* [PATCH] ima: fix part_pack_uuid() build error
@ 2013-02-22 19:46 Mimi Zohar
2013-02-22 20:35 ` David Rientjes
2013-02-22 21:20 ` Randy Dunlap
0 siblings, 2 replies; 4+ messages in thread
From: Mimi Zohar @ 2013-02-22 19:46 UTC (permalink / raw)
To: Randy Dunlap, David Rientjes
Cc: James Morris, linux-security-module, linux-kernel, linux-next,
Dmitry Kasatkin
Fix a build error when CONFIG_BLOCK is not enabled by defining
a wrapper called ima_part_pack_uuid(). The wrapper returns
-EINVAL, when CONFIG_BLOCK is not defined.
security/integrity/ima/ima_policy.c:538:4: error: implicit declaration
of function 'part_pack_uuid' [-Werror=implicit-function-declaration]
Changelog v0:
- fix UUID scripts/Lindent msgs
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: David Rientjes <rientjes@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
---
security/integrity/ima/ima.h | 13 +++++++++++++
security/integrity/ima/ima_policy.c | 11 ++++++-----
2 files changed, 19 insertions(+), 5 deletions(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index a41c9c1..902c356 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -21,6 +21,7 @@
#include <linux/crypto.h>
#include <linux/security.h>
#include <linux/hash.h>
+#include <linux/genhd.h>
#include <linux/tpm.h>
#include <linux/audit.h>
@@ -199,4 +200,16 @@ static inline int security_filter_rule_match(u32 secid, u32 field, u32 op,
return -EINVAL;
}
#endif /* CONFIG_IMA_LSM_RULES */
+
+/* UUID policy option requires CONFIG_BLOCK */
+#ifdef CONFIG_BLOCK
+static inline int ima_part_pack_uuid(const u8 *uuid_str, u8 *to) {
+ part_pack_uuid(uuid_str, to);
+ return 0;
+}
+#else
+static inline int ima_part_pack_uuid(const u8 *uuid_str, u8 *to) {
+ return -EINVAL;
+}
+#endif
#endif
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index b27535a..41b7f48 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -176,7 +176,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
&& rule->fsmagic != inode->i_sb->s_magic)
return false;
if ((rule->flags & IMA_FSUUID) &&
- memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid)))
+ memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid)))
return false;
if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid))
return false;
@@ -530,14 +530,15 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
ima_log_string(ab, "fsuuid", args[0].from);
if (memchr_inv(entry->fsuuid, 0x00,
- sizeof(entry->fsuuid))) {
+ sizeof(entry->fsuuid))) {
result = -EINVAL;
break;
}
- part_pack_uuid(args[0].from, entry->fsuuid);
- entry->flags |= IMA_FSUUID;
- result = 0;
+ result = ima_part_pack_uuid(args[0].from,
+ entry->fsuuid);
+ if (!result)
+ entry->flags |= IMA_FSUUID;
break;
case Opt_uid:
ima_log_string(ab, "uid", args[0].from);
--
1.8.1.rc3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] ima: fix part_pack_uuid() build error
2013-02-22 19:46 [PATCH] ima: fix part_pack_uuid() build error Mimi Zohar
@ 2013-02-22 20:35 ` David Rientjes
2013-02-22 21:20 ` Randy Dunlap
1 sibling, 0 replies; 4+ messages in thread
From: David Rientjes @ 2013-02-22 20:35 UTC (permalink / raw)
To: Mimi Zohar
Cc: Randy Dunlap, James Morris, linux-security-module, linux-kernel,
linux-next, Dmitry Kasatkin
On Fri, 22 Feb 2013, Mimi Zohar wrote:
> Fix a build error when CONFIG_BLOCK is not enabled by defining
> a wrapper called ima_part_pack_uuid(). The wrapper returns
> -EINVAL, when CONFIG_BLOCK is not defined.
>
> security/integrity/ima/ima_policy.c:538:4: error: implicit declaration
> of function 'part_pack_uuid' [-Werror=implicit-function-declaration]
>
> Changelog v0:
> - fix UUID scripts/Lindent msgs
>
> Reported-by: Randy Dunlap <rdunlap@infradead.org>
> Reported-by: David Rientjes <rientjes@google.com>
> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Except for the scripts/checkpatch.pl warnings for this patch, it looks
better and fixes the build error. The build breakage has now made it to
Linus' tree, so this will hopefully be pushed to him before rc1.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] ima: fix part_pack_uuid() build error
2013-02-22 19:46 [PATCH] ima: fix part_pack_uuid() build error Mimi Zohar
2013-02-22 20:35 ` David Rientjes
@ 2013-02-22 21:20 ` Randy Dunlap
2013-02-24 15:15 ` Mimi Zohar
1 sibling, 1 reply; 4+ messages in thread
From: Randy Dunlap @ 2013-02-22 21:20 UTC (permalink / raw)
To: Mimi Zohar
Cc: David Rientjes, James Morris, linux-security-module, linux-kernel,
linux-next, Dmitry Kasatkin
On 02/22/13 11:46, Mimi Zohar wrote:
> Fix a build error when CONFIG_BLOCK is not enabled by defining
> a wrapper called ima_part_pack_uuid(). The wrapper returns
> -EINVAL, when CONFIG_BLOCK is not defined.
Some function wrapper for the case of BLOCK not enabled should be handled
where the function is defined, not where it is called.
That's how it is usually done in Linux.
> security/integrity/ima/ima_policy.c:538:4: error: implicit declaration
> of function 'part_pack_uuid' [-Werror=implicit-function-declaration]
>
> Changelog v0:
> - fix UUID scripts/Lindent msgs
>
> Reported-by: Randy Dunlap <rdunlap@infradead.org>
> Reported-by: David Rientjes <rientjes@google.com>
> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> ---
> security/integrity/ima/ima.h | 13 +++++++++++++
> security/integrity/ima/ima_policy.c | 11 ++++++-----
> 2 files changed, 19 insertions(+), 5 deletions(-)
>
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index a41c9c1..902c356 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -21,6 +21,7 @@
> #include <linux/crypto.h>
> #include <linux/security.h>
> #include <linux/hash.h>
> +#include <linux/genhd.h>
> #include <linux/tpm.h>
> #include <linux/audit.h>
>
> @@ -199,4 +200,16 @@ static inline int security_filter_rule_match(u32 secid, u32 field, u32 op,
> return -EINVAL;
> }
> #endif /* CONFIG_IMA_LSM_RULES */
> +
> +/* UUID policy option requires CONFIG_BLOCK */
> +#ifdef CONFIG_BLOCK
> +static inline int ima_part_pack_uuid(const u8 *uuid_str, u8 *to) {
> + part_pack_uuid(uuid_str, to);
> + return 0;
> +}
> +#else
> +static inline int ima_part_pack_uuid(const u8 *uuid_str, u8 *to) {
> + return -EINVAL;
> +}
> +#endif
> #endif
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index b27535a..41b7f48 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -176,7 +176,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
> && rule->fsmagic != inode->i_sb->s_magic)
> return false;
> if ((rule->flags & IMA_FSUUID) &&
> - memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid)))
> + memcmp(rule->fsuuid, inode->i_sb->s_uuid, sizeof(rule->fsuuid)))
> return false;
> if ((rule->flags & IMA_UID) && !uid_eq(rule->uid, cred->uid))
> return false;
> @@ -530,14 +530,15 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry)
> ima_log_string(ab, "fsuuid", args[0].from);
>
> if (memchr_inv(entry->fsuuid, 0x00,
> - sizeof(entry->fsuuid))) {
> + sizeof(entry->fsuuid))) {
> result = -EINVAL;
> break;
> }
>
> - part_pack_uuid(args[0].from, entry->fsuuid);
> - entry->flags |= IMA_FSUUID;
> - result = 0;
> + result = ima_part_pack_uuid(args[0].from,
> + entry->fsuuid);
> + if (!result)
> + entry->flags |= IMA_FSUUID;
> break;
> case Opt_uid:
> ima_log_string(ab, "uid", args[0].from);
>
--
~Randy
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] ima: fix part_pack_uuid() build error
2013-02-22 21:20 ` Randy Dunlap
@ 2013-02-24 15:15 ` Mimi Zohar
0 siblings, 0 replies; 4+ messages in thread
From: Mimi Zohar @ 2013-02-24 15:15 UTC (permalink / raw)
To: Randy Dunlap
Cc: David Rientjes, James Morris, linux-security-module, linux-kernel,
linux-next, Dmitry Kasatkin, axboe
On Fri, 2013-02-22 at 13:20 -0800, Randy Dunlap wrote:
> On 02/22/13 11:46, Mimi Zohar wrote:
> > Fix a build error when CONFIG_BLOCK is not enabled by defining
> > a wrapper called ima_part_pack_uuid(). The wrapper returns
> > -EINVAL, when CONFIG_BLOCK is not defined.
>
> Some function wrapper for the case of BLOCK not enabled should be handled
> where the function is defined, not where it is called.
> That's how it is usually done in Linux.
Ok, I've renamed the wrapper from ima_part_pack_uuid() to
blk_part_pack_uuid() and moved it to linux/genhd.h
thanks,
Mimi
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-02-24 15:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-02-22 19:46 [PATCH] ima: fix part_pack_uuid() build error Mimi Zohar
2013-02-22 20:35 ` David Rientjes
2013-02-22 21:20 ` Randy Dunlap
2013-02-24 15:15 ` Mimi Zohar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).