Hi all,
After merging the integrity tree, today's linux-next build (x86_64
allmodconfig) failed like this:
security/integrity/ima/ima_main.c: In function 'ima_file_mprotect':
security/integrity/ima/ima_main.c:473:34: error: implicit declaration of function 'file_mnt_user_ns'; did you mean 'get_user_ns'? [-Werror=implicit-function-declaration]
473 | action |= ima_get_action(file_mnt_user_ns(vma->vm_file), inode,
| ^~~~~~~~~~~~~~~~
| get_user_ns
security/integrity/ima/ima_main.c:473:34: error: passing argument 1 of 'ima_get_action' makes pointer from integer without a cast [-Werror=int-conversion]
473 | action |= ima_get_action(file_mnt_user_ns(vma->vm_file), inode,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| |
| int
In file included from security/integrity/ima/ima_main.c:30:
security/integrity/ima/ima.h:258:38: note: expected 'struct mnt_idmap *' but argument is of type 'int'
258 | int ima_get_action(struct mnt_idmap *idmap, struct inode *inode,
| ~~~~~~~~~~~~~~~~~~^~~~~
cc1: all warnings being treated as errors
Caused by commit
4958db3245fa ("ima: Introduce MMAP_CHECK_REQPROT hook")
interacting with commit
39f60c1ccee7 ("fs: port xattr to mnt_idmap")
from the vfs-idmapping tree.
I have applied the following merge fix patch for today.
From: Stephen Rothwell <[email protected]>
Date: Tue, 7 Feb 2023 11:31:16 +1100
Subject: [PATCH] fixup for "ima: Introduce MMAP_CHECK_REQPROT hook"
interacting with "fs: port xattr to mnt_idmap"
Signed-off-by: Stephen Rothwell <[email protected]>
---
security/integrity/ima/ima_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 7a05af9f481f..d66a0a36415e 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -470,7 +470,7 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
action = ima_get_action(file_mnt_idmap(vma->vm_file), inode,
current_cred(), secid, MAY_EXEC, MMAP_CHECK,
&pcr, &template, NULL, NULL);
- action |= ima_get_action(file_mnt_user_ns(vma->vm_file), inode,
+ action |= ima_get_action(file_mnt_idmap(vma->vm_file), inode,
current_cred(), secid, MAY_EXEC,
MMAP_CHECK_REQPROT, &pcr, &template, NULL,
NULL);
--
2.35.1
x
--
Cheers,
Stephen Rothwell
> From: Stephen Rothwell [mailto:[email protected]]
> Sent: Tuesday, February 7, 2023 1:51 AM
> Hi all,
>
> After merging the integrity tree, today's linux-next build (x86_64
> allmodconfig) failed like this:
>
> security/integrity/ima/ima_main.c: In function 'ima_file_mprotect':
> security/integrity/ima/ima_main.c:473:34: error: implicit declaration of
> function 'file_mnt_user_ns'; did you mean 'get_user_ns'? [-Werror=implicit-
> function-declaration]
> 473 | action |= ima_get_action(file_mnt_user_ns(vma->vm_file), inode,
> | ^~~~~~~~~~~~~~~~
> | get_user_ns
> security/integrity/ima/ima_main.c:473:34: error: passing argument 1 of
> 'ima_get_action' makes pointer from integer without a cast [-Werror=int-
> conversion]
> 473 | action |= ima_get_action(file_mnt_user_ns(vma->vm_file), inode,
> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> | |
> | int
> In file included from security/integrity/ima/ima_main.c:30:
> security/integrity/ima/ima.h:258:38: note: expected 'struct mnt_idmap *' but
> argument is of type 'int'
> 258 | int ima_get_action(struct mnt_idmap *idmap, struct inode *inode,
> | ~~~~~~~~~~~~~~~~~~^~~~~
> cc1: all warnings being treated as errors
>
> Caused by commit
>
> 4958db3245fa ("ima: Introduce MMAP_CHECK_REQPROT hook")
>
> interacting with commit
>
> 39f60c1ccee7 ("fs: port xattr to mnt_idmap")
>
> from the vfs-idmapping tree.
>
> I have applied the following merge fix patch for today.
Hi Stephen
the fix looks ok for me.
Reviewed-by: Roberto Sassu <[email protected]>
Thanks
Roberto
> From: Stephen Rothwell <[email protected]>
> Date: Tue, 7 Feb 2023 11:31:16 +1100
> Subject: [PATCH] fixup for "ima: Introduce MMAP_CHECK_REQPROT hook"
>
> interacting with "fs: port xattr to mnt_idmap"
>
> Signed-off-by: Stephen Rothwell <[email protected]>
> ---
> security/integrity/ima/ima_main.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/integrity/ima/ima_main.c
> b/security/integrity/ima/ima_main.c
> index 7a05af9f481f..d66a0a36415e 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -470,7 +470,7 @@ int ima_file_mprotect(struct vm_area_struct *vma,
> unsigned long prot)
> action = ima_get_action(file_mnt_idmap(vma->vm_file), inode,
> current_cred(), secid, MAY_EXEC,
> MMAP_CHECK,
> &pcr, &template, NULL, NULL);
> - action |= ima_get_action(file_mnt_user_ns(vma->vm_file), inode,
> + action |= ima_get_action(file_mnt_idmap(vma->vm_file), inode,
> current_cred(), secid, MAY_EXEC,
> MMAP_CHECK_REQPROT, &pcr, &template,
> NULL,
> NULL);
> --
> 2.35.1
> x
> --
> Cheers,
> Stephen Rothwell