Hi all, After merging the keys tree, today's linux-next build (x86_64 allmodconfig) produced these warnings: In file included from include/linux/keyctl.h:11, from include/linux/key.h:35, from include/linux/cred.h:13, from fs/verity/signature.c:10: fs/verity/signature.c: In function 'fsverity_init_signature': include/uapi/linux/keyctl.h:52:24: warning: passing argument 5 of 'keyring_alloc' makes pointer from integer without a cast [-Wint-conversion] #define KEY_POS_SEARCH 0x08000000 /* possessor can find a key in search / search a keyring */ ^ fs/verity/signature.c:140:25: note: in expansion of macro 'KEY_POS_SEARCH' current_cred(), KEY_POS_SEARCH | ^~~~~~~~~~~~~~ In file included from include/linux/cred.h:13, from fs/verity/signature.c:10: include/linux/key.h:386:20: note: expected 'struct key_acl *' but argument is of type 'int' extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid, ^~~~~~~~~~~~~ Caused by commit f802f2b3a991 ("keys: Replace uid/gid/perm permissions checking with an ACL") interacting with commit 318ce3c7b2ff ("fs-verity: support builtin file signatures") from the fsverity tree. (Have I mentioned that I have API changes? ;-)) I have applied the following merge fix patch: From: Stephen Rothwell Date: Tue, 30 Jul 2019 12:13:38 +1000 Subject: [PATCH] fsverity: merge fix for keyring_alloc API change Signed-off-by: Stephen Rothwell --- fs/verity/signature.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/fs/verity/signature.c b/fs/verity/signature.c index c8b255232de5..a7aac30c56ae 100644 --- a/fs/verity/signature.c +++ b/fs/verity/signature.c @@ -131,15 +131,26 @@ static inline int __init fsverity_sysctl_init(void) } #endif /* !CONFIG_SYSCTL */ +static struct key_acl fsverity_acl = { + .usage = REFCOUNT_INIT(1), + .possessor_viewable = true, + .nr_ace = 2, + .aces = { + KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_JOIN | + KEY_ACE_INVAL), + KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_WRITE | + KEY_ACE_CLEAR | KEY_ACE_SEARCH | + KEY_ACE_SET_SECURITY | KEY_ACE_REVOKE), + } +}; + int __init fsverity_init_signature(void) { struct key *ring; int err; ring = keyring_alloc(".fs-verity", KUIDT_INIT(0), KGIDT_INIT(0), - current_cred(), KEY_POS_SEARCH | - KEY_USR_VIEW | KEY_USR_READ | KEY_USR_WRITE | - KEY_USR_SEARCH | KEY_USR_SETATTR, + current_cred(), &fsverity_acl, KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL); if (IS_ERR(ring)) return PTR_ERR(ring); -- 2.20.1 -- Cheers, Stephen Rothwell