[PATCH v8 bpf-next 11/18] bpf,lsm: add BPF token LSM hooks
kernel test robot
lkp at intel.com
Tue Oct 17 15:44:27 UTC 2023
Hi Andrii,
kernel test robot noticed the following build warnings:
[auto build test WARNING on bpf-next/master]
url: https://github.com/intel-lab-lkp/linux/commits/Andrii-Nakryiko/bpf-align-CAP_NET_ADMIN-checks-with-bpf_capable-approach/20231017-152928
base: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master
patch link: https://lore.kernel.org/r/20231016180220.3866105-12-andrii%40kernel.org
patch subject: [PATCH v8 bpf-next 11/18] bpf,lsm: add BPF token LSM hooks
config: m68k-allyesconfig (https://download.01.org/0day-ci/archive/20231017/202310172329.EQgtSkRh-lkp@intel.com/config)
compiler: m68k-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231017/202310172329.EQgtSkRh-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp at intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202310172329.EQgtSkRh-lkp@intel.com/
All warnings (new ones prefixed by >>):
security/security.c:5182: warning: Function parameter or member 'map' not described in 'security_bpf_map_create'
security/security.c:5200: warning: Function parameter or member 'prog' not described in 'security_bpf_prog_load'
>> security/security.c:5217: warning: Function parameter or member 'token' not described in 'security_bpf_token_create'
vim +5217 security/security.c
5168
5169 /**
5170 * security_bpf_map_create() - Check if BPF map creation is allowed
5171 * @map BPF map object
5172 * @attr: BPF syscall attributes used to create BPF map
5173 * @token: BPF token used to grant user access
5174 *
5175 * Do a check when the kernel creates a new BPF map. This is also the
5176 * point where LSM blob is allocated for LSMs that need them.
5177 *
5178 * Return: Returns 0 on success, error on failure.
5179 */
5180 int security_bpf_map_create(struct bpf_map *map, union bpf_attr *attr,
5181 struct bpf_token *token)
> 5182 {
5183 return call_int_hook(bpf_map_create, 0, map, attr, token);
5184 }
5185
5186 /**
5187 * security_bpf_prog_load() - Check if loading of BPF program is allowed
5188 * @prog BPF program object
5189 * @attr: BPF syscall attributes used to create BPF program
5190 * @token: BPF token used to grant user access to BPF subsystem
5191 *
5192 * Do a check when the kernel allocates BPF program object and is about to
5193 * pass it to BPF verifier for additional correctness checks. This is also the
5194 * point where LSM blob is allocated for LSMs that need them.
5195 *
5196 * Return: Returns 0 on success, error on failure.
5197 */
5198 int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
5199 struct bpf_token *token)
5200 {
5201 return call_int_hook(bpf_prog_load, 0, prog, attr, token);
5202 }
5203
5204 /**
5205 * security_bpf_token_create() - Check if creating of BPF token is allowed
5206 * @token BPF token object
5207 * @attr: BPF syscall attributes used to create BPF token
5208 * @path: path pointing to BPF FS mount point from which BPF token is created
5209 *
5210 * Do a check when the kernel instantiates a new BPF token object from BPF FS
5211 * instance. This is also the point where LSM blob can be allocated for LSMs.
5212 *
5213 * Return: Returns 0 on success, error on failure.
5214 */
5215 int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
5216 struct path *path)
> 5217 {
5218 return call_int_hook(bpf_token_create, 0, token, attr, path);
5219 }
5220
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
More information about the Linux-security-module-archive
mailing list