apparmor: Fix undefined references to zstd_ symbols

Unfortunately the switch to using zstd compression did not properly ifdef all the code that uses zstd_ symbols. So that if exporting of binary policy is disabled in the config the compile will fail with the following errors security/apparmor/lsm.c:1545: undefined reference to `zstd_min_clevel' aarch64-linux-ld: security/apparmor/lsm.c:1545: undefined reference to `zstd_max_clevel' Reported-by: kernel test robot <lkp@intel.com> Fixes: 52ccc20c652b ("apparmor: use zstd compression for profile data") Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Jon Tourville <jon.tourville@canonical.com>

apparmor: Fix undefined references to zstd_ symbols
Unfortunately the switch to using zstd compression did not properly ifdef all the code that uses zstd_ symbols. So that if exporting of binary policy is disabled in the config the compile will fail with the following errors security/apparmor/lsm.c:1545: undefined reference to `zstd_min_clevel' aarch64-linux-ld: security/apparmor/lsm.c:1545: undefined reference to `zstd_max_clevel' Reported-by: kernel test robot <lkp@intel.com> Fixes: 52ccc20c652b ("apparmor: use zstd compression for profile data") Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Jon Tourville <jon.tourville@canonical.com>
70f24a9f · John Johansen · 14d37a7f · 70f24a9f · 70f24a9f · 70f24a9f
Commit 70f24a9f authored Sep 29, 2022 by John Johansen
Showing with 15 additions and 5 deletions

security/apparmor/apparmorfs.c security/apparmor/apparmorfs.c +2 -2

security/apparmor/include/apparmor.h security/apparmor/include/apparmor.h +11 -0

security/apparmor/lsm.c security/apparmor/lsm.c +2 -3

No files found.
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -1202,13 +1202,13 @@ static int seq_ns_name_show(struct seq_file *seq, void *v)
 static int seq_ns_compress_min_show(struct seq_file *seq, void *v)
 {
-	seq_printf(seq, "%d\n", zstd_min_clevel());
+	seq_printf(seq, "%d\n", AA_MIN_CLEVEL);
 	return 0;
 }
 static int seq_ns_compress_max_show(struct seq_file *seq, void *v)
 {
-	seq_printf(seq, "%d\n", zstd_max_clevel());
+	seq_printf(seq, "%d\n", AA_MAX_CLEVEL);
 	return 0;
 }

--- a/security/apparmor/include/apparmor.h
+++ b/security/apparmor/include/apparmor.h
@@ -51,4 +51,15 @@ extern bool aa_g_logsyscall;
 extern bool aa_g_paranoid_load;
 extern unsigned int aa_g_path_max;
+#ifdef CONFIG_SECURITY_APPARMOR_EXPORT_BINARY
+#define AA_MIN_CLEVEL zstd_min_clevel()
+#define AA_MAX_CLEVEL zstd_max_clevel()
+#define AA_DEFAULT_CLEVEL ZSTD_CLEVEL_DEFAULT
+#else
+#define AA_MIN_CLEVEL 0
+#define AA_MAX_CLEVEL 0
+#define AA_DEFAULT_CLEVEL 0
+#endif /* CONFIG_SECURITY_APPARMOR_EXPORT_BINARY */
 #endif /* __APPARMOR_H */
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -1365,7 +1365,7 @@ module_param_named(export_binary, aa_g_export_binary, aabool, 0600);
 #endif
 /* policy loaddata compression level */
-int aa_g_rawdata_compression_level = ZSTD_CLEVEL_DEFAULT;
+int aa_g_rawdata_compression_level = AA_DEFAULT_CLEVEL;
 module_param_named(rawdata_compression_level, aa_g_rawdata_compression_level,
 		   aacompressionlevel, 0400);
@@ -1547,8 +1547,7 @@ static int param_set_aacompressionlevel(const char *val,
 	error = param_set_int(val, kp);
 	aa_g_rawdata_compression_level = clamp(aa_g_rawdata_compression_level,
-					       zstd_min_clevel(),
+					       AA_MIN_CLEVEL, AA_MAX_CLEVEL);
-					       zstd_max_clevel());
 	pr_info("AppArmor: policy rawdata compression level set to %d\n",
 		aa_g_rawdata_compression_level);