[PATCH v3 4/5] LSM: Define SELinux function to measure security state

kernel test robot lkp at intel.com
Sat Jul 18 03:16:27 UTC 2020


Hi Lakshmi,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on integrity/next-integrity]
[cannot apply to pcmoore-selinux/next security/next-testing linus/master v5.8-rc5 next-20200717]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Lakshmi-Ramasubramanian/LSM-Measure-security-module-state/20200718-063111
base:   https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
config: parisc-allyesconfig (attached as .config)
compiler: hppa-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=parisc 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp at intel.com>

All errors (new ones prefixed by >>):

   security/selinux/measure.c: In function 'selinux_measure_state':
   security/selinux/measure.c:132:11: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits]
     132 |  if (curr >= 0 && curr < selinux_state_string_len)
         |           ^~
>> security/selinux/measure.c:148:2: error: implicit declaration of function 'vfree'; did you mean 'kvfree'? [-Werror=implicit-function-declaration]
     148 |  vfree(policy);
         |  ^~~~~
         |  kvfree
   cc1: some warnings being treated as errors

vim +148 security/selinux/measure.c

    94	
    95	void selinux_measure_state(struct selinux_state *selinux_state)
    96	{
    97		void *policy = NULL;
    98		void *policy_hash = NULL;
    99		size_t curr, buflen;
   100		int i, policy_hash_len, rc = 0;
   101	
   102		if (!selinux_initialized(selinux_state)) {
   103			pr_warn("%s: SELinux not yet initialized.\n", __func__);
   104			return;
   105		}
   106	
   107		if (!selinux_state_string) {
   108			pr_warn("%s: Buffer for state not allocated.\n", __func__);
   109			return;
   110		}
   111	
   112		curr = snprintf(selinux_state_string, selinux_state_string_len,
   113				str_format, "enabled",
   114				!selinux_disabled(selinux_state));
   115		curr += snprintf((selinux_state_string + curr),
   116				 (selinux_state_string_len - curr),
   117				 str_format, "enforcing",
   118				 enforcing_enabled(selinux_state));
   119		curr += snprintf((selinux_state_string + curr),
   120				 (selinux_state_string_len - curr),
   121				 str_format, "checkreqprot",
   122				 selinux_checkreqprot(selinux_state));
   123	
   124		for (i = 3; i < selinux_state_count; i++) {
   125			curr += snprintf((selinux_state_string + curr),
   126					 (selinux_state_string_len - curr),
   127					 str_format,
   128					 selinux_policycap_names[i - 3],
   129					 selinux_state->policycap[i - 3]);
   130		}
   131	
 > 132		if (curr >= 0 && curr < selinux_state_string_len)
   133			ima_lsm_state("selinux-state", selinux_state_string, curr);
   134		else {
   135			rc = -EINVAL;
   136			goto out;
   137		}
   138	
   139		rc = security_read_policy_kernel(selinux_state, &policy, &buflen);
   140		if (!rc)
   141			rc = selinux_hash_policy("sha256", policy, buflen,
   142						 &policy_hash, &policy_hash_len);
   143		if (!rc)
   144			ima_lsm_state("selinux-policy-hash", policy_hash,
   145				      policy_hash_len);
   146	
   147	out:
 > 148		vfree(policy);
   149		kfree(policy_hash);
   150	}
   151	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org


More information about the Linux-security-module-archive mailing list