Hi Maxime, kernel test robot noticed the following build warnings:
[auto build test WARNING on 9c32cda43eb78f78c73aee4aa344b777714e259b] url: https://github.com/intel-lab-lkp/linux/commits/Maxime-B-lair/Wire-up-lsm_config_self_policy-and-lsm_config_system_policy-syscalls/20250709-160720 base: 9c32cda43eb78f78c73aee4aa344b777714e259b patch link: https://lore.kernel.org/r/20250709080220.110947-4-maxime.belair%40canonical.com patch subject: [PATCH v5 3/3] AppArmor: add support for lsm_config_self_policy and lsm_config_system_policy config: hexagon-randconfig-r072-20250714 (https://download.01.org/0day-ci/archive/20250715/[email protected]/config) compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <[email protected]> | Closes: https://lore.kernel.org/oe-kbuild-all/[email protected]/ smatch warnings: security/apparmor/lsm.c:1348 apparmor_lsm_config_system_policy() warn: unsigned 'ns_size' is never less than zero. vim +/ns_size +1348 security/apparmor/lsm.c 1319 1320 /** 1321 * apparmor_lsm_config_system_policy - Load or replace a system policy 1322 * @lsm_id: AppArmor ID (LSM_ID_APPARMOR). Unused here 1323 * @op: operation to perform. Currently, only LSM_POLICY_LOAD is supported 1324 * @buf: user-supplied buffer in the form "<ns>\0<policy>" 1325 * <ns> is the namespace to load the policy into (empty string for root) 1326 * <policy> is the policy to load 1327 * @size: size of @buf 1328 * @flags: reserved for future uses; must be zero 1329 * 1330 * Returns: 0 on success, negative value on error 1331 */ 1332 static int apparmor_lsm_config_system_policy(u32 lsm_id, u32 op, void __user *buf, 1333 size_t size, u32 flags) 1334 { 1335 loff_t pos = 0; // Partial writing is not currently supported 1336 char ns_name[AA_PROFILE_NAME_MAX_SIZE]; 1337 size_t ns_size; 1338 size_t max_ns_size = min(size, AA_PROFILE_NAME_MAX_SIZE); 1339 1340 if (op != LSM_POLICY_LOAD || flags) 1341 return -EOPNOTSUPP; 1342 if (size < 2) 1343 return -EINVAL; 1344 if (size > AA_PROFILE_MAX_SIZE) 1345 return -E2BIG; 1346 1347 ns_size = strncpy_from_user(ns_name, buf, max_ns_size); > 1348 if (ns_size < 0) 1349 return ns_size; 1350 if (ns_size == max_ns_size) 1351 return -E2BIG; 1352 1353 return aa_profile_load_ns_name(ns_name, ns_size, buf + ns_size + 1, 1354 size - ns_size - 1, &pos); 1355 } 1356 -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki
