Hi Casey, I love your patch! Perhaps something to improve:
[auto build test WARNING on pcmoore-selinux/next] [also build test WARNING on linus/master v5.18-rc1 next-20220407] [cannot apply to pcmoore-audit/next jmorris-security/next-testing] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch] url: https://github.com/intel-lab-lkp/linux/commits/Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220408-062243 base: https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git next config: arm-randconfig-c002-20220408 (https://download.01.org/0day-ci/archive/20220408/[email protected]/config) compiler: arm-linux-gnueabi-gcc (GCC) 11.2.0 reproduce (this is a W=1 build): wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross chmod +x ~/bin/make.cross # https://github.com/intel-lab-lkp/linux/commit/0d4df6ae86e123057cb18eeb5ba1b1eff2641fe4 git remote add linux-review https://github.com/intel-lab-lkp/linux git fetch --no-tags linux-review Casey-Schaufler/integrity-disassociate-ima_filter_rule-from-security_audit_rule/20220408-062243 git checkout 0d4df6ae86e123057cb18eeb5ba1b1eff2641fe4 # save the config file to linux build tree mkdir build_dir COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=arm SHELL=/bin/bash security/integrity/ima/ If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <[email protected]> All warnings (new ones prefixed by >>): security/integrity/ima/ima_appraise.c: In function 'ima_must_appraise': >> security/integrity/ima/ima_appraise.c:81:16: warning: array subscript 0 is >> outside array bounds of 'u32[0]' {aka 'unsigned int[]'} [-Warray-bounds] 81 | return ima_match_policy(mnt_userns, inode, current_cred(), | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 82 | blob.secid[0], func, mask, | ~~~~~~~~~~~~~~~~~~~~~~~~~~ 83 | IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 84 | NULL); | ~~~~~ In file included from include/linux/ima.h:12, from security/integrity/ima/ima_appraise.c:14: include/linux/security.h:150:17: note: while referencing 'secid' 150 | u32 secid[LSMBLOB_ENTRIES]; | ^~~~~ security/integrity/ima/ima_appraise.c:74:24: note: defined here 'blob' 74 | struct lsmblob blob; | ^~~~ vim +81 security/integrity/ima/ima_appraise.c 65 66 /* 67 * ima_must_appraise - set appraise flag 68 * 69 * Return 1 to appraise or hash 70 */ 71 int ima_must_appraise(struct user_namespace *mnt_userns, struct inode *inode, 72 int mask, enum ima_hooks func) 73 { 74 struct lsmblob blob; 75 76 if (!ima_appraise) 77 return 0; 78 79 security_current_getsecid_subj(&blob); 80 /* scaffolding the .secid[0] */ > 81 return ima_match_policy(mnt_userns, inode, current_cred(), 82 blob.secid[0], func, mask, 83 IMA_APPRAISE | IMA_HASH, NULL, NULL, NULL, 84 NULL); 85 } 86 -- 0-DAY CI Kernel Test Service https://01.org/lkp -- Linux-audit mailing list [email protected] https://listman.redhat.com/mailman/listinfo/linux-audit
