From: kernel test robot <lkp@intel.com>
To: "Blaise Boscaccy" <bboscaccy@linux.microsoft.com>,
"Jonathan Corbet" <corbet@lwn.net>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Mickaël Salaün" <mic@digikod.net>,
"Günther Noack" <gnoack@google.com>,
"Dr. David Alan Gilbert" <linux@treblig.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
James.Bottomley@hansenpartnership.com, dhowells@redhat.com,
"Fan Wu" <wufan@kernel.org>,
"Ryan Foster" <foster.ryan.r@gmail.com>,
linux-security-module@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kernel@vger.kernel.org, bpf@vger.kernel.org
Cc: oe-kbuild-all@lists.linux.dev,
Linux Memory Management List <linux-mm@kvack.org>
Subject: Re: [PATCH v2 07/10] security: Hornet LSM
Date: Sun, 1 Mar 2026 10:02:29 +0800 [thread overview]
Message-ID: <202603010957.7JUXdjTd-lkp@intel.com> (raw)
In-Reply-To: <20260227233930.2418522-8-bboscaccy@linux.microsoft.com>
Hi Blaise,
kernel test robot noticed the following build errors:
[auto build test ERROR on linus/master]
[also build test ERROR on v7.0-rc1 next-20260227]
[cannot apply to herbert-cryptodev-2.6/master herbert-crypto-2.6/master shuah-kselftest/next shuah-kselftest/fixes]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Blaise-Boscaccy/certs-break-out-pkcs7-check-into-its-own-function/20260228-074528
base: linus/master
patch link: https://lore.kernel.org/r/20260227233930.2418522-8-bboscaccy%40linux.microsoft.com
patch subject: [PATCH v2 07/10] security: Hornet LSM
config: um-randconfig-r133-20260228 (https://download.01.org/0day-ci/archive/20260301/202603010957.7JUXdjTd-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260301/202603010957.7JUXdjTd-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202603010957.7JUXdjTd-lkp@intel.com/
All errors (new ones prefixed by >>):
In file included from security/hornet/hornet_lsm.c:10:
In file included from include/linux/lsm_hooks.h:29:
In file included from include/linux/security.h:35:
In file included from include/linux/bpf.h:32:
In file included from include/linux/memcontrol.h:13:
In file included from include/linux/cgroup.h:27:
In file included from include/linux/kernel_stat.h:8:
In file included from include/linux/interrupt.h:11:
In file included from include/linux/hardirq.h:11:
In file included from arch/um/include/asm/hardirq.h:24:
In file included from include/linux/irq.h:20:
In file included from include/linux/io.h:12:
In file included from arch/um/include/asm/io.h:24:
include/asm-generic/io.h:1209:55: warning: performing pointer arithmetic on a null pointer has undefined behavior [-Wnull-pointer-arithmetic]
1209 | return (port > MMIO_UPPER_LIMIT) ? NULL : PCI_IOBASE + port;
| ~~~~~~~~~~ ^
>> security/hornet/hornet_lsm.c:183:8: error: call to undeclared function 'verify_pkcs7_signature'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
183 | err = verify_pkcs7_signature(prog->insnsi, prog->len * sizeof(struct bpf_insn),
| ^
security/hornet/hornet_lsm.c:183:8: note: did you mean 'bpf_verify_pkcs7_signature'?
include/linux/bpf.h:3624:5: note: 'bpf_verify_pkcs7_signature' declared here
3624 | int bpf_verify_pkcs7_signature(struct bpf_dynptr *data_p,
| ^
>> security/hornet/hornet_lsm.c:197:6: error: call to undeclared function 'validate_pkcs7_trust'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
197 | if (validate_pkcs7_trust(msg, VERIFY_USE_SECONDARY_KEYRING)) {
| ^
1 warning and 2 errors generated.
vim +/verify_pkcs7_signature +183 security/hornet/hornet_lsm.c
153
154 static int hornet_check_program(struct bpf_prog *prog, union bpf_attr *attr,
155 struct bpf_token *token, bool is_kernel)
156 {
157 struct hornet_maps maps = {0};
158 bpfptr_t usig = make_bpfptr(attr->signature, is_kernel);
159 struct pkcs7_message *msg;
160 struct hornet_parse_context *ctx;
161 void *sig;
162 int err;
163 const void *authattrs;
164 size_t authattrs_len;
165
166 if (!attr->signature)
167 return LSM_INT_VERDICT_UNSIGNED;
168
169 ctx = kzalloc(sizeof(struct hornet_parse_context), GFP_KERNEL);
170 if (!ctx)
171 return -ENOMEM;
172
173 maps.fd_array = make_bpfptr(attr->fd_array, is_kernel);
174 sig = kzalloc(attr->signature_size, GFP_KERNEL);
175 if (!sig) {
176 err = -ENOMEM;
177 goto out;
178 }
179 err = copy_from_bpfptr(sig, usig, attr->signature_size);
180 if (err != 0)
181 goto cleanup_sig;
182
> 183 err = verify_pkcs7_signature(prog->insnsi, prog->len * sizeof(struct bpf_insn),
184 sig, attr->signature_size, VERIFY_USE_SECONDARY_KEYRING,
185 VERIFYING_BPF_SIGNATURE, NULL, NULL);
186 if (err < 0) {
187 err = LSM_INT_VERDICT_BADSIG;
188 goto cleanup_sig;
189 }
190
191 msg = pkcs7_parse_message(sig, attr->signature_size);
192 if (IS_ERR(msg)) {
193 err = LSM_INT_VERDICT_BADSIG;
194 goto cleanup_sig;
195 }
196
> 197 if (validate_pkcs7_trust(msg, VERIFY_USE_SECONDARY_KEYRING)) {
198 err = LSM_INT_VERDICT_PARTIALSIG;
199 goto cleanup_msg;
200 }
201 if (pkcs7_get_authattr(msg, OID_hornet_data,
202 &authattrs, &authattrs_len) == -ENODATA) {
203 err = LSM_INT_VERDICT_PARTIALSIG;
204 goto cleanup_msg;
205 }
206
207 err = asn1_ber_decoder(&hornet_decoder, ctx, authattrs, authattrs_len);
208 if (err < 0 || authattrs == NULL) {
209 err = LSM_INT_VERDICT_PARTIALSIG;
210 goto cleanup_msg;
211 }
212 err = hornet_verify_hashes(&maps, ctx, prog);
213
214 cleanup_msg:
215 pkcs7_free_message(msg);
216 cleanup_sig:
217 kfree(sig);
218 out:
219 kfree(ctx);
220 return err;
221 }
222
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
prev parent reply other threads:[~2026-03-01 2:03 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20260227233930.2418522-8-bboscaccy@linux.microsoft.com>
2026-02-28 5:33 ` kernel test robot
2026-03-01 2:02 ` kernel test robot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202603010957.7JUXdjTd-lkp@intel.com \
--to=lkp@intel.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=akpm@linux-foundation.org \
--cc=bboscaccy@linux.microsoft.com \
--cc=bpf@vger.kernel.org \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=foster.ryan.r@gmail.com \
--cc=gnoack@google.com \
--cc=jmorris@namei.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-security-module@vger.kernel.org \
--cc=linux@treblig.org \
--cc=mic@digikod.net \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
--cc=wufan@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox