From: kernel test robot <lkp@intel.com>
To: Fan Wu <wufan@linux.microsoft.com>
Cc: oe-kbuild-all@lists.linux.dev
Subject: Re: [RFC PATCH v12 04/20] ipe: add LSM hooks on execution and kernel read
Date: Fri, 2 Feb 2024 22:47:41 +0800 [thread overview]
Message-ID: <202402022217.BvClYUqt-lkp@intel.com> (raw)
In-Reply-To: <1706654228-17180-5-git-send-email-wufan@linux.microsoft.com>
Hi Fan,
[This is a private test report for your RFC patch.]
kernel test robot noticed the following build warnings:
[auto build test WARNING on axboe-block/for-next]
[also build test WARNING on lwn/docs-next linus/master v6.8-rc2 next-20240202]
[cannot apply to device-mapper-dm/for-next]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Fan-Wu/security-add-ipe-lsm/20240131-064224
base: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git for-next
patch link: https://lore.kernel.org/r/1706654228-17180-5-git-send-email-wufan%40linux.microsoft.com
patch subject: [RFC PATCH v12 04/20] ipe: add LSM hooks on execution and kernel read
config: loongarch-allmodconfig (https://download.01.org/0day-ci/archive/20240202/202402022217.BvClYUqt-lkp@intel.com/config)
compiler: loongarch64-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240202/202402022217.BvClYUqt-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202402022217.BvClYUqt-lkp@intel.com/
All warnings (new ones prefixed by >>):
>> security/ipe/hooks.c:51: warning: Function parameter or struct member '__always_unused' not described in 'ipe_mmap_file'
security/ipe/hooks.c:51: warning: Excess function parameter 'reqprot' description in 'ipe_mmap_file'
>> security/ipe/hooks.c:79: warning: Function parameter or struct member '__always_unused' not described in 'ipe_file_mprotect'
security/ipe/hooks.c:79: warning: Excess function parameter 'reqprot' description in 'ipe_file_mprotect'
vim +51 security/ipe/hooks.c
33
34 /**
35 * ipe_mmap_file - ipe security hook function for mmap check.
36 * @f: File being mmap'd. Can be NULL in the case of anonymous memory.
37 * @reqprot: The requested protection on the mmap, passed from usermode.
38 * @prot: The effective protection on the mmap, resolved from reqprot and
39 * system configuration.
40 * @flags: Unused.
41 *
42 * This hook is called when a file is loaded through the mmap
43 * family of system calls.
44 *
45 * Return:
46 * * 0 - OK
47 * * !0 - Error
48 */
49 int ipe_mmap_file(struct file *f, unsigned long reqprot __always_unused,
50 unsigned long prot, unsigned long flags)
> 51 {
52 struct ipe_eval_ctx ctx = IPE_EVAL_CTX_INIT;
53
54 if (prot & PROT_EXEC) {
55 build_eval_ctx(&ctx, f, IPE_OP_EXEC);
56 return ipe_evaluate_event(&ctx);
57 }
58
59 return 0;
60 }
61
62 /**
63 * ipe_file_mprotect - ipe security hook function for mprotect check.
64 * @vma: Existing virtual memory area created by mmap or similar.
65 * @reqprot: The requested protection on the mmap, passed from usermode.
66 * @prot: The effective protection on the mmap, resolved from reqprot and
67 * system configuration.
68 *
69 * This LSM hook is called when a mmap'd region of memory is changing
70 * its protections via mprotect.
71 *
72 * Return:
73 * * 0 - OK
74 * * !0 - Error
75 */
76 int ipe_file_mprotect(struct vm_area_struct *vma,
77 unsigned long reqprot __always_unused,
78 unsigned long prot)
> 79 {
80 struct ipe_eval_ctx ctx = IPE_EVAL_CTX_INIT;
81
82 /* Already Executable */
83 if (vma->vm_flags & VM_EXEC)
84 return 0;
85
86 if (prot & PROT_EXEC) {
87 build_eval_ctx(&ctx, vma->vm_file, IPE_OP_EXEC);
88 return ipe_evaluate_event(&ctx);
89 }
90
91 return 0;
92 }
93
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next prev parent reply other threads:[~2024-02-02 14:48 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-30 22:36 [RFC PATCH v12 00/20] Integrity Policy Enforcement LSM (IPE) Fan Wu
2024-01-30 22:36 ` [RFC PATCH v12 01/20] security: add ipe lsm Fan Wu
2024-01-30 22:36 ` [RFC PATCH v12 02/20] ipe: add policy parser Fan Wu
2024-01-30 22:36 ` [RFC PATCH v12 03/20] ipe: add evaluation loop Fan Wu
2024-01-30 22:36 ` [RFC PATCH v12 04/20] ipe: add LSM hooks on execution and kernel read Fan Wu
2024-02-02 14:47 ` kernel test robot [this message]
2024-01-30 22:36 ` [RFC PATCH v12 05/20] initramfs|security: Add security hook to initramfs unpack Fan Wu
2024-02-03 22:25 ` [PATCH RFC v12 5/20] " Paul Moore
2024-02-05 21:18 ` Fan Wu
2024-01-30 22:36 ` [RFC PATCH v12 06/20] ipe: introduce 'boot_verified' as a trust provider Fan Wu
2024-02-03 22:25 ` [PATCH RFC v12 6/20] " Paul Moore
2024-02-05 22:39 ` Fan Wu
2024-01-30 22:36 ` [RFC PATCH v12 07/20] security: add new securityfs delete function Fan Wu
2024-01-30 22:36 ` [RFC PATCH v12 08/20] ipe: add userspace interface Fan Wu
2024-02-03 22:25 ` [PATCH RFC v12 8/20] " Paul Moore
2024-02-05 23:01 ` Fan Wu
2024-02-05 23:10 ` Paul Moore
2024-02-05 23:21 ` Fan Wu
2024-01-30 22:36 ` [RFC PATCH v12 09/20] uapi|audit|ipe: add ipe auditing support Fan Wu
2024-02-03 22:25 ` [PATCH RFC v12 9/20] " Paul Moore
2024-01-30 22:36 ` [RFC PATCH v12 10/20] ipe: add permissive toggle Fan Wu
2024-02-03 22:25 ` [PATCH RFC " Paul Moore
2024-01-30 22:36 ` [RFC PATCH v12 11/20] block|security: add LSM blob to block_device Fan Wu
2024-01-30 22:37 ` [RFC PATCH v12 12/20] dm verity: set DM_TARGET_SINGLETON feature flag Fan Wu
2024-02-02 18:51 ` Mike Snitzer
2024-02-03 3:56 ` Fan Wu
2024-01-30 22:37 ` [RFC PATCH v12 13/20] dm: add finalize hook to target_type Fan Wu
2024-01-30 22:37 ` [RFC PATCH v12 14/20] dm verity: consume root hash digest and signature data via LSM hook Fan Wu
2024-01-30 22:37 ` [RFC PATCH v12 15/20] ipe: add support for dm-verity as a trust provider Fan Wu
2024-02-03 22:25 ` [PATCH RFC " Paul Moore
2024-02-05 23:11 ` Fan Wu
2024-02-06 21:53 ` Paul Moore
2024-01-30 22:37 ` [RFC PATCH v12 16/20] fsverity: consume builtin signature via LSM hook Fan Wu
2024-01-30 22:37 ` [RFC PATCH v12 17/20] ipe: enable support for fs-verity as a trust provider Fan Wu
2024-02-03 22:25 ` [PATCH RFC " Paul Moore
2024-01-30 22:37 ` [RFC PATCH v12 18/20] scripts: add boot policy generation program Fan Wu
2024-01-30 22:37 ` [RFC PATCH v12 19/20] ipe: kunit test for parser Fan Wu
2024-01-30 22:37 ` [RFC PATCH v12 20/20] documentation: add ipe documentation Fan Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202402022217.BvClYUqt-lkp@intel.com \
--to=lkp@intel.com \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=wufan@linux.microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.