Re: [PATCH V2] SELinux: Check correct permissions for FS_IOC32_*

All of lore.kernel.org
 help / color / mirror / Atom feed

From: kernel test robot <lkp@intel.com>
To: Alfred Piccioni <alpic@google.com>,
	Paul Moore <paul@paul-moore.com>,
	Stephen Smalley <stephen.smalley.work@gmail.com>,
	Eric Paris <eparis@parisplace.org>
Cc: oe-kbuild-all@lists.linux.dev, stable@vger.kernel.org,
	selinux@vger.kernel.org, linux-kernel@vger.kernel.org,
	Alfred Piccioni <alpic@google.com>
Subject: Re: [PATCH V2] SELinux: Check correct permissions for FS_IOC32_*
Date: Sat, 9 Sep 2023 06:54:07 +0800	[thread overview]
Message-ID: <202309090600.NSyo7d2q-lkp@intel.com> (raw)
In-Reply-To: <20230906115928.3749928-1-alpic@google.com>

Hi Alfred,

kernel test robot noticed the following build errors:

[auto build test ERROR on 50a510a78287c15cee644f345ef8bac8977986a7]

url:    https://github.com/intel-lab-lkp/linux/commits/Alfred-Piccioni/SELinux-Check-correct-permissions-for-FS_IOC32_/20230906-200131
base:   50a510a78287c15cee644f345ef8bac8977986a7
patch link:    https://lore.kernel.org/r/20230906115928.3749928-1-alpic%40google.com
patch subject: [PATCH V2] SELinux: Check correct permissions for FS_IOC32_*
config: i386-debian-10.3 (https://download.01.org/0day-ci/archive/20230909/202309090600.NSyo7d2q-lkp@intel.com/config)
compiler: gcc-12 (Debian 12.2.0-14) 12.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20230909/202309090600.NSyo7d2q-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202309090600.NSyo7d2q-lkp@intel.com/

All errors (new ones prefixed by >>):

   security/selinux/hooks.c: In function 'selinux_file_ioctl':
>> security/selinux/hooks.c:3647:9: error: duplicate case value
    3647 |         case FS_IOC32_GETFLAGS:
         |         ^~~~
   security/selinux/hooks.c:3645:9: note: previously used here
    3645 |         case FS_IOC_GETFLAGS:
         |         ^~~~
   security/selinux/hooks.c:3648:9: error: duplicate case value
    3648 |         case FS_IOC32_GETVERSION:
         |         ^~~~
   security/selinux/hooks.c:3646:9: note: previously used here
    3646 |         case FS_IOC_GETVERSION:
         |         ^~~~
   security/selinux/hooks.c:3654:9: error: duplicate case value
    3654 |         case FS_IOC32_SETFLAGS:
         |         ^~~~
   security/selinux/hooks.c:3652:9: note: previously used here
    3652 |         case FS_IOC_SETFLAGS:
         |         ^~~~
   security/selinux/hooks.c:3655:9: error: duplicate case value
    3655 |         case FS_IOC32_SETVERSION:
         |         ^~~~
   security/selinux/hooks.c:3653:9: note: previously used here
    3653 |         case FS_IOC_SETVERSION:
         |         ^~~~


vim +3647 security/selinux/hooks.c

  3634	
  3635	static int selinux_file_ioctl(struct file *file, unsigned int cmd,
  3636				      unsigned long arg)
  3637	{
  3638		const struct cred *cred = current_cred();
  3639		int error = 0;
  3640	
  3641		switch (cmd) {
  3642		case FIONREAD:
  3643		case FIBMAP:
  3644		case FIGETBSZ:
  3645		case FS_IOC_GETFLAGS:
  3646		case FS_IOC_GETVERSION:
> 3647		case FS_IOC32_GETFLAGS:
  3648		case FS_IOC32_GETVERSION:
  3649			error = file_has_perm(cred, file, FILE__GETATTR);
  3650			break;
  3651	
  3652		case FS_IOC_SETFLAGS:
  3653		case FS_IOC_SETVERSION:
  3654		case FS_IOC32_SETFLAGS:
  3655		case FS_IOC32_SETVERSION:
  3656			error = file_has_perm(cred, file, FILE__SETATTR);
  3657			break;
  3658	
  3659		/* sys_ioctl() checks */
  3660		case FIONBIO:
  3661		case FIOASYNC:
  3662			error = file_has_perm(cred, file, 0);
  3663			break;
  3664	
  3665		case KDSKBENT:
  3666		case KDSKBSENT:
  3667			error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
  3668						    CAP_OPT_NONE, true);
  3669			break;
  3670	
  3671		case FIOCLEX:
  3672		case FIONCLEX:
  3673			if (!selinux_policycap_ioctl_skip_cloexec())
  3674				error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
  3675			break;
  3676	
  3677		/* default case assumes that the command will go
  3678		 * to the file's ioctl() function.
  3679		 */
  3680		default:
  3681			error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
  3682		}
  3683		return error;
  3684	}
  3685	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

next prev parent reply	other threads:[~2023-09-08 22:54 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-06 10:25 [PATCH] SELinux: Check correct permissions for FS_IOC32_* Alfred Piccioni
2023-09-06 10:28 ` kernel test robot
2023-09-06 11:59 ` [PATCH V2] " Alfred Piccioni
2023-09-06 17:49   ` Stephen Smalley
2023-09-08 22:54   ` kernel test robot [this message]
2023-09-11 13:19     ` Stephen Smalley
2023-09-11 13:49       ` Stephen Smalley
2023-09-12  9:00         ` Alfred Piccioni
2023-09-12 12:00           ` Stephen Smalley
2023-09-12 15:46             ` Mickaël Salaün
2023-09-13  3:52       ` Paul Moore
2023-12-18 12:41 ` [PATCH] SELinux: Introduce security_file_ioctl_compat hook Alfred Piccioni
2023-12-18 13:46   ` Stephen Smalley
2023-12-18 13:50     ` Stephen Smalley
2023-12-19  9:09 ` [PATCH] security: new security_file_ioctl_compat() hook Alfred Piccioni
2023-12-19  9:10   ` Alfred Piccioni
2023-12-20 14:38     ` Alfred Piccioni
2023-12-20 15:34     ` Stephen Smalley
2023-12-23 11:15     ` Fwd: " Tetsuo Handa
2023-12-23 14:41     ` Tetsuo Handa
2023-12-20 17:31   ` Stephen Smalley
2023-12-20 18:48   ` Eric Biggers
2023-12-23  1:23   ` Paul Moore
2023-12-23 10:48     ` Tetsuo Handa
2023-12-24 19:58       ` Paul Moore
2023-12-23 15:34     ` Eric Biggers
2023-12-24 20:00       ` Paul Moore
2023-12-24 20:09         ` Paul Moore
2023-12-23 17:54     ` Casey Schaufler
2023-12-24 20:53   ` Paul Moore
2023-12-27  4:43     ` Eric Biggers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202309090600.NSyo7d2q-lkp@intel.com \
    --to=lkp@intel.com \
    --cc=alpic@google.com \
    --cc=eparis@parisplace.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=oe-kbuild-all@lists.linux.dev \
    --cc=paul@paul-moore.com \
    --cc=selinux@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --cc=stephen.smalley.work@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.