Hi David, [FYI, it's a private test report for your RFC patch.] [auto build test ERROR on cifs/for-next] [also build test ERROR on dm/for-next linus/master v5.8-rc5 next-20200717] [cannot apply to security/next-testing pcmoore-selinux/next ecryptfs/next] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/David-Howells/keys-Security-chan... base: git://git.samba.org/sfrench/cifs-2.6.git for-next config: microblaze-randconfig-r011-20200717 (attached as .config) compiler: microblaze-linux-gcc (GCC) 9.3.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross ARCH=microblaze If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp(a)intel.com&gt; All errors (new ones prefixed by >>): security/smack/smack_lsm.c: In function 'smack_key_permission': 4258 | auth_can_override = true; | ^~~~~~~~~~~~~~~~~ security/smack/smack_lsm.c:4258:3: note: each undeclared identifier is reported only once for each function it appears in 4309 | if (rka->target_key == key) | ^~ 4309 | if (rka->target_key == key) | ^~~ 4310 | *_perm = 0; | ^~~~~ vim +/auth_can_override +4258 security/smack/smack_lsm.c 4212 4213 /** 4214 * smack_key_permission - Smack access on a key 4215 * @key_ref: gets to the object 4216 * @cred: the credentials to use 4217 * @need_perm: requested key permission 4218 * 4219 * Return 0 if the task has read and write to the object, 4220 * an error code otherwise 4221 */ 4222 static int smack_key_permission(key_ref_t key_ref, 4223 const struct cred *cred, 4224 enum key_need_perm need_perm, 4225 unsigned int flags) 4226 { 4227 struct key *keyp; 4228 struct smk_audit_info ad; 4229 struct smack_known *tkp = smk_of_task(smack_cred(cred)); 4230 int request = 0; 4231 int rc; 4232 4233 keyp = key_ref_to_ptr(key_ref); 4234 if (keyp == NULL) 4235 return -EINVAL; 4236 /* 4237 * If the key hasn't been initialized give it access so that 4238 * it may do so. 4239 */ 4240 if (keyp->security == NULL) 4241 return 0; 4242 /* 4243 * This should not occur 4244 */ 4245 if (tkp == NULL) 4246 return -EACCES; 4247 4248 /* 4249 * Validate requested permissions 4250 */ 4251 switch (need_perm) { 4252 case KEY_NEED_ASSUME_AUTHORITY: 4253 return 0; 4254 4255 case KEY_NEED_DESCRIBE: 4256 case KEY_NEED_GET_SECURITY: 4257 request |= MAY_READ; 4259 break; 4260 4261 case KEY_NEED_CHOWN: 4262 case KEY_NEED_INVALIDATE: 4263 case KEY_NEED_JOIN: 4264 case KEY_NEED_LINK: 4265 case KEY_NEED_KEYRING_ADD: 4266 case KEY_NEED_KEYRING_CLEAR: 4267 case KEY_NEED_KEYRING_DELETE: 4268 case KEY_NEED_REVOKE: 4269 case KEY_NEED_SETPERM: 4270 case KEY_NEED_SET_RESTRICTION: 4271 case KEY_NEED_UPDATE: 4272 request |= MAY_WRITE; 4273 break; 4274 4275 case KEY_NEED_INSTANTIATE: 4276 auth_can_override = true; 4277 break; 4278 4279 case KEY_NEED_READ: 4280 case KEY_NEED_SEARCH: 4281 case KEY_NEED_USE: 4282 case KEY_NEED_WATCH: 4283 request |= MAY_READ; 4284 break; 4285 4286 case KEY_NEED_SET_TIMEOUT: 4287 request |= MAY_WRITE; 4288 auth_can_override = true; 4289 break; 4290 4291 case KEY_NEED_UNLINK: 4292 return 0; /* Mustn't prevent this; KEY_FLAG_KEEP is already 4293 * dealt with. */ 4294 4295 default: 4296 WARN_ON(1); 4297 return -EINVAL; 4298 } 4299 4300 /* Just allow the operation if the process has an authorisation token. 4301 * The presence of the token means that the kernel delegated 4302 * instantiation of a key to the process - which is problematic if we 4303 * then say that the process isn't allowed to get the description of 4304 * the key or actually instantiate it. 4305 */ 4306 if (auth_can_override && cred->request_key_auth) { 4307 struct request_key_auth *rka = 4308 cred->request_key_auth->payload.data[0]; 4311 } 4312 4313 if (smack_privileged_cred(CAP_MAC_OVERRIDE, cred)) 4314 return 0; 4315 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org