[PATCH v4 3/5] security: Replace indirect LSM hook calls with static calls

kernel test robot lkp at intel.com
Sat Sep 23 14:52:33 UTC 2023


Hi KP,

kernel test robot noticed the following build warnings:

[auto build test WARNING on bpf-next/master]
[also build test WARNING on bpf/master pcmoore-selinux/next linus/master v6.6-rc2 next-20230921]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]

url:    https://github.com/intel-lab-lkp/linux/commits/KP-Singh/kernel-Add-helper-macros-for-loop-unrolling/20230922-225925
base:   https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git master
patch link:    https://lore.kernel.org/r/20230922145505.4044003-4-kpsingh%40kernel.org
patch subject: [PATCH v4 3/5] security: Replace indirect LSM hook calls with static calls
config: arm64-defconfig (https://download.01.org/0day-ci/archive/20230923/202309232244.uCfB7AMn-lkp@intel.com/config)
compiler: aarch64-linux-gcc (GCC) 13.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20230923/202309232244.uCfB7AMn-lkp@intel.com/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp at intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202309232244.uCfB7AMn-lkp@intel.com/

All warnings (new ones prefixed by >>):

   security/security.c: In function 'security_binder_set_context_mgr':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:872:16: note: in expansion of macro 'call_int_hook'
     872 |         return call_int_hook(binder_set_context_mgr, 0, mgr);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_binder_transaction':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:887:16: note: in expansion of macro 'call_int_hook'
     887 |         return call_int_hook(binder_transaction, 0, from, to);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_binder_transfer_binder':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:902:16: note: in expansion of macro 'call_int_hook'
     902 |         return call_int_hook(binder_transfer_binder, 0, from, to);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_binder_transfer_file':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:918:16: note: in expansion of macro 'call_int_hook'
     918 |         return call_int_hook(binder_transfer_file, 0, from, to, file);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_ptrace_access_check':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:937:16: note: in expansion of macro 'call_int_hook'
     937 |         return call_int_hook(ptrace_access_check, 0, child, mode);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_ptrace_traceme':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:952:16: note: in expansion of macro 'call_int_hook'
     952 |         return call_int_hook(ptrace_traceme, 0, parent);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_capget':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:974:16: note: in expansion of macro 'call_int_hook'
     974 |         return call_int_hook(capget, 0, target,
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_capset':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:996:16: note: in expansion of macro 'call_int_hook'
     996 |         return call_int_hook(capset, 0, new, old,
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_capable':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1018:16: note: in expansion of macro 'call_int_hook'
    1018 |         return call_int_hook(capable, 0, cred, ns, cap, opts);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_quotactl':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1034:16: note: in expansion of macro 'call_int_hook'
    1034 |         return call_int_hook(quotactl, 0, cmds, type, id, sb);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_quota_on':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1047:16: note: in expansion of macro 'call_int_hook'
    1047 |         return call_int_hook(quota_on, 0, dentry);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_syslog':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1062:16: note: in expansion of macro 'call_int_hook'
    1062 |         return call_int_hook(syslog, 0, type);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_settime64':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1077:16: note: in expansion of macro 'call_int_hook'
    1077 |         return call_int_hook(settime, 0, ts, tz);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_bprm_creds_for_exec':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1132:16: note: in expansion of macro 'call_int_hook'
    1132 |         return call_int_hook(bprm_creds_for_exec, 0, bprm);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_bprm_creds_from_file':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1156:16: note: in expansion of macro 'call_int_hook'
    1156 |         return call_int_hook(bprm_creds_from_file, 0, bprm, file);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_bprm_check':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1175:15: note: in expansion of macro 'call_int_hook'
    1175 |         ret = call_int_hook(bprm_check_security, 0, bprm);
         |               ^~~~~~~~~~~~~
   security/security.c: In function 'security_fs_context_submount':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1225:16: note: in expansion of macro 'call_int_hook'
    1225 |         return call_int_hook(fs_context_submount, 0, fc, reference);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_fs_context_dup':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1241:16: note: in expansion of macro 'call_int_hook'
    1241 |         return call_int_hook(fs_context_dup, 0, fc, src_fc);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_sb_alloc':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1289:14: note: in expansion of macro 'call_int_hook'
    1289 |         rc = call_int_hook(sb_alloc_security, 0, sb);
         |              ^~~~~~~~~~~~~
   security/security.c: In function 'security_sb_eat_lsm_opts':
>> security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1347:16: note: in expansion of macro 'call_int_hook'
    1347 |         return call_int_hook(sb_eat_lsm_opts, 0, options, mnt_opts);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_sb_mnt_opts_compat':
   security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1364:16: note: in expansion of macro 'call_int_hook'
    1364 |         return call_int_hook(sb_mnt_opts_compat, 0, sb, mnt_opts);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_sb_remount':
   security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1381:16: note: in expansion of macro 'call_int_hook'
    1381 |         return call_int_hook(sb_remount, 0, sb, mnt_opts);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_sb_kern_mount':
   security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1395:16: note: in expansion of macro 'call_int_hook'
    1395 |         return call_int_hook(sb_kern_mount, 0, sb);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_sb_show_options':
   security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1409:16: note: in expansion of macro 'call_int_hook'
    1409 |         return call_int_hook(sb_show_options, 0, m, sb);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_sb_statfs':
   security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1423:16: note: in expansion of macro 'call_int_hook'
    1423 |         return call_int_hook(sb_statfs, 0, dentry);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_sb_mount':
   security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1446:16: note: in expansion of macro 'call_int_hook'
    1446 |         return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_sb_umount':
   security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1460:16: note: in expansion of macro 'call_int_hook'
    1460 |         return call_int_hook(sb_umount, 0, mnt, flags);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_sb_pivotroot':
   security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1475:16: note: in expansion of macro 'call_int_hook'
    1475 |         return call_int_hook(sb_pivotroot, 0, old_path, new_path);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_sb_set_mnt_opts':
   security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1494:16: note: in expansion of macro 'call_int_hook'
    1494 |         return call_int_hook(sb_set_mnt_opts,
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_sb_clone_mnt_opts':
   security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1516:16: note: in expansion of macro 'call_int_hook'
    1516 |         return call_int_hook(sb_clone_mnt_opts, 0, oldsb, newsb,
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_move_mount':
   security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1533:16: note: in expansion of macro 'call_int_hook'
    1533 |         return call_int_hook(move_mount, 0, from_path, to_path);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_path_notify':
   security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1550:16: note: in expansion of macro 'call_int_hook'
    1550 |         return call_int_hook(path_notify, 0, path, mask, obj_type);
         |                ^~~~~~~~~~~~~
   security/security.c: In function 'security_inode_alloc':
   security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~
   security/security.c:1569:14: note: in expansion of macro 'call_int_hook'
    1569 |         rc = call_int_hook(inode_alloc_security, 0, inode);
         |              ^~~~~~~~~~~~~
   security/security.c: In function 'security_dentry_create_files_as':
   security/security.c:851:1: warning: label 'out' defined but not used [-Wunused-label]
     851 | out:                                                                    \
         | ^~~


vim +/out +851 security/security.c

   845	
   846	#define call_int_hook(FUNC, IRC, ...)					\
   847	({									\
   848		__label__ out;							\
   849		int RC = IRC;							\
   850		LSM_LOOP_UNROLL(__CALL_STATIC_INT, RC, FUNC, out, __VA_ARGS__);	\
 > 851	out:									\
   852		RC;								\
   853	})
   854	

-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki



More information about the Linux-security-module-archive mailing list