Hi Kees, I love your patch! Yet something to improve:
[auto build test ERROR on linux/master] [also build test ERROR on kees/for-next/pstore linus/master v5.12-rc6 next-20210409] [cannot apply to kees/for-next/loadpin] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/0day-ci/linux/commits/Kees-Cook/LoadPin-Allow-filesystem-switch-when-not-enforcing/20210409-073059 base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 5e46d1b78a03d52306f21f77a4e4a144b6d31486 config: x86_64-randconfig-a003-20210410 (attached as .config) compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project dd453a1389b6a7e6d9214b449d3c54981b1a89b6) reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # install x86_64 cross compiling tool for clang build # apt-get install binutils-x86-64-linux-gnu # https://github.com/0day-ci/linux/commit/3dc7289d9d15396745929884191874dc2cce1afc git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Kees-Cook/LoadPin-Allow-filesystem-switch-when-not-enforcing/20210409-073059 git checkout 3dc7289d9d15396745929884191874dc2cce1afc # save the attached .config to linux build tree COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <l...@intel.com> All errors (new ones prefixed by >>): >> security/loadpin/loadpin.c:106:4: error: use of undeclared identifier >> 'load_root_writable' load_root_writable ? "writable" : "read-only"); ^ >> security/loadpin/loadpin.c:121:7: error: use of undeclared identifier >> 'enforced'; did you mean 'enforce'? if (enforced) { ^~~~~~~~ enforce security/loadpin/loadpin.c:41:12: note: 'enforce' declared here static int enforce = IS_ENABLED(CONFIG_SECURITY_LOADPIN_ENFORCE); ^ 2 errors generated. vim +/load_root_writable +106 security/loadpin/loadpin.c 96 97 static void report_writable(struct block_device *bdev) 98 { 99 if (bdev) { 100 char name[BDEVNAME_SIZE]; 101 102 bdevname(bdev, name); 103 pr_info("%s (%u:%u): %s\n", name, 104 MAJOR(bdev->bd_dev), 105 MINOR(bdev->bd_dev), > 106 load_root_writable ? "writable" : "read-only"); 107 } else { 108 pr_info("pinned filesystem lacks block device, treating as: writable\n"); 109 } 110 } 111 112 static void loadpin_sb_free_security(struct super_block *mnt_sb) 113 { 114 /* 115 * When unmounting the filesystem we were using for load 116 * pinning, we acknowledge the superblock release, but make sure 117 * no other modules or firmware can be loaded when we are in 118 * enforcing mode. Otherwise, allow the root to be reestablished. 119 */ 120 if (!IS_ERR_OR_NULL(pinned_root) && mnt_sb == pinned_root) { > 121 if (enforced) { 122 pinned_root = ERR_PTR(-EIO); 123 pr_info("umount pinned fs: refusing further loads\n"); 124 } else { 125 pinned_root = NULL; 126 } 127 } 128 } 129 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-...@lists.01.org
.config.gz
Description: application/gzip