[PATCH v11 26/27] ima: Restrict informational audit messages to init_ima_ns
kernel test robot
lkp at intel.com
Wed Mar 2 23:11:15 UTC 2022
Hi Stefan,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on linus/master]
[also build test ERROR on v5.17-rc6]
[cannot apply to zohar-integrity/next-integrity linux/master jmorris-security/next-testing next-20220302]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Stefan-Berger/ima-Namespace-IMA-with-audit-support-in-IMA-ns/20220302-215707
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git fb184c4af9b9f4563e7a126219389986a71d5b5b
config: arm64-randconfig-r006-20220302 (https://download.01.org/0day-ci/archive/20220303/202203030748.dQ8i3hT2-lkp@intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project d271fc04d5b97b12e6b797c6067d3c96a8d7470e)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm64 cross compiling tool for clang build
# apt-get install binutils-aarch64-linux-gnu
# https://github.com/0day-ci/linux/commit/781d4b92eee902d5ebcac657814703974f8e8b28
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Stefan-Berger/ima-Namespace-IMA-with-audit-support-in-IMA-ns/20220302-215707
git checkout 781d4b92eee902d5ebcac657814703974f8e8b28
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross W=1 O=build_dir ARCH=arm64 SHELL=/bin/bash
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp at intel.com>
All errors (new ones prefixed by >>):
>> security/integrity/ima/ima_main.c:200:32: error: too many arguments to function call, expected 2, have 3
ima_update_xattr(ns, iint, file);
~~~~~~~~~~~~~~~~ ^~~~
security/integrity/ima/ima.h:413:20: note: 'ima_update_xattr' declared here
static inline void ima_update_xattr(struct integrity_iint_cache *iint,
^
1 error generated.
vim +200 security/integrity/ima/ima_main.c
176
177 static void ima_check_last_writer(struct ima_namespace *ns,
178 struct integrity_iint_cache *iint,
179 struct inode *inode, struct file *file)
180 {
181 fmode_t mode = file->f_mode;
182 bool update;
183
184 if (!(mode & FMODE_WRITE))
185 return;
186
187 mutex_lock(&iint->mutex);
188 if (atomic_read(&inode->i_writecount) == 1) {
189 update = test_and_clear_bit(IMA_UPDATE_XATTR,
190 &iint->atomic_flags);
191 if (!IS_I_VERSION(inode) ||
192 !inode_eq_iversion(inode, iint->version) ||
193 (iint->flags & IMA_NEW_FILE)) {
194 mask_iint_ns_status_flags
195 (iint,
196 ~(IMA_DONE_MASK | IMA_NEW_FILE));
197 iint->measured_pcrs = 0;
198
199 if (update)
> 200 ima_update_xattr(ns, iint, file);
201 }
202 }
203 mutex_unlock(&iint->mutex);
204 }
205
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
More information about the Linux-security-module-archive
mailing list