Re: [PATCH v37 18/33] LSM: Use lsmcontext in security_dentry_init_security

From: kernel test robot <lkp@intel.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
	casey.schaufler@intel.com, jmorris@namei.org,
	linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: john.johansen@canonical.com, kbuild-all@lists.01.org,
	linux-kernel@vger.kernel.org, linux-audit@redhat.com
Subject: Re: [PATCH v37 18/33] LSM: Use lsmcontext in security_dentry_init_security
Date: Tue, 28 Jun 2022 13:36:55 +0800	[thread overview]
Message-ID: <202206281302.ApiPUdom-lkp@intel.com> (raw)
In-Reply-To: <20220628005611.13106-19-casey@schaufler-ca.com>

Hi Casey,

I love your patch! Perhaps something to improve:

[auto build test WARNING on pcmoore-audit/next]
[also build test WARNING on pcmoore-selinux/next linus/master v5.19-rc4 next-20220627]
[cannot apply to jmorris-security/next-testing]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220628-095614
base:   https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
config: i386-defconfig (https://download.01.org/0day-ci/archive/20220628/202206281302.ApiPUdom-lkp@intel.com/config)
compiler: gcc-11 (Debian 11.3.0-3) 11.3.0
reproduce (this is a W=1 build):
        # https://github.com/intel-lab-lkp/linux/commit/c930a07cebde69363d3633fba8bd4cac46dd1520
        git remote add linux-review https://github.com/intel-lab-lkp/linux
        git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220628-095614
        git checkout c930a07cebde69363d3633fba8bd4cac46dd1520
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        make W=1 O=build_dir ARCH=i386 SHELL=/bin/bash

If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>

All warnings (new ones prefixed by >>):

   security/security.c: In function 'security_setprocattr':
>> security/security.c:2285:21: warning: variable 'slotname' set but not used [-Wunused-but-set-variable]
    2285 |         const char *slotname;
         |                     ^~~~~~~~

vim +/slotname +2285 security/security.c

  2266	
  2267	/**
  2268	 * security_setprocattr - Set process attributes via /proc
  2269	 * @lsm: name of module involved, or NULL
  2270	 * @name: name of the attribute
  2271	 * @value: value to set the attribute to
  2272	 * @size: size of the value
  2273	 *
  2274	 * Set the process attribute for the specified security module
  2275	 * to the specified value. Note that this can only be used to set
  2276	 * the process attributes for the current, or "self" process.
  2277	 * The /proc code has already done this check.
  2278	 *
  2279	 * Returns 0 on success, an appropriate code otherwise.
  2280	 */
  2281	int security_setprocattr(const char *lsm, const char *name, void *value,
  2282				 size_t size)
  2283	{
  2284		struct security_hook_list *hp;
> 2285		const char *slotname;
  2286		char *termed;
  2287		char *copy;
  2288		int *ilsm = current->security;
  2289		int rc = -EINVAL;
  2290		int slot = 0;
  2291	
  2292		if (!strcmp(name, "interface_lsm")) {
  2293			/*
  2294			 * Change the "interface_lsm" value only if all the security
  2295			 * modules that support setting a procattr allow it.
  2296			 * It is assumed that all such security modules will be
  2297			 * cooperative.
  2298			 */
  2299			if (size == 0)
  2300				return -EINVAL;
  2301	
  2302			hlist_for_each_entry(hp, &security_hook_heads.setprocattr,
  2303					     list) {
  2304				rc = hp->hook.setprocattr(name, value, size);
  2305				if (rc < 0 && rc != LSM_RET_DEFAULT(setprocattr))
  2306					return rc;
  2307			}
  2308	
  2309			rc = -EINVAL;
  2310	
  2311			copy = kmemdup_nul(value, size, GFP_KERNEL);
  2312			if (copy == NULL)
  2313				return -ENOMEM;
  2314	
  2315			termed = strsep(&copy, " \n");
  2316	
  2317			for (slot = 0; slot < lsm_slot; slot++) {
  2318				slotname = lsm_slot_to_name(slot);
  2319				if (!strcmp(termed, lsm_slotlist[slot]->lsm)) {
  2320					*ilsm = slot;
  2321					rc = size;
  2322					break;
  2323				}
  2324			}
  2325	
  2326			kfree(termed);
  2327			return rc;
  2328		}
  2329	
  2330		hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) {
  2331			if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm))
  2332				continue;
  2333			if (lsm == NULL && *ilsm != LSMBLOB_INVALID &&
  2334			    *ilsm != hp->lsmid->slot)
  2335				continue;
  2336			return hp->hook.setprocattr(name, value, size);
  2337		}
  2338		return LSM_RET_DEFAULT(setprocattr);
  2339	}
  2340	

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

--
Linux-audit mailing list
Linux-audit@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-audit