Hi Tahera, kernel test robot noticed the following build warnings:
[auto build test WARNING on zohar-integrity/next-integrity] [also build test WARNING on linus/master v6.18-rc4 next-20251107] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Tahera-Fahimi/ima-avoid-duplicate-policy-rules-insertions/20251107-021615 base: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity patch link: https://lore.kernel.org/r/20251106181404.3429710-1-taherafahimi%40linux.microsoft.com patch subject: [Patch V1] ima: avoid duplicate policy rules insertions config: alpha-allyesconfig (https://download.01.org/0day-ci/archive/20251107/[email protected]/config) compiler: alpha-linux-gcc (GCC) 15.1.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251107/[email protected]/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <[email protected]> | Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/ All warnings (new ones prefixed by >>): security/integrity/ima/ima_policy.c: In function 'template_has_field': >> security/integrity/ima/ima_policy.c:1958:13: warning: unused variable 'j' >> [-Wunused-variable] 1958 | int j; | ^ -- >> Warning: security/integrity/ima/ima_policy.c:2078 function parameter >> 'new_rule' not described in 'ima_rule_exists' vim +/j +1958 security/integrity/ima/ima_policy.c 1955 1956 static bool template_has_field(const char *field_id, const struct ima_template_desc *template2) 1957 { > 1958 int j; 1959 1960 for (int j = 0; j < template2->num_fields; j++) 1961 if (strcmp(field_id, template2->fields[j]->field_id) == 0) 1962 return true; 1963 1964 return false; 1965 } 1966 1967 static bool keyring_has_item(const char *item, const struct ima_rule_opt_list *keyrings) 1968 { 1969 int j; 1970 1971 for (j = 0; j < keyrings->count; j++) { 1972 if (strcmp(item, keyrings->items[j]) == 0) 1973 return true; 1974 } 1975 return false; 1976 } 1977 1978 static bool labels_has_item(const char *item, const struct ima_rule_opt_list *labels) 1979 { 1980 int j; 1981 1982 for (j = 0; j < labels->count; j++) { 1983 if (strcmp(item, labels->items[j]) == 0) 1984 return true; 1985 } 1986 return false; 1987 } 1988 1989 static bool ima_rules_equal(const struct ima_rule_entry *rule1, const struct ima_rule_entry *rule2) 1990 { 1991 int i; 1992 1993 if (rule1->flags != rule2->flags) 1994 return false; 1995 1996 if (rule1->action != rule2->action) 1997 return false; 1998 1999 if (((rule1->flags & IMA_FUNC) && rule1->func != rule2->func) || 2000 ((rule1->flags & (IMA_MASK | IMA_INMASK)) && rule1->mask != rule2->mask) || 2001 ((rule1->flags & IMA_FSMAGIC) && rule1->fsmagic != rule2->fsmagic) || 2002 ((rule1->flags & IMA_FSUUID) && !uuid_equal(&rule1->fsuuid, &rule2->fsuuid)) || 2003 ((rule1->flags & IMA_UID) && !uid_eq(rule1->uid, rule2->uid)) || 2004 ((rule1->flags & IMA_GID) && !gid_eq(rule1->gid, rule2->gid)) || 2005 ((rule1->flags & IMA_FOWNER) && !uid_eq(rule1->fowner, rule2->fowner)) || 2006 ((rule1->flags & IMA_FGROUP) && !gid_eq(rule1->fgroup, rule2->fgroup)) || 2007 ((rule1->flags & IMA_FSNAME) && (strcmp(rule1->fsname, rule2->fsname) != 0)) || 2008 ((rule1->flags & IMA_PCR) && rule1->pcr != rule2->pcr) || 2009 ((rule1->flags & IMA_VALIDATE_ALGOS) && 2010 rule1->allowed_algos != rule2->allowed_algos) || 2011 ((rule1->flags & IMA_EUID) && !uid_eq(rule1->uid, rule2->uid)) || 2012 ((rule1->flags & IMA_EGID) && !gid_eq(rule1->gid, rule2->gid))) 2013 return false; 2014 2015 if (!rule1->template && !rule2->template) { 2016 ; 2017 } else if (!rule1->template || !rule2->template) { 2018 return false; 2019 } else if (rule1->template->num_fields != rule2->template->num_fields) { 2020 return false; 2021 } else if (rule1->template->num_fields != 0) { 2022 for (i = 0; i < rule1->template->num_fields; i++) { 2023 if (!template_has_field(rule1->template->fields[i]->field_id, 2024 rule2->template)) 2025 return false; 2026 } 2027 } 2028 2029 if (rule1->flags & IMA_KEYRINGS) { 2030 if (!rule1->keyrings && !rule2->keyrings) { 2031 ; 2032 } else if (!rule1->keyrings || !rule2->keyrings) { 2033 return false; 2034 } else if (rule1->keyrings->count != rule2->keyrings->count) { 2035 return false; 2036 } else if (rule1->keyrings->count != 0) { 2037 for (i = 0; i < rule1->keyrings->count; i++) { 2038 if (!keyring_has_item(rule1->keyrings->items[i], rule2->keyrings)) 2039 return false; 2040 } 2041 } 2042 } 2043 2044 if (rule1->flags & IMA_LABEL) { 2045 if (!rule1->label && !rule2->label) { 2046 ; 2047 } else if (!rule1->label || !rule2->label) { 2048 return false; 2049 } else if (rule1->label->count != rule2->label->count) { 2050 return false; 2051 } else if (rule1->label->count != 0) { 2052 for (i = 0; i < rule1->label->count; i++) { 2053 if (!labels_has_item(rule1->label->items[i], rule2->label)) 2054 return false; 2055 } 2056 } 2057 } 2058 2059 for (i = 0; i < MAX_LSM_RULES; i++) { 2060 if (!rule1->lsm[i].rule && !rule2->lsm[i].rule) 2061 continue; 2062 2063 if (!rule1->lsm[i].rule || !rule2->lsm[i].rule) 2064 return false; 2065 2066 if (strcmp(rule1->lsm[i].args_p, rule2->lsm[i].args_p) != 0) 2067 return false; 2068 } 2069 2070 return true; 2071 } 2072 2073 /** 2074 * ima_rule_exists - check if a rule already exists in the policy 2075 * 2076 * Checking both the active policy and the temporary rules list. 2077 */ > 2078 static bool ima_rule_exists(struct ima_rule_entry *new_rule) 2079 { 2080 struct ima_rule_entry *entry; 2081 struct list_head *ima_rules_tmp; 2082 2083 if (!list_empty(&ima_temp_rules)) { 2084 list_for_each_entry(entry, &ima_temp_rules, list) { 2085 if (ima_rules_equal(entry, new_rule)) 2086 return true; 2087 } 2088 } 2089 2090 rcu_read_lock(); 2091 ima_rules_tmp = rcu_dereference(ima_rules); 2092 list_for_each_entry_rcu(entry, ima_rules_tmp, list) { 2093 if (ima_rules_equal(entry, new_rule)) { 2094 rcu_read_unlock(); 2095 return true; 2096 } 2097 } 2098 rcu_read_unlock(); 2099 2100 return false; 2101 } 2102 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
