| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190730123042.1f17cdd4@canb.auug.org.au>
Date: Tue, 30 Jul 2019 12:30:42 +1000
From: Stephen Rothwell <sfr@...b.auug.org.au>
To: David Howells <dhowells@...hat.com>,
Eric Biggers <ebiggers@...nel.org>,
"Theodore Y. Ts'o" <tytso@....edu>
Cc: Linux Next Mailing List <linux-next@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: linux-next: build warnings after merge of the keys tree
Hi all,
After merging the keys tree, today's linux-next build (x86_64
allmodconfig) produced these warnings:
In file included from include/linux/keyctl.h:11,
from include/linux/key.h:35,
from include/linux/cred.h:13,
from fs/verity/signature.c:10:
fs/verity/signature.c: In function 'fsverity_init_signature':
include/uapi/linux/keyctl.h:52:24: warning: passing argument 5 of 'keyring_alloc' makes pointer from integer without a cast [-Wint-conversion]
#define KEY_POS_SEARCH 0x08000000 /* possessor can find a key in search / search a keyring */
^
fs/verity/signature.c:140:25: note: in expansion of macro 'KEY_POS_SEARCH'
current_cred(), KEY_POS_SEARCH |
^~~~~~~~~~~~~~
In file included from include/linux/cred.h:13,
from fs/verity/signature.c:10:
include/linux/key.h:386:20: note: expected 'struct key_acl *' but argument is of type 'int'
extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
^~~~~~~~~~~~~
Caused by commit
f802f2b3a991 ("keys: Replace uid/gid/perm permissions checking with an ACL")
interacting with commit
318ce3c7b2ff ("fs-verity: support builtin file signatures")
from the fsverity tree.
(Have I mentioned that I have API changes? ;-))
I have applied the following merge fix patch:
From: Stephen Rothwell <sfr@...b.auug.org.au>
Date: Tue, 30 Jul 2019 12:13:38 +1000
Subject: [PATCH] fsverity: merge fix for keyring_alloc API change
Signed-off-by: Stephen Rothwell <sfr@...b.auug.org.au>
---
fs/verity/signature.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/fs/verity/signature.c b/fs/verity/signature.c
index c8b255232de5..a7aac30c56ae 100644
--- a/fs/verity/signature.c
+++ b/fs/verity/signature.c
@@ -131,15 +131,26 @@ static inline int __init fsverity_sysctl_init(void)
}
#endif /* !CONFIG_SYSCTL */
+static struct key_acl fsverity_acl = {
+ .usage = REFCOUNT_INIT(1),
+ .possessor_viewable = true,
+ .nr_ace = 2,
+ .aces = {
+ KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_JOIN |
+ KEY_ACE_INVAL),
+ KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_WRITE |
+ KEY_ACE_CLEAR | KEY_ACE_SEARCH |
+ KEY_ACE_SET_SECURITY | KEY_ACE_REVOKE),
+ }
+};
+
int __init fsverity_init_signature(void)
{
struct key *ring;
int err;
ring = keyring_alloc(".fs-verity", KUIDT_INIT(0), KGIDT_INIT(0),
- current_cred(), KEY_POS_SEARCH |
- KEY_USR_VIEW | KEY_USR_READ | KEY_USR_WRITE |
- KEY_USR_SEARCH | KEY_USR_SETATTR,
+ current_cred(), &fsverity_acl,
KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
if (IS_ERR(ring))
return PTR_ERR(ring);
--
2.20.1
--
Cheers,
Stephen Rothwell
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists