From: Mimi Zohar <zohar@linux.ibm.com>
To: Kairui Song <kasong@redhat.com>, linux-kernel@vger.kernel.org
Cc: dhowells@redhat.com, dwmw2@infradead.org,
jwboyer@fedoraproject.org, keyrings@vger.kernel.org,
jmorris@namei.org, serge@hallyn.com, bauerman@linux.ibm.com,
ebiggers@google.com, nayna@linux.ibm.com, dyoung@redhat.com,
linux-integrity@vger.kernel.org, kexec@lists.infradead.org
Subject: Re: [PATCH] integrity, KEYS: Fix build break with set_platform_trusted_keys
Date: Mon, 04 Feb 2019 22:20:08 +0000 [thread overview]
Message-ID: <1549318808.4146.127.camel@linux.ibm.com> (raw)
In-Reply-To: <20190203155927.24390-1-kasong@redhat.com>
On Sun, 2019-02-03 at 23:59 +0800, Kairui Song wrote:
> Commit 15ebb2eb0705 ("integrity, KEYS: add a reference to platform
> keyring") introduced a function set_platform_trusted_keys
> and calls the function in __integrity_init_keyring.
>
> It only checks if CONFIG_INTEGRITY_PLATFORM_KEYRING is enabled when
> enabling this function, but actually this function also depends on
> CONFIG_SYSTEM_TRUSTED_KEYRING.
>
> So when built with CONFIG_INTEGRITY_PLATFORM_KEYRING &&
> !CONFIG_SYSTEM_TRUSTED_KEYRING. we will get following error:
>
> digsig.c:92: undefined reference to `set_platform_trusted_keys'
>
> And it also mistakenly wrapped the function code in the ifdef block of
> CONFIG_SYSTEM_DATA_VERIFICATION.
>
> This commit fixes the issue by adding the missing check of
> CONFIG_SYSTEM_TRUSTED_KEYRING and move the function code out of
> CONFIG_SYSTEM_DATA_VERIFICATION's ifdef block.
>
> Fixes: 15ebb2eb0705 ("integrity, KEYS: add a reference to platform keyring")
> Signed-off-by: Kairui Song <kasong@redhat.com>
Thank you. As the original patch hasn't yet been upstreamed , I plan
on squashing them.
Mimi
> ---
> certs/system_keyring.c | 4 ++--
> include/keys/system_keyring.h | 9 +++------
> 2 files changed, 5 insertions(+), 8 deletions(-)
>
> diff --git a/certs/system_keyring.c b/certs/system_keyring.c
> index 19bd0504bbcb..c05c29ae4d5d 100644
> --- a/certs/system_keyring.c
> +++ b/certs/system_keyring.c
> @@ -279,11 +279,11 @@ int verify_pkcs7_signature(const void *data, size_t len,
> }
> EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
>
> +#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
> +
> #ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
> void __init set_platform_trusted_keys(struct key *keyring)
> {
> platform_trusted_keys = keyring;
> }
> #endif
> -
> -#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
> diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
> index c7f899ee974e..42a93eda331c 100644
> --- a/include/keys/system_keyring.h
> +++ b/include/keys/system_keyring.h
> @@ -61,16 +61,13 @@ static inline struct key *get_ima_blacklist_keyring(void)
> }
> #endif /* CONFIG_IMA_BLACKLIST_KEYRING */
>
> -#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
> -
> +#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
> + defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
> extern void __init set_platform_trusted_keys(struct key *keyring);
> -
> #else
> -
> static inline void set_platform_trusted_keys(struct key *keyring)
> {
> }
> -
> -#endif /* CONFIG_INTEGRITY_PLATFORM_KEYRING */
> +#endif
>
> #endif /* _KEYS_SYSTEM_KEYRING_H */
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.ibm.com>
To: Kairui Song <kasong@redhat.com>, linux-kernel@vger.kernel.org
Cc: dhowells@redhat.com, dwmw2@infradead.org,
jwboyer@fedoraproject.org, keyrings@vger.kernel.org,
jmorris@namei.org, serge@hallyn.com, bauerman@linux.ibm.com,
ebiggers@google.com, nayna@linux.ibm.com, dyoung@redhat.com,
linux-integrity@vger.kernel.org, kexec@lists.infradead.org
Subject: Re: [PATCH] integrity, KEYS: Fix build break with set_platform_trusted_keys
Date: Mon, 04 Feb 2019 17:20:08 -0500 [thread overview]
Message-ID: <1549318808.4146.127.camel@linux.ibm.com> (raw)
In-Reply-To: <20190203155927.24390-1-kasong@redhat.com>
On Sun, 2019-02-03 at 23:59 +0800, Kairui Song wrote:
> Commit 15ebb2eb0705 ("integrity, KEYS: add a reference to platform
> keyring") introduced a function set_platform_trusted_keys
> and calls the function in __integrity_init_keyring.
>
> It only checks if CONFIG_INTEGRITY_PLATFORM_KEYRING is enabled when
> enabling this function, but actually this function also depends on
> CONFIG_SYSTEM_TRUSTED_KEYRING.
>
> So when built with CONFIG_INTEGRITY_PLATFORM_KEYRING &&
> !CONFIG_SYSTEM_TRUSTED_KEYRING. we will get following error:
>
> digsig.c:92: undefined reference to `set_platform_trusted_keys'
>
> And it also mistakenly wrapped the function code in the ifdef block of
> CONFIG_SYSTEM_DATA_VERIFICATION.
>
> This commit fixes the issue by adding the missing check of
> CONFIG_SYSTEM_TRUSTED_KEYRING and move the function code out of
> CONFIG_SYSTEM_DATA_VERIFICATION's ifdef block.
>
> Fixes: 15ebb2eb0705 ("integrity, KEYS: add a reference to platform keyring")
> Signed-off-by: Kairui Song <kasong@redhat.com>
Thank you. As the original patch hasn't yet been upstreamed , I plan
on squashing them.
Mimi
> ---
> certs/system_keyring.c | 4 ++--
> include/keys/system_keyring.h | 9 +++------
> 2 files changed, 5 insertions(+), 8 deletions(-)
>
> diff --git a/certs/system_keyring.c b/certs/system_keyring.c
> index 19bd0504bbcb..c05c29ae4d5d 100644
> --- a/certs/system_keyring.c
> +++ b/certs/system_keyring.c
> @@ -279,11 +279,11 @@ int verify_pkcs7_signature(const void *data, size_t len,
> }
> EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
>
> +#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
> +
> #ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
> void __init set_platform_trusted_keys(struct key *keyring)
> {
> platform_trusted_keys = keyring;
> }
> #endif
> -
> -#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
> diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
> index c7f899ee974e..42a93eda331c 100644
> --- a/include/keys/system_keyring.h
> +++ b/include/keys/system_keyring.h
> @@ -61,16 +61,13 @@ static inline struct key *get_ima_blacklist_keyring(void)
> }
> #endif /* CONFIG_IMA_BLACKLIST_KEYRING */
>
> -#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
> -
> +#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
> + defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
> extern void __init set_platform_trusted_keys(struct key *keyring);
> -
> #else
> -
> static inline void set_platform_trusted_keys(struct key *keyring)
> {
> }
> -
> -#endif /* CONFIG_INTEGRITY_PLATFORM_KEYRING */
> +#endif
>
> #endif /* _KEYS_SYSTEM_KEYRING_H */
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.ibm.com>
To: Kairui Song <kasong@redhat.com>, linux-kernel@vger.kernel.org
Cc: jwboyer@fedoraproject.org, ebiggers@google.com,
dyoung@redhat.com, nayna@linux.ibm.com,
kexec@lists.infradead.org, jmorris@namei.org,
dhowells@redhat.com, keyrings@vger.kernel.org,
linux-integrity@vger.kernel.org, dwmw2@infradead.org,
bauerman@linux.ibm.com, serge@hallyn.com
Subject: Re: [PATCH] integrity, KEYS: Fix build break with set_platform_trusted_keys
Date: Mon, 04 Feb 2019 17:20:08 -0500 [thread overview]
Message-ID: <1549318808.4146.127.camel@linux.ibm.com> (raw)
In-Reply-To: <20190203155927.24390-1-kasong@redhat.com>
On Sun, 2019-02-03 at 23:59 +0800, Kairui Song wrote:
> Commit 15ebb2eb0705 ("integrity, KEYS: add a reference to platform
> keyring") introduced a function set_platform_trusted_keys
> and calls the function in __integrity_init_keyring.
>
> It only checks if CONFIG_INTEGRITY_PLATFORM_KEYRING is enabled when
> enabling this function, but actually this function also depends on
> CONFIG_SYSTEM_TRUSTED_KEYRING.
>
> So when built with CONFIG_INTEGRITY_PLATFORM_KEYRING &&
> !CONFIG_SYSTEM_TRUSTED_KEYRING. we will get following error:
>
> digsig.c:92: undefined reference to `set_platform_trusted_keys'
>
> And it also mistakenly wrapped the function code in the ifdef block of
> CONFIG_SYSTEM_DATA_VERIFICATION.
>
> This commit fixes the issue by adding the missing check of
> CONFIG_SYSTEM_TRUSTED_KEYRING and move the function code out of
> CONFIG_SYSTEM_DATA_VERIFICATION's ifdef block.
>
> Fixes: 15ebb2eb0705 ("integrity, KEYS: add a reference to platform keyring")
> Signed-off-by: Kairui Song <kasong@redhat.com>
Thank you. As the original patch hasn't yet been upstreamed , I plan
on squashing them.
Mimi
> ---
> certs/system_keyring.c | 4 ++--
> include/keys/system_keyring.h | 9 +++------
> 2 files changed, 5 insertions(+), 8 deletions(-)
>
> diff --git a/certs/system_keyring.c b/certs/system_keyring.c
> index 19bd0504bbcb..c05c29ae4d5d 100644
> --- a/certs/system_keyring.c
> +++ b/certs/system_keyring.c
> @@ -279,11 +279,11 @@ int verify_pkcs7_signature(const void *data, size_t len,
> }
> EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
>
> +#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
> +
> #ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
> void __init set_platform_trusted_keys(struct key *keyring)
> {
> platform_trusted_keys = keyring;
> }
> #endif
> -
> -#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
> diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
> index c7f899ee974e..42a93eda331c 100644
> --- a/include/keys/system_keyring.h
> +++ b/include/keys/system_keyring.h
> @@ -61,16 +61,13 @@ static inline struct key *get_ima_blacklist_keyring(void)
> }
> #endif /* CONFIG_IMA_BLACKLIST_KEYRING */
>
> -#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
> -
> +#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
> + defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
> extern void __init set_platform_trusted_keys(struct key *keyring);
> -
> #else
> -
> static inline void set_platform_trusted_keys(struct key *keyring)
> {
> }
> -
> -#endif /* CONFIG_INTEGRITY_PLATFORM_KEYRING */
> +#endif
>
> #endif /* _KEYS_SYSTEM_KEYRING_H */
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2019-02-04 22:20 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-03 15:59 [PATCH] integrity, KEYS: Fix build break with set_platform_trusted_keys Kairui Song
2019-02-03 15:59 ` Kairui Song
2019-02-03 15:59 ` Kairui Song
2019-02-04 22:20 ` Mimi Zohar [this message]
2019-02-04 22:20 ` Mimi Zohar
2019-02-04 22:20 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1549318808.4146.127.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=bauerman@linux.ibm.com \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=dyoung@redhat.com \
--cc=ebiggers@google.com \
--cc=jmorris@namei.org \
--cc=jwboyer@fedoraproject.org \
--cc=kasong@redhat.com \
--cc=kexec@lists.infradead.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nayna@linux.ibm.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.