Re: [PATCH v8 07/12] landlock: Add network rules support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 04/01/2023 12:41, Konstantin Meskhidze (A) wrote:


11/17/2022 9:43 PM, Mickaël Salaün пишет:

[...]

   /**
@@ -79,6 +91,24 @@ struct landlock_path_beneath_attr {
   	 */
   } __attribute__((packed));

+/**
+ * struct landlock_net_service_attr - TCP subnet definition
+ *
+ * Argument of sys_landlock_add_rule().
+ */
+struct landlock_net_service_attr {
+	/**
+	 * @allowed_access: Bitmask of allowed access network for services
+	 * (cf. `Network flags`_).
+	 */
+	__u64 allowed_access;
+	/**
+	 * @port: Network port.
+	 */
+	__u16 port;

   From an UAPI point of view, I think the port field should be __be16, as
for sockaddr_in->port and other network-related APIs. This will require
some kernel changes to please sparse: make C=2 security/landlock/ must
not print any warning.

    I have this errors trying to launch sparse checking:

    DESCEND objtool
    DESCEND bpf/resolve_btfids
    CALL    scripts/checksyscalls.sh
    CHK     kernel/kheaders_data.tar.xz
    CC      security/landlock/setup.o
    CHECK   security/landlock/setup.c
./include/asm-generic/rwonce.h:67:16: error: typename in expression
./include/asm-generic/rwonce.h:67:16: error: Expected ) in function call
./include/asm-generic/rwonce.h:67:16: error: got :
./include/linux/list.h:292:16: error: typename in expression
./include/linux/list.h:292:16: error: Expected ) in function call
./include/linux/list.h:292:16: error: got :

....

./include/linux/seqlock.h:682:16: error: Expected ) in function call
./include/linux/seqlock.h:682:16: error: got :
./include/linux/seqlock.h:695:16: error: typename in expression
./include/linux/seqlock.h:695:16: error: Expected ) in function call
./include/linux/seqlock.h:695:16: error: too many errors
Segmentation fault (core dumped)
make[3]: *** [scripts/Makefile.build:250: security/landlock/setup.o]
Error 139
make[3]: *** Deleting file 'security/landlock/setup.o'
make[3]: *** Waiting for unfinished jobs....
Segmentation fault (core dumped)
make[3]: *** [scripts/Makefile.build:250: security/landlock/syscalls.o]
Error 139
make[3]: *** Deleting file 'security/landlock/syscalls.o'
make[2]: *** [scripts/Makefile.build:502: security/landlock] Error 2
make[1]: *** [scripts/Makefile.build:502: security] Error 2
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:1994: .] Error 2

I don't know about this error. Did you follow the documentation?
https://docs.kernel.org/dev-tools/sparse.html#getting-sparse




Using big-endian values as keys (casted to uintptr_t, not strictly
__be16) in the rb-tree should not be an issue because there is no port
range ordering (for now).

A dedicated test should check that endianness is correct, e.g. by using
different port encoding. This should include passing and failing tests,
but they should work on all architectures (i.e. big or little endian).



[Index of Archives]     [Newbies FAQ]     [LKML]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Trinity Fuzzer Tool]

  Powered by Linux