On 04/01/2023 12:41, Konstantin Meskhidze (A) wrote:
11/17/2022 9:43 PM, Mickaël Salaün пишет:
[...]
/**
@@ -79,6 +91,24 @@ struct landlock_path_beneath_attr {
*/
} __attribute__((packed));
+/**
+ * struct landlock_net_service_attr - TCP subnet definition
+ *
+ * Argument of sys_landlock_add_rule().
+ */
+struct landlock_net_service_attr {
+ /**
+ * @allowed_access: Bitmask of allowed access network for services
+ * (cf. `Network flags`_).
+ */
+ __u64 allowed_access;
+ /**
+ * @port: Network port.
+ */
+ __u16 port;
From an UAPI point of view, I think the port field should be __be16, as
for sockaddr_in->port and other network-related APIs. This will require
some kernel changes to please sparse: make C=2 security/landlock/ must
not print any warning.
I have this errors trying to launch sparse checking:
DESCEND objtool
DESCEND bpf/resolve_btfids
CALL scripts/checksyscalls.sh
CHK kernel/kheaders_data.tar.xz
CC security/landlock/setup.o
CHECK security/landlock/setup.c
./include/asm-generic/rwonce.h:67:16: error: typename in expression
./include/asm-generic/rwonce.h:67:16: error: Expected ) in function call
./include/asm-generic/rwonce.h:67:16: error: got :
./include/linux/list.h:292:16: error: typename in expression
./include/linux/list.h:292:16: error: Expected ) in function call
./include/linux/list.h:292:16: error: got :
....
./include/linux/seqlock.h:682:16: error: Expected ) in function call
./include/linux/seqlock.h:682:16: error: got :
./include/linux/seqlock.h:695:16: error: typename in expression
./include/linux/seqlock.h:695:16: error: Expected ) in function call
./include/linux/seqlock.h:695:16: error: too many errors
Segmentation fault (core dumped)
make[3]: *** [scripts/Makefile.build:250: security/landlock/setup.o]
Error 139
make[3]: *** Deleting file 'security/landlock/setup.o'
make[3]: *** Waiting for unfinished jobs....
Segmentation fault (core dumped)
make[3]: *** [scripts/Makefile.build:250: security/landlock/syscalls.o]
Error 139
make[3]: *** Deleting file 'security/landlock/syscalls.o'
make[2]: *** [scripts/Makefile.build:502: security/landlock] Error 2
make[1]: *** [scripts/Makefile.build:502: security] Error 2
make[1]: *** Waiting for unfinished jobs....
make: *** [Makefile:1994: .] Error 2
I don't know about this error. Did you follow the documentation?
https://docs.kernel.org/dev-tools/sparse.html#getting-sparse
Using big-endian values as keys (casted to uintptr_t, not strictly
__be16) in the rb-tree should not be an issue because there is no port
range ordering (for now).
A dedicated test should check that endianness is correct, e.g. by using
different port encoding. This should include passing and failing tests,
but they should work on all architectures (i.e. big or little endian).