[PATCH v3 4/5] LSM: Define SELinux function to measure security state
kernel test robot
lkp at intel.com
Sat Jul 18 03:16:27 UTC 2020
Hi Lakshmi,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on integrity/next-integrity]
[cannot apply to pcmoore-selinux/next security/next-testing linus/master v5.8-rc5 next-20200717]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Lakshmi-Ramasubramanian/LSM-Measure-security-module-state/20200718-063111
base: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
config: parisc-allyesconfig (attached as .config)
compiler: hppa-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=parisc
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp at intel.com>
All errors (new ones prefixed by >>):
security/selinux/measure.c: In function 'selinux_measure_state':
security/selinux/measure.c:132:11: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits]
132 | if (curr >= 0 && curr < selinux_state_string_len)
| ^~
>> security/selinux/measure.c:148:2: error: implicit declaration of function 'vfree'; did you mean 'kvfree'? [-Werror=implicit-function-declaration]
148 | vfree(policy);
| ^~~~~
| kvfree
cc1: some warnings being treated as errors
vim +148 security/selinux/measure.c
94
95 void selinux_measure_state(struct selinux_state *selinux_state)
96 {
97 void *policy = NULL;
98 void *policy_hash = NULL;
99 size_t curr, buflen;
100 int i, policy_hash_len, rc = 0;
101
102 if (!selinux_initialized(selinux_state)) {
103 pr_warn("%s: SELinux not yet initialized.\n", __func__);
104 return;
105 }
106
107 if (!selinux_state_string) {
108 pr_warn("%s: Buffer for state not allocated.\n", __func__);
109 return;
110 }
111
112 curr = snprintf(selinux_state_string, selinux_state_string_len,
113 str_format, "enabled",
114 !selinux_disabled(selinux_state));
115 curr += snprintf((selinux_state_string + curr),
116 (selinux_state_string_len - curr),
117 str_format, "enforcing",
118 enforcing_enabled(selinux_state));
119 curr += snprintf((selinux_state_string + curr),
120 (selinux_state_string_len - curr),
121 str_format, "checkreqprot",
122 selinux_checkreqprot(selinux_state));
123
124 for (i = 3; i < selinux_state_count; i++) {
125 curr += snprintf((selinux_state_string + curr),
126 (selinux_state_string_len - curr),
127 str_format,
128 selinux_policycap_names[i - 3],
129 selinux_state->policycap[i - 3]);
130 }
131
> 132 if (curr >= 0 && curr < selinux_state_string_len)
133 ima_lsm_state("selinux-state", selinux_state_string, curr);
134 else {
135 rc = -EINVAL;
136 goto out;
137 }
138
139 rc = security_read_policy_kernel(selinux_state, &policy, &buflen);
140 if (!rc)
141 rc = selinux_hash_policy("sha256", policy, buflen,
142 &policy_hash, &policy_hash_len);
143 if (!rc)
144 ima_lsm_state("selinux-policy-hash", policy_hash,
145 policy_hash_len);
146
147 out:
> 148 vfree(policy);
149 kfree(policy_hash);
150 }
151
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
More information about the Linux-security-module-archive
mailing list