[PATCH v3 6/9] security: Hornet LSM
kernel test robot
lkp at intel.com
Sat Mar 28 02:55:32 UTC 2026
Hi Blaise,
kernel test robot noticed the following build errors:
[auto build test ERROR on herbert-cryptodev-2.6/master]
[also build test ERROR on herbert-crypto-2.6/master shuah-kselftest/next shuah-kselftest/fixes linus/master v7.0-rc5 next-20260327]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Blaise-Boscaccy/crypto-pkcs7-add-flag-for-validated-trust-on-a-signed-info-block/20260327-145024
base: https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master
patch link: https://lore.kernel.org/r/20260326060655.2550595-7-bboscaccy%40linux.microsoft.com
patch subject: [PATCH v3 6/9] security: Hornet LSM
config: x86_64-randconfig-102-20260328 (https://download.01.org/0day-ci/archive/20260328/202603281030.AIoqyOy3-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260328/202603281030.AIoqyOy3-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp at intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202603281030.AIoqyOy3-lkp@intel.com/
All errors (new ones prefixed by >>):
>> security/hornet/hornet_lsm.c:194:6: error: call to undeclared function 'verify_pkcs7_message_sig'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
194 | if (verify_pkcs7_message_sig(prog->insnsi, prog->len * sizeof(struct bpf_insn), msg,
| ^
1 error generated.
vim +/verify_pkcs7_message_sig +194 security/hornet/hornet_lsm.c
155
156 static int hornet_check_program(struct bpf_prog *prog, union bpf_attr *attr,
157 struct bpf_token *token, bool is_kernel,
158 enum lsm_integrity_verdict *verdict)
159 {
160 struct hornet_maps maps = {0};
161 bpfptr_t usig = make_bpfptr(attr->signature, is_kernel);
162 struct pkcs7_message *msg;
163 struct hornet_parse_context *ctx;
164 void *sig;
165 int err;
166 const void *authattrs;
167 size_t authattrs_len;
168
169 if (!attr->signature) {
170 *verdict = LSM_INT_VERDICT_UNSIGNED;
171 return 0;
172 }
173
174 ctx = kzalloc(sizeof(struct hornet_parse_context), GFP_KERNEL);
175 if (!ctx)
176 return -ENOMEM;
177
178 maps.fd_array = make_bpfptr(attr->fd_array, is_kernel);
179 sig = kzalloc(attr->signature_size, GFP_KERNEL);
180 if (!sig) {
181 err = -ENOMEM;
182 goto out;
183 }
184 err = copy_from_bpfptr(sig, usig, attr->signature_size);
185 if (err != 0)
186 goto cleanup_sig;
187
188 msg = pkcs7_parse_message(sig, attr->signature_size);
189 if (IS_ERR(msg)) {
190 err = LSM_INT_VERDICT_BADSIG;
191 goto cleanup_sig;
192 }
193
> 194 if (verify_pkcs7_message_sig(prog->insnsi, prog->len * sizeof(struct bpf_insn), msg,
195 VERIFY_USE_SECONDARY_KEYRING,
196 VERIFYING_BPF_SIGNATURE,
197 NULL, NULL)) {
198 err = LSM_INT_VERDICT_UNKNOWNKEY;
199 goto cleanup_msg;
200 }
201
202 if (pkcs7_get_authattr(msg, OID_hornet_data,
203 &authattrs, &authattrs_len) == -ENODATA) {
204 err = LSM_INT_VERDICT_PARTIALSIG;
205 goto cleanup_msg;
206 }
207
208 err = asn1_ber_decoder(&hornet_decoder, ctx, authattrs, authattrs_len);
209 if (err < 0 || authattrs == NULL) {
210 err = LSM_INT_VERDICT_BADSIG;
211 goto cleanup_msg;
212 }
213
214 err = hornet_verify_hashes(&maps, ctx, prog);
215
216 cleanup_msg:
217 pkcs7_free_message(msg);
218 cleanup_sig:
219 kfree(sig);
220 out:
221 kfree(ctx);
222 return err;
223 }
224
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
More information about the Linux-security-module-archive
mailing list