From: kernel test robot <lkp@intel.com>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: llvm@lists.linux.dev, oe-kbuild-all@lists.linux.dev,
linux-integrity@vger.kernel.org
Subject: [zohar-integrity:next-integrity.ima-sigv3-support-1 13/15] security/integrity/evm/evm_main.c:270:6: error: too many arguments to function call, expected 5, have 6
Date: Tue, 17 Mar 2026 17:16:25 +0800 [thread overview]
Message-ID: <202603171719.U8qaT87C-lkp@intel.com> (raw)
tree: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity.ima-sigv3-support-1
head: 9037cd4a36eb9554fb5968a4c1a990d44843190b
commit: d45011bbc88d112e7eea4dbb9a1b3b0081d0b30a [13/15] ima: Define asymmetric_verify_v3() to verify IMA sigv3 signatures
config: i386-buildonly-randconfig-005-20260317 (https://download.01.org/0day-ci/archive/20260317/202603171719.U8qaT87C-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260317/202603171719.U8qaT87C-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202603171719.U8qaT87C-lkp@intel.com/
All errors (new ones prefixed by >>):
>> security/integrity/evm/evm_main.c:270:6: error: too many arguments to function call, expected 5, have 6
267 | rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM,
| ~~~~~~~~~~~~~~~~~~~~~~~
268 | (const char *)xattr_data, xattr_len,
269 | digest.digest, digest.hdr.length,
270 | digest.hdr.algo);
| ^~~~~~~~~~~~~~~
security/integrity/evm/../integrity.h:143:19: note: 'integrity_digsig_verify' declared here
143 | static inline int integrity_digsig_verify(const unsigned int id,
| ^ ~~~~~~~~~~~~~~~~~~~~~~
144 | const char *sig, int siglen,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
145 | const char *digest, int digestlen)
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
vim +270 security/integrity/evm/evm_main.c
172
173 /*
174 * evm_verify_hmac - calculate and compare the HMAC with the EVM xattr
175 *
176 * Compute the HMAC on the dentry's protected set of extended attributes
177 * and compare it against the stored security.evm xattr.
178 *
179 * For performance:
180 * - use the previously retrieved xattr value and length to calculate the
181 * HMAC.)
182 * - cache the verification result in the iint, when available.
183 *
184 * Returns integrity status
185 */
186 static enum integrity_status evm_verify_hmac(struct dentry *dentry,
187 const char *xattr_name,
188 char *xattr_value,
189 size_t xattr_value_len)
190 {
191 struct evm_ima_xattr_data *xattr_data = NULL;
192 struct signature_v2_hdr *hdr;
193 enum integrity_status evm_status = INTEGRITY_PASS;
194 struct evm_digest digest;
195 struct inode *inode = d_backing_inode(dentry);
196 struct evm_iint_cache *iint = evm_iint_inode(inode);
197 int rc, xattr_len, evm_immutable = 0;
198
199 if (iint && (iint->evm_status == INTEGRITY_PASS ||
200 iint->evm_status == INTEGRITY_PASS_IMMUTABLE))
201 return iint->evm_status;
202
203 /*
204 * On unsupported filesystems without EVM_INIT_X509 enabled, skip
205 * signature verification.
206 */
207 if (!(evm_initialized & EVM_INIT_X509) &&
208 is_unsupported_hmac_fs(dentry))
209 return INTEGRITY_UNKNOWN;
210
211 /* if status is not PASS, try to check again - against -ENOMEM */
212
213 /* first need to know the sig type */
214 rc = vfs_getxattr_alloc(&nop_mnt_idmap, dentry, XATTR_NAME_EVM,
215 (char **)&xattr_data, 0, GFP_NOFS);
216 if (rc <= 0) {
217 evm_status = INTEGRITY_FAIL;
218 if (rc == -ENODATA) {
219 rc = evm_find_protected_xattrs(dentry);
220 if (rc > 0)
221 evm_status = INTEGRITY_NOLABEL;
222 else if (rc == 0)
223 evm_status = INTEGRITY_NOXATTRS; /* new file */
224 } else if (rc == -EOPNOTSUPP) {
225 evm_status = INTEGRITY_UNKNOWN;
226 }
227 goto out;
228 }
229
230 xattr_len = rc;
231
232 /* check value type */
233 switch (xattr_data->type) {
234 case EVM_XATTR_HMAC:
235 if (xattr_len != sizeof(struct evm_xattr)) {
236 evm_status = INTEGRITY_FAIL;
237 goto out;
238 }
239
240 digest.hdr.algo = HASH_ALGO_SHA1;
241 rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
242 xattr_value_len, &digest, iint);
243 if (rc)
244 break;
245 rc = crypto_memneq(xattr_data->data, digest.digest,
246 SHA1_DIGEST_SIZE);
247 if (rc)
248 rc = -EINVAL;
249 break;
250 case EVM_XATTR_PORTABLE_DIGSIG:
251 evm_immutable = 1;
252 fallthrough;
253 case EVM_IMA_XATTR_DIGSIG:
254 /* accept xattr with non-empty signature field */
255 if (xattr_len <= sizeof(struct signature_v2_hdr)) {
256 evm_status = INTEGRITY_FAIL;
257 goto out;
258 }
259
260 hdr = (struct signature_v2_hdr *)xattr_data;
261 digest.hdr.algo = hdr->hash_algo;
262 rc = evm_calc_hash(dentry, xattr_name, xattr_value,
263 xattr_value_len, xattr_data->type, &digest,
264 iint);
265 if (rc)
266 break;
267 rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM,
268 (const char *)xattr_data, xattr_len,
269 digest.digest, digest.hdr.length,
> 270 digest.hdr.algo);
271 if (!rc) {
272 if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG) {
273 if (iint)
274 iint->flags |= EVM_IMMUTABLE_DIGSIG;
275 evm_status = INTEGRITY_PASS_IMMUTABLE;
276 } else if (!IS_RDONLY(inode) &&
277 !(inode->i_sb->s_readonly_remount) &&
278 !IS_IMMUTABLE(inode) &&
279 !is_unsupported_hmac_fs(dentry)) {
280 evm_update_evmxattr(dentry, xattr_name,
281 xattr_value,
282 xattr_value_len);
283 }
284 }
285 break;
286 default:
287 rc = -EINVAL;
288 break;
289 }
290
291 if (rc) {
292 if (rc == -ENODATA)
293 evm_status = INTEGRITY_NOXATTRS;
294 else if (evm_immutable)
295 evm_status = INTEGRITY_FAIL_IMMUTABLE;
296 else
297 evm_status = INTEGRITY_FAIL;
298 }
299 pr_debug("digest: (%d) [%*phN]\n", digest.hdr.length, digest.hdr.length,
300 digest.digest);
301 out:
302 if (iint)
303 iint->evm_status = evm_status;
304 kfree(xattr_data);
305 return evm_status;
306 }
307
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2026-03-17 9:17 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202603171719.U8qaT87C-lkp@intel.com \
--to=lkp@intel.com \
--cc=linux-integrity@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox