LKML Archive on lore.kernel.org
 help / color / Atom feed
From: David Howells <dhowells@redhat.com>
To: torvalds@linux-foundation.org
Cc: dhowells@redhat.com, "Jarkko Sakkinen" <jarkko@kernel.org>,
	"Alexander A. Klimov" <grandmaster@al2klimov.de>,
	"Gustavo A. R. Silva" <gustavoars@kernel.org>,
	"Alex Shi" <alex.shi@linux.alibaba.com>,
	"Ben Boeckel" <mathstuf@gmail.com>,
	"Denis Efremov" <efremov@linux.com>,
	"Gabriel Krisman Bertazi" <krisman@collabora.com>,
	"Jann Horn" <jannh@google.com>,
	"Krzysztof Kozlowski" <krzk@kernel.org>,
	"Mickaël Salaün" <mic@linux.microsoft.com>,
	"Mimi Zohar" <zohar@linux.vnet.ibm.com>,
	"Randy Dunlap" <rdunlap@infradead.org>,
	"Tianjia Zhang" <tianjia.zhang@linux.alibaba.com>,
	"Tom Rix" <trix@redhat.com>, YueHaibing <yuehaibing@huawei.com>,
	keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org
Subject: [GIT PULL] keys: Collected minor fixes and cleanups
Date: Mon, 14 Dec 2020 10:03:06 +0000
Message-ID: <2659836.1607940186@warthog.procyon.org.uk> (raw)


Hi Linus,

Here's a set of minor fixes/cleanups that I've collected from various
people for the next merge window.

A couple of them might, in theory, be visible to userspace:

 (*) Make blacklist_vet_description() reject uppercase letters as they
     don't match the all-lowercase hex string generated for a blacklist
     search.

     This may want reconsideration in the future, but, currently, you can't
     add to the blacklist keyring from userspace and the only source of
     blacklist keys generates lowercase descriptions.

 (*) Fix blacklist_init() to use a new KEY_ALLOC_* flag to indicate that it
     wants KEY_FLAG_KEEP to be set rather than passing KEY_FLAG_KEEP into
     keyring_alloc() as KEY_FLAG_KEEP isn't a valid alloc flag.

     This isn't currently a problem as the blacklist keyring isn't
     currently writable by userspace.

The rest of the patches are cleanups and I don't think they should have any
visible effect.

David
---
The following changes since commit 85a2c56cb4454c73f56d3099d96942e7919b292f:

  Merge tag 'pm-5.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm (2020-11-26 11:17:37 -0800)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git tags/keys-fixes-20201214

for you to fetch changes up to 1b91ea77dfeb2c5924ab940f2e43177c78a37d8f:

  certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID (2020-12-10 09:24:43 +0000)

----------------------------------------------------------------
Keys fixes

----------------------------------------------------------------
Alex Shi (2):
      PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one
      certs/blacklist: fix kernel doc interface issue

Alexander A. Klimov (1):
      encrypted-keys: Replace HTTP links with HTTPS ones

David Howells (1):
      certs: Fix blacklist flag type confusion

Denis Efremov (1):
      security/keys: use kvfree_sensitive()

Gabriel Krisman Bertazi (1):
      watch_queue: Drop references to /dev/watch_queue

Gustavo A. R. Silva (1):
      security: keys: Fix fall-through warnings for Clang

Jann Horn (1):
      keys: Remove outdated __user annotations

Krzysztof Kozlowski (1):
      KEYS: asymmetric: Fix kerneldoc

Mickaël Salaün (3):
      certs: Fix blacklisted hexadecimal hash string check
      PKCS#7: Fix missing include
      certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID

Randy Dunlap (2):
      security: keys: delete repeated words in comments
      crypto: asymmetric_keys: fix some comments in pkcs7_parser.h

Tianjia Zhang (1):
      crypto: public_key: Remove redundant header file from public_key.h

Tom Rix (2):
      KEYS: remove redundant memset
      keys: remove trailing semicolon in macro definition

YueHaibing (1):
      crypto: pkcs7: Use match_string() helper to simplify the code

 Documentation/security/keys/core.rst     |  4 ++--
 certs/blacklist.c                        | 10 +++++-----
 certs/system_keyring.c                   |  5 +++--
 crypto/asymmetric_keys/asymmetric_type.c |  6 ++++--
 crypto/asymmetric_keys/pkcs7_parser.h    |  5 ++---
 crypto/asymmetric_keys/pkcs7_trust.c     |  2 +-
 crypto/asymmetric_keys/pkcs7_verify.c    |  9 ++++-----
 include/crypto/public_key.h              |  1 -
 include/keys/encrypted-type.h            |  2 +-
 include/linux/key.h                      |  5 +++--
 include/linux/verification.h             |  2 ++
 samples/Kconfig                          |  2 +-
 samples/watch_queue/watch_test.c         |  2 +-
 security/integrity/ima/ima_mok.c         |  3 +--
 security/keys/Kconfig                    |  8 ++++----
 security/keys/big_key.c                  |  9 +++------
 security/keys/key.c                      |  2 ++
 security/keys/keyctl.c                   |  2 +-
 security/keys/keyctl_pkey.c              |  2 --
 security/keys/keyring.c                  | 10 +++++-----
 security/keys/process_keys.c             |  1 +
 21 files changed, 46 insertions(+), 46 deletions(-)


             reply index

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-14 10:03 David Howells [this message]
2020-12-14 20:49 ` Linus Torvalds
2020-12-14 21:05   ` Linus Torvalds
2020-12-14 21:40     ` Stephen Rothwell
2020-12-15  4:57   ` Jarkko Sakkinen
2021-02-10 14:59 David Howells
2021-02-24  0:32 ` pr-tracker-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2659836.1607940186@warthog.procyon.org.uk \
    --to=dhowells@redhat.com \
    --cc=alex.shi@linux.alibaba.com \
    --cc=efremov@linux.com \
    --cc=grandmaster@al2klimov.de \
    --cc=gustavoars@kernel.org \
    --cc=jannh@google.com \
    --cc=jarkko@kernel.org \
    --cc=keyrings@vger.kernel.org \
    --cc=krisman@collabora.com \
    --cc=krzk@kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mathstuf@gmail.com \
    --cc=mic@linux.microsoft.com \
    --cc=rdunlap@infradead.org \
    --cc=tianjia.zhang@linux.alibaba.com \
    --cc=torvalds@linux-foundation.org \
    --cc=trix@redhat.com \
    --cc=yuehaibing@huawei.com \
    --cc=zohar@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

LKML Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
	git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
	git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
	git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
	git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
	git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
	git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
	git clone --mirror https://lore.kernel.org/lkml/7 lkml/git/7.git
	git clone --mirror https://lore.kernel.org/lkml/8 lkml/git/8.git
	git clone --mirror https://lore.kernel.org/lkml/9 lkml/git/9.git
	git clone --mirror https://lore.kernel.org/lkml/10 lkml/git/10.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
		linux-kernel@vger.kernel.org
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git