[PATCH 2/2] NFSv4.2: condition READDIR's mask for security label based on LSM state
kernel test robot
lkp at intel.com
Thu Nov 5 23:06:39 UTC 2020
Hi Olga,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nfs/linux-next]
[also build test ERROR on pcmoore-selinux/next linus/master security/next-testing v5.10-rc2 next-20201105]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Olga-Kornievskaia/introduce-a-new-hook-to-query-LSM-for-functionality/20201106-013417
base: git://git.linux-nfs.org/projects/trondmy/linux-nfs.git linux-next
config: openrisc-randconfig-r002-20201104 (attached as .config)
compiler: or1k-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/d765c00ede01a334b7a3f995ab27b8d4ebd5ea38
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Olga-Kornievskaia/introduce-a-new-hook-to-query-LSM-for-functionality/20201106-013417
git checkout d765c00ede01a334b7a3f995ab27b8d4ebd5ea38
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=openrisc
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp at intel.com>
All errors (new ones prefixed by >>):
fs/nfs/nfs4proc.c: In function '_nfs4_proc_readdir':
>> fs/nfs/nfs4proc.c:4982:18: error: 'LSM_FQUERY_VFS_XATTRS' undeclared (first use in this function)
4982 | int sec_flags = LSM_FQUERY_VFS_XATTRS;
| ^~~~~~~~~~~~~~~~~~~~~
fs/nfs/nfs4proc.c:4982:18: note: each undeclared identifier is reported only once for each function it appears in
>> fs/nfs/nfs4proc.c:4987:7: error: implicit declaration of function 'security_func_query_vfs' [-Werror=implicit-function-declaration]
4987 | if (!security_func_query_vfs(sec_flags))
| ^~~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors
vim +/LSM_FQUERY_VFS_XATTRS +4982 fs/nfs/nfs4proc.c
4960
4961 static int _nfs4_proc_readdir(struct dentry *dentry, const struct cred *cred,
4962 u64 cookie, struct page **pages, unsigned int count, bool plus)
4963 {
4964 struct inode *dir = d_inode(dentry);
4965 struct nfs4_readdir_arg args = {
4966 .fh = NFS_FH(dir),
4967 .pages = pages,
4968 .pgbase = 0,
4969 .count = count,
4970 .bitmask = NFS_SERVER(d_inode(dentry))->attr_bitmask,
4971 .plus = plus,
4972 .labels = true,
4973 };
4974 struct nfs4_readdir_res res;
4975 struct rpc_message msg = {
4976 .rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_READDIR],
4977 .rpc_argp = &args,
4978 .rpc_resp = &res,
4979 .rpc_cred = cred,
4980 };
4981 int status;
> 4982 int sec_flags = LSM_FQUERY_VFS_XATTRS;
4983
4984 dprintk("%s: dentry = %pd2, cookie = %Lu\n", __func__,
4985 dentry,
4986 (unsigned long long)cookie);
> 4987 if (!security_func_query_vfs(sec_flags))
4988 args.labels = false;
4989 nfs4_setup_readdir(cookie, NFS_I(dir)->cookieverf, dentry, &args);
4990 res.pgbase = args.pgbase;
4991 status = nfs4_call_sync(NFS_SERVER(dir)->client, NFS_SERVER(dir), &msg, &args.seq_args, &res.seq_res, 0);
4992 if (status >= 0) {
4993 memcpy(NFS_I(dir)->cookieverf, res.verifier.data, NFS4_VERIFIER_SIZE);
4994 status += args.pgbase;
4995 }
4996
4997 nfs_invalidate_atime(dir);
4998
4999 dprintk("%s: returns %d\n", __func__, status);
5000 return status;
5001 }
5002
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
More information about the Linux-security-module-archive
mailing list