* linux-next: build failure after merge of the security tree
@ 2014-07-25 9:21 Stephen Rothwell
0 siblings, 0 replies; 39+ messages in thread
From: Stephen Rothwell @ 2014-07-25 9:21 UTC (permalink / raw)
To: James Morris; +Cc: linux-next, linux-kernel, David Howells
[-- Attachment #1: Type: text/plain, Size: 1489 bytes --]
Hi James,
After merging the security tree, today's linux-next build (powerpc
allyesconfig) failed like this:
crypto/asymmetric_keys/pkcs7_key_type.c: In function 'pkcs7_preparse':
crypto/asymmetric_keys/pkcs7_key_type.c:36:2: error: implicit declaration of function 'IS_ERR' [-Werror=implicit-function-declaration]
if (IS_ERR(pkcs7)) {
^
crypto/asymmetric_keys/pkcs7_key_type.c:37:3: error: implicit declaration of function 'PTR_ERR' [-Werror=implicit-function-declaration]
ret = PTR_ERR(pkcs7);
^
Caused by commit 22d01afb210f ("PKCS#7: Provide a key type for testing
PKCS#7"). See Rule 1 in Documentation/SubmitChecklist.
I have added this fix patch for today:
From: Stephen Rothwell <sfr@canb•auug.org.au>
Date: Fri, 25 Jul 2014 19:17:04 +1000
Subject: [PATCH] PKCS#7: include linux-err.h for PTR_ERR and IS_ERR
Signed-off-by: Stephen Rothwell <sfr@canb•auug.org.au>
---
crypto/asymmetric_keys/pkcs7_key_type.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c
index c2091f7bd15d..8605ff6cf869 100644
--- a/crypto/asymmetric_keys/pkcs7_key_type.c
+++ b/crypto/asymmetric_keys/pkcs7_key_type.c
@@ -10,6 +10,7 @@
*/
#define pr_fmt(fmt) "PKCS7key: "fmt
+#include <linux/err.h>
#include <linux/key.h>
#include <linux/key-type.h>
#include <crypto/pkcs7.h>
--
2.0.1
--
Cheers,
Stephen Rothwell sfr@canb•auug.org.au
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply related [flat|nested] 39+ messages in thread* linux-next: build failure after merge of the security tree
@ 2015-08-17 5:29 Stephen Rothwell
2015-08-17 6:04 ` Stephen Rothwell
0 siblings, 1 reply; 39+ messages in thread
From: Stephen Rothwell @ 2015-08-17 5:29 UTC (permalink / raw)
To: James Morris; +Cc: linux-next, linux-kernel, David Howells, David Woodhouse
Hi James,
After merging the security tree, today's linux-next build (x86_64
allmodconfig) failed like this:
scripts/extract-cert.c:23:25: fatal error: openssl/bio.h: No such file or directory
#include <openssl/bio.h>
^
compilation terminated.
scripts/sign-file.c:20:25: fatal error: openssl/bio.h: No such file or directory
#include <openssl/bio.h>
^
Caused by commits:
1329e8cc69b9 ("modsign: Extract signing cert from CONFIG_MODULE_SIG_KEY if needed")
bc1c373dd2a5 ("MODSIGN: Provide a utility to append a PKCS#7 signature to a module")
After a bit of digging, I installed libssl-dev on my Debian build
machines.
--
Cheers,
Stephen Rothwell sfr@canb•auug.org.au
^ permalink raw reply [flat|nested] 39+ messages in thread* Re: linux-next: build failure after merge of the security tree
2015-08-17 5:29 Stephen Rothwell
@ 2015-08-17 6:04 ` Stephen Rothwell
2015-08-26 14:45 ` David Howells
0 siblings, 1 reply; 39+ messages in thread
From: Stephen Rothwell @ 2015-08-17 6:04 UTC (permalink / raw)
To: James Morris; +Cc: linux-next, linux-kernel, David Howells, David Woodhouse
Hi all,
On Mon, 17 Aug 2015 15:29:53 +1000 Stephen Rothwell <sfr@canb•auug.org.au> wrote:
>
> After a bit of digging, I installed libssl-dev on my Debian build
> machines.
Is this worth a mention in Documentation/Changes along with all the
other prerequisites?
--
Cheers,
Stephen Rothwell sfr@canb•auug.org.au
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2015-08-17 6:04 ` Stephen Rothwell
@ 2015-08-26 14:45 ` David Howells
0 siblings, 0 replies; 39+ messages in thread
From: David Howells @ 2015-08-26 14:45 UTC (permalink / raw)
To: Stephen Rothwell
Cc: dhowells, James Morris, linux-next, linux-kernel, David Woodhouse
Stephen Rothwell <sfr@canb•auug.org.au> wrote:
> > After a bit of digging, I installed libssl-dev on my Debian build
> > machines.
>
> Is this worth a mention in Documentation/Changes along with all the
> other prerequisites?
Could be. It's mentioned in the Kconfig and Documentation/module-signing.txt
already, but this looks like a good place.
David
^ permalink raw reply [flat|nested] 39+ messages in thread
* linux-next: build failure after merge of the security tree
@ 2016-05-19 4:01 Stephen Rothwell
[not found] ` <20160519140120.23b345a1-3FnU+UHB4dNDw9hX6IcOSA@public.gmane.org>
0 siblings, 1 reply; 39+ messages in thread
From: Stephen Rothwell @ 2016-05-19 4:01 UTC (permalink / raw)
To: James Morris, Steve French, linux-cifs
Cc: linux-next, linux-kernel, Sachin Prabhu, David Howells
Hi James,
After merging the security tree, today's linux-next build (x86_64
allmodconfig) failed like this:
fs/cifs/cifs_spnego.c: In function 'init_cifs_spnego':
fs/cifs/cifs_spnego.c:206:12: error: too few arguments to function 'keyring_alloc'
keyring = keyring_alloc(".cifs_spnego",
^
In file included from include/linux/cred.h:17:0,
from include/linux/sched.h:56,
from include/linux/kasan.h:4,
from include/linux/slab.h:118,
from fs/cifs/cifs_spnego.c:23:
include/linux/key.h:302:20: note: declared here
extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
^
Caused by commit
5b82c5cbcfe4 ("cifs: Create dedicated keyring for spnego operations")
from the cifs tree interacting with commit
5ac7eace2d00 ("KEYS: Add a facility to restrict new links into a keyring")
from the security tree.
I added the following merge fix patch (and someone will have to let
Linus know):
From: Stephen Rothwell <sfr@canb•auug.org.au>
Date: Thu, 19 May 2016 13:45:10 +1000
Subject: [PATCH] cifs: fix for keyringalloc() API change
Signed-off-by: Stephen Rothwell <sfr@canb•auug.org.au>
---
fs/cifs/cifs_spnego.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/cifs/cifs_spnego.c b/fs/cifs/cifs_spnego.c
index 248ab431930c..9ef0dfcb2f95 100644
--- a/fs/cifs/cifs_spnego.c
+++ b/fs/cifs/cifs_spnego.c
@@ -207,7 +207,7 @@ init_cifs_spnego(void)
GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, cred,
(KEY_POS_ALL & ~KEY_POS_SETATTR) |
KEY_USR_VIEW | KEY_USR_READ,
- KEY_ALLOC_NOT_IN_QUOTA, NULL);
+ KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
if (IS_ERR(keyring)) {
ret = PTR_ERR(keyring);
goto failed_put_cred;
--
2.7.0
--
Cheers,
Stephen Rothwell
^ permalink raw reply related [flat|nested] 39+ messages in thread* linux-next: build failure after merge of the security tree
@ 2017-08-17 2:51 Stephen Rothwell
2017-08-17 3:24 ` Kees Cook
0 siblings, 1 reply; 39+ messages in thread
From: Stephen Rothwell @ 2017-08-17 2:51 UTC (permalink / raw)
To: James Morris
Cc: Linux-Next Mailing List, Linux Kernel Mailing List, Kees Cook
Hi James,
After merging the security tree, today's linux-next build (x86_64
allmodconfig) failed like this:
In file included from samples/seccomp/bpf-fancy.c:12:0:
samples/seccomp/bpf-fancy.c: In function 'main':
samples/seccomp/bpf-helper.h:47:26: error: 'SECCOMP_RET_KILL_THREAD' undeclared (first use in this function)
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD)
^
./usr/include/linux/filter.h:48:59: note: in definition of macro 'BPF_STMT'
#define BPF_STMT(code, k) { (unsigned short)(code), 0, 0, k }
^
samples/seccomp/bpf-fancy.c:41:3: note: in expansion of macro 'DENY'
DENY, /* Don't passthrough into a label */
^~~~
samples/seccomp/bpf-helper.h:47:26: note: each undeclared identifier is reported only once for each function it appears in
BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD)
^
./usr/include/linux/filter.h:48:59: note: in definition of macro 'BPF_STMT'
#define BPF_STMT(code, k) { (unsigned short)(code), 0, 0, k }
^
samples/seccomp/bpf-fancy.c:41:3: note: in expansion of macro 'DENY'
DENY, /* Don't passthrough into a label */
^~~~
[Note: this is a cross build, if that is relevant ...]
Presumably caused by commit
fd76875ca289 ("seccomp: Rename SECCOMP_RET_KILL to SECCOMP_RET_KILL_THREAD")
I have used the security tree from next-20170816 for today.
--
Cheers,
Stephen Rothwell
^ permalink raw reply [flat|nested] 39+ messages in thread* Re: linux-next: build failure after merge of the security tree
2017-08-17 2:51 Stephen Rothwell
@ 2017-08-17 3:24 ` Kees Cook
0 siblings, 0 replies; 39+ messages in thread
From: Kees Cook @ 2017-08-17 3:24 UTC (permalink / raw)
To: Stephen Rothwell
Cc: James Morris, Linux-Next Mailing List, Linux Kernel Mailing List
On Wed, Aug 16, 2017 at 7:51 PM, Stephen Rothwell <sfr@canb•auug.org.au> wrote:
> Hi James,
>
> After merging the security tree, today's linux-next build (x86_64
> allmodconfig) failed like this:
>
> In file included from samples/seccomp/bpf-fancy.c:12:0:
> samples/seccomp/bpf-fancy.c: In function 'main':
> samples/seccomp/bpf-helper.h:47:26: error: 'SECCOMP_RET_KILL_THREAD' undeclared (first use in this function)
> BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD)
> ^
> ./usr/include/linux/filter.h:48:59: note: in definition of macro 'BPF_STMT'
> #define BPF_STMT(code, k) { (unsigned short)(code), 0, 0, k }
> ^
> samples/seccomp/bpf-fancy.c:41:3: note: in expansion of macro 'DENY'
> DENY, /* Don't passthrough into a label */
> ^~~~
> samples/seccomp/bpf-helper.h:47:26: note: each undeclared identifier is reported only once for each function it appears in
> BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL_THREAD)
> ^
> ./usr/include/linux/filter.h:48:59: note: in definition of macro 'BPF_STMT'
> #define BPF_STMT(code, k) { (unsigned short)(code), 0, 0, k }
> ^
> samples/seccomp/bpf-fancy.c:41:3: note: in expansion of macro 'DENY'
> DENY, /* Don't passthrough into a label */
> ^~~~
>
> [Note: this is a cross build, if that is relevant ...]
>
> Presumably caused by commit
>
> fd76875ca289 ("seccomp: Rename SECCOMP_RET_KILL to SECCOMP_RET_KILL_THREAD")
>
> I have used the security tree from next-20170816 for today.
Hmmm, I think we've had problems like this before due to samples being
built before the headers have been installed. Regardless, I'll
un-rename that macro in the samples...
-Kees
--
Kees Cook
Pixel Security
^ permalink raw reply [flat|nested] 39+ messages in thread
* linux-next: build failure after merge of the security tree
@ 2017-08-23 11:12 Stephen Rothwell
0 siblings, 0 replies; 39+ messages in thread
From: Stephen Rothwell @ 2017-08-23 11:12 UTC (permalink / raw)
To: James Morris
Cc: Linux-Next Mailing List, Linux Kernel Mailing List, John Johansen
Hi James,
After merging the security tree, today's linux-next build (sparc64
allmodconfig) failed like this:
In file included from security/apparmor/ipc.c:23:0:
security/apparmor/include/sig_names.h:26:3: error: 'SIGSTKFLT' undeclared here (not in a function)
[SIGSTKFLT] = 16, /* -, 16, - */
^
security/apparmor/include/sig_names.h:26:3: error: array index in initializer not of integer type
security/apparmor/include/sig_names.h:26:3: note: (near initialization for 'sig_map')
security/apparmor/include/sig_names.h:51:3: error: 'SIGUNUSED' undeclared here (not in a function)
[SIGUNUSED] = 34, /* -, 31, - */
^
security/apparmor/include/sig_names.h:51:3: error: array index in initializer not of integer type
security/apparmor/include/sig_names.h:51:3: note: (near initialization for 'sig_map')
Caused by commit
c6bf1adaecaa ("apparmor: add the ability to mediate signals")
--
Cheers,
Stephen Rothwell
^ permalink raw reply [flat|nested] 39+ messages in thread* linux-next: build failure after merge of the security tree
@ 2019-08-12 4:58 Stephen Rothwell
2019-08-12 17:34 ` Kees Cook
0 siblings, 1 reply; 39+ messages in thread
From: Stephen Rothwell @ 2019-08-12 4:58 UTC (permalink / raw)
To: James Morris
Cc: Linux Next Mailing List, Linux Kernel Mailing List,
Matthew Garrett, Kees Cook, Casey Schaufler
[-- Attachment #1: Type: text/plain, Size: 1354 bytes --]
Hi all,
After merging the security tree, today's linux-next build (arm
multi_v7_defconfig) failed like below.
Caused by commit
45d29f9e9b8b ("security: Support early LSMs")
I have added the following fix for today:
From: Stephen Rothwell <sfr@canb•auug.org.au>
Date: Mon, 12 Aug 2019 14:54:20 +1000
Subject: [PATCH] early_security_init() needs a stub got !CONFIG_SECURITY
An arm multi_v7_defconfig fails like this:
init/main.c: In function 'start_kernel':
init/main.c:596:2: error: implicit declaration of function 'early_security_init'; did you mean 'security_init'? [-Werror=implicit-function-declaration]
early_security_init();
^~~~~~~~~~~~~~~~~~~
security_init
Fixes: 45d29f9e9b8b ("security: Support early LSMs")
Signed-off-by: Stephen Rothwell <sfr@canb•auug.org.au>
---
include/linux/security.h | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/include/linux/security.h b/include/linux/security.h
index 807dc0d24982..23e1c3f17d48 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -473,6 +473,11 @@ static inline int security_init(void)
return 0;
}
+static inline int early_security_init(void)
+{
+ return 0;
+}
+
static inline int security_binder_set_context_mgr(struct task_struct *mgr)
{
return 0;
--
2.20.1
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply related [flat|nested] 39+ messages in thread* Re: linux-next: build failure after merge of the security tree
2019-08-12 4:58 Stephen Rothwell
@ 2019-08-12 17:34 ` Kees Cook
2019-08-19 3:21 ` Stephen Rothwell
0 siblings, 1 reply; 39+ messages in thread
From: Kees Cook @ 2019-08-12 17:34 UTC (permalink / raw)
To: Stephen Rothwell
Cc: James Morris, Linux Next Mailing List, Linux Kernel Mailing List,
Matthew Garrett, Casey Schaufler
On Mon, Aug 12, 2019 at 02:58:23PM +1000, Stephen Rothwell wrote:
> Hi all,
>
> After merging the security tree, today's linux-next build (arm
> multi_v7_defconfig) failed like below.
>
> Caused by commit
>
> 45d29f9e9b8b ("security: Support early LSMs")
>
> I have added the following fix for today:
>
> From: Stephen Rothwell <sfr@canb•auug.org.au>
> Date: Mon, 12 Aug 2019 14:54:20 +1000
> Subject: [PATCH] early_security_init() needs a stub got !CONFIG_SECURITY
>
> An arm multi_v7_defconfig fails like this:
>
> init/main.c: In function 'start_kernel':
> init/main.c:596:2: error: implicit declaration of function 'early_security_init'; did you mean 'security_init'? [-Werror=implicit-function-declaration]
> early_security_init();
> ^~~~~~~~~~~~~~~~~~~
> security_init
>
> Fixes: 45d29f9e9b8b ("security: Support early LSMs")
> Signed-off-by: Stephen Rothwell <sfr@canb•auug.org.au>
Acked-by: Kees Cook <keescook@chromium•org>
-Kees
> ---
> include/linux/security.h | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 807dc0d24982..23e1c3f17d48 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -473,6 +473,11 @@ static inline int security_init(void)
> return 0;
> }
>
> +static inline int early_security_init(void)
> +{
> + return 0;
> +}
> +
> static inline int security_binder_set_context_mgr(struct task_struct *mgr)
> {
> return 0;
> --
> 2.20.1
>
> --
> Cheers,
> Stephen Rothwell
--
Kees Cook
^ permalink raw reply [flat|nested] 39+ messages in thread* Re: linux-next: build failure after merge of the security tree
2019-08-12 17:34 ` Kees Cook
@ 2019-08-19 3:21 ` Stephen Rothwell
2019-08-19 3:38 ` Stephen Rothwell
2019-08-21 16:39 ` James Morris
0 siblings, 2 replies; 39+ messages in thread
From: Stephen Rothwell @ 2019-08-19 3:21 UTC (permalink / raw)
To: James Morris
Cc: Kees Cook, Linux Next Mailing List, Linux Kernel Mailing List,
Matthew Garrett, Casey Schaufler
[-- Attachment #1: Type: text/plain, Size: 1808 bytes --]
Hi all,
On Mon, 12 Aug 2019 10:34:17 -0700 Kees Cook <keescook@chromium•org> wrote:
>
> On Mon, Aug 12, 2019 at 02:58:23PM +1000, Stephen Rothwell wrote:
> > Hi all,
> >
> > After merging the security tree, today's linux-next build (arm
> > multi_v7_defconfig) failed like below.
> >
> > Caused by commit
> >
> > 45d29f9e9b8b ("security: Support early LSMs")
> >
> > I have added the following fix for today:
> >
> > From: Stephen Rothwell <sfr@canb•auug.org.au>
> > Date: Mon, 12 Aug 2019 14:54:20 +1000
> > Subject: [PATCH] early_security_init() needs a stub got !CONFIG_SECURITY
> >
> > An arm multi_v7_defconfig fails like this:
> >
> > init/main.c: In function 'start_kernel':
> > init/main.c:596:2: error: implicit declaration of function 'early_security_init'; did you mean 'security_init'? [-Werror=implicit-function-declaration]
> > early_security_init();
> > ^~~~~~~~~~~~~~~~~~~
> > security_init
> >
> > Fixes: 45d29f9e9b8b ("security: Support early LSMs")
> > Signed-off-by: Stephen Rothwell <sfr@canb•auug.org.au>
>
> Acked-by: Kees Cook <keescook@chromium•org>
>
> -Kees
>
> > ---
> > include/linux/security.h | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/include/linux/security.h b/include/linux/security.h
> > index 807dc0d24982..23e1c3f17d48 100644
> > --- a/include/linux/security.h
> > +++ b/include/linux/security.h
> > @@ -473,6 +473,11 @@ static inline int security_init(void)
> > return 0;
> > }
> >
> > +static inline int early_security_init(void)
> > +{
> > + return 0;
> > +}
> > +
> > static inline int security_binder_set_context_mgr(struct task_struct *mgr)
> > {
> > return 0;
> > --
> > 2.20.1
I am still applying that patch ...
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread* Re: linux-next: build failure after merge of the security tree
2019-08-19 3:21 ` Stephen Rothwell
@ 2019-08-19 3:38 ` Stephen Rothwell
2019-08-21 16:39 ` James Morris
1 sibling, 0 replies; 39+ messages in thread
From: Stephen Rothwell @ 2019-08-19 3:38 UTC (permalink / raw)
To: James Morris
Cc: Kees Cook, Linux Next Mailing List, Linux Kernel Mailing List,
Matthew Garrett, Casey Schaufler
[-- Attachment #1: Type: text/plain, Size: 901 bytes --]
Hi James,
On Mon, 19 Aug 2019 13:21:19 +1000 Stephen Rothwell <sfr@canb•auug.org.au> wrote:
>
> On Mon, 12 Aug 2019 10:34:17 -0700 Kees Cook <keescook@chromium•org> wrote:
> >
> > On Mon, Aug 12, 2019 at 02:58:23PM +1000, Stephen Rothwell wrote:
> > >
> > > After merging the security tree, today's linux-next build (arm
> > > multi_v7_defconfig) failed like below.
> > >
> > > Caused by commit
> > >
> > > 45d29f9e9b8b ("security: Support early LSMs")
> > >
> > > I have added the following fix for today:
> > >
> > > From: Stephen Rothwell <sfr@canb•auug.org.au>
> > > Date: Mon, 12 Aug 2019 14:54:20 +1000
> > > Subject: [PATCH] early_security_init() needs a stub got !CONFIG_SECURITY
^^^
for
If you do decide to apply this patch, please fix the subject typo, thanks :-)
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread* Re: linux-next: build failure after merge of the security tree
2019-08-19 3:21 ` Stephen Rothwell
2019-08-19 3:38 ` Stephen Rothwell
@ 2019-08-21 16:39 ` James Morris
1 sibling, 0 replies; 39+ messages in thread
From: James Morris @ 2019-08-21 16:39 UTC (permalink / raw)
To: Stephen Rothwell
Cc: Kees Cook, Linux Next Mailing List, Linux Kernel Mailing List,
Matthew Garrett, Casey Schaufler
On Mon, 19 Aug 2019, Stephen Rothwell wrote:
> > > 2.20.1
>
> I am still applying that patch ...
>
Matthew folded it into commit e6b1db98cf4d54d9ea59cfcc195f70dc946fdd38.
--
James Morris
<jmorris@namei•org>
^ permalink raw reply [flat|nested] 39+ messages in thread
* linux-next: build failure after merge of the security tree
@ 2020-07-08 4:00 Stephen Rothwell
2020-07-13 2:04 ` Stephen Rothwell
0 siblings, 1 reply; 39+ messages in thread
From: Stephen Rothwell @ 2020-07-08 4:00 UTC (permalink / raw)
To: James Morris
Cc: Linux Next Mailing List, Linux Kernel Mailing List,
Daniel Colascione
[-- Attachment #1: Type: text/plain, Size: 2134 bytes --]
Hi all,
After merging the security tree, today's linux-next build (powerpc
ppc64_defconfig) failed like this:
fs/anon_inodes.c: In function 'anon_inode_make_secure_inode':
fs/anon_inodes.c:70:10: error: implicit declaration of function 'security_inode_init_security_anon'; did you mean 'security_inode_init_security'? [-Werror=implicit-function-declaration]
70 | error = security_inode_init_security_anon(
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| security_inode_init_security
Caused by commit
2749d3f84a70 ("Add a new LSM-supporting anonymous inode interface")
# CONFIG_SECURITY is not set
Also, the explicit include of linux/security.h is missing ...
I have added the following patch for today.
From b2bae25c9b715e06f7e802ec7b51cfbfec046e6c Mon Sep 17 00:00:00 2001
From: Stephen Rothwell <sfr@canb•auug.org.au>
Date: Wed, 8 Jul 2020 13:43:01 +1000
Subject: [PATCH] fix up for "Add a new LSM-supporting anonymous inode interface"
Signed-off-by: Stephen Rothwell <sfr@canb•auug.org.au>
---
fs/anon_inodes.c | 1 +
include/linux/security.h | 7 +++++++
2 files changed, 8 insertions(+)
diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c
index f87f221167cf..25d92c64411e 100644
--- a/fs/anon_inodes.c
+++ b/fs/anon_inodes.c
@@ -21,6 +21,7 @@
#include <linux/magic.h>
#include <linux/anon_inodes.h>
#include <linux/pseudo_fs.h>
+#include <linux/security.h>
#include <linux/uaccess.h>
diff --git a/include/linux/security.h b/include/linux/security.h
index 95c133a8f8bb..7c6b3dcf4721 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -735,6 +735,13 @@ static inline int security_inode_init_security(struct inode *inode,
return 0;
}
+static inline int security_inode_init_security_anon(struct inode *inode,
+ const struct qstr *name,
+ const struct inode *context_inode)
+{
+ return 0;
+}
+
static inline int security_old_inode_init_security(struct inode *inode,
struct inode *dir,
const struct qstr *qstr,
--
2.27.0
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply related [flat|nested] 39+ messages in thread* Re: linux-next: build failure after merge of the security tree
2020-07-08 4:00 Stephen Rothwell
@ 2020-07-13 2:04 ` Stephen Rothwell
2020-07-13 2:06 ` Stephen Rothwell
2020-07-29 23:35 ` Stephen Rothwell
0 siblings, 2 replies; 39+ messages in thread
From: Stephen Rothwell @ 2020-07-13 2:04 UTC (permalink / raw)
To: James Morris
Cc: Linux Next Mailing List, Linux Kernel Mailing List,
Daniel Colascione
[-- Attachment #1: Type: text/plain, Size: 2369 bytes --]
Hi all,
On Wed, 8 Jul 2020 14:00:34 +1000 Stephen Rothwell <sfr@canb•auug.org.au> wrote:
>
> After merging the security tree, today's linux-next build (powerpc
> ppc64_defconfig) failed like this:
>
> fs/anon_inodes.c: In function 'anon_inode_make_secure_inode':
> fs/anon_inodes.c:70:10: error: implicit declaration of function 'security_inode_init_security_anon'; did you mean 'security_inode_init_security'? [-Werror=implicit-function-declaration]
> 70 | error = security_inode_init_security_anon(
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> | security_inode_init_security
>
> Caused by commit
>
> 2749d3f84a70 ("Add a new LSM-supporting anonymous inode interface")
>
> # CONFIG_SECURITY is not set
>
> Also, the explicit include of linux/security.h is missing ...
>
> I have added the following patch for today.
>
> From b2bae25c9b715e06f7e802ec7b51cfbfec046e6c Mon Sep 17 00:00:00 2001
> From: Stephen Rothwell <sfr@canb•auug.org.au>
> Date: Wed, 8 Jul 2020 13:43:01 +1000
> Subject: [PATCH] fix up for "Add a new LSM-supporting anonymous inode interface"
>
> Signed-off-by: Stephen Rothwell <sfr@canb•auug.org.au>
> ---
> fs/anon_inodes.c | 1 +
> include/linux/security.h | 7 +++++++
> 2 files changed, 8 insertions(+)
>
> diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c
> index f87f221167cf..25d92c64411e 100644
> --- a/fs/anon_inodes.c
> +++ b/fs/anon_inodes.c
> @@ -21,6 +21,7 @@
> #include <linux/magic.h>
> #include <linux/anon_inodes.h>
> #include <linux/pseudo_fs.h>
> +#include <linux/security.h>
>
> #include <linux/uaccess.h>
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 95c133a8f8bb..7c6b3dcf4721 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -735,6 +735,13 @@ static inline int security_inode_init_security(struct inode *inode,
> return 0;
> }
>
> +static inline int security_inode_init_security_anon(struct inode *inode,
> + const struct qstr *name,
> + const struct inode *context_inode)
> +{
> + return 0;
> +}
> +
> static inline int security_old_inode_init_security(struct inode *inode,
> struct inode *dir,
> const struct qstr *qstr,
I am still applying the above patch ...
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread* Re: linux-next: build failure after merge of the security tree
2020-07-13 2:04 ` Stephen Rothwell
@ 2020-07-13 2:06 ` Stephen Rothwell
2020-07-29 23:35 ` Stephen Rothwell
1 sibling, 0 replies; 39+ messages in thread
From: Stephen Rothwell @ 2020-07-13 2:06 UTC (permalink / raw)
To: James Morris
Cc: Linux Next Mailing List, Linux Kernel Mailing List,
Daniel Colascione
[-- Attachment #1: Type: text/plain, Size: 245 bytes --]
Hi all,
On Mon, 13 Jul 2020 12:04:19 +1000 Stephen Rothwell <sfr@canb•auug.org.au> wrote:
>
> I am still applying the above patch ...
And the mail address Daniel Colascione <dancol@google•com> bounces.
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2020-07-13 2:04 ` Stephen Rothwell
2020-07-13 2:06 ` Stephen Rothwell
@ 2020-07-29 23:35 ` Stephen Rothwell
2020-07-30 2:35 ` James Morris
1 sibling, 1 reply; 39+ messages in thread
From: Stephen Rothwell @ 2020-07-29 23:35 UTC (permalink / raw)
To: James Morris; +Cc: Linux Next Mailing List, Linux Kernel Mailing List
[-- Attachment #1: Type: text/plain, Size: 2668 bytes --]
Hi all,
On Mon, 13 Jul 2020 12:04:19 +1000 Stephen Rothwell <sfr@canb•auug.org.au> wrote:
>
> On Wed, 8 Jul 2020 14:00:34 +1000 Stephen Rothwell <sfr@canb•auug.org.au> wrote:
> >
> > After merging the security tree, today's linux-next build (powerpc
> > ppc64_defconfig) failed like this:
> >
> > fs/anon_inodes.c: In function 'anon_inode_make_secure_inode':
> > fs/anon_inodes.c:70:10: error: implicit declaration of function 'security_inode_init_security_anon'; did you mean 'security_inode_init_security'? [-Werror=implicit-function-declaration]
> > 70 | error = security_inode_init_security_anon(
> > | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > | security_inode_init_security
> >
> > Caused by commit
> >
> > 2749d3f84a70 ("Add a new LSM-supporting anonymous inode interface")
> >
> > # CONFIG_SECURITY is not set
> >
> > Also, the explicit include of linux/security.h is missing ...
> >
> > I have added the following patch for today.
> >
> > From b2bae25c9b715e06f7e802ec7b51cfbfec046e6c Mon Sep 17 00:00:00 2001
> > From: Stephen Rothwell <sfr@canb•auug.org.au>
> > Date: Wed, 8 Jul 2020 13:43:01 +1000
> > Subject: [PATCH] fix up for "Add a new LSM-supporting anonymous inode interface"
> >
> > Signed-off-by: Stephen Rothwell <sfr@canb•auug.org.au>
> > ---
> > fs/anon_inodes.c | 1 +
> > include/linux/security.h | 7 +++++++
> > 2 files changed, 8 insertions(+)
> >
> > diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c
> > index f87f221167cf..25d92c64411e 100644
> > --- a/fs/anon_inodes.c
> > +++ b/fs/anon_inodes.c
> > @@ -21,6 +21,7 @@
> > #include <linux/magic.h>
> > #include <linux/anon_inodes.h>
> > #include <linux/pseudo_fs.h>
> > +#include <linux/security.h>
> >
> > #include <linux/uaccess.h>
> >
> > diff --git a/include/linux/security.h b/include/linux/security.h
> > index 95c133a8f8bb..7c6b3dcf4721 100644
> > --- a/include/linux/security.h
> > +++ b/include/linux/security.h
> > @@ -735,6 +735,13 @@ static inline int security_inode_init_security(struct inode *inode,
> > return 0;
> > }
> >
> > +static inline int security_inode_init_security_anon(struct inode *inode,
> > + const struct qstr *name,
> > + const struct inode *context_inode)
> > +{
> > + return 0;
> > +}
> > +
> > static inline int security_old_inode_init_security(struct inode *inode,
> > struct inode *dir,
> > const struct qstr *qstr,
>
> I am still applying the above patch ...
The merge window is coming up fast ... is anything happening about this
failure?
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread* Re: linux-next: build failure after merge of the security tree
2020-07-29 23:35 ` Stephen Rothwell
@ 2020-07-30 2:35 ` James Morris
2020-07-30 2:59 ` Stephen Rothwell
0 siblings, 1 reply; 39+ messages in thread
From: James Morris @ 2020-07-30 2:35 UTC (permalink / raw)
To: Stephen Rothwell; +Cc: Linux Next Mailing List, Linux Kernel Mailing List
On Thu, 30 Jul 2020, Stephen Rothwell wrote:
> > I am still applying the above patch ...
>
> The merge window is coming up fast ... is anything happening about this
> failure?
A new patch is coming, but I'm not sure this code has had enough review
from the core VFS folk.
Please drop secure_uffd_v5.9 for the time being.
--
James Morris
<jmorris@namei•org>
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2020-07-30 2:35 ` James Morris
@ 2020-07-30 2:59 ` Stephen Rothwell
2020-07-30 5:03 ` Stephen Rothwell
2020-08-04 3:36 ` James Morris
0 siblings, 2 replies; 39+ messages in thread
From: Stephen Rothwell @ 2020-07-30 2:59 UTC (permalink / raw)
To: James Morris; +Cc: Linux Next Mailing List, Linux Kernel Mailing List
[-- Attachment #1: Type: text/plain, Size: 645 bytes --]
Hi James,
On Thu, 30 Jul 2020 12:35:03 +1000 (AEST) James Morris <jmorris@namei•org> wrote:
>
> On Thu, 30 Jul 2020, Stephen Rothwell wrote:
>
> > > I am still applying the above patch ...
> >
> > The merge window is coming up fast ... is anything happening about this
> > failure?
>
> A new patch is coming, but I'm not sure this code has had enough review
> from the core VFS folk.
>
> Please drop secure_uffd_v5.9 for the time being.
You just need to remove/revert it from your security tree
(git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git#next-testing).
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2020-07-30 2:59 ` Stephen Rothwell
@ 2020-07-30 5:03 ` Stephen Rothwell
2020-08-04 3:36 ` James Morris
1 sibling, 0 replies; 39+ messages in thread
From: Stephen Rothwell @ 2020-07-30 5:03 UTC (permalink / raw)
To: James Morris; +Cc: Linux Next Mailing List, Linux Kernel Mailing List
[-- Attachment #1: Type: text/plain, Size: 1023 bytes --]
Hi Stephen,
On Thu, 30 Jul 2020 12:59:04 +1000 Stephen Rothwell <sfr@canb•auug.org.au> wrote:
>
> Hi James,
>
> On Thu, 30 Jul 2020 12:35:03 +1000 (AEST) James Morris <jmorris@namei•org> wrote:
> >
> > On Thu, 30 Jul 2020, Stephen Rothwell wrote:
> >
> > > > I am still applying the above patch ...
> > >
> > > The merge window is coming up fast ... is anything happening about this
> > > failure?
> >
> > A new patch is coming, but I'm not sure this code has had enough review
> > from the core VFS folk.
> >
> > Please drop secure_uffd_v5.9 for the time being.
>
> You just need to remove/revert it from your security tree
> (git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git#next-testing).
In today's linux-next I have reverted the three commits in that branch:
d08ac70b1e0d Wire UFFD up to SELinux
2b72259a271a Teach SELinux about anonymous inodes
2749d3f84a70 Add a new LSM-supporting anonymous inode interface
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2020-07-30 2:59 ` Stephen Rothwell
2020-07-30 5:03 ` Stephen Rothwell
@ 2020-08-04 3:36 ` James Morris
1 sibling, 0 replies; 39+ messages in thread
From: James Morris @ 2020-08-04 3:36 UTC (permalink / raw)
To: Stephen Rothwell; +Cc: Linux Next Mailing List, Linux Kernel Mailing List
On Thu, 30 Jul 2020, Stephen Rothwell wrote:
> Hi James,
>
> On Thu, 30 Jul 2020 12:35:03 +1000 (AEST) James Morris <jmorris@namei•org> wrote:
> >
> > On Thu, 30 Jul 2020, Stephen Rothwell wrote:
> >
> > > > I am still applying the above patch ...
> > >
> > > The merge window is coming up fast ... is anything happening about this
> > > failure?
> >
> > A new patch is coming, but I'm not sure this code has had enough review
> > from the core VFS folk.
> >
> > Please drop secure_uffd_v5.9 for the time being.
>
> You just need to remove/revert it from your security tree
> (git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git#next-testing).
Done.
--
James Morris
<jmorris@namei•org>
^ permalink raw reply [flat|nested] 39+ messages in thread
* linux-next: build failure after merge of the security tree
@ 2025-02-10 1:18 Stephen Rothwell
2025-02-10 3:44 ` Paul Moore
0 siblings, 1 reply; 39+ messages in thread
From: Stephen Rothwell @ 2025-02-10 1:18 UTC (permalink / raw)
To: Paul Moore
Cc: Hamza Mahfooz, Linux Kernel Mailing List, Linux Next Mailing List
[-- Attachment #1: Type: text/plain, Size: 647 bytes --]
Hi all,
After merging the security tree, today's linux-next build (arm
multi_v7_defconfig) failed like this:
In file included from include/linux/perf_event.h:62,
from arch/arm/vfp/vfpmodule.c:21:
include/linux/security.h:2379:12: warning: no previous prototype for 'security_uring_allowed' [-Wmissing-prototypes]
2379 | extern int security_uring_allowed(void)
| ^~~~~~~~~~~~~~~~~~~~~~
(and many more)
Caused by commit
c6ad9fdbd44b ("io_uring,lsm,selinux: add LSM hooks for io_uring_setup()")
I have used the security tree from next-20250207 for today.
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread* Re: linux-next: build failure after merge of the security tree
2025-02-10 1:18 Stephen Rothwell
@ 2025-02-10 3:44 ` Paul Moore
2025-02-10 3:53 ` Stephen Rothwell
0 siblings, 1 reply; 39+ messages in thread
From: Paul Moore @ 2025-02-10 3:44 UTC (permalink / raw)
To: Stephen Rothwell
Cc: Hamza Mahfooz, Linux Kernel Mailing List, Linux Next Mailing List
On Sun, Feb 9, 2025 at 8:18 PM Stephen Rothwell <sfr@canb•auug.org.au> wrote:
>
> Hi all,
>
> After merging the security tree, today's linux-next build (arm
> multi_v7_defconfig) failed like this:
>
> In file included from include/linux/perf_event.h:62,
> from arch/arm/vfp/vfpmodule.c:21:
> include/linux/security.h:2379:12: warning: no previous prototype for 'security_uring_allowed' [-Wmissing-prototypes]
> 2379 | extern int security_uring_allowed(void)
> | ^~~~~~~~~~~~~~~~~~~~~~
Thanks Stephen, I just pushed a fix to the LSM tree, it should be
fixed on your next pull.
https://lore.kernel.org/linux-security-module/20250210034132.8448-2-paul@paul-moore.com/
--
paul-moore.com
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2025-02-10 3:44 ` Paul Moore
@ 2025-02-10 3:53 ` Stephen Rothwell
2025-02-10 14:51 ` Paul Moore
0 siblings, 1 reply; 39+ messages in thread
From: Stephen Rothwell @ 2025-02-10 3:53 UTC (permalink / raw)
To: Paul Moore
Cc: Hamza Mahfooz, Linux Kernel Mailing List, Linux Next Mailing List
[-- Attachment #1: Type: text/plain, Size: 926 bytes --]
Hi Paul,
On Sun, 9 Feb 2025 22:44:42 -0500 Paul Moore <paul@paul-moore•com> wrote:
>
> On Sun, Feb 9, 2025 at 8:18 PM Stephen Rothwell <sfr@canb•auug.org.au> wrote:
> >
> > After merging the security tree, today's linux-next build (arm
> > multi_v7_defconfig) failed like this:
> >
> > In file included from include/linux/perf_event.h:62,
> > from arch/arm/vfp/vfpmodule.c:21:
> > include/linux/security.h:2379:12: warning: no previous prototype for 'security_uring_allowed' [-Wmissing-prototypes]
> > 2379 | extern int security_uring_allowed(void)
> > | ^~~~~~~~~~~~~~~~~~~~~~
>
> Thanks Stephen, I just pushed a fix to the LSM tree, it should be
> fixed on your next pull.
>
> https://lore.kernel.org/linux-security-module/20250210034132.8448-2-paul@paul-moore.com/
Shouldn't it be "static inline" instead of "extern inline"?
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2025-02-10 3:53 ` Stephen Rothwell
@ 2025-02-10 14:51 ` Paul Moore
0 siblings, 0 replies; 39+ messages in thread
From: Paul Moore @ 2025-02-10 14:51 UTC (permalink / raw)
To: Stephen Rothwell
Cc: Hamza Mahfooz, Linux Kernel Mailing List, Linux Next Mailing List
On Sun, Feb 9, 2025 at 10:53 PM Stephen Rothwell <sfr@canb•auug.org.au> wrote:
> On Sun, 9 Feb 2025 22:44:42 -0500 Paul Moore <paul@paul-moore•com> wrote:
> >
> > On Sun, Feb 9, 2025 at 8:18 PM Stephen Rothwell <sfr@canb•auug.org.au> wrote:
> > >
> > > After merging the security tree, today's linux-next build (arm
> > > multi_v7_defconfig) failed like this:
> > >
> > > In file included from include/linux/perf_event.h:62,
> > > from arch/arm/vfp/vfpmodule.c:21:
> > > include/linux/security.h:2379:12: warning: no previous prototype for 'security_uring_allowed' [-Wmissing-prototypes]
> > > 2379 | extern int security_uring_allowed(void)
> > > | ^~~~~~~~~~~~~~~~~~~~~~
> >
> > Thanks Stephen, I just pushed a fix to the LSM tree, it should be
> > fixed on your next pull.
> >
> > https://lore.kernel.org/linux-security-module/20250210034132.8448-2-paul@paul-moore.com/
>
> Shouldn't it be "static inline" instead of "extern inline"?
Yes it should :) Evidently I was fixated on the missing "inline" and
trying to fix it before bed that I missed the "extern" staring me
right in the face.
This will be fixed shortly.
--
paul-moore.com
^ permalink raw reply [flat|nested] 39+ messages in thread
* linux-next: build failure after merge of the security tree
@ 2025-03-24 4:37 Stephen Rothwell
0 siblings, 0 replies; 39+ messages in thread
From: Stephen Rothwell @ 2025-03-24 4:37 UTC (permalink / raw)
To: Paul Moore
Cc: Luo Gengkun, Ingo Molnar, Namhyung Kim, Ravi Bangoria,
Linux Kernel Mailing List, Linux Next Mailing List
[-- Attachment #1: Type: text/plain, Size: 1811 bytes --]
Hi all,
After merging the security tree, today's linux-next build (x86_64
allmodconfig) failed like this:
arch/x86/events/amd/ibs.c: In function 'perf_ibs_handle_irq':
arch/x86/events/amd/ibs.c:1207:13: error: too many arguments to function 'perf_allow_kernel'
1207 | perf_allow_kernel(&event->attr)) {
| ^~~~~~~~~~~~~~~~~
In file included from arch/x86/events/amd/ibs.c:9:
include/linux/perf_event.h:1675:5: note: declared here
1675 | int perf_allow_kernel(void);
| ^~~~~~~~~~~~~~~~~
Caused by commit
9ec84f79c5a7 ("perf: Remove unnecessary parameter of security check")
interacting with commit
50a53b60e141 ("perf/amd/ibs: Prevent leaking sensitive data to userspace")
From Linus' tree.
I have applied the following merge resolution patch.
From: Stephen Rothwell <sfr@canb•auug.org.au>
Date: Mon, 24 Mar 2025 15:25:18 +1100
Subject: [PATCH] fix up for "perf: Remove unnecessary parameter of security check"
interacting with commit
50a53b60e141 ("perf/amd/ibs: Prevent leaking sensitive data to userspace")
From Linus' tree.
Signed-off-by: Stephen Rothwell <sfr@canb•auug.org.au>
---
arch/x86/events/amd/ibs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/events/amd/ibs.c b/arch/x86/events/amd/ibs.c
index e36c9c63c97c..30157ab98cea 100644
--- a/arch/x86/events/amd/ibs.c
+++ b/arch/x86/events/amd/ibs.c
@@ -1204,7 +1204,7 @@ static int perf_ibs_handle_irq(struct perf_ibs *perf_ibs, struct pt_regs *iregs)
* unprivileged users.
*/
if ((event->attr.sample_type & PERF_SAMPLE_RAW) &&
- perf_allow_kernel(&event->attr)) {
+ perf_allow_kernel()) {
perf_ibs_phyaddr_clear(perf_ibs, &ibs_data);
}
--
2.45.2
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply related [flat|nested] 39+ messages in thread* linux-next: build failure after merge of the security tree
@ 2026-06-02 16:16 Mark Brown
2026-06-02 16:31 ` Paul Moore
0 siblings, 1 reply; 39+ messages in thread
From: Mark Brown @ 2026-06-02 16:16 UTC (permalink / raw)
To: Paul Moore, Blaise Boscaccy, Daniel Borkmann, Alexei Starovoitov,
Andrii Nakryiko, bpf, Networking
Cc: Linux Kernel Mailing List, Linux Next Mailing List
[-- Attachment #1: Type: text/plain, Size: 977 bytes --]
Hi all,
After merging the security tree, today's linux-next build (x86_64
allmodconfig) failed like this:
/tmp/next/build/security/hornet/hornet_lsm.c:212:36: error: too many arguments to function call, expected 1, have 3
212 | if (map->ops->map_get_hash(map, SHA256_DIGEST_SIZE, hash))
| ~~~~~~~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~
/tmp/next/build/include/crypto/sha2.h:14:33: note: expanded from macro 'SHA256_DIGEST_SIZE'
14 | #define SHA256_DIGEST_SIZE 32
| ^
Caused by commit
c62310df81899 (lsm: introduce the Hornet LSM)
interacting with
c48c3a7e7d5be (bpf: Drop redundant hash_buf from map_get_hash operation)
from the bpf-next tree. I have reverted the latter commit, the new LSM
means that the assumption in the changelog that there is only one caller
isn't true and it seems like the most straightforward approach.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread* Re: linux-next: build failure after merge of the security tree
2026-06-02 16:16 Mark Brown
@ 2026-06-02 16:31 ` Paul Moore
2026-06-02 16:52 ` Daniel Borkmann
2026-06-02 18:40 ` Paul Moore
0 siblings, 2 replies; 39+ messages in thread
From: Paul Moore @ 2026-06-02 16:31 UTC (permalink / raw)
To: Mark Brown
Cc: Blaise Boscaccy, Daniel Borkmann, Alexei Starovoitov,
Andrii Nakryiko, bpf, Networking, Linux Kernel Mailing List,
Linux Next Mailing List
On Tue, Jun 2, 2026 at 12:16 PM Mark Brown <broonie@kernel•org> wrote:
>
> Hi all,
>
> After merging the security tree, today's linux-next build (x86_64
> allmodconfig) failed like this:
>
> /tmp/next/build/security/hornet/hornet_lsm.c:212:36: error: too many arguments to function call, expected 1, have 3
> 212 | if (map->ops->map_get_hash(map, SHA256_DIGEST_SIZE, hash))
> | ~~~~~~~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~
> /tmp/next/build/include/crypto/sha2.h:14:33: note: expanded from macro 'SHA256_DIGEST_SIZE'
> 14 | #define SHA256_DIGEST_SIZE 32
> | ^
>
>
> Caused by commit
>
> c62310df81899 (lsm: introduce the Hornet LSM)
>
> interacting with
>
> c48c3a7e7d5be (bpf: Drop redundant hash_buf from map_get_hash operation)
>
> from the bpf-next tree. I have reverted the latter commit, the new LSM
> means that the assumption in the changelog that there is only one caller
> isn't true and it seems like the most straightforward approach.
Thanks Mark, we're taking a look at it now and should have a
fix/answer later today.
--
paul-moore.com
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2026-06-02 16:31 ` Paul Moore
@ 2026-06-02 16:52 ` Daniel Borkmann
2026-06-02 17:26 ` Paul Moore
2026-06-02 18:40 ` Paul Moore
1 sibling, 1 reply; 39+ messages in thread
From: Daniel Borkmann @ 2026-06-02 16:52 UTC (permalink / raw)
To: Paul Moore, Mark Brown
Cc: Blaise Boscaccy, Alexei Starovoitov, Andrii Nakryiko, bpf,
Networking, Linux Kernel Mailing List, Linux Next Mailing List
On 6/2/26 6:31 PM, Paul Moore wrote:
> On Tue, Jun 2, 2026 at 12:16 PM Mark Brown <broonie@kernel•org> wrote:
>>
>>
>> After merging the security tree, today's linux-next build (x86_64
>> allmodconfig) failed like this:
>>
>> /tmp/next/build/security/hornet/hornet_lsm.c:212:36: error: too many arguments to function call, expected 1, have 3
>> 212 | if (map->ops->map_get_hash(map, SHA256_DIGEST_SIZE, hash))
>> | ~~~~~~~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~
>> /tmp/next/build/include/crypto/sha2.h:14:33: note: expanded from macro 'SHA256_DIGEST_SIZE'
>> 14 | #define SHA256_DIGEST_SIZE 32
>> | ^
>>
>>
>> Caused by commit
>>
>> c62310df81899 (lsm: introduce the Hornet LSM)
>>
>> interacting with
>>
>> c48c3a7e7d5be (bpf: Drop redundant hash_buf from map_get_hash operation)
>>
>> from the bpf-next tree. I have reverted the latter commit, the new LSM
>> means that the assumption in the changelog that there is only one caller
>> isn't true and it seems like the most straightforward approach.
>
> Thanks Mark, we're taking a look at it now and should have a
> fix/answer later today.
Sigh, hornet should _not_ be merged to begin with for the many reasons stated.
Messing around with BPF internals is yet another one aside from a really bad
user experience of having multiple approaches to BPF signing !
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2026-06-02 16:52 ` Daniel Borkmann
@ 2026-06-02 17:26 ` Paul Moore
0 siblings, 0 replies; 39+ messages in thread
From: Paul Moore @ 2026-06-02 17:26 UTC (permalink / raw)
To: Daniel Borkmann
Cc: Mark Brown, Blaise Boscaccy, Alexei Starovoitov, Andrii Nakryiko,
bpf, Networking, Linux Kernel Mailing List,
Linux Next Mailing List
On Tue, Jun 2, 2026 at 12:52 PM Daniel Borkmann <daniel@iogearbox•net> wrote:
> On 6/2/26 6:31 PM, Paul Moore wrote:
> > On Tue, Jun 2, 2026 at 12:16 PM Mark Brown <broonie@kernel•org> wrote:
> >>
> >>
> >> After merging the security tree, today's linux-next build (x86_64
> >> allmodconfig) failed like this:
> >>
> >> /tmp/next/build/security/hornet/hornet_lsm.c:212:36: error: too many arguments to function call, expected 1, have 3
> >> 212 | if (map->ops->map_get_hash(map, SHA256_DIGEST_SIZE, hash))
> >> | ~~~~~~~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~
> >> /tmp/next/build/include/crypto/sha2.h:14:33: note: expanded from macro 'SHA256_DIGEST_SIZE'
> >> 14 | #define SHA256_DIGEST_SIZE 32
> >> | ^
> >>
> >>
> >> Caused by commit
> >>
> >> c62310df81899 (lsm: introduce the Hornet LSM)
> >>
> >> interacting with
> >>
> >> c48c3a7e7d5be (bpf: Drop redundant hash_buf from map_get_hash operation)
> >>
> >> from the bpf-next tree. I have reverted the latter commit, the new LSM
> >> means that the assumption in the changelog that there is only one caller
> >> isn't true and it seems like the most straightforward approach.
> >
> > Thanks Mark, we're taking a look at it now and should have a
> > fix/answer later today.
>
> Sigh, hornet should _not_ be merged to begin with for the many reasons stated.
> Messing around with BPF internals is yet another one aside from a really bad
> user experience of having multiple approaches to BPF signing !
Sigh, if the BPF devs had shown any interest in working with Blaise to
arrive at a solution that met the security goals we described (and not
necessarily what the BPF devs continue to mischaracterize) there would
be no need for Hornet. You are free to be upset about Hornet's
existence, but you need to be realistic about the role the BPF dev
community played in creating Hornet.
--
paul-moore.com
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2026-06-02 16:31 ` Paul Moore
2026-06-02 16:52 ` Daniel Borkmann
@ 2026-06-02 18:40 ` Paul Moore
2026-06-02 19:16 ` Mark Brown
1 sibling, 1 reply; 39+ messages in thread
From: Paul Moore @ 2026-06-02 18:40 UTC (permalink / raw)
To: Mark Brown
Cc: Blaise Boscaccy, Daniel Borkmann, Alexei Starovoitov,
Andrii Nakryiko, bpf, Networking, Linux Kernel Mailing List,
Linux Next Mailing List
On Tue, Jun 2, 2026 at 12:31 PM Paul Moore <paul@paul-moore•com> wrote:
> On Tue, Jun 2, 2026 at 12:16 PM Mark Brown <broonie@kernel•org> wrote:
> >
> > Hi all,
> >
> > After merging the security tree, today's linux-next build (x86_64
> > allmodconfig) failed like this:
> >
> > /tmp/next/build/security/hornet/hornet_lsm.c:212:36: error: too many arguments to function call, expected 1, have 3
> > 212 | if (map->ops->map_get_hash(map, SHA256_DIGEST_SIZE, hash))
> > | ~~~~~~~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~
> > /tmp/next/build/include/crypto/sha2.h:14:33: note: expanded from macro 'SHA256_DIGEST_SIZE'
> > 14 | #define SHA256_DIGEST_SIZE 32
> > | ^
> >
> >
> > Caused by commit
> >
> > c62310df81899 (lsm: introduce the Hornet LSM)
> >
> > interacting with
> >
> > c48c3a7e7d5be (bpf: Drop redundant hash_buf from map_get_hash operation)
> >
> > from the bpf-next tree. I have reverted the latter commit, the new LSM
> > means that the assumption in the changelog that there is only one caller
> > isn't true and it seems like the most straightforward approach.
>
> Thanks Mark, we're taking a look at it now and should have a
> fix/answer later today.
Proposed update to Hornet, assuming this looks okay to Blaise I'll
merge it into the LSM tree (and either pull in Daniel's patch or base
off bpf-next so everything builds correctly).
https://lore.kernel.org/linux-security-module/20260602183658.161744-2-paul@paul-moore.com/
--
paul-moore.com
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2026-06-02 18:40 ` Paul Moore
@ 2026-06-02 19:16 ` Mark Brown
2026-06-02 20:13 ` Paul Moore
2026-06-02 21:45 ` Paul Moore
0 siblings, 2 replies; 39+ messages in thread
From: Mark Brown @ 2026-06-02 19:16 UTC (permalink / raw)
To: Paul Moore
Cc: Blaise Boscaccy, Daniel Borkmann, Alexei Starovoitov,
Andrii Nakryiko, bpf, Networking, Linux Kernel Mailing List,
Linux Next Mailing List
[-- Attachment #1: Type: text/plain, Size: 646 bytes --]
On Tue, Jun 02, 2026 at 02:40:12PM -0400, Paul Moore wrote:
> On Tue, Jun 2, 2026 at 12:31 PM Paul Moore <paul@paul-moore•com> wrote:
> > Thanks Mark, we're taking a look at it now and should have a
> > fix/answer later today.
> Proposed update to Hornet, assuming this looks okay to Blaise I'll
> merge it into the LSM tree (and either pull in Daniel's patch or base
> off bpf-next so everything builds correctly).
> https://lore.kernel.org/linux-security-module/20260602183658.161744-2-paul@paul-moore.com/
Can you ping me when that goes in (or things are otherwise resolved)
please so I know to drop the revert from -next?
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2026-06-02 19:16 ` Mark Brown
@ 2026-06-02 20:13 ` Paul Moore
2026-06-02 21:45 ` Paul Moore
1 sibling, 0 replies; 39+ messages in thread
From: Paul Moore @ 2026-06-02 20:13 UTC (permalink / raw)
To: Mark Brown
Cc: Blaise Boscaccy, Daniel Borkmann, Alexei Starovoitov,
Andrii Nakryiko, bpf, Networking, Linux Kernel Mailing List,
Linux Next Mailing List
On Tue, Jun 2, 2026 at 3:16 PM Mark Brown <broonie@kernel•org> wrote:
> On Tue, Jun 02, 2026 at 02:40:12PM -0400, Paul Moore wrote:
> > On Tue, Jun 2, 2026 at 12:31 PM Paul Moore <paul@paul-moore•com> wrote:
>
> > > Thanks Mark, we're taking a look at it now and should have a
> > > fix/answer later today.
>
> > Proposed update to Hornet, assuming this looks okay to Blaise I'll
> > merge it into the LSM tree (and either pull in Daniel's patch or base
> > off bpf-next so everything builds correctly).
>
> > https://lore.kernel.org/linux-security-module/20260602183658.161744-2-paul@paul-moore.com/
>
> Can you ping me when that goes in (or things are otherwise resolved)
> please so I know to drop the revert from -next?
Of course, no problem.
--
paul-moore.com
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2026-06-02 19:16 ` Mark Brown
2026-06-02 20:13 ` Paul Moore
@ 2026-06-02 21:45 ` Paul Moore
2026-06-03 12:42 ` Mark Brown
1 sibling, 1 reply; 39+ messages in thread
From: Paul Moore @ 2026-06-02 21:45 UTC (permalink / raw)
To: Mark Brown
Cc: Blaise Boscaccy, Daniel Borkmann, Alexei Starovoitov,
Andrii Nakryiko, bpf, Networking, Linux Kernel Mailing List,
Linux Next Mailing List
On Tue, Jun 2, 2026 at 3:16 PM Mark Brown <broonie@kernel•org> wrote:
> On Tue, Jun 02, 2026 at 02:40:12PM -0400, Paul Moore wrote:
> > On Tue, Jun 2, 2026 at 12:31 PM Paul Moore <paul@paul-moore•com> wrote:
>
> > > Thanks Mark, we're taking a look at it now and should have a
> > > fix/answer later today.
>
> > Proposed update to Hornet, assuming this looks okay to Blaise I'll
> > merge it into the LSM tree (and either pull in Daniel's patch or base
> > off bpf-next so everything builds correctly).
>
> > https://lore.kernel.org/linux-security-module/20260602183658.161744-2-paul@paul-moore.com/
>
> Can you ping me when that goes in (or things are otherwise resolved)
> please so I know to drop the revert from -next?
You shouldn't see a conflict with lsm/next now, but if you do let me know.
--
paul-moore.com
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2026-06-02 21:45 ` Paul Moore
@ 2026-06-03 12:42 ` Mark Brown
2026-06-03 14:43 ` Paul Moore
0 siblings, 1 reply; 39+ messages in thread
From: Mark Brown @ 2026-06-03 12:42 UTC (permalink / raw)
To: Paul Moore
Cc: Blaise Boscaccy, Daniel Borkmann, Alexei Starovoitov,
Andrii Nakryiko, bpf, Networking, Linux Kernel Mailing List,
Linux Next Mailing List
[-- Attachment #1: Type: text/plain, Size: 455 bytes --]
On Tue, Jun 02, 2026 at 05:45:04PM -0400, Paul Moore wrote:
> On Tue, Jun 2, 2026 at 3:16 PM Mark Brown <broonie@kernel•org> wrote:
> > Can you ping me when that goes in (or things are otherwise resolved)
> > please so I know to drop the revert from -next?
> You shouldn't see a conflict with lsm/next now, but if you do let me know.
It's still there today, but seeing Linus' comment about not merging
hornet I marked it as BROKEN instead.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 39+ messages in thread
* Re: linux-next: build failure after merge of the security tree
2026-06-03 12:42 ` Mark Brown
@ 2026-06-03 14:43 ` Paul Moore
0 siblings, 0 replies; 39+ messages in thread
From: Paul Moore @ 2026-06-03 14:43 UTC (permalink / raw)
To: Mark Brown
Cc: Blaise Boscaccy, Daniel Borkmann, Alexei Starovoitov,
Andrii Nakryiko, bpf, Networking, Linux Kernel Mailing List,
Linux Next Mailing List
On Wed, Jun 3, 2026 at 8:42 AM Mark Brown <broonie@kernel•org> wrote:
> On Tue, Jun 02, 2026 at 05:45:04PM -0400, Paul Moore wrote:
> > On Tue, Jun 2, 2026 at 3:16 PM Mark Brown <broonie@kernel•org> wrote:
>
> > > Can you ping me when that goes in (or things are otherwise resolved)
> > > please so I know to drop the revert from -next?
>
> > You shouldn't see a conflict with lsm/next now, but if you do let me know.
>
> It's still there today, but seeing Linus' comment about not merging
> hornet I marked it as BROKEN instead.
My apologies, I forgot to push my local tree to kernel.org. It should
be all set now.
--
paul-moore.com
^ permalink raw reply [flat|nested] 39+ messages in thread
end of thread, other threads:[~2026-06-03 14:44 UTC | newest]
Thread overview: 39+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-25 9:21 linux-next: build failure after merge of the security tree Stephen Rothwell
-- strict thread matches above, loose matches on Subject: below --
2015-08-17 5:29 Stephen Rothwell
2015-08-17 6:04 ` Stephen Rothwell
2015-08-26 14:45 ` David Howells
2016-05-19 4:01 Stephen Rothwell
[not found] ` <20160519140120.23b345a1-3FnU+UHB4dNDw9hX6IcOSA@public.gmane.org>
2016-05-19 10:11 ` David Howells
2016-05-19 23:14 ` Stephen Rothwell
2016-05-20 3:07 ` Steve French
2017-08-17 2:51 Stephen Rothwell
2017-08-17 3:24 ` Kees Cook
2017-08-23 11:12 Stephen Rothwell
2019-08-12 4:58 Stephen Rothwell
2019-08-12 17:34 ` Kees Cook
2019-08-19 3:21 ` Stephen Rothwell
2019-08-19 3:38 ` Stephen Rothwell
2019-08-21 16:39 ` James Morris
2020-07-08 4:00 Stephen Rothwell
2020-07-13 2:04 ` Stephen Rothwell
2020-07-13 2:06 ` Stephen Rothwell
2020-07-29 23:35 ` Stephen Rothwell
2020-07-30 2:35 ` James Morris
2020-07-30 2:59 ` Stephen Rothwell
2020-07-30 5:03 ` Stephen Rothwell
2020-08-04 3:36 ` James Morris
2025-02-10 1:18 Stephen Rothwell
2025-02-10 3:44 ` Paul Moore
2025-02-10 3:53 ` Stephen Rothwell
2025-02-10 14:51 ` Paul Moore
2025-03-24 4:37 Stephen Rothwell
2026-06-02 16:16 Mark Brown
2026-06-02 16:31 ` Paul Moore
2026-06-02 16:52 ` Daniel Borkmann
2026-06-02 17:26 ` Paul Moore
2026-06-02 18:40 ` Paul Moore
2026-06-02 19:16 ` Mark Brown
2026-06-02 20:13 ` Paul Moore
2026-06-02 21:45 ` Paul Moore
2026-06-03 12:42 ` Mark Brown
2026-06-03 14:43 ` Paul Moore
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox