From: kernel test robot <lkp@intel.com>
To: Eric Snowberg <eric.snowberg@oracle.com>,
dhowells@redhat.com, dwmw2@infradead.org, jarkko@kernel.org,
zohar@linux.ibm.com, linux-integrity@vger.kernel.org
Cc: kbuild-all@lists.01.org, herbert@gondor.apana.org.au,
davem@davemloft.net, dmitry.kasatkin@gmail.com,
jmorris@namei.org, serge@hallyn.com, roberto.sassu@huawei.com,
nramas@linux.microsoft.com, eric.snowberg@oracle.com,
pvorel@suse.cz, tiwai@suse.de, keyrings@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH 5/7] KEYS: Introduce sig restriction that validates root of trust
Date: Thu, 7 Apr 2022 03:55:00 +0800 [thread overview]
Message-ID: <202204070321.X7bLj3Ce-lkp@intel.com> (raw)
In-Reply-To: <20220406015337.4000739-6-eric.snowberg@oracle.com>
Hi Eric,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on 3123109284176b1532874591f7c81f3837bbdc17]
url: https://github.com/intel-lab-lkp/linux/commits/Eric-Snowberg/Add-CA-enforcement-keyring-restrictions/20220407-003209
base: 3123109284176b1532874591f7c81f3837bbdc17
config: riscv-randconfig-r042-20220406 (https://download.01.org/0day-ci/archive/20220407/202204070321.X7bLj3Ce-lkp@intel.com/config)
compiler: riscv64-linux-gcc (GCC) 11.2.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/intel-lab-lkp/linux/commit/68d98a175d29032d888f3f5700c43cf771ef17d8
git remote add linux-review https://github.com/intel-lab-lkp/linux
git fetch --no-tags linux-review Eric-Snowberg/Add-CA-enforcement-keyring-restrictions/20220407-003209
git checkout 68d98a175d29032d888f3f5700c43cf771ef17d8
# save the config file to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-11.2.0 make.cross O=build_dir ARCH=riscv SHELL=/bin/bash crypto/asymmetric_keys/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
>> crypto/asymmetric_keys/restrict.c:111:5: warning: no previous prototype for 'restrict_link_by_rot_and_signature' [-Wmissing-prototypes]
111 | int restrict_link_by_rot_and_signature(struct key *dest_keyring,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
vim +/restrict_link_by_rot_and_signature +111 crypto/asymmetric_keys/restrict.c
110
> 111 int restrict_link_by_rot_and_signature(struct key *dest_keyring,
112 const struct key_type *type,
113 const union key_payload *payload,
114 struct key *trust_keyring)
115 {
116 const struct public_key_signature *sig;
117 struct key *key;
118 int ret;
119
120 if (!trust_keyring)
121 return -ENOKEY;
122
123 if (type != &key_type_asymmetric)
124 return -EOPNOTSUPP;
125
126 sig = payload->data[asym_auth];
127 if (!sig)
128 return -ENOPKG;
129 if (!sig->auth_ids[0] && !sig->auth_ids[1] && !sig->auth_ids[2])
130 return -ENOKEY;
131
132 if (ca_keyid && !asymmetric_key_id_partial(sig->auth_ids[1], ca_keyid))
133 return -EPERM;
134
135 /* See if we have a key that signed this one. */
136 key = find_asymmetric_key(trust_keyring,
137 sig->auth_ids[0], sig->auth_ids[1],
138 sig->auth_ids[2], false);
139 if (IS_ERR(key))
140 return -ENOKEY;
141
142 if (!test_bit(KEY_FLAG_BUILTIN_ROT, &key->flags))
143 ret = -ENOKEY;
144 else if (use_builtin_keys && !test_bit(KEY_FLAG_BUILTIN, &key->flags))
145 ret = -ENOKEY;
146 else
147 ret = verify_signature(key, sig);
148 key_put(key);
149 return ret;
150 }
151
--
0-DAY CI Kernel Test Service
https://01.org/lkp
next prev parent reply other threads:[~2022-04-06 21:12 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-06 1:53 [PATCH 0/7] Add CA enforcement keyring restrictions Eric Snowberg
2022-04-06 1:53 ` [PATCH 1/7] KEYS: Create static version of public_key_verify_signature Eric Snowberg
2022-04-06 1:53 ` [PATCH 2/7] KEYS: X.509: Parse Basic Constraints for CA Eric Snowberg
2022-04-08 14:39 ` Mimi Zohar
2022-04-08 15:31 ` Eric Snowberg
2022-04-06 1:53 ` [PATCH 3/7] KEYS: X.509: Parse Key Usage Eric Snowberg
2022-04-08 14:39 ` Mimi Zohar
2022-04-06 1:53 ` [PATCH 4/7] KEYS: Introduce a builtin root of trust key flag Eric Snowberg
2022-04-08 14:40 ` Mimi Zohar
2022-04-08 15:27 ` Eric Snowberg
2022-04-08 16:55 ` Mimi Zohar
2022-04-08 17:34 ` Eric Snowberg
2022-04-08 18:49 ` Mimi Zohar
2022-04-08 21:59 ` Eric Snowberg
2022-04-11 15:30 ` Mimi Zohar
2022-04-14 16:36 ` Eric Snowberg
2022-04-14 18:09 ` Mimi Zohar
2022-04-14 21:59 ` Eric Snowberg
2022-04-15 16:14 ` Mimi Zohar
2022-04-06 1:53 ` [PATCH 5/7] KEYS: Introduce sig restriction that validates root of trust Eric Snowberg
2022-04-06 19:55 ` kernel test robot [this message]
2022-04-06 1:53 ` [PATCH 6/7] KEYS: X.509: Flag Intermediate CA certs as built in Eric Snowberg
2022-04-07 1:04 ` kernel test robot
2022-04-06 1:53 ` [PATCH 7/7] integrity: Use root of trust signature restriction Eric Snowberg
2022-04-06 20:45 ` [PATCH 0/7] Add CA enforcement keyring restrictions Mimi Zohar
2022-04-06 22:53 ` Eric Snowberg
2022-04-08 14:41 ` Mimi Zohar
2022-11-04 13:20 ` Coiby Xu
2022-11-04 21:06 ` Eric Snowberg
2022-11-09 1:24 ` Elaine Palmer
2022-11-09 14:25 ` Eric Snowberg
2022-11-09 14:58 ` Elaine Palmer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202204070321.X7bLj3Ce-lkp@intel.com \
--to=lkp@intel.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=dwmw2@infradead.org \
--cc=eric.snowberg@oracle.com \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=jmorris@namei.org \
--cc=kbuild-all@lists.01.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nramas@linux.microsoft.com \
--cc=pvorel@suse.cz \
--cc=roberto.sassu@huawei.com \
--cc=serge@hallyn.com \
--cc=tiwai@suse.de \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).