[PATCH v8 bpf-next 09/18] bpf, lsm: refactor bpf_prog_alloc/bpf_prog_free LSM hooks
Andrii Nakryiko
andrii.nakryiko at gmail.com
Tue Oct 17 17:46:32 UTC 2023
On Tue, Oct 17, 2023 at 6:56 AM kernel test robot <lkp at intel.com> wrote:
>
> Hi Andrii,
>
> kernel test robot noticed the following build warnings:
>
> [auto build test WARNING on bpf-next/master]
>
> url: https://github.com/intel-lab-lkp/linux/commits/Andrii-Nakryiko/bpf-align-CAP_NET_ADMIN-checks-with-bpf_capable-approach/20231017-152928
> base: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master
> patch link: https://lore.kernel.org/r/20231016180220.3866105-10-andrii%40kernel.org
> patch subject: [PATCH v8 bpf-next 09/18] bpf,lsm: refactor bpf_prog_alloc/bpf_prog_free LSM hooks
> config: m68k-allyesconfig (https://download.01.org/0day-ci/archive/20231017/202310172156.zcehiHbq-lkp@intel.com/config)
> compiler: m68k-linux-gcc (GCC) 13.2.0
> reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20231017/202310172156.zcehiHbq-lkp@intel.com/reproduce)
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <lkp at intel.com>
> | Closes: https://lore.kernel.org/oe-kbuild-all/202310172156.zcehiHbq-lkp@intel.com/
>
> All warnings (new ones prefixed by >>):
>
> >> security/security.c:5196: warning: Function parameter or member 'prog' not described in 'security_bpf_prog_load'
>
>
> vim +5196 security/security.c
>
> 55e853201a9e03 Paul Moore 2023-02-16 5181
> 55e853201a9e03 Paul Moore 2023-02-16 5182 /**
> 82c20ee03a7a4e Andrii Nakryiko 2023-10-16 5183 * security_bpf_prog_load() - Check if loading of BPF program is allowed
> 82c20ee03a7a4e Andrii Nakryiko 2023-10-16 5184 * @prog BPF program object
missing colon after @prog, cute, will fix
> 82c20ee03a7a4e Andrii Nakryiko 2023-10-16 5185 * @attr: BPF syscall attributes used to create BPF program
> 82c20ee03a7a4e Andrii Nakryiko 2023-10-16 5186 * @token: BPF token used to grant user access to BPF subsystem
> 55e853201a9e03 Paul Moore 2023-02-16 5187 *
> 82c20ee03a7a4e Andrii Nakryiko 2023-10-16 5188 * Do a check when the kernel allocates BPF program object and is about to
> 82c20ee03a7a4e Andrii Nakryiko 2023-10-16 5189 * pass it to BPF verifier for additional correctness checks. This is also the
> 82c20ee03a7a4e Andrii Nakryiko 2023-10-16 5190 * point where LSM blob is allocated for LSMs that need them.
> 55e853201a9e03 Paul Moore 2023-02-16 5191 *
> 55e853201a9e03 Paul Moore 2023-02-16 5192 * Return: Returns 0 on success, error on failure.
> 55e853201a9e03 Paul Moore 2023-02-16 5193 */
> 82c20ee03a7a4e Andrii Nakryiko 2023-10-16 5194 int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
> 82c20ee03a7a4e Andrii Nakryiko 2023-10-16 5195 struct bpf_token *token)
> afdb09c720b62b Chenbo Feng 2017-10-18 @5196 {
> 82c20ee03a7a4e Andrii Nakryiko 2023-10-16 5197 return call_int_hook(bpf_prog_load, 0, prog, attr, token);
> afdb09c720b62b Chenbo Feng 2017-10-18 5198 }
> 55e853201a9e03 Paul Moore 2023-02-16 5199
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
More information about the Linux-security-module-archive
mailing list