Re: [PATCH 2/2] NFSv4.2: condition READDIR's mask for security label based on LSM state

[kernel test robot <lkp@intel.com>]

[-- Attachment #1: Type: text/plain, Size: 3845 bytes --]

Hi Olga,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on nfs/linux-next]
[also build test ERROR on pcmoore-selinux/next linus/master security/next-testing v5.10-rc2 next-20201105]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Olga-Kornievskaia/introduce-a-new-hook-to-query-LSM-for-functionality/20201106-013417
base:   git://git.linux-nfs.org/projects/trondmy/linux-nfs.git linux-next
config: openrisc-randconfig-r002-20201104 (attached as .config)
compiler: or1k-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # https://github.com/0day-ci/linux/commit/d765c00ede01a334b7a3f995ab27b8d4ebd5ea38
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Olga-Kornievskaia/introduce-a-new-hook-to-query-LSM-for-functionality/20201106-013417
        git checkout d765c00ede01a334b7a3f995ab27b8d4ebd5ea38
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=openrisc 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>

All errors (new ones prefixed by >>):

   fs/nfs/nfs4proc.c: In function '_nfs4_proc_readdir':
>> fs/nfs/nfs4proc.c:4982:18: error: 'LSM_FQUERY_VFS_XATTRS' undeclared (first use in this function)
    4982 |  int sec_flags = LSM_FQUERY_VFS_XATTRS;
         |                  ^~~~~~~~~~~~~~~~~~~~~
   fs/nfs/nfs4proc.c:4982:18: note: each undeclared identifier is reported only once for each function it appears in
>> fs/nfs/nfs4proc.c:4987:7: error: implicit declaration of function 'security_func_query_vfs' [-Werror=implicit-function-declaration]
    4987 |  if (!security_func_query_vfs(sec_flags))
         |       ^~~~~~~~~~~~~~~~~~~~~~~
   cc1: some warnings being treated as errors

vim +/LSM_FQUERY_VFS_XATTRS +4982 fs/nfs/nfs4proc.c

  4960	
  4961	static int _nfs4_proc_readdir(struct dentry *dentry, const struct cred *cred,
  4962			u64 cookie, struct page **pages, unsigned int count, bool plus)
  4963	{
  4964		struct inode		*dir = d_inode(dentry);
  4965		struct nfs4_readdir_arg args = {
  4966			.fh = NFS_FH(dir),
  4967			.pages = pages,
  4968			.pgbase = 0,
  4969			.count = count,
  4970			.bitmask = NFS_SERVER(d_inode(dentry))->attr_bitmask,
  4971			.plus = plus,
  4972			.labels = true,
  4973		};
  4974		struct nfs4_readdir_res res;
  4975		struct rpc_message msg = {
  4976			.rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_READDIR],
  4977			.rpc_argp = &args,
  4978			.rpc_resp = &res,
  4979			.rpc_cred = cred,
  4980		};
  4981		int			status;
> 4982		int sec_flags = LSM_FQUERY_VFS_XATTRS;
  4983	
  4984		dprintk("%s: dentry = %pd2, cookie = %Lu\n", __func__,
  4985				dentry,
  4986				(unsigned long long)cookie);
> 4987		if (!security_func_query_vfs(sec_flags))
  4988			args.labels = false;
  4989		nfs4_setup_readdir(cookie, NFS_I(dir)->cookieverf, dentry, &args);
  4990		res.pgbase = args.pgbase;
  4991		status = nfs4_call_sync(NFS_SERVER(dir)->client, NFS_SERVER(dir), &msg, &args.seq_args, &res.seq_res, 0);
  4992		if (status >= 0) {
  4993			memcpy(NFS_I(dir)->cookieverf, res.verifier.data, NFS4_VERIFIER_SIZE);
  4994			status += args.pgbase;
  4995		}
  4996	
  4997		nfs_invalidate_atime(dir);
  4998	
  4999		dprintk("%s: returns %d\n", __func__, status);
  5000		return status;
  5001	}
  5002	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 31537 bytes --]