[PATCH v11 26/27] ima: Restrict informational audit messages to init_ima_ns

kernel test robot lkp at intel.com
Wed Mar 2 23:11:15 UTC 2022


Hi Stefan,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on linus/master]
[also build test ERROR on v5.17-rc6]
[cannot apply to zohar-integrity/next-integrity linux/master jmorris-security/next-testing next-20220302]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]

url:    https://github.com/0day-ci/linux/commits/Stefan-Berger/ima-Namespace-IMA-with-audit-support-in-IMA-ns/20220302-215707
base:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git fb184c4af9b9f4563e7a126219389986a71d5b5b
config: arm64-randconfig-r006-20220302 (https://download.01.org/0day-ci/archive/20220303/202203030748.dQ8i3hT2-lkp@intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project d271fc04d5b97b12e6b797c6067d3c96a8d7470e)
reproduce (this is a W=1 build):
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # install arm64 cross compiling tool for clang build
        # apt-get install binutils-aarch64-linux-gnu
        # https://github.com/0day-ci/linux/commit/781d4b92eee902d5ebcac657814703974f8e8b28
        git remote add linux-review https://github.com/0day-ci/linux
        git fetch --no-tags linux-review Stefan-Berger/ima-Namespace-IMA-with-audit-support-in-IMA-ns/20220302-215707
        git checkout 781d4b92eee902d5ebcac657814703974f8e8b28
        # save the config file to linux build tree
        mkdir build_dir
        COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=arm64 SHELL=/bin/bash

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp at intel.com>

All errors (new ones prefixed by >>):

>> security/integrity/ima/ima_main.c:200:32: error: too many arguments to function call, expected 2, have 3
                                   ima_update_xattr(ns, iint, file);
                                   ~~~~~~~~~~~~~~~~           ^~~~
   security/integrity/ima/ima.h:413:20: note: 'ima_update_xattr' declared here
   static inline void ima_update_xattr(struct integrity_iint_cache *iint,
                      ^
   1 error generated.


vim +200 security/integrity/ima/ima_main.c

   176	
   177	static void ima_check_last_writer(struct ima_namespace *ns,
   178					  struct integrity_iint_cache *iint,
   179					  struct inode *inode, struct file *file)
   180	{
   181		fmode_t mode = file->f_mode;
   182		bool update;
   183	
   184		if (!(mode & FMODE_WRITE))
   185			return;
   186	
   187		mutex_lock(&iint->mutex);
   188		if (atomic_read(&inode->i_writecount) == 1) {
   189			update = test_and_clear_bit(IMA_UPDATE_XATTR,
   190						    &iint->atomic_flags);
   191			if (!IS_I_VERSION(inode) ||
   192			    !inode_eq_iversion(inode, iint->version) ||
   193			    (iint->flags & IMA_NEW_FILE)) {
   194				mask_iint_ns_status_flags
   195						(iint,
   196						 ~(IMA_DONE_MASK | IMA_NEW_FILE));
   197				iint->measured_pcrs = 0;
   198	
   199				if (update)
 > 200					ima_update_xattr(ns, iint, file);
   201			}
   202		}
   203		mutex_unlock(&iint->mutex);
   204	}
   205	

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org



More information about the Linux-security-module-archive mailing list