[PATCH v8 bpf-next 11/18] bpf,lsm: add BPF token LSM hooks

kernel test robot lkp at intel.com
Tue Oct 17 15:44:27 UTC 2023


Hi Andrii,

kernel test robot noticed the following build warnings:

[auto build test WARNING on bpf-next/master]

url:    https://github.com/intel-lab-lkp/linux/commits/Andrii-Nakryiko/bpf-align-CAP_NET_ADMIN-checks-with-bpf_capable-approach/20231017-152928
base:   https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master
patch link:    https://lore.kernel.org/r/20231016180220.3866105-12-andrii%40kernel.org
patch subject: [PATCH v8 bpf-next 11/18] bpf,lsm: add BPF token LSM hooks
config: m68k-allyesconfig (https://download.01.org/0day-ci/archive/20231017/202310172329.EQgtSkRh-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231017/202310172329.EQgtSkRh-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp at intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202310172329.EQgtSkRh-lkp@intel.com/

All warnings (new ones prefixed by >>):

   security/security.c:5182: warning: Function parameter or member 'map' not described in 'security_bpf_map_create'
   security/security.c:5200: warning: Function parameter or member 'prog' not described in 'security_bpf_prog_load'
>> security/security.c:5217: warning: Function parameter or member 'token' not described in 'security_bpf_token_create'


vim +5217 security/security.c

  5168	
  5169	/**
  5170	 * security_bpf_map_create() - Check if BPF map creation is allowed
  5171	 * @map BPF map object
  5172	 * @attr: BPF syscall attributes used to create BPF map
  5173	 * @token: BPF token used to grant user access
  5174	 *
  5175	 * Do a check when the kernel creates a new BPF map. This is also the
  5176	 * point where LSM blob is allocated for LSMs that need them.
  5177	 *
  5178	 * Return: Returns 0 on success, error on failure.
  5179	 */
  5180	int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr,
  5181				    struct bpf_token *token)
> 5182	{
  5183		return call_int_hook(bpf_map_create, 0, map, attr, token);
  5184	}
  5185	
  5186	/**
  5187	 * security_bpf_prog_load() - Check if loading of BPF program is allowed
  5188	 * @prog BPF program object
  5189	 * @attr: BPF syscall attributes used to create BPF program
  5190	 * @token: BPF token used to grant user access to BPF subsystem
  5191	 *
  5192	 * Do a check when the kernel allocates BPF program object and is about to
  5193	 * pass it to BPF verifier for additional correctness checks. This is also the
  5194	 * point where LSM blob is allocated for LSMs that need them.
  5195	 *
  5196	 * Return: Returns 0 on success, error on failure.
  5197	 */
  5198	int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
  5199				   struct bpf_token *token)
  5200	{
  5201		return call_int_hook(bpf_prog_load, 0, prog, attr, token);
  5202	}
  5203	
  5204	/**
  5205	 * security_bpf_token_create() - Check if creating of BPF token is allowed
  5206	 * @token BPF token object
  5207	 * @attr: BPF syscall attributes used to create BPF token
  5208	 * @path: path pointing to BPF FS mount point from which BPF token is created
  5209	 *
  5210	 * Do a check when the kernel instantiates a new BPF token object from BPF FS
  5211	 * instance. This is also the point where LSM blob can be allocated for LSMs.
  5212	 *
  5213	 * Return: Returns 0 on success, error on failure.
  5214	 */
  5215	int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
  5216				      struct path *path)
> 5217	{
  5218		return call_int_hook(bpf_token_create, 0, token, attr, path);
  5219	}
  5220	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki



More information about the Linux-security-module-archive mailing list