From: kernel test robot <lkp@intel.com>
To: Andrii Nakryiko <andrii@kernel.org>,
bpf@vger.kernel.org, netdev@vger.kernel.org
Cc: oe-kbuild-all@lists.linux.dev, linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org, keescook@chromium.org,
brauner@kernel.org, lennart@poettering.net, kernel-team@meta.com,
sargun@sargun.me
Subject: Re: [PATCH v8 bpf-next 11/18] bpf,lsm: add BPF token LSM hooks
Date: Tue, 17 Oct 2023 23:44:27 +0800 [thread overview]
Message-ID: <202310172329.EQgtSkRh-lkp@intel.com> (raw)
In-Reply-To: <20231016180220.3866105-12-andrii@kernel.org>
Hi Andrii,
kernel test robot noticed the following build warnings:
[auto build test WARNING on bpf-next/master]
url: https://github.com/intel-lab-lkp/linux/commits/Andrii-Nakryiko/bpf-align-CAP_NET_ADMIN-checks-with-bpf_capable-approach/20231017-152928
base: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master
patch link: https://lore.kernel.org/r/20231016180220.3866105-12-andrii%40kernel.org
patch subject: [PATCH v8 bpf-next 11/18] bpf,lsm: add BPF token LSM hooks
config: m68k-allyesconfig (https://download.01.org/0day-ci/archive/20231017/202310172329.EQgtSkRh-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231017/202310172329.EQgtSkRh-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202310172329.EQgtSkRh-lkp@intel.com/
All warnings (new ones prefixed by >>):
security/security.c:5182: warning: Function parameter or member 'map' not described in 'security_bpf_map_create'
security/security.c:5200: warning: Function parameter or member 'prog' not described in 'security_bpf_prog_load'
>> security/security.c:5217: warning: Function parameter or member 'token' not described in 'security_bpf_token_create'
vim +5217 security/security.c
5168
5169 /**
5170 * security_bpf_map_create() - Check if BPF map creation is allowed
5171 * @map BPF map object
5172 * @attr: BPF syscall attributes used to create BPF map
5173 * @token: BPF token used to grant user access
5174 *
5175 * Do a check when the kernel creates a new BPF map. This is also the
5176 * point where LSM blob is allocated for LSMs that need them.
5177 *
5178 * Return: Returns 0 on success, error on failure.
5179 */
5180 int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr,
5181 struct bpf_token *token)
> 5182 {
5183 return call_int_hook(bpf_map_create, 0, map, attr, token);
5184 }
5185
5186 /**
5187 * security_bpf_prog_load() - Check if loading of BPF program is allowed
5188 * @prog BPF program object
5189 * @attr: BPF syscall attributes used to create BPF program
5190 * @token: BPF token used to grant user access to BPF subsystem
5191 *
5192 * Do a check when the kernel allocates BPF program object and is about to
5193 * pass it to BPF verifier for additional correctness checks. This is also the
5194 * point where LSM blob is allocated for LSMs that need them.
5195 *
5196 * Return: Returns 0 on success, error on failure.
5197 */
5198 int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
5199 struct bpf_token *token)
5200 {
5201 return call_int_hook(bpf_prog_load, 0, prog, attr, token);
5202 }
5203
5204 /**
5205 * security_bpf_token_create() - Check if creating of BPF token is allowed
5206 * @token BPF token object
5207 * @attr: BPF syscall attributes used to create BPF token
5208 * @path: path pointing to BPF FS mount point from which BPF token is created
5209 *
5210 * Do a check when the kernel instantiates a new BPF token object from BPF FS
5211 * instance. This is also the point where LSM blob can be allocated for LSMs.
5212 *
5213 * Return: Returns 0 on success, error on failure.
5214 */
5215 int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
5216 struct path *path)
> 5217 {
5218 return call_int_hook(bpf_token_create, 0, token, attr, path);
5219 }
5220
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next prev parent reply other threads:[~2023-10-17 15:44 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-16 18:02 [PATCH v8 bpf-next 00/18] BPF token and BPF FS-based delegation Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 01/18] bpf: align CAP_NET_ADMIN checks with bpf_capable() approach Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 02/18] bpf: add BPF token delegation mount options to BPF FS Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 03/18] bpf: introduce BPF token object Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 04/18] bpf: add BPF token support to BPF_MAP_CREATE command Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 05/18] bpf: add BPF token support to BPF_BTF_LOAD command Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 06/18] bpf: add BPF token support to BPF_PROG_LOAD command Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 07/18] bpf: take into account BPF token when fetching helper protos Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 08/18] bpf: consistenly use BPF token throughout BPF verifier logic Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 09/18] bpf,lsm: refactor bpf_prog_alloc/bpf_prog_free LSM hooks Andrii Nakryiko
2023-10-17 13:56 ` kernel test robot
2023-10-17 17:46 ` Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 10/18] bpf,lsm: refactor bpf_map_alloc/bpf_map_free " Andrii Nakryiko
2023-10-17 14:59 ` kernel test robot
2023-10-16 18:02 ` [PATCH v8 bpf-next 11/18] bpf,lsm: add BPF token " Andrii Nakryiko
2023-10-17 15:44 ` kernel test robot [this message]
2023-10-16 18:02 ` [PATCH v8 bpf-next 12/18] libbpf: add bpf_token_create() API Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 13/18] selftests/bpf: fix test_maps' use of bpf_map_create_opts Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 14/18] libbpf: add BPF token support to bpf_map_create() API Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 15/18] libbpf: add BPF token support to bpf_btf_load() API Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 16/18] libbpf: add BPF token support to bpf_prog_load() API Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 17/18] selftests/bpf: add BPF token-enabled tests Andrii Nakryiko
2023-10-17 11:02 ` Jiri Olsa
2023-10-17 17:32 ` Andrii Nakryiko
2023-10-17 17:44 ` Andrii Nakryiko
2023-10-16 18:02 ` [PATCH v8 bpf-next 18/18] bpf,selinux: allocate bpf_security_struct per BPF token Andrii Nakryiko
2023-10-20 13:18 ` [PATCH v8 bpf-next 00/18] BPF token and BPF FS-based delegation Lorenz Bauer
2023-10-20 16:25 ` Andrii Nakryiko
2023-10-24 17:52 ` Andrii Nakryiko
2023-10-24 18:23 ` Paul Moore
2023-10-24 19:38 ` Andrii Nakryiko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202310172329.EQgtSkRh-lkp@intel.com \
--to=lkp@intel.com \
--cc=andrii@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brauner@kernel.org \
--cc=keescook@chromium.org \
--cc=kernel-team@meta.com \
--cc=lennart@poettering.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=sargun@sargun.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).