[PATCH v3 4/5] LSM: Define SELinux function to measure security state

kernel test robot lkp at intel.com
Sat Jul 18 04:42:18 UTC 2020


Hi Lakshmi,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on integrity/next-integrity]
[cannot apply to pcmoore-selinux/next security/next-testing linus/master v5.8-rc5 next-20200717]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Lakshmi-Ramasubramanian/LSM-Measure-security-module-state/20200718-063111
base:   https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
config: sparc-allyesconfig (attached as .config)
compiler: sparc64-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=sparc 

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp at intel.com>

All error/warnings (new ones prefixed by >>):

   security/selinux/measure.c: In function 'selinux_hash_policy':
>> security/selinux/measure.c:57:8: error: implicit declaration of function 'crypto_alloc_shash' [-Werror=implicit-function-declaration]
      57 |  tfm = crypto_alloc_shash(hash_alg_name, 0, 0);
         |        ^~~~~~~~~~~~~~~~~~
>> security/selinux/measure.c:57:6: warning: assignment to 'struct crypto_shash *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
      57 |  tfm = crypto_alloc_shash(hash_alg_name, 0, 0);
         |      ^
>> security/selinux/measure.c:61:14: error: implicit declaration of function 'crypto_shash_descsize' [-Werror=implicit-function-declaration]
      61 |  desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
         |              ^~~~~~~~~~~~~~~~~~~~~
>> security/selinux/measure.c:61:50: error: dereferencing pointer to incomplete type 'struct shash_desc'
      61 |  desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
         |                                                  ^~~~~
>> security/selinux/measure.c:62:16: error: implicit declaration of function 'crypto_shash_digestsize' [-Werror=implicit-function-declaration]
      62 |  digest_size = crypto_shash_digestsize(tfm);
         |                ^~~~~~~~~~~~~~~~~~~~~~~
>> security/selinux/measure.c:78:8: error: implicit declaration of function 'crypto_shash_digest' [-Werror=implicit-function-declaration]
      78 |  ret = crypto_shash_digest(desc, policy, policy_len, digest);
         |        ^~~~~~~~~~~~~~~~~~~
>> security/selinux/measure.c:90:2: error: implicit declaration of function 'crypto_free_shash' [-Werror=implicit-function-declaration]
      90 |  crypto_free_shash(tfm);
         |  ^~~~~~~~~~~~~~~~~
   security/selinux/measure.c: In function 'selinux_measure_state':
   security/selinux/measure.c:132:11: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits]
     132 |  if (curr >= 0 && curr < selinux_state_string_len)
         |           ^~
   security/selinux/measure.c:148:2: error: implicit declaration of function 'vfree'; did you mean 'kvfree'? [-Werror=implicit-function-declaration]
     148 |  vfree(policy);
         |  ^~~~~
         |  kvfree
   cc1: some warnings being treated as errors

vim +/crypto_alloc_shash +57 security/selinux/measure.c

    45	
    46	static int selinux_hash_policy(const char *hash_alg_name,
    47				       void *policy, size_t policy_len,
    48				       void **policy_hash, int *policy_hash_len)
    49	{
    50		struct crypto_shash *tfm;
    51		struct shash_desc *desc = NULL;
    52		void *digest = NULL;
    53		int desc_size;
    54		int digest_size;
    55		int ret = 0;
    56	
  > 57		tfm = crypto_alloc_shash(hash_alg_name, 0, 0);
    58		if (IS_ERR(tfm))
    59			return PTR_ERR(tfm);
    60	
  > 61		desc_size = crypto_shash_descsize(tfm) + sizeof(*desc);
  > 62		digest_size = crypto_shash_digestsize(tfm);
    63	
    64		digest = kmalloc(digest_size, GFP_KERNEL);
    65		if (!digest) {
    66			ret = -ENOMEM;
    67			goto error;
    68		}
    69	
    70		desc = kzalloc(desc_size, GFP_KERNEL);
    71		if (!desc) {
    72			ret = -ENOMEM;
    73			goto error;
    74		}
    75	
    76		desc->tfm = tfm;
    77	
  > 78		ret = crypto_shash_digest(desc, policy, policy_len, digest);
    79		if (ret < 0)
    80			goto error;
    81	
    82		*policy_hash_len = digest_size;
    83		*policy_hash = digest;
    84		digest = NULL;
    85	
    86	error:
    87		kfree(desc);
    88		kfree(digest);
    89	
  > 90		crypto_free_shash(tfm);
    91	
    92		return ret;
    93	}
    94	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org


More information about the Linux-security-module-archive mailing list