[Bug runtime/27001] New: 4.4 runtime/transport/transport.c: security_locked_down can be undeclared depending the kernel config

guillaume at morinfr dot org sourceware-bugzilla@sourceware.org
Wed Dec 2 21:13:40 GMT 2020 

https://sourceware.org/bugzilla/show_bug.cgi?id=27001

            Bug ID: 27001
           Summary: 4.4 runtime/transport/transport.c:
                    security_locked_down can be undeclared depending the
                    kernel config
           Product: systemtap
           Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: runtime
          Assignee: systemtap at sourceware dot org
          Reporter: guillaume at morinfr dot org
  Target Milestone: ---

I am having issues running systemtap on a custom built 5.4.80 kernel:

Pass 1: parsed user script and 481 library scripts using
111236virt/97444res/7328shr/90372data kb, in 150usr/10sys/140real ms.           
Pass 2: analyzed script: 1 probe, 35 functions, 0 embeds, 0 globals using
114764virt/102084res/8288shr/93900data kb, in 30usr/70sys/447real ms.           
Pass 3: translated to C into
"/tmp/stapSd29oh/stap_5e4f23ab5591f24875927e0341ccd64a_7093_src.c" using
120836virt/108472res/8476shr/99972data kb, in 310usr/40sys/325real ms.          
In file included from /usr/share/systemtap/runtime/linux/print.c:17,
                 from /usr/share/systemtap/runtime/print.c:17,
                 from /usr/share/systemtap/runtime/runtime_context.h:22,
                 from
/tmp/stapSd29oh/stap_5e4f23ab5591f24875927e0341ccd64a_7093_src.c:282:
/usr/share/systemtap/runtime/transport/transport.c: In function
‘_stp_transport_fs_init’:
/usr/share/systemtap/runtime/transport/transport.c:121:27: error: implicit
declaration of function ‘security_locked_down’; did you mean ‘get_locked_pte’?
[-Werror=implicit-function-declaration]                    
         if (!debugfs_p && security_locked_down (LOCKDOWN_DEBUGFS)) {
                           ^~~~~~~~~~~~~~~~~~~~
                           get_locked_pte
/usr/share/systemtap/runtime/transport/transport.c:121:49: error:
‘LOCKDOWN_DEBUGFS’ undeclared (first use in this function); did you mean
‘LOGLEVEL_DEBUG’?                                                         
         if (!debugfs_p && security_locked_down (LOCKDOWN_DEBUGFS)) {
                                                 ^~~~~~~~~~~~~~~~
                                                 LOGLEVEL_DEBUG
/usr/share/systemtap/runtime/transport/transport.c:121:49: note: each
undeclared identifier is reported only once for each function it appears in     
cc1: all warnings being treated as errors

This appears to be due a recent change:
https://sourceware.org/git/?p=systemtap.git;a=commit;h=7615cae790c899bc8a82841c75c8ea9c6fa54df3

security_locked_down and  LOCKDOWN_DEBUGFS are declared in linux/security.h but
with my kernel config they’re not included because the #include is protected
by:

#ifdef CONFIG_SECURITY_LOCKDOWN_LSM
#include <linux/security.h>
#endif

CONFIG_SECURITY_LOCKDOWN_LSM does not appear in my config.

However the detector code does not protect that include the same way so it
builds fine and STAPCONF_LOCKDOWN_DEBUGFS gets defined.

#include <linux/security.h>

int foo(void) {
        return security_locked_down(LOCKDOWN_DEBUGFS);
}

The simplest fix seems to protect the include the same way in the detector.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Systemtap mailing list