From: kernel test robot <lkp@intel.com>
To: Casey Schaufler <casey@schaufler-ca.com>,
casey.schaufler@intel.com, jmorris@namei.org,
linux-security-module@vger.kernel.org, selinux@vger.kernel.org
Cc: kbuild-all@lists.01.org, casey@schaufler-ca.com,
linux-audit@redhat.com, keescook@chromium.org,
john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
paul@paul-moore.com, stephen.smalley.work@gmail.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v36 04/33] LSM: provide lsm name and id slot mappings
Date: Fri, 10 Jun 2022 15:51:40 +0800 [thread overview]
Message-ID: <202206101543.IWAKe4Qx-lkp@intel.com> (raw)
In-Reply-To: <20220609230146.319210-5-casey@schaufler-ca.com>
Hi Casey,
I love your patch! Perhaps something to improve:
[auto build test WARNING on pcmoore-audit/next]
[also build test WARNING on pcmoore-selinux/next linus/master v5.19-rc1 next-20220610]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220610-080129
base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git next
config: sparc-randconfig-r014-20220609 (https://download.01.org/0day-ci/archive/20220610/202206101543.IWAKe4Qx-lkp@intel.com/config)
compiler: sparc-linux-gcc (GCC) 11.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/767517968014af3744e00ba2c0c956b290a56ecb
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220610-080129
git checkout 767517968014af3744e00ba2c0c956b290a56ecb
# save the config file
mkdir build_dir && cp config build_dir/.config
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.3.0 make.cross W=1 O=build_dir ARCH=sparc SHELL=/bin/bash
If you fix the issue, kindly add following tag where applicable
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
security/security.c: In function 'lsm_name_to_slot':
>> security/security.c:496:40: warning: array subscript i is outside array bounds of 'struct lsm_id *[0]' [-Warray-bounds]
496 | if (strcmp(lsm_slotlist[i]->lsm, name) == 0)
| ~~~~~~~~~~~~^~~
security/security.c:481:23: note: while referencing 'lsm_slotlist'
481 | static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init;
| ^~~~~~~~~~~~
security/security.c: In function 'lsm_slot_to_name':
>> security/security.c:521:25: warning: array subscript 0 is outside array bounds of 'struct lsm_id *[0]' [-Warray-bounds]
521 | if (lsm_slotlist[slot] == NULL)
| ~~~~~~~~~~~~^~~~~~
security/security.c:481:23: note: while referencing 'lsm_slotlist'
481 | static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init;
| ^~~~~~~~~~~~
security/security.c: In function 'security_add_hooks':
>> security/security.c:546:29: warning: array subscript <unknown> is outside array bounds of 'struct lsm_id *[0]' [-Warray-bounds]
546 | lsm_slotlist[lsm_slot] = lsmid;
| ~~~~~~~~~~~~^~~~~~~~~~
security/security.c:481:23: note: while referencing 'lsm_slotlist'
481 | static struct lsm_id *lsm_slotlist[LSMBLOB_ENTRIES] __lsm_ro_after_init;
| ^~~~~~~~~~~~
vim +496 security/security.c
482
483 /**
484 * lsm_name_to_slot - Report the slot number for a security module
485 * @name: name of the security module
486 *
487 * Look up the slot number for the named security module.
488 * Returns the slot number or LSMBLOB_INVALID if @name is not
489 * a registered security module name.
490 */
491 int lsm_name_to_slot(char *name)
492 {
493 int i;
494
495 for (i = 0; i < lsm_slot; i++)
> 496 if (strcmp(lsm_slotlist[i]->lsm, name) == 0)
497 return i;
498
499 return LSMBLOB_INVALID;
500 }
501
502 /**
503 * lsm_slot_to_name - Get the name of the security module in a slot
504 * @slot: index into the interface LSM slot list.
505 *
506 * Provide the name of the security module associated with
507 * a interface LSM slot.
508 *
509 * If @slot is LSMBLOB_INVALID return the value
510 * for slot 0 if it has been set, otherwise NULL.
511 *
512 * Returns a pointer to the name string or NULL.
513 */
514 const char *lsm_slot_to_name(int slot)
515 {
516 if (slot == LSMBLOB_INVALID)
517 slot = 0;
518 else if (slot >= LSMBLOB_ENTRIES || slot < 0)
519 return NULL;
520
> 521 if (lsm_slotlist[slot] == NULL)
522 return NULL;
523 return lsm_slotlist[slot]->lsm;
524 }
525
526 /**
527 * security_add_hooks - Add a modules hooks to the hook lists.
528 * @hooks: the hooks to add
529 * @count: the number of hooks to add
530 * @lsmid: the identification information for the security module
531 *
532 * Each LSM has to register its hooks with the infrastructure.
533 * If the LSM is using hooks that export secids allocate a slot
534 * for it in the lsmblob.
535 */
536 void __init security_add_hooks(struct security_hook_list *hooks, int count,
537 struct lsm_id *lsmid)
538 {
539 int i;
540
541 WARN_ON(!lsmid->slot || !lsmid->lsm);
542
543 if (lsmid->slot == LSMBLOB_NEEDED) {
544 if (lsm_slot >= LSMBLOB_ENTRIES)
545 panic("%s Too many LSMs registered.\n", __func__);
> 546 lsm_slotlist[lsm_slot] = lsmid;
547 lsmid->slot = lsm_slot++;
548 init_debug("%s assigned lsmblob slot %d\n", lsmid->lsm,
549 lsmid->slot);
550 }
551
552 for (i = 0; i < count; i++) {
553 hooks[i].lsmid = lsmid;
554 hlist_add_tail_rcu(&hooks[i].list, hooks[i].head);
555 }
556
557 /*
558 * Don't try to append during early_security_init(), we'll come back
559 * and fix this up afterwards.
560 */
561 if (slab_is_available()) {
562 if (lsm_append(lsmid->lsm, &lsm_names) < 0)
563 panic("%s - Cannot get early memory.\n", __func__);
564 }
565 }
566
--
0-DAY CI Kernel Test Service
https://01.org/lkp
next prev parent reply other threads:[~2022-06-10 7:52 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20220609230146.319210-1-casey.ref@schaufler-ca.com>
2022-06-09 23:01 ` [PATCH v36 00/33] LSM: Module stacking for AppArmor Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 01/33] integrity: disassociate ima_filter_rule from security_audit_rule Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 02/33] LSM: Infrastructure management of the sock security Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 03/33] LSM: Add the lsmblob data structure Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 04/33] LSM: provide lsm name and id slot mappings Casey Schaufler
2022-06-10 7:51 ` kernel test robot [this message]
2022-06-09 23:01 ` [PATCH v36 05/33] IMA: avoid label collisions with stacked LSMs Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 06/33] LSM: Use lsmblob in security_audit_rule_match Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 07/33] LSM: Use lsmblob in security_kernel_act_as Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 08/33] LSM: Use lsmblob in security_secctx_to_secid Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 09/33] LSM: Use lsmblob in security_secid_to_secctx Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 10/33] LSM: Use lsmblob in security_ipc_getsecid Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 11/33] LSM: Use lsmblob in security_current_getsecid Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 12/33] LSM: Use lsmblob in security_inode_getsecid Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 13/33] LSM: Use lsmblob in security_cred_getsecid Casey Schaufler
2022-06-12 19:35 ` kernel test robot
2022-06-09 23:01 ` [PATCH v36 14/33] LSM: Specify which LSM to display Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 15/33] LSM: Ensure the correct LSM context releaser Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 16/33] LSM: Use lsmcontext in security_secid_to_secctx Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 17/33] LSM: Use lsmcontext in security_inode_getsecctx Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 18/33] LSM: Use lsmcontext in security_dentry_init_security Casey Schaufler
2022-06-10 3:05 ` kernel test robot
2022-06-23 7:09 ` Dan Carpenter
2022-06-09 23:01 ` [PATCH v36 19/33] LSM: security_secid_to_secctx in netlink netfilter Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 20/33] NET: Store LSM netlabel data in a lsmblob Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 21/33] binder: Pass LSM identifier for confirmation Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 22/33] LSM: Extend security_secid_to_secctx to include module selection Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 23/33] Audit: Keep multiple LSM data in audit_names Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 24/33] Audit: Create audit_stamp structure Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 25/33] LSM: Add a function to report multiple LSMs Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 26/33] Audit: Allow multiple records in an audit_buffer Casey Schaufler
2022-06-10 21:04 ` Paul Moore
2022-06-09 23:01 ` [PATCH v36 27/33] Audit: Add record for multiple task security contexts Casey Schaufler
2022-06-10 21:06 ` Paul Moore
2022-06-09 23:01 ` [PATCH v36 28/33] audit: multiple subject lsm values for netlabel Casey Schaufler
2022-06-10 21:10 ` Paul Moore
2022-06-09 23:01 ` [PATCH v36 29/33] Audit: Add record for multiple object contexts Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 30/33] netlabel: Use a struct lsmblob in audit data Casey Schaufler
2022-06-10 21:12 ` Paul Moore
2022-06-09 23:01 ` [PATCH v36 31/33] LSM: Removed scaffolding function lsmcontext_init Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 32/33] LSM: Add /proc attr entry for full LSM context Casey Schaufler
2022-06-09 23:01 ` [PATCH v36 33/33] AppArmor: Remove the exclusive flag Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202206101543.IWAKe4Qx-lkp@intel.com \
--to=lkp@intel.com \
--cc=casey.schaufler@intel.com \
--cc=casey@schaufler-ca.com \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=kbuild-all@lists.01.org \
--cc=keescook@chromium.org \
--cc=linux-audit@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).