From: kernel test robot <lkp@intel.com>
To: Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org
Cc: kbuild-all@lists.01.org, Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH] LoadPin: Allow filesystem switch when not enforcing
Date: Sun, 11 Apr 2021 14:02:49 +0800 [thread overview]
Message-ID: <202104111312.lMnMvS3B-lkp@intel.com> (raw)
In-Reply-To: <20210408232856.1697972-1-keescook@chromium.org>
[-- Attachment #1: Type: text/plain, Size: 4304 bytes --]
Hi Kees,
I love your patch! Yet something to improve:
[auto build test ERROR on linux/master]
[also build test ERROR on kees/for-next/pstore linus/master v5.12-rc6 next-20210409]
[cannot apply to kees/for-next/loadpin]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Kees-Cook/LoadPin-Allow-filesystem-switch-when-not-enforcing/20210409-073059
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5e46d1b78a03d52306f21f77a4e4a144b6d31486
config: x86_64-allyesconfig (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce (this is a W=1 build):
# https://github.com/0day-ci/linux/commit/3dc7289d9d15396745929884191874dc2cce1afc
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Kees-Cook/LoadPin-Allow-filesystem-switch-when-not-enforcing/20210409-073059
git checkout 3dc7289d9d15396745929884191874dc2cce1afc
# save the attached .config to linux build tree
make W=1 ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
In file included from include/linux/kernel.h:16,
from include/linux/list.h:9,
from include/linux/module.h:12,
from security/loadpin/loadpin.c:12:
security/loadpin/loadpin.c: In function 'report_writable':
>> security/loadpin/loadpin.c:106:4: error: 'load_root_writable' undeclared (first use in this function)
106 | load_root_writable ? "writable" : "read-only");
| ^~~~~~~~~~~~~~~~~~
include/linux/printk.h:373:34: note: in definition of macro 'pr_info'
373 | printk(KERN_INFO pr_fmt(fmt), ##__VA_ARGS__)
| ^~~~~~~~~~~
security/loadpin/loadpin.c:106:4: note: each undeclared identifier is reported only once for each function it appears in
106 | load_root_writable ? "writable" : "read-only");
| ^~~~~~~~~~~~~~~~~~
include/linux/printk.h:373:34: note: in definition of macro 'pr_info'
373 | printk(KERN_INFO pr_fmt(fmt), ##__VA_ARGS__)
| ^~~~~~~~~~~
security/loadpin/loadpin.c: In function 'loadpin_sb_free_security':
>> security/loadpin/loadpin.c:121:7: error: 'enforced' undeclared (first use in this function); did you mean 'enforce'?
121 | if (enforced) {
| ^~~~~~~~
| enforce
security/loadpin/loadpin.c: In function 'loadpin_read_file':
security/loadpin/loadpin.c:135:43: warning: variable 'sysctl_needed' set but not used [-Wunused-but-set-variable]
135 | bool load_root_writable, first_root_pin, sysctl_needed;
| ^~~~~~~~~~~~~
vim +/load_root_writable +106 security/loadpin/loadpin.c
96
97 static void report_writable(struct block_device *bdev)
98 {
99 if (bdev) {
100 char name[BDEVNAME_SIZE];
101
102 bdevname(bdev, name);
103 pr_info("%s (%u:%u): %s\n", name,
104 MAJOR(bdev->bd_dev),
105 MINOR(bdev->bd_dev),
> 106 load_root_writable ? "writable" : "read-only");
107 } else {
108 pr_info("pinned filesystem lacks block device, treating as: writable\n");
109 }
110 }
111
112 static void loadpin_sb_free_security(struct super_block *mnt_sb)
113 {
114 /*
115 * When unmounting the filesystem we were using for load
116 * pinning, we acknowledge the superblock release, but make sure
117 * no other modules or firmware can be loaded when we are in
118 * enforcing mode. Otherwise, allow the root to be reestablished.
119 */
120 if (!IS_ERR_OR_NULL(pinned_root) && mnt_sb == pinned_root) {
> 121 if (enforced) {
122 pinned_root = ERR_PTR(-EIO);
123 pr_info("umount pinned fs: refusing further loads\n");
124 } else {
125 pinned_root = NULL;
126 }
127 }
128 }
129
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 65020 bytes --]
prev parent reply other threads:[~2021-04-11 6:03 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-08 23:28 [PATCH] LoadPin: Allow filesystem switch when not enforcing Kees Cook
2021-04-10 18:02 ` kernel test robot
2021-04-11 6:02 ` kernel test robot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202104111312.lMnMvS3B-lkp@intel.com \
--to=lkp@intel.com \
--cc=kbuild-all@lists.01.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).