[PATCH v9 bpf-next 11/17] bpf,lsm: add BPF token LSM hooks

Andrii Nakryiko andrii.nakryiko at gmail.com
Sat Nov 4 03:20:01 UTC 2023


On Fri, Nov 3, 2023 at 5:38 PM kernel test robot <lkp at intel.com> wrote:
>
> Hi Andrii,
>
> kernel test robot noticed the following build errors:
>
> [auto build test ERROR on bpf-next/master]
>
> url:    https://github.com/intel-lab-lkp/linux/commits/Andrii-Nakryiko/bpf-align-CAP_NET_ADMIN-checks-with-bpf_capable-approach/20231104-031714
> base:   https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master
> patch link:    https://lore.kernel.org/r/20231103190523.6353-12-andrii%40kernel.org
> patch subject: [PATCH v9 bpf-next 11/17] bpf,lsm: add BPF token LSM hooks
> config: m68k-defconfig (https://download.01.org/0day-ci/archive/20231104/202311040829.XrnpSV8z-lkp@intel.com/config)
> compiler: m68k-linux-gcc (GCC) 13.2.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231104/202311040829.XrnpSV8z-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp at intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202311040829.XrnpSV8z-lkp@intel.com/
>
> All errors (new ones prefixed by >>):
>
>    In file included from include/net/scm.h:8,
>                     from include/linux/netlink.h:9,
>                     from include/uapi/linux/neighbour.h:6,
>                     from include/linux/netdevice.h:45,
>                     from include/net/sock.h:46,
>                     from include/linux/tcp.h:19,
>                     from include/linux/ipv6.h:95,
>                     from include/net/ipv6.h:12,
>                     from include/linux/sunrpc/addr.h:14,
>                     from fs/nfsd/nfsd.h:22,
>                     from fs/nfsd/state.h:42,
>                     from fs/nfsd/xdr4.h:40,
>                     from fs/nfsd/trace.h:17,
>                     from fs/nfsd/trace.c:4:
> >> include/linux/security.h:2084:92: error: parameter 2 ('cmd') has incomplete type
>     2084 | static inline int security_bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
>          |                                                                               ~~~~~~~~~~~~~^~~
> >> include/linux/security.h:2084:19: error: function declaration isn't a prototype [-Werror=strict-prototypes]
>     2084 | static inline int security_bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
>          |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
>    cc1: some warnings being treated as errors

Ok, so apparently enum forward declaration doesn't work with static
inline functions.

Would it be ok to just #include <linux/bpf.h> in this file?

$ git diff
diff --git a/include/linux/security.h b/include/linux/security.h
index 1d6edbf45d1c..cfe6176824c2 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -32,6 +32,7 @@
 #include <linux/string.h>
 #include <linux/mm.h>
 #include <linux/sockptr.h>
+#include <linux/bpf.h>

 struct linux_binprm;
 struct cred;
@@ -60,7 +61,6 @@ struct fs_parameter;
 enum fs_value_type;
 struct watch;
 struct watch_notification;
-enum bpf_cmd;

 /* Default (no) options for the capable function */
 #define CAP_OPT_NONE 0x0


If not, then I guess another alternative would be to pass `int cmd`
instead of `enum bpf_cmd cmd`, but that doesn't seems like the best
solution, tbh.

Paul, any preferences?

> --
>    In file included from include/net/scm.h:8,
>                     from include/linux/netlink.h:9,
>                     from include/uapi/linux/neighbour.h:6,
>                     from include/linux/netdevice.h:45,
>                     from include/net/sock.h:46,
>                     from include/linux/tcp.h:19,
>                     from include/linux/ipv6.h:95,
>                     from include/net/ipv6.h:12,
>                     from include/linux/sunrpc/addr.h:14,
>                     from fs/nfsd/nfsd.h:22,
>                     from fs/nfsd/export.c:21:
> >> include/linux/security.h:2084:92: error: parameter 2 ('cmd') has incomplete type
>     2084 | static inline int security_bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
>          |                                                                               ~~~~~~~~~~~~~^~~
> >> include/linux/security.h:2084:19: error: function declaration isn't a prototype [-Werror=strict-prototypes]
>     2084 | static inline int security_bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
>          |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
>    fs/nfsd/export.c: In function 'exp_rootfh':
>    fs/nfsd/export.c:1017:34: warning: variable 'inode' set but not used [-Wunused-but-set-variable]
>     1017 |         struct inode            *inode;
>          |                                  ^~~~~
>    cc1: some warnings being treated as errors
> --
>    In file included from include/net/scm.h:8,
>                     from include/linux/netlink.h:9,
>                     from include/uapi/linux/neighbour.h:6,
>                     from include/linux/netdevice.h:45,
>                     from include/net/sock.h:46,
>                     from include/linux/tcp.h:19,
>                     from include/linux/ipv6.h:95,
>                     from include/net/ipv6.h:12,
>                     from include/linux/sunrpc/addr.h:14,
>                     from fs/nfsd/nfsd.h:22,
>                     from fs/nfsd/state.h:42,
>                     from fs/nfsd/xdr4.h:40,
>                     from fs/nfsd/trace.h:17,
>                     from fs/nfsd/trace.c:4:
> >> include/linux/security.h:2084:92: error: parameter 2 ('cmd') has incomplete type
>     2084 | static inline int security_bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
>          |                                                                               ~~~~~~~~~~~~~^~~
> >> include/linux/security.h:2084:19: error: function declaration isn't a prototype [-Werror=strict-prototypes]
>     2084 | static inline int security_bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
>          |                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
>    In file included from fs/nfsd/trace.h:1958:
>    include/trace/define_trace.h:95:42: fatal error: ./trace.h: No such file or directory
>       95 | #include TRACE_INCLUDE(TRACE_INCLUDE_FILE)
>          |                                          ^
>    cc1: some warnings being treated as errors
>    compilation terminated.
>
>
> vim +2084 include/linux/security.h
>
>   2083
> > 2084  static inline int security_bpf_token_allow_cmd(const struct bpf_token *token, enum bpf_cmd cmd)
>   2085  {
>   2086          return 0;
>   2087  }
>   2088
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki



More information about the Linux-security-module-archive mailing list