All of lore.kernel.org
 help / color / mirror / Atom feed
* [mic:next 25/36] security/landlock/syscalls.c:482:22: warning: variable 'log_new_exec' set but not used
@ 2025-03-21 22:39 kernel test robot
  0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2025-03-21 22:39 UTC (permalink / raw)
  To: Mickaël Salaün; +Cc: oe-kbuild-all

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git next
head:   b93810652d504e23b545dceefe1513bb70858737
commit: 161686d8d3ec0029fc4dd6d36fe4cdf318d72158 [25/36] landlock: Add LANDLOCK_RESTRICT_SELF_LOG_*_EXEC_* flags
config: arc-randconfig-001-20250322 (https://download.01.org/0day-ci/archive/20250322/202503220604.1FlfJaWA-lkp@intel.com/config)
compiler: arc-linux-gcc (GCC) 10.5.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250322/202503220604.1FlfJaWA-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202503220604.1FlfJaWA-lkp@intel.com/

All warnings (new ones prefixed by >>):

   security/landlock/syscalls.c: In function '__do_sys_landlock_restrict_self':
>> security/landlock/syscalls.c:482:22: warning: variable 'log_new_exec' set but not used [-Wunused-but-set-variable]
     482 |  bool log_same_exec, log_new_exec;
         |                      ^~~~~~~~~~~~
   security/landlock/syscalls.c:482:7: warning: variable 'log_same_exec' set but not used [-Wunused-but-set-variable]
     482 |  bool log_same_exec, log_new_exec;
         |       ^~~~~~~~~~~~~


vim +/log_new_exec +482 security/landlock/syscalls.c

   448	
   449	/**
   450	 * sys_landlock_restrict_self - Enforce a ruleset on the calling thread
   451	 *
   452	 * @ruleset_fd: File descriptor tied to the ruleset to merge with the target.
   453	 * @flags: Supported values:
   454	 *
   455	 * - %LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF
   456	 * - %LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON
   457	 *
   458	 * This system call enables to enforce a Landlock ruleset on the current
   459	 * thread.  Enforcing a ruleset requires that the task has %CAP_SYS_ADMIN in its
   460	 * namespace or is running with no_new_privs.  This avoids scenarios where
   461	 * unprivileged tasks can affect the behavior of privileged children.
   462	 *
   463	 * Possible returned errors are:
   464	 *
   465	 * - %EOPNOTSUPP: Landlock is supported by the kernel but disabled at boot time;
   466	 * - %EINVAL: @flags contains an unknown bit.
   467	 * - %EBADF: @ruleset_fd is not a file descriptor for the current thread;
   468	 * - %EBADFD: @ruleset_fd is not a ruleset file descriptor;
   469	 * - %EPERM: @ruleset_fd has no read access to the underlying ruleset, or the
   470	 *   current thread is not running with no_new_privs, or it doesn't have
   471	 *   %CAP_SYS_ADMIN in its namespace.
   472	 * - %E2BIG: The maximum number of stacked rulesets is reached for the current
   473	 *   thread.
   474	 */
   475	SYSCALL_DEFINE2(landlock_restrict_self, const int, ruleset_fd, const __u32,
   476			flags)
   477	{
   478		struct landlock_ruleset *new_dom,
   479			*ruleset __free(landlock_put_ruleset) = NULL;
   480		struct cred *new_cred;
   481		struct landlock_cred_security *new_llcred;
 > 482		bool log_same_exec, log_new_exec;
   483	
   484		if (!is_initialized())
   485			return -EOPNOTSUPP;
   486	
   487		/*
   488		 * Similar checks as for seccomp(2), except that an -EPERM may be
   489		 * returned.
   490		 */
   491		if (!task_no_new_privs(current) &&
   492		    !ns_capable_noaudit(current_user_ns(), CAP_SYS_ADMIN))
   493			return -EPERM;
   494	
   495		if ((flags | LANDLOCK_MASK_RESTRICT_SELF) !=
   496		    LANDLOCK_MASK_RESTRICT_SELF)
   497			return -EINVAL;
   498	
   499		/* Translates "off" flag to boolean. */
   500		log_same_exec = !(flags & LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF);
   501		/* Translates "on" flag to boolean. */
   502		log_new_exec = !!(flags & LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON);
   503	
   504		/* Gets and checks the ruleset. */
   505		ruleset = get_ruleset_from_fd(ruleset_fd, FMODE_CAN_READ);
   506		if (IS_ERR(ruleset))
   507			return PTR_ERR(ruleset);
   508	
   509		/* Prepares new credentials. */
   510		new_cred = prepare_creds();
   511		if (!new_cred)
   512			return -ENOMEM;
   513	
   514		new_llcred = landlock_cred(new_cred);
   515	
   516		/*
   517		 * There is no possible race condition while copying and manipulating
   518		 * the current credentials because they are dedicated per thread.
   519		 */
   520		new_dom = landlock_merge_ruleset(new_llcred->domain, ruleset);
   521		if (IS_ERR(new_dom)) {
   522			abort_creds(new_cred);
   523			return PTR_ERR(new_dom);
   524		}
   525	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2025-03-21 22:40 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-03-21 22:39 [mic:next 25/36] security/landlock/syscalls.c:482:22: warning: variable 'log_new_exec' set but not used kernel test robot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.