[PATCH v9 bpf-next 11/17] bpf,lsm: add BPF token LSM hooks
Andrii Nakryiko
andrii.nakryiko at gmail.com
Sat Nov 4 03:20:01 UTC 2023
On Fri, Nov 3, 2023 at 5:38 PM kernel test robot <lkp at intel.com> wrote:
>
> Hi Andrii,
>
> kernel test robot noticed the following build errors:
>
> [auto build test ERROR on bpf-next/master]
>
> url: https://github.com/intel-lab-lkp/linux/commits/Andrii-Nakryiko/bpf-align-CAP_NET_ADMIN-checks-with-bpf_capable-approach/20231104-031714
> base: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master
> patch link: https://lore.kernel.org/r/20231103190523.6353-12-andrii%40kernel.org
> patch subject: [PATCH v9 bpf-next 11/17] bpf,lsm: add BPF token LSM hooks
> config: m68k-defconfig (https://download.01.org/0day-ci/archive/20231104/202311040829.XrnpSV8z-lkp@intel.com/config)
> compiler: m68k-linux-gcc (GCC) 13.2.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231104/202311040829.XrnpSV8z-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp at intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202311040829.XrnpSV8z-lkp@intel.com/
>
> All errors (new ones prefixed by >>):
>
> In file included from include/net/scm.h:8,
> from include/linux/netlink.h:9,
> from include/uapi/linux/neighbour.h:6,
> from include/linux/netdevice.h:45,
> from include/net/sock.h:46,
> from include/linux/tcp.h:19,
> from include/linux/ipv6.h:95,
> from include/net/ipv6.h:12,
> from include/linux/sunrpc/addr.h:14,
> from fs/nfsd/nfsd.h:22,
> from fs/nfsd/state.h:42,
> from fs/nfsd/xdr4.h:40,
> from fs/nfsd/trace.h:17,
> from fs/nfsd/trace.c:4:
> >> include/linux/security.h:2084:92: error: parameter 2 ('cmd') has incomplete type
> 2084 | static inline int security_bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
> | ~~~~~~~~~~~~~^~~
> >> include/linux/security.h:2084:19: error: function declaration isn't a prototype [-Werror=strict-prototypes]
> 2084 | static inline int security_bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
> cc1: some warnings being treated as errors
Ok, so apparently enum forward declaration doesn't work with static
inline functions.
Would it be ok to just #include <linux/bpf.h> in this file?
$ git diff
diff --git a/include/linux/security.h b/include/linux/security.h
index 1d6edbf45d1c..cfe6176824c2 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -32,6 +32,7 @@
#include <linux/string.h>
#include <linux/mm.h>
#include <linux/sockptr.h>
+#include <linux/bpf.h>
struct linux_binprm;
struct cred;
@@ -60,7 +61,6 @@ struct fs_parameter;
enum fs_value_type;
struct watch;
struct watch_notification;
-enum bpf_cmd;
/* Default (no) options for the capable function */
#define CAP_OPT_NONE 0x0
If not, then I guess another alternative would be to pass `int cmd`
instead of `enum bpf_cmd cmd`, but that doesn't seems like the best
solution, tbh.
Paul, any preferences?
> --
> In file included from include/net/scm.h:8,
> from include/linux/netlink.h:9,
> from include/uapi/linux/neighbour.h:6,
> from include/linux/netdevice.h:45,
> from include/net/sock.h:46,
> from include/linux/tcp.h:19,
> from include/linux/ipv6.h:95,
> from include/net/ipv6.h:12,
> from include/linux/sunrpc/addr.h:14,
> from fs/nfsd/nfsd.h:22,
> from fs/nfsd/export.c:21:
> >> include/linux/security.h:2084:92: error: parameter 2 ('cmd') has incomplete type
> 2084 | static inline int security_bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
> | ~~~~~~~~~~~~~^~~
> >> include/linux/security.h:2084:19: error: function declaration isn't a prototype [-Werror=strict-prototypes]
> 2084 | static inline int security_bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
> fs/nfsd/export.c: In function 'exp_rootfh':
> fs/nfsd/export.c:1017:34: warning: variable 'inode' set but not used [-Wunused-but-set-variable]
> 1017 | struct inode *inode;
> | ^~~~~
> cc1: some warnings being treated as errors
> --
> In file included from include/net/scm.h:8,
> from include/linux/netlink.h:9,
> from include/uapi/linux/neighbour.h:6,
> from include/linux/netdevice.h:45,
> from include/net/sock.h:46,
> from include/linux/tcp.h:19,
> from include/linux/ipv6.h:95,
> from include/net/ipv6.h:12,
> from include/linux/sunrpc/addr.h:14,
> from fs/nfsd/nfsd.h:22,
> from fs/nfsd/state.h:42,
> from fs/nfsd/xdr4.h:40,
> from fs/nfsd/trace.h:17,
> from fs/nfsd/trace.c:4:
> >> include/linux/security.h:2084:92: error: parameter 2 ('cmd') has incomplete type
> 2084 | static inline int security_bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
> | ~~~~~~~~~~~~~^~~
> >> include/linux/security.h:2084:19: error: function declaration isn't a prototype [-Werror=strict-prototypes]
> 2084 | static inline int security_bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In file included from fs/nfsd/trace.h:1958:
> include/trace/define_trace.h:95:42: fatal error: ./trace.h: No such file or directory
> 95 | #include TRACE_INCLUDE(TRACE_INCLUDE_FILE)
> | ^
> cc1: some warnings being treated as errors
> compilation terminated.
>
>
> vim +2084 include/linux/security.h
>
> 2083
> > 2084 static inline int security_bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
> 2085 {
> 2086 return 0;
> 2087 }
> 2088
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
More information about the Linux-security-module-archive
mailing list