LinuxLists.cc - randconfig build error with next-20141113, in fs/pstore/inode.c

2014-11-13 14:52:23

Subject: randconfig build error with next-20141113, in fs/pstore/inode.c

Building with the attached random configuration file,

fs/built-in.o: In function `pstore_check_syslog_permissions':
inode.c:(.text+0x13a1bd): undefined reference to `check_syslog_permissions'
make: *** [vmlinux] Error 1

Attachments:

randconfig-1415865123.txt (70.93 kB)

2014-11-13 19:18:48

by Tony Luck

[permalink] [raw]

Subject: RE: randconfig build error with next-20141113, in fs/pstore/inode.c

> Building with the attached random configuration file,
>
> fs/built-in.o: In function `pstore_check_syslog_permissions':
> inode.c:(.text+0x13a1bd): undefined reference to `check_syslog_permissions'
> make: *** [vmlinux] Error 1

Sebastian,

This looks to come from your "Honor dmesg_restrict sysctl on dmesg dumps" patch

The randconfig doesn't have CONFIG_PRINTK. I guess we need to provide a stub
in <linux/syslog.h> to cover this.

-Tony
????{.n?+???????+%?????ݶ??w??{.n?+????{??G?????{ay?ʇڙ?,j??f???h?????????z_??(?階?ݢj"???m??????G????????????&???~???iO???z??v?^?m????????????I?

2014-11-13 19:21:21

by Kees Cook

[permalink] [raw]

Subject: Re: randconfig build error with next-20141113, in fs/pstore/inode.c

On Thu, Nov 13, 2014 at 11:18 AM, Luck, Tony <[email protected]> wrote:
>> Building with the attached random configuration file,
>>
>> fs/built-in.o: In function `pstore_check_syslog_permissions':
>> inode.c:(.text+0x13a1bd): undefined reference to `check_syslog_permissions'
>> make: *** [vmlinux] Error 1
>
> Sebastian,
>
> This looks to come from your "Honor dmesg_restrict sysctl on dmesg dumps" patch
>
> The randconfig doesn't have CONFIG_PRINTK. I guess we need to provide a stub
> in <linux/syslog.h> to cover this.

Without CONFIG_PRINTK, check_syslog_permissions should probably fail.

-Kees

--
Kees Cook
Chrome OS Security

2014-11-14 05:09:47

by Sebastian Schmidt

[permalink] [raw]

Subject: Re: randconfig build error with next-20141113, in fs/pstore/inode.c

Hi all,

On Thu, Nov 13, 2014 at 11:21:18AM -0800, Kees Cook wrote:
> > This looks to come from your "Honor dmesg_restrict sysctl on dmesg dumps" patch

Oops, you are right.

> > The randconfig doesn't have CONFIG_PRINTK. I guess we need to provide a stub
> > in <linux/syslog.h> to cover this.
>
> Without CONFIG_PRINTK, check_syslog_permissions should probably fail.

Kees, I disagree. Without CONFIG_PRINTK, there isn't even a
dmesg_restrict sysctl, so there is no way to turn that on (AFAICS) and
we should retain the default behaviour.

I'll send a patch shortly.

Sebastian

2014-11-14 05:22:47

by Sebastian Schmidt

[permalink] [raw]

Subject: [PATCH] syslog: provide stub check_syslog_permissions

When building without CONFIG_PRINTK, we need to provide a stub
check_syslog_permissions. As there is no way to turn on the
dmesg_restrict sysctl without CONFIG_PRINTK, return success.

Reported-by: Jim Davis <[email protected]>
Signed-off-by: Sebastian Schmidt <[email protected]>
---
include/linux/syslog.h | 8 ++++++++
1 file changed, 8 insertions(+)

diff --git a/include/linux/syslog.h b/include/linux/syslog.h
index 9def529..13c05d1 100644
--- a/include/linux/syslog.h
+++ b/include/linux/syslog.h
@@ -48,6 +48,14 @@
#define SYSLOG_FROM_PROC 1

int do_syslog(int type, char __user *buf, int count, bool from_file);
+
+#ifdef CONFIG_PRINTK
int check_syslog_permissions(int type, bool from_file);
+#else
+static int check_syslog_permissions(int type, bool from_file)
+{
+ return 0;
+}
+#endif

#endif /* _LINUX_SYSLOG_H */
--
2.1.1

2014-11-14 20:06:57

by Kees Cook

[permalink] [raw]

Subject: Re: [PATCH] syslog: provide stub check_syslog_permissions

On Thu, Nov 13, 2014 at 9:22 PM, Sebastian Schmidt <[email protected]> wrote:
> When building without CONFIG_PRINTK, we need to provide a stub
> check_syslog_permissions. As there is no way to turn on the
> dmesg_restrict sysctl without CONFIG_PRINTK, return success.
>
> Reported-by: Jim Davis <[email protected]>
> Signed-off-by: Sebastian Schmidt <[email protected]>

I think this is correct. Without CONFIG_PRINTK, dmesg_restrict doesn't
exist. It's a bit mind-bending, but since all the logic for
capabilities, etc, is also missing, I guess "allow" (return 0) is the
right default without printk.

Thanks!

Acked-by: Kees Cook <[email protected]>

-Kees

> ---
> include/linux/syslog.h | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/include/linux/syslog.h b/include/linux/syslog.h
> index 9def529..13c05d1 100644
> --- a/include/linux/syslog.h
> +++ b/include/linux/syslog.h
> @@ -48,6 +48,14 @@
> #define SYSLOG_FROM_PROC 1
>
> int do_syslog(int type, char __user *buf, int count, bool from_file);
> +
> +#ifdef CONFIG_PRINTK
> int check_syslog_permissions(int type, bool from_file);
> +#else
> +static int check_syslog_permissions(int type, bool from_file)
> +{
> + return 0;
> +}
> +#endif
>
> #endif /* _LINUX_SYSLOG_H */
> --
> 2.1.1

--
Kees Cook
Chrome OS Security