

diff --git a/net/netlabel/netlabel_addrlist.c b/net/netlabel/netlabel_addrlist.c
index b0925a3..830afef 100644
--- a/net/netlabel/netlabel_addrlist.c
+++ b/net/netlabel/netlabel_addrlist.c
@@ -311,6 +311,7 @@ struct netlbl_af6list *netlbl_af6list_remove(const
struct in6_addr *addr,
 }
 #endif /* IPv6 */

+#ifdef CONFIG_AUDIT
 /*
  * Audit Helper Functions
  */
@@ -386,3 +387,4 @@ void netlbl_af6list_audit_addr(struct audit_buffer
*audit_buf,
 	}
 }
 #endif /* IPv6 */
+#endif /* CONFIG_AUDIT */
diff --git a/net/netlabel/netlabel_addrlist.h b/net/netlabel/netlabel_addrlist.h
index 0242bea..7fa730a 100644
--- a/net/netlabel/netlabel_addrlist.h
+++ b/net/netlabel/netlabel_addrlist.h
@@ -120,9 +120,18 @@ struct netlbl_af4list *netlbl_af4list_search(__be32 addr,
 struct netlbl_af4list *netlbl_af4list_search_exact(__be32 addr,
 						   __be32 mask,
 						   struct list_head *head);
+
+#ifdef CONFIG_AUDIT
 void netlbl_af4list_audit_addr(struct audit_buffer *audit_buf,
 			       int src, const char *dev,
 			       __be32 addr, __be32 mask);
+#else
+static inline void netlbl_af4list_audit_addr(struct audit_buffer *audit_buf,
+			       int src, const char *dev,
+			       __be32 addr, __be32 mask) {
+	return;
+}
+#endif

 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)

@@ -179,11 +188,22 @@ struct netlbl_af6list
*netlbl_af6list_search(const struct in6_addr *addr,
 struct netlbl_af6list *netlbl_af6list_search_exact(const struct in6_addr *addr,
 						   const struct in6_addr *mask,
 						   struct list_head *head);
+
+#ifdef CONFIG_AUDIT
 void netlbl_af6list_audit_addr(struct audit_buffer *audit_buf,
 			       int src,
 			       const char *dev,
 			       const struct in6_addr *addr,
 			       const struct in6_addr *mask);
+#else
+static inline void netlbl_af6list_audit_addr(struct audit_buffer *audit_buf,
+			       int src,
+			       const char *dev,
+			       const struct in6_addr *addr,
+			       const struct in6_addr *mask) {
+	return;
+}
+#endif
 #endif /* IPV6 */

 #endif
-- 
1.5.4.3

Thanks -
Manish


>
>> > If you have the time to revise this patch that would be great, just
>> > CC me on the posting and I'll look it over.
>>
>> Since this is not my area of expertise, I would rather not like to
>> introduce more bugs in kernel. But yes I can try my best to learn and
>> try to fix it if you are willing to lend a helping hand (which might
>> be iterative and irritating for you due to my stupid questions).
>
> I'm more than happy to help but all I ask is that we keep the discussion
> on the mailing lists so that others could benefit from the discussion.
> However, if this isn't something you are comfortable with just let me
> know.
>
> --
> paul moore
> linux @ hp
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ