[dhowells-fs:keys-acl 20/24] security/smack/smack_lsm.c:4301:3: error: use of undeclared identifier 'auth_can_override'
1:32 p.m.
tree: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git keys-acl
head: 06a67e452fb9c5815f6181878949ab31178c6d67
commit: 94bb4170063bccdace680e10a634433d0801534f [20/24] keys: Move permissions checking
decisions into the checking code
config: x86_64-randconfig-a015-20210209 (attached as .config)
compiler: clang version 12.0.0 (https://github.com/llvm/llvm-project
c9439ca36342fb6013187d0a69aef92736951476)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O
~/bin/make.cross
chmod +x ~/bin/make.cross
# install x86_64 cross compiling tool for clang build
# apt-get install binutils-x86-64-linux-gnu
#
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/com...
git remote add dhowells-fs
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
git fetch --no-tags dhowells-fs keys-acl
git checkout 94bb4170063bccdace680e10a634433d0801534f
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp(a)intel.com>
All errors (new ones prefixed by >>):
> security/smack/smack_lsm.c:4301:3: error: use of undeclared
identifier 'auth_can_override'
auth_can_override = true;
^
security/smack/smack_lsm.c:4319:3: error: use of undeclared identifier
'auth_can_override'
auth_can_override = true;
^
security/smack/smack_lsm.c:4331:3: error: use of undeclared identifier
'auth_can_override'
auth_can_override = true;
^
security/smack/smack_lsm.c:4349:6: error: use of undeclared identifier
'auth_can_override'
if (auth_can_override && cred->request_key_auth) {
^
> security/smack/smack_lsm.c:4352:10: error: incomplete definition
of type 'struct request_key_auth'
if (rka->target_key
== key)
~~~^
security/smack/smack_lsm.c:4350:10: note: forward declaration of 'struct
request_key_auth'
struct request_key_auth *rka =
^
> security/smack/smack_lsm.c:4352:26: error: use of undeclared
identifier 'key'; did you mean 'keyp'?
if
(rka->target_key == key)
^~~
keyp
security/smack/smack_lsm.c:4270:14: note: 'keyp' declared here
struct key *keyp;
^
> security/smack/smack_lsm.c:4353:5: error: use of undeclared
identifier '_perm'
*_perm = 0;
^
7 errors generated.
vim +/auth_can_override +4301 security/smack/smack_lsm.c
4255
4256 /**
4257 * smack_key_permission - Smack access on a key
4258 * @key_ref: gets to the object
4259 * @cred: the credentials to use
4260 * @need_perm: requested key permission
4261 *
4262 * Return 0 if the task has read and write to the object,
4263 * an error code otherwise
4264 */
4265 static int smack_key_permission(key_ref_t key_ref,
4266 const struct cred *cred,
4267 enum key_need_perm need_perm,
4268 unsigned int flags)
4269 {
4270 struct key *keyp;
4271 struct smk_audit_info ad;
4272 struct smack_known *tkp = smk_of_task(smack_cred(cred));
4273 int request = 0;
4274 int rc;
4275
4276 keyp = key_ref_to_ptr(key_ref);
4277 if (keyp == NULL)
4278 return -EINVAL;
4279 /*
4280 * If the key hasn't been initialized give it access so that
4281 * it may do so.
4282 */
4283 if (keyp->security == NULL)
4284 return 0;
4285 /*
4286 * This should not occur
4287 */
4288 if (tkp == NULL)
4289 return -EACCES;
4290
4291 /*
4292 * Validate requested permissions
4293 */
4294 switch (need_perm) {
4295 case KEY_NEED_ASSUME_AUTHORITY:
4296 return 0;
4297
4298 case KEY_NEED_DESCRIBE:
4299 case KEY_NEED_GET_SECURITY:
4300 request |= MAY_READ;
4301 auth_can_override = true;
4302 break;
4303
4304 case KEY_NEED_CHOWN:
4305 case KEY_NEED_INVALIDATE:
4306 case KEY_NEED_JOIN:
4307 case KEY_NEED_LINK:
4308 case KEY_NEED_KEYRING_ADD:
4309 case KEY_NEED_KEYRING_CLEAR:
4310 case KEY_NEED_KEYRING_DELETE:
4311 case KEY_NEED_REVOKE:
4312 case KEY_NEED_SETPERM:
4313 case KEY_NEED_SET_RESTRICTION:
4314 case KEY_NEED_UPDATE:
4315 request |= MAY_WRITE;
4316 break;
4317
4318 case KEY_NEED_INSTANTIATE:
4319 auth_can_override = true;
4320 break;
4321
4322 case KEY_NEED_READ:
4323 case KEY_NEED_SEARCH:
4324 case KEY_NEED_USE:
4325 case KEY_NEED_WATCH:
4326 request |= MAY_READ;
4327 break;
4328
4329 case KEY_NEED_SET_TIMEOUT:
4330 request |= MAY_WRITE;
4331 auth_can_override = true;
4332 break;
4333
4334 case KEY_NEED_UNLINK:
4335 return 0; /* Mustn't prevent this; KEY_FLAG_KEEP is already
4336 * dealt with. */
4337
4338 default:
4339 WARN_ON(1);
4340 return -EINVAL;
4341 }
4342
4343 /* Just allow the operation if the process has an authorisation token.
4344 * The presence of the token means that the kernel delegated
4345 * instantiation of a key to the process - which is problematic if we
4346 * then say that the process isn't allowed to get the description of
4347 * the key or actually instantiate it.
4348 */
4349 if (auth_can_override && cred->request_key_auth) {
4350 struct request_key_auth *rka =
4351 cred->request_key_auth->payload.data[0];
4352 if (rka->target_key == key)
4353 *_perm = 0;
4354 }
4355
4356 if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred))
4357 return 0;
4358
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
587
days inactive
587
days old
0 comments
1 participants
participants (1)
-
kernel test robot