* [PATCH] IMA: allow/fix UML builds
@ 2023-02-24 3:27 Randy Dunlap
2023-03-13 0:15 ` Randy Dunlap
2023-03-14 18:28 ` Mimi Zohar
0 siblings, 2 replies; 4+ messages in thread
From: Randy Dunlap @ 2023-02-24 3:27 UTC (permalink / raw)
To: linux-kernel
Cc: Randy Dunlap, Mimi Zohar, Dmitry Kasatkin, linux-integrity,
Fabio Estevam, Rajiv Andrade, Richard Weinberger, Anton Ivanov,
Johannes Berg, linux-um
UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling
NO_IOMEM).
Current IMA build on UML fails on allmodconfig (with TCG_TPM=m):
ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry':
ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend'
ld: security/integrity/ima/ima_init.o: in function `ima_init':
ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip'
ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm':
ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read'
ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read'
Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM
is set, regardless of the UML Kconfig setting.
This updates TCG_TPM from =m to =y and fixes the linker errors.
Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: linux-integrity@vger.kernel.org
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-um@lists.infradead.org
---
security/integrity/ima/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff -- a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
--- a/security/integrity/ima/Kconfig
+++ b/security/integrity/ima/Kconfig
@@ -8,7 +8,7 @@ config IMA
select CRYPTO_HMAC
select CRYPTO_SHA1
select CRYPTO_HASH_INFO
- select TCG_TPM if HAS_IOMEM && !UML
+ select TCG_TPM if HAS_IOMEM
select TCG_TIS if TCG_TPM && X86
select TCG_CRB if TCG_TPM && ACPI
select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
_______________________________________________
linux-um mailing list
linux-um@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-um
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] IMA: allow/fix UML builds
2023-02-24 3:27 [PATCH] IMA: allow/fix UML builds Randy Dunlap
@ 2023-03-13 0:15 ` Randy Dunlap
2023-03-14 18:28 ` Mimi Zohar
1 sibling, 0 replies; 4+ messages in thread
From: Randy Dunlap @ 2023-03-13 0:15 UTC (permalink / raw)
To: linux-kernel
Cc: Mimi Zohar, Dmitry Kasatkin, linux-integrity, Fabio Estevam,
Rajiv Andrade, Richard Weinberger, Anton Ivanov, Johannes Berg,
linux-um
ping?
On 2/23/23 19:27, Randy Dunlap wrote:
> UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling
> NO_IOMEM).
>
> Current IMA build on UML fails on allmodconfig (with TCG_TPM=m):
>
> ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry':
> ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend'
> ld: security/integrity/ima/ima_init.o: in function `ima_init':
> ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip'
> ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm':
> ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read'
> ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read'
>
> Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM
> is set, regardless of the UML Kconfig setting.
> This updates TCG_TPM from =m to =y and fixes the linker errors.
>
> Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies")
> Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
> Cc: Mimi Zohar <zohar@linux.ibm.com>
> Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
> Cc: linux-integrity@vger.kernel.org
> Cc: Fabio Estevam <festevam@gmail.com>
> Cc: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
> Cc: Richard Weinberger <richard@nod.at>
> Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com>
> Cc: Johannes Berg <johannes@sipsolutions.net>
> Cc: linux-um@lists.infradead.org
> ---
> security/integrity/ima/Kconfig | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff -- a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
> --- a/security/integrity/ima/Kconfig
> +++ b/security/integrity/ima/Kconfig
> @@ -8,7 +8,7 @@ config IMA
> select CRYPTO_HMAC
> select CRYPTO_SHA1
> select CRYPTO_HASH_INFO
> - select TCG_TPM if HAS_IOMEM && !UML
> + select TCG_TPM if HAS_IOMEM
> select TCG_TIS if TCG_TPM && X86
> select TCG_CRB if TCG_TPM && ACPI
> select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
--
~Randy
_______________________________________________
linux-um mailing list
linux-um@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-um
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] IMA: allow/fix UML builds
2023-02-24 3:27 [PATCH] IMA: allow/fix UML builds Randy Dunlap
2023-03-13 0:15 ` Randy Dunlap
@ 2023-03-14 18:28 ` Mimi Zohar
2023-03-14 21:23 ` Randy Dunlap
1 sibling, 1 reply; 4+ messages in thread
From: Mimi Zohar @ 2023-03-14 18:28 UTC (permalink / raw)
To: Randy Dunlap, linux-kernel
Cc: Dmitry Kasatkin, linux-integrity, Fabio Estevam, Rajiv Andrade,
Richard Weinberger, Anton Ivanov, Johannes Berg, linux-um
On Thu, 2023-02-23 at 19:27 -0800, Randy Dunlap wrote:
> UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling
> NO_IOMEM).
>
> Current IMA build on UML fails on allmodconfig (with TCG_TPM=m):
>
> ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry':
> ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend'
> ld: security/integrity/ima/ima_init.o: in function `ima_init':
> ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip'
> ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm':
> ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read'
> ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read'
>
> Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM
> is set, regardless of the UML Kconfig setting.
> This updates TCG_TPM from =m to =y and fixes the linker errors.
>
> Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies")
> Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Indicating this resolves a commit which was upstreamed in linux-3.4,
while the fix for that commit 0bbadafdc49d ("um: allow disabling
NO_IOMEM") was upstreamed only in linux-5.14, leaves out an important
detail.
Is the proper way of indicating this disconnect by adding to the fixes
line the kernel?
Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies") # v5.14+
--
thanks,
Mimi
_______________________________________________
linux-um mailing list
linux-um@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-um
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] IMA: allow/fix UML builds
2023-03-14 18:28 ` Mimi Zohar
@ 2023-03-14 21:23 ` Randy Dunlap
0 siblings, 0 replies; 4+ messages in thread
From: Randy Dunlap @ 2023-03-14 21:23 UTC (permalink / raw)
To: Mimi Zohar, linux-kernel
Cc: Dmitry Kasatkin, linux-integrity, Fabio Estevam, Rajiv Andrade,
Richard Weinberger, Anton Ivanov, Johannes Berg, linux-um
On 3/14/23 11:28, Mimi Zohar wrote:
> On Thu, 2023-02-23 at 19:27 -0800, Randy Dunlap wrote:
>> UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling
>> NO_IOMEM).
>>
>> Current IMA build on UML fails on allmodconfig (with TCG_TPM=m):
>>
>> ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry':
>> ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend'
>> ld: security/integrity/ima/ima_init.o: in function `ima_init':
>> ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip'
>> ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm':
>> ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read'
>> ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read'
>>
>> Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM
>> is set, regardless of the UML Kconfig setting.
>> This updates TCG_TPM from =m to =y and fixes the linker errors.
>>
>> Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies")
>> Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
>
> Indicating this resolves a commit which was upstreamed in linux-3.4,
> while the fix for that commit 0bbadafdc49d ("um: allow disabling
> NO_IOMEM") was upstreamed only in linux-5.14, leaves out an important
> detail.
>
> Is the proper way of indicating this disconnect by adding to the fixes
> line the kernel?
> Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies") # v5.14+
Yes, that is acceptable AFAIK. Also
Cc: stable@vger.kernel.org
or AUTOSEL would probably take care of this as it is.
--
~Randy
_______________________________________________
linux-um mailing list
linux-um@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-um
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-03-14 21:23 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-02-24 3:27 [PATCH] IMA: allow/fix UML builds Randy Dunlap
2023-03-13 0:15 ` Randy Dunlap
2023-03-14 18:28 ` Mimi Zohar
2023-03-14 21:23 ` Randy Dunlap
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).