* [GIT PULL] keys: Collected minor fixes and cleanups
@ 2020-12-14 10:03 David Howells
2020-12-14 20:49 ` Linus Torvalds
0 siblings, 1 reply; 7+ messages in thread
From: David Howells @ 2020-12-14 10:03 UTC (permalink / raw)
To: torvalds
Cc: dhowells, Jarkko Sakkinen, Alexander A. Klimov,
Gustavo A. R. Silva, Alex Shi, Ben Boeckel, Denis Efremov,
Gabriel Krisman Bertazi, Jann Horn, Krzysztof Kozlowski,
Mickaël Salaün, Mimi Zohar, Randy Dunlap,
Tianjia Zhang, Tom Rix, YueHaibing, keyrings, linux-crypto,
linux-kernel, linux-security-module
Hi Linus,
Here's a set of minor fixes/cleanups that I've collected from various
people for the next merge window.
A couple of them might, in theory, be visible to userspace:
(*) Make blacklist_vet_description() reject uppercase letters as they
don't match the all-lowercase hex string generated for a blacklist
search.
This may want reconsideration in the future, but, currently, you can't
add to the blacklist keyring from userspace and the only source of
blacklist keys generates lowercase descriptions.
(*) Fix blacklist_init() to use a new KEY_ALLOC_* flag to indicate that it
wants KEY_FLAG_KEEP to be set rather than passing KEY_FLAG_KEEP into
keyring_alloc() as KEY_FLAG_KEEP isn't a valid alloc flag.
This isn't currently a problem as the blacklist keyring isn't
currently writable by userspace.
The rest of the patches are cleanups and I don't think they should have any
visible effect.
David
---
The following changes since commit 85a2c56cb4454c73f56d3099d96942e7919b292f:
Merge tag 'pm-5.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm (2020-11-26 11:17:37 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20201214
for you to fetch changes up to 1b91ea77dfeb2c5924ab940f2e43177c78a37d8f:
certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID (2020-12-10 09:24:43 +0000)
----------------------------------------------------------------
Keys fixes
----------------------------------------------------------------
Alex Shi (2):
PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one
certs/blacklist: fix kernel doc interface issue
Alexander A. Klimov (1):
encrypted-keys: Replace HTTP links with HTTPS ones
David Howells (1):
certs: Fix blacklist flag type confusion
Denis Efremov (1):
security/keys: use kvfree_sensitive()
Gabriel Krisman Bertazi (1):
watch_queue: Drop references to /dev/watch_queue
Gustavo A. R. Silva (1):
security: keys: Fix fall-through warnings for Clang
Jann Horn (1):
keys: Remove outdated __user annotations
Krzysztof Kozlowski (1):
KEYS: asymmetric: Fix kerneldoc
Mickaël Salaün (3):
certs: Fix blacklisted hexadecimal hash string check
PKCS#7: Fix missing include
certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID
Randy Dunlap (2):
security: keys: delete repeated words in comments
crypto: asymmetric_keys: fix some comments in pkcs7_parser.h
Tianjia Zhang (1):
crypto: public_key: Remove redundant header file from public_key.h
Tom Rix (2):
KEYS: remove redundant memset
keys: remove trailing semicolon in macro definition
YueHaibing (1):
crypto: pkcs7: Use match_string() helper to simplify the code
Documentation/security/keys/core.rst | 4 ++--
certs/blacklist.c | 10 +++++-----
certs/system_keyring.c | 5 +++--
crypto/asymmetric_keys/asymmetric_type.c | 6 ++++--
crypto/asymmetric_keys/pkcs7_parser.h | 5 ++---
crypto/asymmetric_keys/pkcs7_trust.c | 2 +-
crypto/asymmetric_keys/pkcs7_verify.c | 9 ++++-----
include/crypto/public_key.h | 1 -
include/keys/encrypted-type.h | 2 +-
include/linux/key.h | 5 +++--
include/linux/verification.h | 2 ++
samples/Kconfig | 2 +-
samples/watch_queue/watch_test.c | 2 +-
security/integrity/ima/ima_mok.c | 3 +--
security/keys/Kconfig | 8 ++++----
security/keys/big_key.c | 9 +++------
security/keys/key.c | 2 ++
security/keys/keyctl.c | 2 +-
security/keys/keyctl_pkey.c | 2 --
security/keys/keyring.c | 10 +++++-----
security/keys/process_keys.c | 1 +
21 files changed, 46 insertions(+), 46 deletions(-)
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [GIT PULL] keys: Collected minor fixes and cleanups
2020-12-14 10:03 [GIT PULL] keys: Collected minor fixes and cleanups David Howells
@ 2020-12-14 20:49 ` Linus Torvalds
2020-12-14 21:05 ` Linus Torvalds
2020-12-15 4:57 ` Jarkko Sakkinen
0 siblings, 2 replies; 7+ messages in thread
From: Linus Torvalds @ 2020-12-14 20:49 UTC (permalink / raw)
To: David Howells
Cc: Jarkko Sakkinen, Alexander A. Klimov, Gustavo A. R. Silva,
Alex Shi, Ben Boeckel, Denis Efremov, Gabriel Krisman Bertazi,
Jann Horn, Krzysztof Kozlowski, Mickaël Salaün,
Mimi Zohar, Randy Dunlap, Tianjia Zhang, Tom Rix, YueHaibing,
keyrings, Linux Crypto Mailing List, Linux Kernel Mailing List,
LSM List
On Mon, Dec 14, 2020 at 2:04 AM David Howells <dhowells@redhat.com> wrote:
>
> Here's a set of minor fixes/cleanups that I've collected from various
> people for the next merge window.
This doesn't even build.
And no, that's not because of some merge error on my part. Just to
verify, I tried to build the head of what you sent me (commit
1b91ea77dfeb: "certs: Replace K{U,G}IDT_INIT() with
GLOBAL_ROOT_{U,G}ID") and it fails the same way.
In file included from ./include/linux/cred.h:13,
from security/integrity/ima/ima_mok.c:12:
security/integrity/ima/ima_mok.c: In function ‘ima_mok_init’:
./include/linux/key.h:292:29: warning: passing argument 7 of
‘keyring_alloc’ makes pointer from integer without a cast
[-Wint-conversion]
.. ten more lines of warnings..
security/integrity/ima/ima_mok.c:36:26: error: too many arguments to
function ‘keyring_alloc’
36 | ima_blacklist_keyring = keyring_alloc(".ima_blacklist",
| ^~~~~~~~~~~~~
so these "fixes" have clearly had absolutely zero testing, haven't
been in linux-next, and are completely broken.
The bug was introduced by commit 33c36b2053de ("certs: Fix blacklist
flag type confusion"), which changed the IMA code without actually
testing it.
I suspect the fix is trivial (change the "," to "|"), but I will not
be pulling this - or anything else that hasn't been in linux-next -
from you this merge window.
The pain just isn't worth it, but more importantly, you simply need to
get your workflow in order, and not send me completely untested
garbage that hasn't even been compiled.
Linus
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [GIT PULL] keys: Collected minor fixes and cleanups
2020-12-14 20:49 ` Linus Torvalds
@ 2020-12-14 21:05 ` Linus Torvalds
2020-12-14 21:40 ` Stephen Rothwell
2020-12-15 4:57 ` Jarkko Sakkinen
1 sibling, 1 reply; 7+ messages in thread
From: Linus Torvalds @ 2020-12-14 21:05 UTC (permalink / raw)
To: David Howells, Stephen Rothwell
Cc: Jarkko Sakkinen, Alexander A. Klimov, Gustavo A. R. Silva,
Alex Shi, Ben Boeckel, Denis Efremov, Gabriel Krisman Bertazi,
Jann Horn, Krzysztof Kozlowski, Mickaël Salaün,
Mimi Zohar, Randy Dunlap, Tianjia Zhang, Tom Rix, YueHaibing,
keyrings, Linux Crypto Mailing List, Linux Kernel Mailing List,
LSM List
On Mon, Dec 14, 2020 at 12:49 PM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> I suspect the fix is trivial (change the "," to "|"), but I will not
> be pulling this - or anything else that hasn't been in linux-next -
> from you this merge window.
It looks like Stephen Rothwell saw it in next yesterday, and fixed it
up there in his merge.
So somebody was aware of the problem. But unlike Stephen, I don't take
broken code and just silently fix it up in the merge.
I suspect Stephen might have thought it was a merge conflict fix,
rather than just a broken branch.
Stephen: that makes linux-next test coverage kind of pointless, if you
just fix bugs in the branches you merge. You should reject things more
aggressively, rather than make them "pass" in Linux-next.
Linus
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [GIT PULL] keys: Collected minor fixes and cleanups
2020-12-14 21:05 ` Linus Torvalds
@ 2020-12-14 21:40 ` Stephen Rothwell
0 siblings, 0 replies; 7+ messages in thread
From: Stephen Rothwell @ 2020-12-14 21:40 UTC (permalink / raw)
To: Linus Torvalds
Cc: David Howells, Jarkko Sakkinen, Alexander A. Klimov,
Gustavo A. R. Silva, Alex Shi, Ben Boeckel, Denis Efremov,
Gabriel Krisman Bertazi, Jann Horn, Krzysztof Kozlowski,
Mickaël Salaün, Mimi Zohar, Randy Dunlap,
Tianjia Zhang, Tom Rix, YueHaibing, keyrings,
Linux Crypto Mailing List, Linux Kernel Mailing List, LSM List
[-- Attachment #1: Type: text/plain, Size: 1264 bytes --]
Hi Linus,
On Mon, 14 Dec 2020 13:05:51 -0800 Linus Torvalds <torvalds@linux-foundation.org> wrote:
>
> On Mon, Dec 14, 2020 at 12:49 PM Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
> >
> > I suspect the fix is trivial (change the "," to "|"), but I will not
> > be pulling this - or anything else that hasn't been in linux-next -
> > from you this merge window.
>
> It looks like Stephen Rothwell saw it in next yesterday, and fixed it
> up there in his merge.
>
> So somebody was aware of the problem. But unlike Stephen, I don't take
> broken code and just silently fix it up in the merge.
>
> I suspect Stephen might have thought it was a merge conflict fix,
> rather than just a broken branch.
>
> Stephen: that makes linux-next test coverage kind of pointless, if you
> just fix bugs in the branches you merge. You should reject things more
> aggressively, rather than make them "pass" in Linux-next.
I also reported it last Friday
(https://lore.kernel.org/lkml/20201211155031.0e35abf2@canb.auug.org.au/)
and so assumed it would be fixed before being sent to you ... I
sometimes fix simple things up but mostly reject them - clearly that
would not have made a difference here.
--
Cheers,
Stephen Rothwell
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [GIT PULL] keys: Collected minor fixes and cleanups
2020-12-14 20:49 ` Linus Torvalds
2020-12-14 21:05 ` Linus Torvalds
@ 2020-12-15 4:57 ` Jarkko Sakkinen
1 sibling, 0 replies; 7+ messages in thread
From: Jarkko Sakkinen @ 2020-12-15 4:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: David Howells, Alexander A. Klimov, Gustavo A. R. Silva,
Alex Shi, Ben Boeckel, Denis Efremov, Gabriel Krisman Bertazi,
Jann Horn, Krzysztof Kozlowski, Mickaël Salaün,
Mimi Zohar, Randy Dunlap, Tianjia Zhang, Tom Rix, YueHaibing,
keyrings, Linux Crypto Mailing List, Linux Kernel Mailing List,
LSM List
On Mon, Dec 14, 2020 at 12:49:27PM -0800, Linus Torvalds wrote:
> The pain just isn't worth it, but more importantly, you simply need to
> get your workflow in order, and not send me completely untested
> garbage that hasn't even been compiled.
I have now more bandwidth. It was mostly eaten by SGX, especially last
few months. Starting from next week, I'll start proactively test keyring
changes (I'm this week on vacation).
I've been thinking that maybe a two-folded approach would make sense for
keyring:
1. I would pick fixes to my linux-tpmdd where they would get quickly
mirrored to linux-next. It's already taking changes for trusted
keys, i.e. not solely for TPM changes.
2. Feature changes would go through David's tree.
> Linus
/Jarkko
^ permalink raw reply [flat|nested] 7+ messages in thread
* [GIT PULL] keys: Collected minor fixes and cleanups
@ 2021-02-10 14:59 David Howells
2021-02-24 0:32 ` pr-tracker-bot
0 siblings, 1 reply; 7+ messages in thread
From: David Howells @ 2021-02-10 14:59 UTC (permalink / raw)
To: torvalds
Cc: dhowells, Jarkko Sakkinen, Alexander A. Klimov,
Gustavo A. R. Silva, Alex Shi, Ben Boeckel, Denis Efremov,
Gabriel Krisman Bertazi, Jann Horn, Krzysztof Kozlowski,
Mickaël Salaün, Mimi Zohar, Randy Dunlap,
Tianjia Zhang, Tom Rix, YueHaibing, keyrings, linux-crypto,
linux-kernel, linux-security-module
Hi Linus,
Here's a set of minor keyrings fixes/cleanups that I've collected from
various people for the upcoming merge window.
A couple of them might, in theory, be visible to userspace:
(*) Make blacklist_vet_description() reject uppercase letters as they
don't match the all-lowercase hex string generated for a blacklist
search.
This may want reconsideration in the future, but, currently, you can't
add to the blacklist keyring from userspace and the only source of
blacklist keys generates lowercase descriptions.
(*) Fix blacklist_init() to use a new KEY_ALLOC_* flag to indicate that it
wants KEY_FLAG_KEEP to be set rather than passing KEY_FLAG_KEEP into
keyring_alloc() as KEY_FLAG_KEEP isn't a valid alloc flag.
This isn't currently a problem as the blacklist keyring isn't
currently writable by userspace.
The rest of the patches are cleanups and I don't think they should have any
visible effect.
I've fixed the compilation error, added another patch and rebased to
v5.11-rc4 since the last request.
David
---
The following changes since commit 19c329f6808995b142b3966301f217c831e7cf31:
Linux 5.11-rc4 (2021-01-17 16:37:05 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-misc-20210126
for you to fetch changes up to 8f0bfc25c907f38e7f9dc498e8f43000d77327ef:
watch_queue: rectify kernel-doc for init_watch() (2021-01-26 11:16:34 +0000)
----------------------------------------------------------------
Keyrings miscellany
----------------------------------------------------------------
Alex Shi (2):
PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one
certs/blacklist: fix kernel doc interface issue
Alexander A. Klimov (1):
encrypted-keys: Replace HTTP links with HTTPS ones
David Howells (1):
certs: Fix blacklist flag type confusion
Denis Efremov (1):
security/keys: use kvfree_sensitive()
Gabriel Krisman Bertazi (1):
watch_queue: Drop references to /dev/watch_queue
Gustavo A. R. Silva (1):
security: keys: Fix fall-through warnings for Clang
Jann Horn (1):
keys: Remove outdated __user annotations
Krzysztof Kozlowski (1):
KEYS: asymmetric: Fix kerneldoc
Lukas Bulwahn (1):
watch_queue: rectify kernel-doc for init_watch()
Mickaël Salaün (3):
certs: Fix blacklisted hexadecimal hash string check
PKCS#7: Fix missing include
certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID
Randy Dunlap (2):
security: keys: delete repeated words in comments
crypto: asymmetric_keys: fix some comments in pkcs7_parser.h
Tianjia Zhang (1):
crypto: public_key: Remove redundant header file from public_key.h
Tom Rix (2):
KEYS: remove redundant memset
keys: remove trailing semicolon in macro definition
YueHaibing (1):
crypto: pkcs7: Use match_string() helper to simplify the code
Documentation/security/keys/core.rst | 4 ++--
certs/blacklist.c | 10 +++++-----
certs/system_keyring.c | 5 +++--
crypto/asymmetric_keys/asymmetric_type.c | 6 ++++--
crypto/asymmetric_keys/pkcs7_parser.h | 5 ++---
crypto/asymmetric_keys/pkcs7_trust.c | 2 +-
crypto/asymmetric_keys/pkcs7_verify.c | 9 ++++-----
include/crypto/public_key.h | 1 -
include/keys/encrypted-type.h | 2 +-
include/linux/key.h | 5 +++--
include/linux/verification.h | 2 ++
kernel/watch_queue.c | 2 +-
samples/Kconfig | 2 +-
samples/watch_queue/watch_test.c | 2 +-
security/integrity/ima/ima_mok.c | 5 ++---
security/keys/Kconfig | 8 ++++----
security/keys/big_key.c | 9 +++------
security/keys/key.c | 2 ++
security/keys/keyctl.c | 2 +-
security/keys/keyctl_pkey.c | 2 --
security/keys/keyring.c | 10 +++++-----
security/keys/process_keys.c | 1 +
22 files changed, 48 insertions(+), 48 deletions(-)
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [GIT PULL] keys: Collected minor fixes and cleanups
2021-02-10 14:59 David Howells
@ 2021-02-24 0:32 ` pr-tracker-bot
0 siblings, 0 replies; 7+ messages in thread
From: pr-tracker-bot @ 2021-02-24 0:32 UTC (permalink / raw)
To: David Howells
Cc: torvalds, dhowells, Jarkko Sakkinen, Alexander A. Klimov,
Gustavo A. R. Silva, Alex Shi, Ben Boeckel, Denis Efremov,
Gabriel Krisman Bertazi, Jann Horn, Krzysztof Kozlowski,
Mickaël Salaün, Mimi Zohar, Randy Dunlap,
Tianjia Zhang, Tom Rix, YueHaibing, keyrings, linux-crypto,
linux-kernel, linux-security-module
The pull request you sent on Wed, 10 Feb 2021 14:59:34 +0000:
> git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-misc-20210126
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/c03c21ba6f4e95e406a1a7b4c34ef334b977c194
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-02-24 1:21 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-14 10:03 [GIT PULL] keys: Collected minor fixes and cleanups David Howells
2020-12-14 20:49 ` Linus Torvalds
2020-12-14 21:05 ` Linus Torvalds
2020-12-14 21:40 ` Stephen Rothwell
2020-12-15 4:57 ` Jarkko Sakkinen
2021-02-10 14:59 David Howells
2021-02-24 0:32 ` pr-tracker-bot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.