From: Kairui Song <kasong@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: dhowells@redhat.com, dwmw2@infradead.org,
jwboyer@fedoraproject.org, keyrings@vger.kernel.org,
jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com,
bauerman@linux.ibm.com, ebiggers@google.com, nayna@linux.ibm.com,
dyoung@redhat.com, linux-integrity@vger.kernel.org,
kexec@lists.infradead.org, Kairui Song <kasong@redhat.com>
Subject: [PATCH] integrity, KEYS: Fix build break with set_platform_trusted_keys
Date: Sun, 03 Feb 2019 15:59:27 +0000 [thread overview]
Message-ID: <20190203155927.24390-1-kasong@redhat.com> (raw)
Commit 15ebb2eb0705 ("integrity, KEYS: add a reference to platform
keyring") introduced a function set_platform_trusted_keys
and calls the function in __integrity_init_keyring.
It only checks if CONFIG_INTEGRITY_PLATFORM_KEYRING is enabled when
enabling this function, but actually this function also depends on
CONFIG_SYSTEM_TRUSTED_KEYRING.
So when built with CONFIG_INTEGRITY_PLATFORM_KEYRING &&
!CONFIG_SYSTEM_TRUSTED_KEYRING. we will get following error:
digsig.c:92: undefined reference to `set_platform_trusted_keys'
And it also mistakenly wrapped the function code in the ifdef block of
CONFIG_SYSTEM_DATA_VERIFICATION.
This commit fixes the issue by adding the missing check of
CONFIG_SYSTEM_TRUSTED_KEYRING and move the function code out of
CONFIG_SYSTEM_DATA_VERIFICATION's ifdef block.
Fixes: 15ebb2eb0705 ("integrity, KEYS: add a reference to platform keyring")
Signed-off-by: Kairui Song <kasong@redhat.com>
---
certs/system_keyring.c | 4 ++--
include/keys/system_keyring.h | 9 +++------
2 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 19bd0504bbcb..c05c29ae4d5d 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -279,11 +279,11 @@ int verify_pkcs7_signature(const void *data, size_t len,
}
EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
+#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
+
#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
void __init set_platform_trusted_keys(struct key *keyring)
{
platform_trusted_keys = keyring;
}
#endif
-
-#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index c7f899ee974e..42a93eda331c 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -61,16 +61,13 @@ static inline struct key *get_ima_blacklist_keyring(void)
}
#endif /* CONFIG_IMA_BLACKLIST_KEYRING */
-#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
-
+#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
+ defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
extern void __init set_platform_trusted_keys(struct key *keyring);
-
#else
-
static inline void set_platform_trusted_keys(struct key *keyring)
{
}
-
-#endif /* CONFIG_INTEGRITY_PLATFORM_KEYRING */
+#endif
#endif /* _KEYS_SYSTEM_KEYRING_H */
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Kairui Song <kasong@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: dhowells@redhat.com, dwmw2@infradead.org,
jwboyer@fedoraproject.org, keyrings@vger.kernel.org,
jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com,
bauerman@linux.ibm.com, ebiggers@google.com, nayna@linux.ibm.com,
dyoung@redhat.com, linux-integrity@vger.kernel.org,
kexec@lists.infradead.org, Kairui Song <kasong@redhat.com>
Subject: [PATCH] integrity, KEYS: Fix build break with set_platform_trusted_keys
Date: Sun, 3 Feb 2019 23:59:27 +0800 [thread overview]
Message-ID: <20190203155927.24390-1-kasong@redhat.com> (raw)
Commit 15ebb2eb0705 ("integrity, KEYS: add a reference to platform
keyring") introduced a function set_platform_trusted_keys
and calls the function in __integrity_init_keyring.
It only checks if CONFIG_INTEGRITY_PLATFORM_KEYRING is enabled when
enabling this function, but actually this function also depends on
CONFIG_SYSTEM_TRUSTED_KEYRING.
So when built with CONFIG_INTEGRITY_PLATFORM_KEYRING &&
!CONFIG_SYSTEM_TRUSTED_KEYRING. we will get following error:
digsig.c:92: undefined reference to `set_platform_trusted_keys'
And it also mistakenly wrapped the function code in the ifdef block of
CONFIG_SYSTEM_DATA_VERIFICATION.
This commit fixes the issue by adding the missing check of
CONFIG_SYSTEM_TRUSTED_KEYRING and move the function code out of
CONFIG_SYSTEM_DATA_VERIFICATION's ifdef block.
Fixes: 15ebb2eb0705 ("integrity, KEYS: add a reference to platform keyring")
Signed-off-by: Kairui Song <kasong@redhat.com>
---
certs/system_keyring.c | 4 ++--
include/keys/system_keyring.h | 9 +++------
2 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 19bd0504bbcb..c05c29ae4d5d 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -279,11 +279,11 @@ int verify_pkcs7_signature(const void *data, size_t len,
}
EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
+#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
+
#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
void __init set_platform_trusted_keys(struct key *keyring)
{
platform_trusted_keys = keyring;
}
#endif
-
-#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index c7f899ee974e..42a93eda331c 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -61,16 +61,13 @@ static inline struct key *get_ima_blacklist_keyring(void)
}
#endif /* CONFIG_IMA_BLACKLIST_KEYRING */
-#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
-
+#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
+ defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
extern void __init set_platform_trusted_keys(struct key *keyring);
-
#else
-
static inline void set_platform_trusted_keys(struct key *keyring)
{
}
-
-#endif /* CONFIG_INTEGRITY_PLATFORM_KEYRING */
+#endif
#endif /* _KEYS_SYSTEM_KEYRING_H */
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: Kairui Song <kasong@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: jwboyer@fedoraproject.org, Kairui Song <kasong@redhat.com>,
ebiggers@google.com, dyoung@redhat.com, nayna@linux.ibm.com,
kexec@lists.infradead.org, jmorris@namei.org,
zohar@linux.ibm.com, dhowells@redhat.com,
keyrings@vger.kernel.org, linux-integrity@vger.kernel.org,
dwmw2@infradead.org, bauerman@linux.ibm.com, serge@hallyn.com
Subject: [PATCH] integrity, KEYS: Fix build break with set_platform_trusted_keys
Date: Sun, 3 Feb 2019 23:59:27 +0800 [thread overview]
Message-ID: <20190203155927.24390-1-kasong@redhat.com> (raw)
Commit 15ebb2eb0705 ("integrity, KEYS: add a reference to platform
keyring") introduced a function set_platform_trusted_keys
and calls the function in __integrity_init_keyring.
It only checks if CONFIG_INTEGRITY_PLATFORM_KEYRING is enabled when
enabling this function, but actually this function also depends on
CONFIG_SYSTEM_TRUSTED_KEYRING.
So when built with CONFIG_INTEGRITY_PLATFORM_KEYRING &&
!CONFIG_SYSTEM_TRUSTED_KEYRING. we will get following error:
digsig.c:92: undefined reference to `set_platform_trusted_keys'
And it also mistakenly wrapped the function code in the ifdef block of
CONFIG_SYSTEM_DATA_VERIFICATION.
This commit fixes the issue by adding the missing check of
CONFIG_SYSTEM_TRUSTED_KEYRING and move the function code out of
CONFIG_SYSTEM_DATA_VERIFICATION's ifdef block.
Fixes: 15ebb2eb0705 ("integrity, KEYS: add a reference to platform keyring")
Signed-off-by: Kairui Song <kasong@redhat.com>
---
certs/system_keyring.c | 4 ++--
include/keys/system_keyring.h | 9 +++------
2 files changed, 5 insertions(+), 8 deletions(-)
diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 19bd0504bbcb..c05c29ae4d5d 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -279,11 +279,11 @@ int verify_pkcs7_signature(const void *data, size_t len,
}
EXPORT_SYMBOL_GPL(verify_pkcs7_signature);
+#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
+
#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
void __init set_platform_trusted_keys(struct key *keyring)
{
platform_trusted_keys = keyring;
}
#endif
-
-#endif /* CONFIG_SYSTEM_DATA_VERIFICATION */
diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h
index c7f899ee974e..42a93eda331c 100644
--- a/include/keys/system_keyring.h
+++ b/include/keys/system_keyring.h
@@ -61,16 +61,13 @@ static inline struct key *get_ima_blacklist_keyring(void)
}
#endif /* CONFIG_IMA_BLACKLIST_KEYRING */
-#ifdef CONFIG_INTEGRITY_PLATFORM_KEYRING
-
+#if defined(CONFIG_INTEGRITY_PLATFORM_KEYRING) && \
+ defined(CONFIG_SYSTEM_TRUSTED_KEYRING)
extern void __init set_platform_trusted_keys(struct key *keyring);
-
#else
-
static inline void set_platform_trusted_keys(struct key *keyring)
{
}
-
-#endif /* CONFIG_INTEGRITY_PLATFORM_KEYRING */
+#endif
#endif /* _KEYS_SYSTEM_KEYRING_H */
--
2.20.1
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next reply other threads:[~2019-02-03 15:59 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-03 15:59 Kairui Song [this message]
2019-02-03 15:59 ` [PATCH] integrity, KEYS: Fix build break with set_platform_trusted_keys Kairui Song
2019-02-03 15:59 ` Kairui Song
2019-02-04 22:20 ` Mimi Zohar
2019-02-04 22:20 ` Mimi Zohar
2019-02-04 22:20 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190203155927.24390-1-kasong@redhat.com \
--to=kasong@redhat.com \
--cc=bauerman@linux.ibm.com \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=dyoung@redhat.com \
--cc=ebiggers@google.com \
--cc=jmorris@namei.org \
--cc=jwboyer@fedoraproject.org \
--cc=kexec@lists.infradead.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nayna@linux.ibm.com \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.