All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH 00/18] keys: Miscellaneous fixes
@ 2020-12-09 12:14 David Howells
  2020-12-09 12:14 ` [PATCH 01/18] security: keys: Fix fall-through warnings for Clang David Howells
                   ` (22 more replies)
  0 siblings, 23 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:14 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Alexander A. Klimov, Petko Manolov, Serge E. Hallyn,
	linux-kernel, YueHaibing, Herbert Xu, Jann Horn, linux-crypto,
	Jarkko Sakkinen, Ben Boeckel, keyrings, Gabriel Krisman Bertazi,
	linux-security-module, Randy Dunlap, Mimi Zohar, Tom Rix,
	Gustavo A. R. Silva, Alex Shi, Jarkko Sakkinen,
	Krzysztof Kozlowski, James Morris, Denis Efremov,
	Mickaël Salaün, David Woodhouse, David S. Miller,
	Tianjia Zhang, dhowells, keyrings, linux-kernel


Hi Jarkko,

I've extended my collection of minor keyrings fixes for the next merge
window.  Anything else I should add (or anything I should drop)?

The patches can be found on the following branch:

	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes

David
---
Alex Shi (2):
      PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one
      certs/blacklist: fix kernel doc interface issue

Alexander A. Klimov (1):
      encrypted-keys: Replace HTTP links with HTTPS ones

David Howells (1):
      certs: Fix blacklist flag type confusion

Denis Efremov (1):
      security/keys: use kvfree_sensitive()

Gabriel Krisman Bertazi (1):
      watch_queue: Drop references to /dev/watch_queue

Gustavo A. R. Silva (1):
      security: keys: Fix fall-through warnings for Clang

Jann Horn (1):
      keys: Remove outdated __user annotations

Krzysztof Kozlowski (1):
      KEYS: asymmetric: Fix kerneldoc

Mickaël Salaün (3):
      certs: Fix blacklisted hexadecimal hash string check
      PKCS#7: Fix missing include
      certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID

Randy Dunlap (2):
      security: keys: delete repeated words in comments
      crypto: asymmetric_keys: fix some comments in pkcs7_parser.h

Tianjia Zhang (1):
      crypto: public_key: Remove redundant header file from public_key.h

Tom Rix (2):
      KEYS: remove redundant memset
      keys: remove trailing semicolon in macro definition

YueHaibing (1):
      crypto: pkcs7: Use match_string() helper to simplify the code


 Documentation/security/keys/core.rst     |  4 ++--
 certs/blacklist.c                        | 10 +++++-----
 certs/system_keyring.c                   |  5 +++--
 crypto/asymmetric_keys/asymmetric_type.c |  6 ++++--
 crypto/asymmetric_keys/pkcs7_parser.h    |  5 ++---
 crypto/asymmetric_keys/pkcs7_trust.c     |  2 +-
 crypto/asymmetric_keys/pkcs7_verify.c    |  9 ++++-----
 include/crypto/public_key.h              |  1 -
 include/keys/encrypted-type.h            |  2 +-
 include/linux/key.h                      |  5 +++--
 include/linux/verification.h             |  2 ++
 samples/Kconfig                          |  2 +-
 samples/watch_queue/watch_test.c         |  2 +-
 security/integrity/ima/ima_mok.c         |  3 +--
 security/keys/Kconfig                    |  8 ++++----
 security/keys/big_key.c                  |  9 +++------
 security/keys/key.c                      |  2 ++
 security/keys/keyctl.c                   |  2 +-
 security/keys/keyctl_pkey.c              |  2 --
 security/keys/keyring.c                  | 10 +++++-----
 20 files changed, 45 insertions(+), 46 deletions(-)



^ permalink raw reply	[flat|nested] 33+ messages in thread

* [PATCH 01/18] security: keys: Fix fall-through warnings for Clang
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
@ 2020-12-09 12:14 ` David Howells
  2020-12-09 12:14 ` [PATCH 02/18] keys: Remove outdated __user annotations David Howells
                   ` (21 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:14 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Gustavo A. R. Silva, Jarkko Sakkinen, dhowells, keyrings, linux-kernel

From: Gustavo A. R. Silva <gustavoars@kernel.org>

In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning
by explicitly adding a break statement instead of letting the code fall
through to the next case.

Link: https://github.com/KSPP/linux/issues/115
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
---

 security/keys/process_keys.c |    1 +
 1 file changed, 1 insertion(+)

diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index 1fe8b934f656..e3d79a7b6db6 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -783,6 +783,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
 				if (need_perm != KEY_AUTHTOKEN_OVERRIDE &&
 				    need_perm != KEY_DEFER_PERM_CHECK)
 					goto invalid_key;
+				break;
 			case 0:
 				break;
 			}



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 02/18] keys: Remove outdated __user annotations
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
  2020-12-09 12:14 ` [PATCH 01/18] security: keys: Fix fall-through warnings for Clang David Howells
@ 2020-12-09 12:14 ` David Howells
  2020-12-09 12:14 ` [PATCH 03/18] watch_queue: Drop references to /dev/watch_queue David Howells
                   ` (20 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:14 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: Jann Horn, dhowells, keyrings, linux-kernel

From: Jann Horn <jannh@google.com>

When the semantics of the ->read() handlers were changed such that "buffer"
is a kernel pointer, some __user annotations survived.
Since they're wrong now, get rid of them.

Fixes: d3ec10aa9581 ("KEYS: Don't write out to userspace while holding key semaphore")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---

 security/keys/keyring.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 14abfe765b7e..977066208387 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -452,7 +452,7 @@ static void keyring_describe(const struct key *keyring, struct seq_file *m)
 struct keyring_read_iterator_context {
 	size_t			buflen;
 	size_t			count;
-	key_serial_t __user	*buffer;
+	key_serial_t		*buffer;
 };
 
 static int keyring_read_iterator(const void *object, void *data)
@@ -479,7 +479,7 @@ static int keyring_read_iterator(const void *object, void *data)
  * times.
  */
 static long keyring_read(const struct key *keyring,
-			 char __user *buffer, size_t buflen)
+			 char *buffer, size_t buflen)
 {
 	struct keyring_read_iterator_context ctx;
 	long ret;
@@ -491,7 +491,7 @@ static long keyring_read(const struct key *keyring,
 
 	/* Copy as many key IDs as fit into the buffer */
 	if (buffer && buflen) {
-		ctx.buffer = (key_serial_t __user *)buffer;
+		ctx.buffer = (key_serial_t *)buffer;
 		ctx.buflen = buflen;
 		ctx.count = 0;
 		ret = assoc_array_iterate(&keyring->keys,



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 03/18] watch_queue: Drop references to /dev/watch_queue
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
  2020-12-09 12:14 ` [PATCH 01/18] security: keys: Fix fall-through warnings for Clang David Howells
  2020-12-09 12:14 ` [PATCH 02/18] keys: Remove outdated __user annotations David Howells
@ 2020-12-09 12:14 ` David Howells
  2020-12-09 12:14 ` [PATCH 04/18] security/keys: use kvfree_sensitive() David Howells
                   ` (19 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:14 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Gabriel Krisman Bertazi, Jarkko Sakkinen, dhowells, keyrings,
	linux-kernel

From: Gabriel Krisman Bertazi <krisman@collabora.com>

The merged API doesn't use a watch_queue device, but instead relies on
pipes, so let the documentation reflect that.

Fixes: f7e47677e39a ("watch_queue: Add a key/keyring notification facility")
Signed-off-by: Gabriel Krisman Bertazi <krisman@collabora.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
---

 Documentation/security/keys/core.rst |    4 ++--
 samples/Kconfig                      |    2 +-
 samples/watch_queue/watch_test.c     |    2 +-
 security/keys/Kconfig                |    8 ++++----
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst
index aa0081685ee1..b3ed5c581034 100644
--- a/Documentation/security/keys/core.rst
+++ b/Documentation/security/keys/core.rst
@@ -1040,8 +1040,8 @@ The keyctl syscall functions are:
 
      "key" is the ID of the key to be watched.
 
-     "queue_fd" is a file descriptor referring to an open "/dev/watch_queue"
-     which manages the buffer into which notifications will be delivered.
+     "queue_fd" is a file descriptor referring to an open pipe which
+     manages the buffer into which notifications will be delivered.
 
      "filter" is either NULL to remove a watch or a filter specification to
      indicate what events are required from the key.
diff --git a/samples/Kconfig b/samples/Kconfig
index 0ed6e4d71d87..e76cdfc50e25 100644
--- a/samples/Kconfig
+++ b/samples/Kconfig
@@ -210,7 +210,7 @@ config SAMPLE_WATCHDOG
 	depends on CC_CAN_LINK
 
 config SAMPLE_WATCH_QUEUE
-	bool "Build example /dev/watch_queue notification consumer"
+	bool "Build example watch_queue notification API consumer"
 	depends on CC_CAN_LINK && HEADERS_INSTALL
 	help
 	  Build example userspace program to use the new mount_notify(),
diff --git a/samples/watch_queue/watch_test.c b/samples/watch_queue/watch_test.c
index 46e618a897fe..8c6cb57d5cfc 100644
--- a/samples/watch_queue/watch_test.c
+++ b/samples/watch_queue/watch_test.c
@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: GPL-2.0
-/* Use /dev/watch_queue to watch for notifications.
+/* Use watch_queue API to watch for notifications.
  *
  * Copyright (C) 2020 Red Hat, Inc. All Rights Reserved.
  * Written by David Howells (dhowells@redhat.com)
diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index 83bc23409164..c161642a8484 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -119,7 +119,7 @@ config KEY_NOTIFICATIONS
 	bool "Provide key/keyring change notifications"
 	depends on KEYS && WATCH_QUEUE
 	help
-	  This option provides support for getting change notifications on keys
-	  and keyrings on which the caller has View permission.  This makes use
-	  of the /dev/watch_queue misc device to handle the notification
-	  buffer and provides KEYCTL_WATCH_KEY to enable/disable watches.
+	  This option provides support for getting change notifications
+	  on keys and keyrings on which the caller has View permission.
+	  This makes use of pipes to handle the notification buffer and
+	  provides KEYCTL_WATCH_KEY to enable/disable watches.



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 04/18] security/keys: use kvfree_sensitive()
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (2 preceding siblings ...)
  2020-12-09 12:14 ` [PATCH 03/18] watch_queue: Drop references to /dev/watch_queue David Howells
@ 2020-12-09 12:14 ` David Howells
  2020-12-09 12:15 ` [PATCH 05/18] KEYS: asymmetric: Fix kerneldoc David Howells
                   ` (18 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:14 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: Denis Efremov, dhowells, keyrings, linux-kernel

From: Denis Efremov <efremov@linux.com>

Use kvfree_sensitive() instead of open-coding it.

Signed-off-by: Denis Efremov <efremov@linux.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---

 security/keys/big_key.c |    9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/security/keys/big_key.c b/security/keys/big_key.c
index 691347dea3c1..d17e5f09eeb8 100644
--- a/security/keys/big_key.c
+++ b/security/keys/big_key.c
@@ -121,8 +121,7 @@ int big_key_preparse(struct key_preparsed_payload *prep)
 		*path = file->f_path;
 		path_get(path);
 		fput(file);
-		memzero_explicit(buf, enclen);
-		kvfree(buf);
+		kvfree_sensitive(buf, enclen);
 	} else {
 		/* Just store the data in a buffer */
 		void *data = kmalloc(datalen, GFP_KERNEL);
@@ -140,8 +139,7 @@ int big_key_preparse(struct key_preparsed_payload *prep)
 err_enckey:
 	kfree_sensitive(enckey);
 error:
-	memzero_explicit(buf, enclen);
-	kvfree(buf);
+	kvfree_sensitive(buf, enclen);
 	return ret;
 }
 
@@ -273,8 +271,7 @@ long big_key_read(const struct key *key, char *buffer, size_t buflen)
 err_fput:
 		fput(file);
 error:
-		memzero_explicit(buf, enclen);
-		kvfree(buf);
+		kvfree_sensitive(buf, enclen);
 	} else {
 		ret = datalen;
 		memcpy(buffer, key->payload.data[big_key_data], datalen);



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 05/18] KEYS: asymmetric: Fix kerneldoc
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (3 preceding siblings ...)
  2020-12-09 12:14 ` [PATCH 04/18] security/keys: use kvfree_sensitive() David Howells
@ 2020-12-09 12:15 ` David Howells
  2020-12-09 12:15 ` [PATCH 06/18] security: keys: delete repeated words in comments David Howells
                   ` (17 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:15 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Krzysztof Kozlowski, Randy Dunlap, Ben Boeckel, Jarkko Sakkinen,
	dhowells, keyrings, linux-kernel

From: Krzysztof Kozlowski <krzk@kernel.org>

Fix W=1 compile warnings (invalid kerneldoc):

    crypto/asymmetric_keys/asymmetric_type.c:160: warning: Function parameter or member 'kid1' not described in 'asymmetric_key_id_same'
    crypto/asymmetric_keys/asymmetric_type.c:160: warning: Function parameter or member 'kid2' not described in 'asymmetric_key_id_same'
    crypto/asymmetric_keys/asymmetric_type.c:160: warning: Excess function parameter 'kid_1' description in 'asymmetric_key_id_same'
    crypto/asymmetric_keys/asymmetric_type.c:160: warning: Excess function parameter 'kid_2' description in 'asymmetric_key_id_same'

Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Reviewed-by: Ben Boeckel <mathstuf@gmail.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@iki.fi>
---

 crypto/asymmetric_keys/asymmetric_type.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index 33e77d846caa..ad8af3d70ac0 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -152,7 +152,8 @@ EXPORT_SYMBOL_GPL(asymmetric_key_generate_id);
 
 /**
  * asymmetric_key_id_same - Return true if two asymmetric keys IDs are the same.
- * @kid_1, @kid_2: The key IDs to compare
+ * @kid1: The key ID to compare
+ * @kid2: The key ID to compare
  */
 bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1,
 			    const struct asymmetric_key_id *kid2)
@@ -168,7 +169,8 @@ EXPORT_SYMBOL_GPL(asymmetric_key_id_same);
 /**
  * asymmetric_key_id_partial - Return true if two asymmetric keys IDs
  * partially match
- * @kid_1, @kid_2: The key IDs to compare
+ * @kid1: The key ID to compare
+ * @kid2: The key ID to compare
  */
 bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1,
 			       const struct asymmetric_key_id *kid2)



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 06/18] security: keys: delete repeated words in comments
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (4 preceding siblings ...)
  2020-12-09 12:15 ` [PATCH 05/18] KEYS: asymmetric: Fix kerneldoc David Howells
@ 2020-12-09 12:15 ` David Howells
  2020-12-09 12:15 ` [PATCH 07/18] KEYS: remove redundant memset David Howells
                   ` (16 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:15 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Randy Dunlap, keyrings, James Morris, Serge E. Hallyn,
	linux-security-module, dhowells, keyrings, linux-kernel

From: Randy Dunlap <rdunlap@infradead.org>

Drop repeated words in comments.
{to, will, the}

Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: keyrings@vger.kernel.org
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: linux-security-module@vger.kernel.org
---

 security/keys/keyctl.c  |    2 +-
 security/keys/keyring.c |    4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 61a614c21b9b..96a92a645216 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -506,7 +506,7 @@ long keyctl_keyring_clear(key_serial_t ringid)
  * keyring, otherwise replace the link to the matching key with a link to the
  * new key.
  *
- * The key must grant the caller Link permission and the the keyring must grant
+ * The key must grant the caller Link permission and the keyring must grant
  * the caller Write permission.  Furthermore, if an additional link is created,
  * the keyring's quota will be extended.
  *
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 977066208387..5e6a90760753 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -881,7 +881,7 @@ static bool search_nested_keyrings(struct key *keyring,
  *
  * Keys are matched to the type provided and are then filtered by the match
  * function, which is given the description to use in any way it sees fit.  The
- * match function may use any attributes of a key that it wishes to to
+ * match function may use any attributes of a key that it wishes to
  * determine the match.  Normally the match function from the key type would be
  * used.
  *
@@ -1204,7 +1204,7 @@ static int keyring_detect_cycle_iterator(const void *object,
 }
 
 /*
- * See if a cycle will will be created by inserting acyclic tree B in acyclic
+ * See if a cycle will be created by inserting acyclic tree B in acyclic
  * tree A at the topmost level (ie: as a direct child of A).
  *
  * Since we are adding B to A at the top level, checking for cycles should just



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 07/18] KEYS: remove redundant memset
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (5 preceding siblings ...)
  2020-12-09 12:15 ` [PATCH 06/18] security: keys: delete repeated words in comments David Howells
@ 2020-12-09 12:15 ` David Howells
  2020-12-09 19:07   ` Ben Boeckel
  2020-12-10  9:21   ` David Howells
  2020-12-09 12:15 ` [PATCH 08/18] crypto: asymmetric_keys: fix some comments in pkcs7_parser.h David Howells
                   ` (15 subsequent siblings)
  22 siblings, 2 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:15 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: Tom Rix, dhowells, keyrings, linux-kernel

From: Tom Rix <trix@redhat.com>

Reviewing use of memset in keyctrl_pkey.c

keyctl_pkey_params_get prologue code to set params up

	memset(params, 0, sizeof(*params));
	params->encoding = "raw";

keyctl_pkey_query has the same prologue
and calls keyctl_pkey_params_get.

So remove the prologue.

Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---

 security/keys/keyctl_pkey.c |    2 --
 1 file changed, 2 deletions(-)

diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c
index 931d8dfb4a7f..5de0d599a274 100644
--- a/security/keys/keyctl_pkey.c
+++ b/security/keys/keyctl_pkey.c
@@ -166,8 +166,6 @@ long keyctl_pkey_query(key_serial_t id,
 	struct kernel_pkey_query res;
 	long ret;
 
-	memset(&params, 0, sizeof(params));
-
 	ret = keyctl_pkey_params_get(id, _info, &params);
 	if (ret < 0)
 		goto error;



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 08/18] crypto: asymmetric_keys: fix some comments in pkcs7_parser.h
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (6 preceding siblings ...)
  2020-12-09 12:15 ` [PATCH 07/18] KEYS: remove redundant memset David Howells
@ 2020-12-09 12:15 ` David Howells
  2020-12-09 12:15 ` [PATCH 09/18] encrypted-keys: Replace HTTP links with HTTPS ones David Howells
                   ` (14 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:15 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: Randy Dunlap, keyrings, dhowells, keyrings, linux-kernel

From: Randy Dunlap <rdunlap@infradead.org>

Drop the doubled word "the" in a comment.
Change "THis" to "This".

Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
---

 crypto/asymmetric_keys/pkcs7_parser.h |    5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/crypto/asymmetric_keys/pkcs7_parser.h b/crypto/asymmetric_keys/pkcs7_parser.h
index 6565fdc2d4ca..e17f7ce4fb43 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.h
+++ b/crypto/asymmetric_keys/pkcs7_parser.h
@@ -41,10 +41,9 @@ struct pkcs7_signed_info {
 	 *
 	 * This contains the generated digest of _either_ the Content Data or
 	 * the Authenticated Attributes [RFC2315 9.3].  If the latter, one of
-	 * the attributes contains the digest of the the Content Data within
-	 * it.
+	 * the attributes contains the digest of the Content Data within it.
 	 *
-	 * THis also contains the issuing cert serial number and issuer's name
+	 * This also contains the issuing cert serial number and issuer's name
 	 * [PKCS#7 or CMS ver 1] or issuing cert's SKID [CMS ver 3].
 	 */
 	struct public_key_signature *sig;



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 09/18] encrypted-keys: Replace HTTP links with HTTPS ones
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (7 preceding siblings ...)
  2020-12-09 12:15 ` [PATCH 08/18] crypto: asymmetric_keys: fix some comments in pkcs7_parser.h David Howells
@ 2020-12-09 12:15 ` David Howells
  2020-12-09 12:15 ` [PATCH 10/18] PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one David Howells
                   ` (13 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:15 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: Alexander A. Klimov, dhowells, keyrings, linux-kernel

From: Alexander A. Klimov <grandmaster@al2klimov.de>

Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
  If not .svg:
    For each line:
      If doesn't contain `\bxmlns\b`:
        For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
	  If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
            If both the HTTP and HTTPS versions
            return 200 OK and serve the same content:
              Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Signed-off-by: David Howells <dhowells@redhat.com>
---

 include/keys/encrypted-type.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/keys/encrypted-type.h b/include/keys/encrypted-type.h
index 38afb341c3f2..abfcbe02001a 100644
--- a/include/keys/encrypted-type.h
+++ b/include/keys/encrypted-type.h
@@ -2,7 +2,7 @@
 /*
  * Copyright (C) 2010 IBM Corporation
  * Copyright (C) 2010 Politecnico di Torino, Italy
- *                    TORSEC group -- http://security.polito.it
+ *                    TORSEC group -- https://security.polito.it
  *
  * Authors:
  * Mimi Zohar <zohar@us.ibm.com>



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 10/18] PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (8 preceding siblings ...)
  2020-12-09 12:15 ` [PATCH 09/18] encrypted-keys: Replace HTTP links with HTTPS ones David Howells
@ 2020-12-09 12:15 ` David Howells
  2020-12-09 12:15 ` [PATCH 11/18] crypto: pkcs7: Use match_string() helper to simplify the code David Howells
                   ` (12 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:15 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Alex Shi, Herbert Xu, David S. Miller, keyrings, linux-crypto,
	linux-kernel, dhowells, keyrings, linux-kernel

From: Alex Shi <alex.shi@linux.alibaba.com>

The function is a static function, so no needs add into kernel-doc. and
we could avoid warning:
crypto/asymmetric_keys/pkcs7_trust.c:25: warning: Function parameter or
member 'pkcs7' not described in 'pkcs7_validate_trust_one'
crypto/asymmetric_keys/pkcs7_trust.c:25: warning: Function parameter or
member 'sinfo' not described in 'pkcs7_validate_trust_one'
crypto/asymmetric_keys/pkcs7_trust.c:25: warning: Function parameter or
member 'trust_keyring' not described in 'pkcs7_validate_trust_one'

Signed-off-by: Alex Shi <alex.shi@linux.alibaba.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: keyrings@vger.kernel.org
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: David Howells <dhowells@redhat.com>
---

 crypto/asymmetric_keys/pkcs7_trust.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c
index 61af3c4d82cc..b531df2013c4 100644
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -16,7 +16,7 @@
 #include <crypto/public_key.h>
 #include "pkcs7_parser.h"
 
-/**
+/*
  * Check the trust on one PKCS#7 SignedInfo block.
  */
 static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7,



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 11/18] crypto: pkcs7: Use match_string() helper to simplify the code
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (9 preceding siblings ...)
  2020-12-09 12:15 ` [PATCH 10/18] PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one David Howells
@ 2020-12-09 12:15 ` David Howells
  2020-12-09 12:15 ` [PATCH 12/18] keys: remove trailing semicolon in macro definition David Howells
                   ` (11 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:15 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: YueHaibing, dhowells, keyrings, linux-kernel

From: YueHaibing <yuehaibing@huawei.com>

match_string() returns the array index of a matching string.
Use it instead of the open-coded implementation.

Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---

 crypto/asymmetric_keys/pkcs7_verify.c |    9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index ce49820caa97..0b4d07aa8811 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -141,11 +141,10 @@ int pkcs7_get_digest(struct pkcs7_message *pkcs7, const u8 **buf, u32 *len,
 	*buf = sinfo->sig->digest;
 	*len = sinfo->sig->digest_size;
 
-	for (i = 0; i < HASH_ALGO__LAST; i++)
-		if (!strcmp(hash_algo_name[i], sinfo->sig->hash_algo)) {
-			*hash_algo = i;
-			break;
-		}
+	i = match_string(hash_algo_name, HASH_ALGO__LAST,
+			 sinfo->sig->hash_algo);
+	if (i >= 0)
+		*hash_algo = i;
 
 	return 0;
 }



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 12/18] keys: remove trailing semicolon in macro definition
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (10 preceding siblings ...)
  2020-12-09 12:15 ` [PATCH 11/18] crypto: pkcs7: Use match_string() helper to simplify the code David Howells
@ 2020-12-09 12:15 ` David Howells
  2020-12-09 12:16 ` [PATCH 13/18] crypto: public_key: Remove redundant header file from public_key.h David Howells
                   ` (10 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:15 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Tom Rix, Jarkko Sakkinen, dhowells, keyrings, linux-kernel

From: Tom Rix <trix@redhat.com>

The macro use will already have a semicolon.

Signed-off-by: Tom Rix <trix@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
---

 include/linux/key.h |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/linux/key.h b/include/linux/key.h
index 0f2e24f13c2b..1b0837c975b9 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -360,7 +360,7 @@ static inline struct key *request_key(struct key_type *type,
  * completion of keys undergoing construction with a non-interruptible wait.
  */
 #define request_key_net(type, description, net, callout_info) \
-	request_key_tag(type, description, net->key_domain, callout_info);
+	request_key_tag(type, description, net->key_domain, callout_info)
 
 /**
  * request_key_net_rcu - Request a key for a net namespace under RCU conditions
@@ -372,7 +372,7 @@ static inline struct key *request_key(struct key_type *type,
  * network namespace are used.
  */
 #define request_key_net_rcu(type, description, net) \
-	request_key_rcu(type, description, net->key_domain);
+	request_key_rcu(type, description, net->key_domain)
 #endif /* CONFIG_NET */
 
 extern int wait_for_key_construction(struct key *key, bool intr);



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 13/18] crypto: public_key: Remove redundant header file from public_key.h
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (11 preceding siblings ...)
  2020-12-09 12:15 ` [PATCH 12/18] keys: remove trailing semicolon in macro definition David Howells
@ 2020-12-09 12:16 ` David Howells
  2020-12-09 12:16 ` [PATCH 14/18] certs/blacklist: fix kernel doc interface issue David Howells
                   ` (9 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:16 UTC (permalink / raw)
  To: Jarkko Sakkinen; +Cc: Tianjia Zhang, dhowells, keyrings, linux-kernel

From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

The akcipher.h header file was originally introduced in SM2, and
then the definition of SM2 was moved to the existing code. This
header file is left and should be removed.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---

 include/crypto/public_key.h |    1 -
 1 file changed, 1 deletion(-)

diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 948c5203ca9c..47accec68cb0 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -12,7 +12,6 @@
 
 #include <linux/keyctl.h>
 #include <linux/oid_registry.h>
-#include <crypto/akcipher.h>
 
 /*
  * Cryptographic data for the public-key subtype of the asymmetric key type.



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 14/18] certs/blacklist: fix kernel doc interface issue
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (12 preceding siblings ...)
  2020-12-09 12:16 ` [PATCH 13/18] crypto: public_key: Remove redundant header file from public_key.h David Howells
@ 2020-12-09 12:16 ` David Howells
  2020-12-09 12:16 ` [PATCH 15/18] certs: Fix blacklisted hexadecimal hash string check David Howells
                   ` (8 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:16 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Alex Shi, David Woodhouse, keyrings, linux-kernel, dhowells,
	keyrings, linux-kernel

From: Alex Shi <alex.shi@linux.alibaba.com>

certs/blacklist.c:84: warning: Function parameter or member 'hash' not
described in 'mark_hash_blacklisted'

Signed-off-by: Alex Shi <alex.shi@linux.alibaba.com>
Cc: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: keyrings@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: David Howells <dhowells@redhat.com>
---

 certs/blacklist.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/certs/blacklist.c b/certs/blacklist.c
index 6514f9ebc943..2719fb2fbc1c 100644
--- a/certs/blacklist.c
+++ b/certs/blacklist.c
@@ -78,7 +78,7 @@ static struct key_type key_type_blacklist = {
 
 /**
  * mark_hash_blacklisted - Add a hash to the system blacklist
- * @hash - The hash as a hex string with a type prefix (eg. "tbs:23aa429783")
+ * @hash: The hash as a hex string with a type prefix (eg. "tbs:23aa429783")
  */
 int mark_hash_blacklisted(const char *hash)
 {



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 15/18] certs: Fix blacklisted hexadecimal hash string check
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (13 preceding siblings ...)
  2020-12-09 12:16 ` [PATCH 14/18] certs/blacklist: fix kernel doc interface issue David Howells
@ 2020-12-09 12:16 ` David Howells
  2020-12-09 12:16 ` [PATCH 16/18] PKCS#7: Fix missing include David Howells
                   ` (7 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:16 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Mickaël Salaün, David Woodhouse, dhowells, keyrings,
	linux-kernel

From: Mickaël Salaün <mic@linux.microsoft.com>

When looking for a blacklisted hash, bin2hex() is used to transform a
binary hash to an ascii (lowercase) hexadecimal string.  This string is
then search for in the description of the keys from the blacklist
keyring.  When adding a key to the blacklist keyring,
blacklist_vet_description() checks the hash prefix and the hexadecimal
string, but not that this string is lowercase.  It is then valid to set
hashes with uppercase hexadecimal, which will be silently ignored by the
kernel.

Add an additional check to blacklist_vet_description() to check that
hexadecimal strings are in lowercase.

Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
---

 certs/blacklist.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/certs/blacklist.c b/certs/blacklist.c
index 2719fb2fbc1c..a888b934a1cd 100644
--- a/certs/blacklist.c
+++ b/certs/blacklist.c
@@ -37,7 +37,7 @@ static int blacklist_vet_description(const char *desc)
 found_colon:
 	desc++;
 	for (; *desc; desc++) {
-		if (!isxdigit(*desc))
+		if (!isxdigit(*desc) || isupper(*desc))
 			return -EINVAL;
 		n++;
 	}



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 16/18] PKCS#7: Fix missing include
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (14 preceding siblings ...)
  2020-12-09 12:16 ` [PATCH 15/18] certs: Fix blacklisted hexadecimal hash string check David Howells
@ 2020-12-09 12:16 ` David Howells
  2020-12-09 12:16 ` [PATCH 17/18] certs: Fix blacklist flag type confusion David Howells
                   ` (6 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:16 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Mickaël Salaün, dhowells, keyrings, linux-kernel

From: Mickaël Salaün <mic@linux.microsoft.com>

Add missing linux/types.h for size_t.

[DH: Changed from stddef.h]

Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Signed-off-by: David Howells <dhowells@redhat.com>
---

 include/linux/verification.h |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/include/linux/verification.h b/include/linux/verification.h
index 911ab7c2b1ab..a655923335ae 100644
--- a/include/linux/verification.h
+++ b/include/linux/verification.h
@@ -8,6 +8,8 @@
 #ifndef _LINUX_VERIFICATION_H
 #define _LINUX_VERIFICATION_H
 
+#include <linux/types.h>
+
 /*
  * Indicate that both builtin trusted keys and secondary trusted keys
  * should be used.



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 17/18] certs: Fix blacklist flag type confusion
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (15 preceding siblings ...)
  2020-12-09 12:16 ` [PATCH 16/18] PKCS#7: Fix missing include David Howells
@ 2020-12-09 12:16 ` David Howells
  2020-12-09 12:16 ` [PATCH 18/18] certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID David Howells
                   ` (5 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:16 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Mickaël Salaün, Mickaël Salaün,
	Petko Manolov, Mimi Zohar, David Woodhouse, dhowells, keyrings,
	linux-kernel

KEY_FLAG_KEEP is not meant to be passed to keyring_alloc() or key_alloc(),
as these only take KEY_ALLOC_* flags.  KEY_FLAG_KEEP has the same value as
KEY_ALLOC_BYPASS_RESTRICTION, but fortunately only key_create_or_update()
uses it.  LSMs using the key_alloc hook don't check that flag.

KEY_FLAG_KEEP is then ignored but fortunately (again) the root user cannot
write to the blacklist keyring, so it is not possible to remove a key/hash
from it.

Fix this by adding a KEY_ALLOC_SET_KEEP flag that tells key_alloc() to set
KEY_FLAG_KEEP on the new key.  blacklist_init() can then, correctly, pass
this to keyring_alloc().

We can also use this in ima_mok_init() rather than setting the flag
manually.

Note that this doesn't fix an observable bug with the current
implementation but it is required to allow addition of new hashes to the
blacklist in the future without making it possible for them to be removed.

Fixes: 734114f8782f ("KEYS: Add a system blacklist keyring")
Reported-by: Mickaël Salaün <mic@linux.microsoft.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Mickaël Salaün <mic@linux.microsoft.com>
cc: Petko Manolov <petkan@mip-labs.com>
cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Woodhouse <dwmw2@infradead.org>
---

 certs/blacklist.c                |    2 +-
 include/linux/key.h              |    1 +
 security/integrity/ima/ima_mok.c |    3 +--
 security/keys/key.c              |    2 ++
 4 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/certs/blacklist.c b/certs/blacklist.c
index a888b934a1cd..029471947838 100644
--- a/certs/blacklist.c
+++ b/certs/blacklist.c
@@ -162,7 +162,7 @@ static int __init blacklist_init(void)
 			      KEY_USR_VIEW | KEY_USR_READ |
 			      KEY_USR_SEARCH,
 			      KEY_ALLOC_NOT_IN_QUOTA |
-			      KEY_FLAG_KEEP,
+			      KEY_ALLOC_SET_KEEP,
 			      NULL, NULL);
 	if (IS_ERR(blacklist_keyring))
 		panic("Can't allocate system blacklist keyring\n");
diff --git a/include/linux/key.h b/include/linux/key.h
index 1b0837c975b9..7febc4881363 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -289,6 +289,7 @@ extern struct key *key_alloc(struct key_type *type,
 #define KEY_ALLOC_BUILT_IN		0x0004	/* Key is built into kernel */
 #define KEY_ALLOC_BYPASS_RESTRICTION	0x0008	/* Override the check on restricted keyrings */
 #define KEY_ALLOC_UID_KEYRING		0x0010	/* allocating a user or user session keyring */
+#define KEY_ALLOC_SET_KEEP		0x0020	/* Set the KEEP flag on the key/keyring */
 
 extern void key_revoke(struct key *key);
 extern void key_invalidate(struct key *key);
diff --git a/security/integrity/ima/ima_mok.c b/security/integrity/ima/ima_mok.c
index 36cadadbfba4..ce8871d96f12 100644
--- a/security/integrity/ima/ima_mok.c
+++ b/security/integrity/ima/ima_mok.c
@@ -39,12 +39,11 @@ __init int ima_mok_init(void)
 				KEY_USR_VIEW | KEY_USR_READ |
 				KEY_USR_WRITE | KEY_USR_SEARCH,
 				KEY_ALLOC_NOT_IN_QUOTA,
+				KEY_ALLOC_SET_KEEP,
 				restriction, NULL);
 
 	if (IS_ERR(ima_blacklist_keyring))
 		panic("Can't allocate IMA blacklist keyring.");
-
-	set_bit(KEY_FLAG_KEEP, &ima_blacklist_keyring->flags);
 	return 0;
 }
 device_initcall(ima_mok_init);
diff --git a/security/keys/key.c b/security/keys/key.c
index e282c6179b21..151ff39b6803 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -303,6 +303,8 @@ struct key *key_alloc(struct key_type *type, const char *desc,
 		key->flags |= 1 << KEY_FLAG_BUILTIN;
 	if (flags & KEY_ALLOC_UID_KEYRING)
 		key->flags |= 1 << KEY_FLAG_UID_KEYRING;
+	if (flags & KEY_ALLOC_SET_KEEP)
+		key->flags |= 1 << KEY_FLAG_KEEP;
 
 #ifdef KEY_DEBUGGING
 	key->magic = KEY_DEBUG_MAGIC;



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* [PATCH 18/18] certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (16 preceding siblings ...)
  2020-12-09 12:16 ` [PATCH 17/18] certs: Fix blacklist flag type confusion David Howells
@ 2020-12-09 12:16 ` David Howells
  2020-12-09 19:12 ` [PATCH 00/18] keys: Miscellaneous fixes Ben Boeckel
                   ` (4 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-09 12:16 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Mickaël Salaün, David Woodhouse, dhowells, keyrings,
	linux-kernel

From: Mickaël Salaün <mic@linux.microsoft.com>

Align with the new macros and add appropriate include files.

Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
---

 certs/blacklist.c      |    4 ++--
 certs/system_keyring.c |    5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/certs/blacklist.c b/certs/blacklist.c
index 029471947838..bffe4c6f4a9e 100644
--- a/certs/blacklist.c
+++ b/certs/blacklist.c
@@ -14,6 +14,7 @@
 #include <linux/ctype.h>
 #include <linux/err.h>
 #include <linux/seq_file.h>
+#include <linux/uidgid.h>
 #include <keys/system_keyring.h>
 #include "blacklist.h"
 
@@ -156,8 +157,7 @@ static int __init blacklist_init(void)
 
 	blacklist_keyring =
 		keyring_alloc(".blacklist",
-			      KUIDT_INIT(0), KGIDT_INIT(0),
-			      current_cred(),
+			      GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
 			      (KEY_POS_ALL & ~KEY_POS_SETATTR) |
 			      KEY_USR_VIEW | KEY_USR_READ |
 			      KEY_USR_SEARCH,
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 798291177186..4b693da488f1 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -11,6 +11,7 @@
 #include <linux/cred.h>
 #include <linux/err.h>
 #include <linux/slab.h>
+#include <linux/uidgid.h>
 #include <linux/verification.h>
 #include <keys/asymmetric-type.h>
 #include <keys/system_keyring.h>
@@ -98,7 +99,7 @@ static __init int system_trusted_keyring_init(void)
 
 	builtin_trusted_keys =
 		keyring_alloc(".builtin_trusted_keys",
-			      KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
+			      GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
 			      ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
 			      KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH),
 			      KEY_ALLOC_NOT_IN_QUOTA,
@@ -109,7 +110,7 @@ static __init int system_trusted_keyring_init(void)
 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
 	secondary_trusted_keys =
 		keyring_alloc(".secondary_trusted_keys",
-			      KUIDT_INIT(0), KGIDT_INIT(0), current_cred(),
+			      GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
 			      ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
 			       KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH |
 			       KEY_USR_WRITE),



^ permalink raw reply related	[flat|nested] 33+ messages in thread

* Re: [PATCH 07/18] KEYS: remove redundant memset
  2020-12-09 12:15 ` [PATCH 07/18] KEYS: remove redundant memset David Howells
@ 2020-12-09 19:07   ` Ben Boeckel
  2020-12-10  9:21   ` David Howells
  1 sibling, 0 replies; 33+ messages in thread
From: Ben Boeckel @ 2020-12-09 19:07 UTC (permalink / raw)
  To: David Howells; +Cc: Jarkko Sakkinen, Tom Rix, keyrings, linux-kernel

On Wed, Dec 09, 2020 at 12:15:19 +0000, David Howells wrote:
> From: Tom Rix <trix@redhat.com>
> 
> Reviewing use of memset in keyctrl_pkey.c

Typo: `keyctl_pkey.c`

--Ben

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [PATCH 00/18] keys: Miscellaneous fixes
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (17 preceding siblings ...)
  2020-12-09 12:16 ` [PATCH 18/18] certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID David Howells
@ 2020-12-09 19:12 ` Ben Boeckel
  2020-12-10  9:30 ` David Howells
                   ` (3 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: Ben Boeckel @ 2020-12-09 19:12 UTC (permalink / raw)
  To: David Howells
  Cc: Jarkko Sakkinen, Alexander A. Klimov, Petko Manolov,
	Serge E. Hallyn, linux-kernel, YueHaibing, Herbert Xu, Jann Horn,
	linux-crypto, Jarkko Sakkinen, Ben Boeckel, keyrings,
	Gabriel Krisman Bertazi, linux-security-module, Randy Dunlap,
	Mimi Zohar, Tom Rix, Gustavo A. R. Silva, Alex Shi,
	Jarkko Sakkinen, Krzysztof Kozlowski, James Morris,
	Denis Efremov, Mickaël Salaün, David Woodhouse,
	David S. Miller, Tianjia Zhang

On Wed, Dec 09, 2020 at 12:14:24 +0000, David Howells wrote:
> I've extended my collection of minor keyrings fixes for the next merge
> window.  Anything else I should add (or anything I should drop)?
> 
> The patches can be found on the following branch:
> 
> 	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes

1-16 LGTM (modulo the typo in patch 7's commit message). 17 and 18 are
outside my knowledge right now.

Reviewed-by: Ben Boeckel <mathstuf@gmail.com>

--Ben

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [PATCH 07/18] KEYS: remove redundant memset
  2020-12-09 12:15 ` [PATCH 07/18] KEYS: remove redundant memset David Howells
  2020-12-09 19:07   ` Ben Boeckel
@ 2020-12-10  9:21   ` David Howells
  1 sibling, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-10  9:21 UTC (permalink / raw)
  To: Ben Boeckel; +Cc: dhowells, Jarkko Sakkinen, Tom Rix, keyrings, linux-kernel

Ben Boeckel <me@benboeckel.net> wrote:

> > Reviewing use of memset in keyctrl_pkey.c
> 
> Typo: `keyctl_pkey.c`

Fixed, thanks.

David


^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [PATCH 00/18] keys: Miscellaneous fixes
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (18 preceding siblings ...)
  2020-12-09 19:12 ` [PATCH 00/18] keys: Miscellaneous fixes Ben Boeckel
@ 2020-12-10  9:30 ` David Howells
  2020-12-11  8:17 ` Jarkko Sakkinen
                   ` (2 subsequent siblings)
  22 siblings, 0 replies; 33+ messages in thread
From: David Howells @ 2020-12-10  9:30 UTC (permalink / raw)
  To: Ben Boeckel
  Cc: Jarkko Sakkinen, linux-kernel, linux-crypto, keyrings,
	linux-security-module

Ben Boeckel <me@benboeckel.net> wrote:

> > I've extended my collection of minor keyrings fixes for the next merge
> > window.  Anything else I should add (or anything I should drop)?
> > 
> > The patches can be found on the following branch:
> > 
> > 	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
> 
> 1-16 LGTM (modulo the typo in patch 7's commit message). 17 and 18 are
> outside my knowledge right now.
> 
> Reviewed-by: Ben Boeckel <mathstuf@gmail.com>

I've applied that to the first 16 patches, thanks.

David


^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [PATCH 00/18] keys: Miscellaneous fixes
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (19 preceding siblings ...)
  2020-12-10  9:30 ` David Howells
@ 2020-12-11  8:17 ` Jarkko Sakkinen
  2020-12-11 10:51 ` Jarkko Sakkinen
  2021-02-18 16:24 ` [PATCH 17/18] certs: Fix blacklist flag type confusion David Howells
  22 siblings, 0 replies; 33+ messages in thread
From: Jarkko Sakkinen @ 2020-12-11  8:17 UTC (permalink / raw)
  To: David Howells
  Cc: Jarkko Sakkinen, Alexander A. Klimov, Petko Manolov,
	Serge E. Hallyn, linux-kernel, YueHaibing, Herbert Xu, Jann Horn,
	linux-crypto, Jarkko Sakkinen, Ben Boeckel, keyrings,
	Gabriel Krisman Bertazi, linux-security-module, Randy Dunlap,
	Mimi Zohar, Tom Rix, Gustavo A. R. Silva, Alex Shi,
	Krzysztof Kozlowski, James Morris, Denis Efremov,
	Mickaël Salaün, David Woodhouse, David S. Miller,
	Tianjia Zhang

On Wed, Dec 09, 2020 at 12:14:24PM +0000, David Howells wrote:
> 
> Hi Jarkko,
> 
> I've extended my collection of minor keyrings fixes for the next merge
> window.  Anything else I should add (or anything I should drop)?

Looks good to me. I dropped the keys fixes that I had previously in
my tree that I saw in yours.


/Jarkko

> 
> The patches can be found on the following branch:
> 
> 	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
> 
> David
> ---
> Alex Shi (2):
>       PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one
>       certs/blacklist: fix kernel doc interface issue
> 
> Alexander A. Klimov (1):
>       encrypted-keys: Replace HTTP links with HTTPS ones
> 
> David Howells (1):
>       certs: Fix blacklist flag type confusion
> 
> Denis Efremov (1):
>       security/keys: use kvfree_sensitive()
> 
> Gabriel Krisman Bertazi (1):
>       watch_queue: Drop references to /dev/watch_queue
> 
> Gustavo A. R. Silva (1):
>       security: keys: Fix fall-through warnings for Clang
> 
> Jann Horn (1):
>       keys: Remove outdated __user annotations
> 
> Krzysztof Kozlowski (1):
>       KEYS: asymmetric: Fix kerneldoc
> 
> Mickaël Salaün (3):
>       certs: Fix blacklisted hexadecimal hash string check
>       PKCS#7: Fix missing include
>       certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID
> 
> Randy Dunlap (2):
>       security: keys: delete repeated words in comments
>       crypto: asymmetric_keys: fix some comments in pkcs7_parser.h
> 
> Tianjia Zhang (1):
>       crypto: public_key: Remove redundant header file from public_key.h
> 
> Tom Rix (2):
>       KEYS: remove redundant memset
>       keys: remove trailing semicolon in macro definition
> 
> YueHaibing (1):
>       crypto: pkcs7: Use match_string() helper to simplify the code
> 
> 
>  Documentation/security/keys/core.rst     |  4 ++--
>  certs/blacklist.c                        | 10 +++++-----
>  certs/system_keyring.c                   |  5 +++--
>  crypto/asymmetric_keys/asymmetric_type.c |  6 ++++--
>  crypto/asymmetric_keys/pkcs7_parser.h    |  5 ++---
>  crypto/asymmetric_keys/pkcs7_trust.c     |  2 +-
>  crypto/asymmetric_keys/pkcs7_verify.c    |  9 ++++-----
>  include/crypto/public_key.h              |  1 -
>  include/keys/encrypted-type.h            |  2 +-
>  include/linux/key.h                      |  5 +++--
>  include/linux/verification.h             |  2 ++
>  samples/Kconfig                          |  2 +-
>  samples/watch_queue/watch_test.c         |  2 +-
>  security/integrity/ima/ima_mok.c         |  3 +--
>  security/keys/Kconfig                    |  8 ++++----
>  security/keys/big_key.c                  |  9 +++------
>  security/keys/key.c                      |  2 ++
>  security/keys/keyctl.c                   |  2 +-
>  security/keys/keyctl_pkey.c              |  2 --
>  security/keys/keyring.c                  | 10 +++++-----
>  20 files changed, 45 insertions(+), 46 deletions(-)
> 
> 
> 

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [PATCH 00/18] keys: Miscellaneous fixes
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (20 preceding siblings ...)
  2020-12-11  8:17 ` Jarkko Sakkinen
@ 2020-12-11 10:51 ` Jarkko Sakkinen
  2020-12-11 10:56   ` Jarkko Sakkinen
  2021-02-18 16:24 ` [PATCH 17/18] certs: Fix blacklist flag type confusion David Howells
  22 siblings, 1 reply; 33+ messages in thread
From: Jarkko Sakkinen @ 2020-12-11 10:51 UTC (permalink / raw)
  To: David Howells
  Cc: Jarkko Sakkinen, Alexander A. Klimov, Petko Manolov,
	Serge E. Hallyn, linux-kernel, YueHaibing, Herbert Xu, Jann Horn,
	linux-crypto, Ben Boeckel, keyrings, Gabriel Krisman Bertazi,
	linux-security-module, Randy Dunlap, Mimi Zohar, Tom Rix,
	Gustavo A. R. Silva, Alex Shi, Jarkko Sakkinen,
	Krzysztof Kozlowski, James Morris, Denis Efremov,
	Mickaël Salaün, David Woodhouse, David S. Miller,
	Tianjia Zhang

On Wed, Dec 09, 2020 at 12:14:24PM +0000, David Howells wrote:
> 
> Hi Jarkko,
> 
> I've extended my collection of minor keyrings fixes for the next merge
> window.  Anything else I should add (or anything I should drop)?
> 
> The patches can be found on the following branch:
> 
> 	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
> 
> David

Looks good to me.

/Jarkko

> ---
> Alex Shi (2):
>       PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one
>       certs/blacklist: fix kernel doc interface issue
> 
> Alexander A. Klimov (1):
>       encrypted-keys: Replace HTTP links with HTTPS ones
> 
> David Howells (1):
>       certs: Fix blacklist flag type confusion
> 
> Denis Efremov (1):
>       security/keys: use kvfree_sensitive()
> 
> Gabriel Krisman Bertazi (1):
>       watch_queue: Drop references to /dev/watch_queue
> 
> Gustavo A. R. Silva (1):
>       security: keys: Fix fall-through warnings for Clang
> 
> Jann Horn (1):
>       keys: Remove outdated __user annotations
> 
> Krzysztof Kozlowski (1):
>       KEYS: asymmetric: Fix kerneldoc
> 
> Mickaël Salaün (3):
>       certs: Fix blacklisted hexadecimal hash string check
>       PKCS#7: Fix missing include
>       certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID
> 
> Randy Dunlap (2):
>       security: keys: delete repeated words in comments
>       crypto: asymmetric_keys: fix some comments in pkcs7_parser.h
> 
> Tianjia Zhang (1):
>       crypto: public_key: Remove redundant header file from public_key.h
> 
> Tom Rix (2):
>       KEYS: remove redundant memset
>       keys: remove trailing semicolon in macro definition
> 
> YueHaibing (1):
>       crypto: pkcs7: Use match_string() helper to simplify the code
> 
> 
>  Documentation/security/keys/core.rst     |  4 ++--
>  certs/blacklist.c                        | 10 +++++-----
>  certs/system_keyring.c                   |  5 +++--
>  crypto/asymmetric_keys/asymmetric_type.c |  6 ++++--
>  crypto/asymmetric_keys/pkcs7_parser.h    |  5 ++---
>  crypto/asymmetric_keys/pkcs7_trust.c     |  2 +-
>  crypto/asymmetric_keys/pkcs7_verify.c    |  9 ++++-----
>  include/crypto/public_key.h              |  1 -
>  include/keys/encrypted-type.h            |  2 +-
>  include/linux/key.h                      |  5 +++--
>  include/linux/verification.h             |  2 ++
>  samples/Kconfig                          |  2 +-
>  samples/watch_queue/watch_test.c         |  2 +-
>  security/integrity/ima/ima_mok.c         |  3 +--
>  security/keys/Kconfig                    |  8 ++++----
>  security/keys/big_key.c                  |  9 +++------
>  security/keys/key.c                      |  2 ++
>  security/keys/keyctl.c                   |  2 +-
>  security/keys/keyctl_pkey.c              |  2 --
>  security/keys/keyring.c                  | 10 +++++-----
>  20 files changed, 45 insertions(+), 46 deletions(-)
> 
> 
> 

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [PATCH 00/18] keys: Miscellaneous fixes
  2020-12-11 10:51 ` Jarkko Sakkinen
@ 2020-12-11 10:56   ` Jarkko Sakkinen
  0 siblings, 0 replies; 33+ messages in thread
From: Jarkko Sakkinen @ 2020-12-11 10:56 UTC (permalink / raw)
  To: David Howells
  Cc: Jarkko Sakkinen, Alexander A. Klimov, Petko Manolov,
	Serge E. Hallyn, linux-kernel, YueHaibing, Herbert Xu, Jann Horn,
	linux-crypto, Ben Boeckel, keyrings, Gabriel Krisman Bertazi,
	linux-security-module, Randy Dunlap, Mimi Zohar, Tom Rix,
	Gustavo A. R. Silva, Alex Shi, Jarkko Sakkinen,
	Krzysztof Kozlowski, James Morris, Denis Efremov,
	Mickaël Salaün, David Woodhouse, David S. Miller,
	Tianjia Zhang

On Fri, Dec 11, 2020 at 12:51:46PM +0200, Jarkko Sakkinen wrote:
> On Wed, Dec 09, 2020 at 12:14:24PM +0000, David Howells wrote:
> > 
> > Hi Jarkko,
> > 
> > I've extended my collection of minor keyrings fixes for the next merge
> > window.  Anything else I should add (or anything I should drop)?
> > 
> > The patches can be found on the following branch:
> > 
> > 	https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes
> > 
> > David
> 
> Looks good to me.

Ugh, responded accidentally twice.

/Jarkko

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [PATCH 17/18] certs: Fix blacklist flag type confusion
  2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
                   ` (21 preceding siblings ...)
  2020-12-11 10:51 ` Jarkko Sakkinen
@ 2021-02-18 16:24 ` David Howells
  2021-02-18 19:30   ` Mickaël Salaün
                     ` (3 more replies)
  22 siblings, 4 replies; 33+ messages in thread
From: David Howells @ 2021-02-18 16:24 UTC (permalink / raw)
  To: Jarkko Sakkinen, Mickaël Salaün
  Cc: dhowells, Mimi Zohar, David Woodhouse, keyrings, linux-kernel


Hi Mickaël, Jarkko,

Can I transfer your acks from:

	https://lore.kernel.org/lkml/20210121155513.539519-5-mic@digikod.net/

to here?

David


^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [PATCH 17/18] certs: Fix blacklist flag type confusion
  2021-02-18 16:24 ` [PATCH 17/18] certs: Fix blacklist flag type confusion David Howells
@ 2021-02-18 19:30   ` Mickaël Salaün
  2021-02-18 22:55   ` David Howells
                     ` (2 subsequent siblings)
  3 siblings, 0 replies; 33+ messages in thread
From: Mickaël Salaün @ 2021-02-18 19:30 UTC (permalink / raw)
  To: David Howells, Jarkko Sakkinen, Mickaël Salaün
  Cc: Mimi Zohar, David Woodhouse, keyrings, linux-kernel


On 18/02/2021 17:24, David Howells wrote:
> 
> Hi Mickaël, Jarkko,
> 
> Can I transfer your acks from:
> 
> 	https://lore.kernel.org/lkml/20210121155513.539519-5-mic@digikod.net/
> 
> to here?

No, the current thread contains an old version with an error in the
patch for ima_mok_init(). Please take the last series (fixing this
patch) that I rebased on your next branch:
https://lore.kernel.org/keyrings/20210210120410.471693-1-mic@digikod.net/

Regards,
 Mickaël

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [PATCH 17/18] certs: Fix blacklist flag type confusion
  2021-02-18 16:24 ` [PATCH 17/18] certs: Fix blacklist flag type confusion David Howells
  2021-02-18 19:30   ` Mickaël Salaün
@ 2021-02-18 22:55   ` David Howells
  2021-02-19  9:43     ` Mickaël Salaün
  2021-02-19  9:31   ` Jarkko Sakkinen
  2021-02-19  9:45   ` David Howells
  3 siblings, 1 reply; 33+ messages in thread
From: David Howells @ 2021-02-18 22:55 UTC (permalink / raw)
  To: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?=
  Cc: dhowells, Jarkko Sakkinen, =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?=,
	Mimi Zohar, David Woodhouse, keyrings, linux-kernel

Mickaël Salaün <mic@digikod.net> wrote:

> > Can I transfer your acks from:
> > 
> > 	https://lore.kernel.org/lkml/20210121155513.539519-5-mic@digikod.net/
> > 
> > to here?
> 
> No, the current thread contains an old version with an error in the
> patch for ima_mok_init(). Please take the last series (fixing this
> patch) that I rebased on your next branch:
> https://lore.kernel.org/keyrings/20210210120410.471693-1-mic@digikod.net/

Is there a quick fix for the error?  If I replace your patches I'll probably
have to withdraw my pull request for this cycle.

David


^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [PATCH 17/18] certs: Fix blacklist flag type confusion
  2021-02-18 16:24 ` [PATCH 17/18] certs: Fix blacklist flag type confusion David Howells
  2021-02-18 19:30   ` Mickaël Salaün
  2021-02-18 22:55   ` David Howells
@ 2021-02-19  9:31   ` Jarkko Sakkinen
  2021-02-19  9:45   ` David Howells
  3 siblings, 0 replies; 33+ messages in thread
From: Jarkko Sakkinen @ 2021-02-19  9:31 UTC (permalink / raw)
  To: David Howells
  Cc: Mickaël Salaün, Mimi Zohar, David Woodhouse, keyrings,
	linux-kernel

On Thu, Feb 18, 2021 at 04:24:34PM +0000, David Howells wrote:
> 
> Hi Mickaël, Jarkko,
> 
> Can I transfer your acks from:
> 
> 	https://lore.kernel.org/lkml/20210121155513.539519-5-mic@digikod.net/
> 
> to here?
> 
> David

Yes, thanks.

/Jarkko

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [PATCH 17/18] certs: Fix blacklist flag type confusion
  2021-02-18 22:55   ` David Howells
@ 2021-02-19  9:43     ` Mickaël Salaün
  0 siblings, 0 replies; 33+ messages in thread
From: Mickaël Salaün @ 2021-02-19  9:43 UTC (permalink / raw)
  To: David Howells
  Cc: Jarkko Sakkinen, Mickaël Salaün, Mimi Zohar,
	David Woodhouse, keyrings, linux-kernel


On 18/02/2021 23:55, David Howells wrote:
> Mickaël Salaün <mic@digikod.net> wrote:
> 
>>> Can I transfer your acks from:
>>>
>>> 	https://lore.kernel.org/lkml/20210121155513.539519-5-mic@digikod.net/
>>>
>>> to here?
>>
>> No, the current thread contains an old version with an error in the
>> patch for ima_mok_init(). Please take the last series (fixing this
>> patch) that I rebased on your next branch:
>> https://lore.kernel.org/keyrings/20210210120410.471693-1-mic@digikod.net/
> 
> Is there a quick fix for the error?  If I replace your patches I'll probably
> have to withdraw my pull request for this cycle.

I think you just replied to the wrong thread. You have the correct
commit(s) in your tree here:
-
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?h=keys-fixes&id=a03da41508b177da59780d759af16207a00686bb
-
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?h=keys-next&id=4993e1f9479a4161fd7d93e2b8b30b438f00cb0f
-
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?h=keys-misc&id=508f44ffefbf879fbb82fdbc8bf1e6023b85158a

For all of these you can add my Reviewed-by or Acked-by.

Thanks!

> 
> David
> 

^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [PATCH 17/18] certs: Fix blacklist flag type confusion
  2021-02-18 16:24 ` [PATCH 17/18] certs: Fix blacklist flag type confusion David Howells
                     ` (2 preceding siblings ...)
  2021-02-19  9:31   ` Jarkko Sakkinen
@ 2021-02-19  9:45   ` David Howells
  2021-02-19  9:50     ` Mickaël Salaün
  3 siblings, 1 reply; 33+ messages in thread
From: David Howells @ 2021-02-19  9:45 UTC (permalink / raw)
  To: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?=
  Cc: dhowells, Jarkko Sakkinen, =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?=,
	Mimi Zohar, David Woodhouse, keyrings, linux-kernel


Mickaël Salaün <mic@digikod.net> wrote:

> No, the current thread contains an old version with an error in the
> patch for ima_mok_init(). Please take the last series (fixing this
> patch) that I rebased on your next branch:
> https://lore.kernel.org/keyrings/20210210120410.471693-1-mic@digikod.net/

Are you referring to the comma rather than a bar here?

 				KEY_ALLOC_NOT_IN_QUOTA,
+				KEY_ALLOC_SET_KEEP,

I fixed that in my branch:

-                               KEY_ALLOC_NOT_IN_QUOTA,
+                               KEY_ALLOC_NOT_IN_QUOTA |
+                               KEY_ALLOC_SET_KEEP,

I'll repost the series.

David


^ permalink raw reply	[flat|nested] 33+ messages in thread

* Re: [PATCH 17/18] certs: Fix blacklist flag type confusion
  2021-02-19  9:45   ` David Howells
@ 2021-02-19  9:50     ` Mickaël Salaün
  0 siblings, 0 replies; 33+ messages in thread
From: Mickaël Salaün @ 2021-02-19  9:50 UTC (permalink / raw)
  To: David Howells
  Cc: Jarkko Sakkinen, Mickaël Salaün, Mimi Zohar,
	David Woodhouse, keyrings, linux-kernel



On 19/02/2021 10:45, David Howells wrote:
> 
> Mickaël Salaün <mic@digikod.net> wrote:
> 
>> No, the current thread contains an old version with an error in the
>> patch for ima_mok_init(). Please take the last series (fixing this
>> patch) that I rebased on your next branch:
>> https://lore.kernel.org/keyrings/20210210120410.471693-1-mic@digikod.net/
> 
> Are you referring to the comma rather than a bar here?

Yes, it is correct now, I just replied to the previous email. :)

> 
>  				KEY_ALLOC_NOT_IN_QUOTA,
> +				KEY_ALLOC_SET_KEEP,
> 
> I fixed that in my branch:
> 
> -                               KEY_ALLOC_NOT_IN_QUOTA,
> +                               KEY_ALLOC_NOT_IN_QUOTA |
> +                               KEY_ALLOC_SET_KEEP,
> 
> I'll repost the series.

No need for that, I checked your commits, they're good:
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?h=keys-misc&id=508f44ffefbf879fbb82fdbc8bf1e6023b85158a

> 
> David
> 

^ permalink raw reply	[flat|nested] 33+ messages in thread

end of thread, other threads:[~2021-02-19  9:50 UTC | newest]

Thread overview: 33+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-09 12:14 [PATCH 00/18] keys: Miscellaneous fixes David Howells
2020-12-09 12:14 ` [PATCH 01/18] security: keys: Fix fall-through warnings for Clang David Howells
2020-12-09 12:14 ` [PATCH 02/18] keys: Remove outdated __user annotations David Howells
2020-12-09 12:14 ` [PATCH 03/18] watch_queue: Drop references to /dev/watch_queue David Howells
2020-12-09 12:14 ` [PATCH 04/18] security/keys: use kvfree_sensitive() David Howells
2020-12-09 12:15 ` [PATCH 05/18] KEYS: asymmetric: Fix kerneldoc David Howells
2020-12-09 12:15 ` [PATCH 06/18] security: keys: delete repeated words in comments David Howells
2020-12-09 12:15 ` [PATCH 07/18] KEYS: remove redundant memset David Howells
2020-12-09 19:07   ` Ben Boeckel
2020-12-10  9:21   ` David Howells
2020-12-09 12:15 ` [PATCH 08/18] crypto: asymmetric_keys: fix some comments in pkcs7_parser.h David Howells
2020-12-09 12:15 ` [PATCH 09/18] encrypted-keys: Replace HTTP links with HTTPS ones David Howells
2020-12-09 12:15 ` [PATCH 10/18] PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one David Howells
2020-12-09 12:15 ` [PATCH 11/18] crypto: pkcs7: Use match_string() helper to simplify the code David Howells
2020-12-09 12:15 ` [PATCH 12/18] keys: remove trailing semicolon in macro definition David Howells
2020-12-09 12:16 ` [PATCH 13/18] crypto: public_key: Remove redundant header file from public_key.h David Howells
2020-12-09 12:16 ` [PATCH 14/18] certs/blacklist: fix kernel doc interface issue David Howells
2020-12-09 12:16 ` [PATCH 15/18] certs: Fix blacklisted hexadecimal hash string check David Howells
2020-12-09 12:16 ` [PATCH 16/18] PKCS#7: Fix missing include David Howells
2020-12-09 12:16 ` [PATCH 17/18] certs: Fix blacklist flag type confusion David Howells
2020-12-09 12:16 ` [PATCH 18/18] certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID David Howells
2020-12-09 19:12 ` [PATCH 00/18] keys: Miscellaneous fixes Ben Boeckel
2020-12-10  9:30 ` David Howells
2020-12-11  8:17 ` Jarkko Sakkinen
2020-12-11 10:51 ` Jarkko Sakkinen
2020-12-11 10:56   ` Jarkko Sakkinen
2021-02-18 16:24 ` [PATCH 17/18] certs: Fix blacklist flag type confusion David Howells
2021-02-18 19:30   ` Mickaël Salaün
2021-02-18 22:55   ` David Howells
2021-02-19  9:43     ` Mickaël Salaün
2021-02-19  9:31   ` Jarkko Sakkinen
2021-02-19  9:45   ` David Howells
2021-02-19  9:50     ` Mickaël Salaün

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.