Re: linux-next: build failure after merge of the security tree
From: Paul Moore
Date: Tue Jun 02 2026 - 13:29:28 EST
On Tue, Jun 2, 2026 at 12:52 PM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote:
> On 6/2/26 6:31 PM, Paul Moore wrote:
> > On Tue, Jun 2, 2026 at 12:16 PM Mark Brown <broonie@xxxxxxxxxx> wrote:
> >>
> >>
> >> After merging the security tree, today's linux-next build (x86_64
> >> allmodconfig) failed like this:
> >>
> >> /tmp/next/build/security/hornet/hornet_lsm.c:212:36: error: too many arguments to function call, expected 1, have 3
> >> 212 | if (map->ops->map_get_hash(map, SHA256_DIGEST_SIZE, hash))
> >> | ~~~~~~~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~
> >> /tmp/next/build/include/crypto/sha2.h:14:33: note: expanded from macro 'SHA256_DIGEST_SIZE'
> >> 14 | #define SHA256_DIGEST_SIZE 32
> >> | ^
> >>
> >>
> >> Caused by commit
> >>
> >> c62310df81899 (lsm: introduce the Hornet LSM)
> >>
> >> interacting with
> >>
> >> c48c3a7e7d5be (bpf: Drop redundant hash_buf from map_get_hash operation)
> >>
> >> from the bpf-next tree. I have reverted the latter commit, the new LSM
> >> means that the assumption in the changelog that there is only one caller
> >> isn't true and it seems like the most straightforward approach.
> >
> > Thanks Mark, we're taking a look at it now and should have a
> > fix/answer later today.
>
> Sigh, hornet should _not_ be merged to begin with for the many reasons stated.
> Messing around with BPF internals is yet another one aside from a really bad
> user experience of having multiple approaches to BPF signing !
Sigh, if the BPF devs had shown any interest in working with Blaise to
arrive at a solution that met the security goals we described (and not
necessarily what the BPF devs continue to mischaracterize) there would
be no need for Hornet. You are free to be upset about Hornet's
existence, but you need to be realistic about the role the BPF dev
community played in creating Hornet.
--
paul-moore.com