tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master head: bb1b0acdcd66e0d8eedee3570d249e076b89ab32 commit: 07227e4d8f520114358aa841cd50a11795d92a36 [5281/5508] Landlock: Add abstract unix socket connect restriction config: s390-defconfig (https://download.01.org/0day-ci/archive/20240820/202408201505.lEgLaz8N-lkp@xxxxxxxxx/config) compiler: s390-linux-gcc (GCC) 13.2.0 reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20240820/202408201505.lEgLaz8N-lkp@xxxxxxxxx/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@xxxxxxxxx> | Closes: https://lore.kernel.org/oe-kbuild-all/202408201505.lEgLaz8N-lkp@xxxxxxxxx/ All warnings (new ones prefixed by >>): >> security/landlock/task.c:126: warning: Function parameter or struct member 'scope' not described in 'domain_is_scoped' vim +126 security/landlock/task.c 112 113 /** 114 * domain_is_scoped - Checks if the client domain is scoped in the same 115 * domain as the server. 116 * 117 * @client: IPC sender domain. 118 * @server: IPC receiver domain. 119 * 120 * Return true if the @client domain is scoped to access the @server, 121 * unless the @server is also scoped in the same domain as @client. 122 */ 123 static bool domain_is_scoped(const struct landlock_ruleset *const client, 124 const struct landlock_ruleset *const server, 125 access_mask_t scope) > 126 { 127 int client_layer, server_layer; 128 struct landlock_hierarchy *client_walker, *server_walker; 129 130 /* Quick return if client has no domain */ 131 if (WARN_ON_ONCE(!client)) 132 return false; 133 134 client_layer = client->num_layers - 1; 135 client_walker = client->hierarchy; 136 /* 137 * client_layer must be a signed integer with greater capacity 138 * than client->num_layers to ensure the following loop stops. 139 */ 140 BUILD_BUG_ON(sizeof(client_layer) > sizeof(client->num_layers)); 141 142 server_layer = server ? (server->num_layers - 1) : -1; 143 server_walker = server ? server->hierarchy : NULL; 144 145 /* 146 * Walks client's parent domains down to the same hierarchy level 147 * as the server's domain, and checks that none of these client's 148 * parent domains are scoped. 149 */ 150 for (; client_layer > server_layer; client_layer--) { 151 if (landlock_get_scope_mask(client, client_layer) & scope) 152 return true; 153 client_walker = client_walker->parent; 154 } 155 /* 156 * Walks server's parent domains down to the same hierarchy level as 157 * the client's domain. 158 */ 159 for (; server_layer > client_layer; server_layer--) 160 server_walker = server_walker->parent; 161 162 for (; client_layer >= 0; client_layer--) { 163 if (landlock_get_scope_mask(client, client_layer) & scope) { 164 /* 165 * Client and server are at the same level in the 166 * hierarchy. If the client is scoped, the request is 167 * only allowed if this domain is also a server's 168 * ancestor. 169 */ 170 return server_walker != client_walker; 171 } 172 client_walker = client_walker->parent; 173 server_walker = server_walker->parent; 174 } 175 return false; 176 } 177 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
