From patchwork Wed Dec 9 12:14:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020063 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18760C4361B for ; Wed, 9 Dec 2020 12:16:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C565623B81 for ; Wed, 9 Dec 2020 12:16:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730424AbgLIMQO (ORCPT ); Wed, 9 Dec 2020 07:16:14 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:48748 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728637AbgLIMQO (ORCPT ); Wed, 9 Dec 2020 07:16:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516087; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2LpJE5rOdV4hMtk26RhHDvVV+1Wfjn8DBqwcbIRmPfk=; b=aRj7iWhJZ9IScNVJ2UJ/dR7EUXdMxFmI2JcWXWbpRbtbXU6GJdu5ht5ijnWpLIPdaJv18l bVOseYnVAb2bWlrcKr0enI9j6Eo+BpxCVlPc5YQxLlBvXPkfTuDWhaZ2Gz5Ck+OeUfLR5K UsIysQYl373qapjD1RlG/JrP0OhEkvc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-23-hEOsSayFOHSUkrLNq_OsJw-1; Wed, 09 Dec 2020 07:14:42 -0500 X-MC-Unique: hEOsSayFOHSUkrLNq_OsJw-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C739A873155; Wed, 9 Dec 2020 12:14:37 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id AD6CF6E41C; Wed, 9 Dec 2020 12:14:36 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 01/18] security: keys: Fix fall-through warnings for Clang From: David Howells To: Jarkko Sakkinen Cc: "Gustavo A. R. Silva" , Jarkko Sakkinen , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:14:35 +0000 Message-ID: <160751607579.1238376.13809756676182520888.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Gustavo A. R. Silva In preparation to enable -Wimplicit-fallthrough for Clang, fix a warning by explicitly adding a break statement instead of letting the code fall through to the next case. Link: https://github.com/KSPP/linux/issues/115 Signed-off-by: Gustavo A. R. Silva Signed-off-by: David Howells Reviewed-by: Jarkko Sakkinen --- security/keys/process_keys.c | 1 + 1 file changed, 1 insertion(+) diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c index 1fe8b934f656..e3d79a7b6db6 100644 --- a/security/keys/process_keys.c +++ b/security/keys/process_keys.c @@ -783,6 +783,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, if (need_perm != KEY_AUTHTOKEN_OVERRIDE && need_perm != KEY_DEFER_PERM_CHECK) goto invalid_key; + break; case 0: break; } From patchwork Wed Dec 9 12:14:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020099 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8F01BC433FE for ; Wed, 9 Dec 2020 12:22:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6229F23BE5 for ; Wed, 9 Dec 2020 12:22:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731393AbgLIMVe (ORCPT ); Wed, 9 Dec 2020 07:21:34 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:44763 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731301AbgLIMQQ (ORCPT ); Wed, 9 Dec 2020 07:16:16 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516090; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=e1SC77/gmsTtCItAM3yMxTuezkHcxFKFW3rr38I5Qso=; b=Nbvr6RPX2gkgJhmR5D8NJEuyNuAVKtX1hfRAQC+MvcHbx8pKSbYO3sszKHAEAZF10rshxr ETD4pzIOVF/xOn1QjCcr36f+Iff2f93RFaRqUNtbO0IFa+bjnS4rAWz4JVD5R0dYyfmc3+ j9DSJd1DnO77zmYtBftmrtCosj9r2qo= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-469-1JMbnN0mMte__uUPI152Xw-1; Wed, 09 Dec 2020 07:14:46 -0500 X-MC-Unique: 1JMbnN0mMte__uUPI152Xw-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C097E190A7C2; Wed, 9 Dec 2020 12:14:44 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id CEAE06E41C; Wed, 9 Dec 2020 12:14:43 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 02/18] keys: Remove outdated __user annotations From: David Howells To: Jarkko Sakkinen Cc: Jann Horn , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:14:43 +0000 Message-ID: <160751608302.1238376.17507023175166742919.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Jann Horn When the semantics of the ->read() handlers were changed such that "buffer" is a kernel pointer, some __user annotations survived. Since they're wrong now, get rid of them. Fixes: d3ec10aa9581 ("KEYS: Don't write out to userspace while holding key semaphore") Signed-off-by: Jann Horn Signed-off-by: David Howells --- security/keys/keyring.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 14abfe765b7e..977066208387 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -452,7 +452,7 @@ static void keyring_describe(const struct key *keyring, struct seq_file *m) struct keyring_read_iterator_context { size_t buflen; size_t count; - key_serial_t __user *buffer; + key_serial_t *buffer; }; static int keyring_read_iterator(const void *object, void *data) @@ -479,7 +479,7 @@ static int keyring_read_iterator(const void *object, void *data) * times. */ static long keyring_read(const struct key *keyring, - char __user *buffer, size_t buflen) + char *buffer, size_t buflen) { struct keyring_read_iterator_context ctx; long ret; @@ -491,7 +491,7 @@ static long keyring_read(const struct key *keyring, /* Copy as many key IDs as fit into the buffer */ if (buffer && buflen) { - ctx.buffer = (key_serial_t __user *)buffer; + ctx.buffer = (key_serial_t *)buffer; ctx.buflen = buflen; ctx.count = 0; ret = assoc_array_iterate(&keyring->keys, From patchwork Wed Dec 9 12:14:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020067 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 99CD2C4167B for ; Wed, 9 Dec 2020 12:16:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 64BC523BAF for ; Wed, 9 Dec 2020 12:16:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730385AbgLIMQb (ORCPT ); Wed, 9 Dec 2020 07:16:31 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:26561 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731193AbgLIMQX (ORCPT ); Wed, 9 Dec 2020 07:16:23 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516097; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PpleZkV+ZWSa0z96CHloykgw95HcUmPRhkkWDfQcmC0=; b=h8s2A9IdCFoeUyniGpoY5PbaDHL5H2qaLcYU4BMUG93CGuGRddsLtvnutKzkFmlQR2Q0J7 FeYLHKDXbEzImzbgLnMe9M+VutOUNEubX62oUYhsllOuK2cpmvgaIKt5uRMzofWvScb4ch IK5ZdwegWz2wvM45UzncSvEyC1zPtMk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-99-x5YsyHI-Po6Gdjuv_u1CVg-1; Wed, 09 Dec 2020 07:14:53 -0500 X-MC-Unique: x5YsyHI-Po6Gdjuv_u1CVg-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C41B610054FF; Wed, 9 Dec 2020 12:14:51 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id BC8486E41C; Wed, 9 Dec 2020 12:14:50 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 03/18] watch_queue: Drop references to /dev/watch_queue From: David Howells To: Jarkko Sakkinen Cc: Gabriel Krisman Bertazi , Jarkko Sakkinen , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:14:50 +0000 Message-ID: <160751609000.1238376.15155902499805348989.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Gabriel Krisman Bertazi The merged API doesn't use a watch_queue device, but instead relies on pipes, so let the documentation reflect that. Fixes: f7e47677e39a ("watch_queue: Add a key/keyring notification facility") Signed-off-by: Gabriel Krisman Bertazi Signed-off-by: David Howells Acked-by: Jarkko Sakkinen --- Documentation/security/keys/core.rst | 4 ++-- samples/Kconfig | 2 +- samples/watch_queue/watch_test.c | 2 +- security/keys/Kconfig | 8 ++++---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Documentation/security/keys/core.rst b/Documentation/security/keys/core.rst index aa0081685ee1..b3ed5c581034 100644 --- a/Documentation/security/keys/core.rst +++ b/Documentation/security/keys/core.rst @@ -1040,8 +1040,8 @@ The keyctl syscall functions are: "key" is the ID of the key to be watched. - "queue_fd" is a file descriptor referring to an open "/dev/watch_queue" - which manages the buffer into which notifications will be delivered. + "queue_fd" is a file descriptor referring to an open pipe which + manages the buffer into which notifications will be delivered. "filter" is either NULL to remove a watch or a filter specification to indicate what events are required from the key. diff --git a/samples/Kconfig b/samples/Kconfig index 0ed6e4d71d87..e76cdfc50e25 100644 --- a/samples/Kconfig +++ b/samples/Kconfig @@ -210,7 +210,7 @@ config SAMPLE_WATCHDOG depends on CC_CAN_LINK config SAMPLE_WATCH_QUEUE - bool "Build example /dev/watch_queue notification consumer" + bool "Build example watch_queue notification API consumer" depends on CC_CAN_LINK && HEADERS_INSTALL help Build example userspace program to use the new mount_notify(), diff --git a/samples/watch_queue/watch_test.c b/samples/watch_queue/watch_test.c index 46e618a897fe..8c6cb57d5cfc 100644 --- a/samples/watch_queue/watch_test.c +++ b/samples/watch_queue/watch_test.c @@ -1,5 +1,5 @@ // SPDX-License-Identifier: GPL-2.0 -/* Use /dev/watch_queue to watch for notifications. +/* Use watch_queue API to watch for notifications. * * Copyright (C) 2020 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) diff --git a/security/keys/Kconfig b/security/keys/Kconfig index 83bc23409164..c161642a8484 100644 --- a/security/keys/Kconfig +++ b/security/keys/Kconfig @@ -119,7 +119,7 @@ config KEY_NOTIFICATIONS bool "Provide key/keyring change notifications" depends on KEYS && WATCH_QUEUE help - This option provides support for getting change notifications on keys - and keyrings on which the caller has View permission. This makes use - of the /dev/watch_queue misc device to handle the notification - buffer and provides KEYCTL_WATCH_KEY to enable/disable watches. + This option provides support for getting change notifications + on keys and keyrings on which the caller has View permission. + This makes use of pipes to handle the notification buffer and + provides KEYCTL_WATCH_KEY to enable/disable watches. From patchwork Wed Dec 9 12:14:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020097 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 802B1C433FE for ; Wed, 9 Dec 2020 12:21:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 50DDF23BE3 for ; Wed, 9 Dec 2020 12:21:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731275AbgLIMQc (ORCPT ); Wed, 9 Dec 2020 07:16:32 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:51741 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731391AbgLIMQ2 (ORCPT ); Wed, 9 Dec 2020 07:16:28 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516102; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YwmNy2yecVSpA3zuuQKT7O6PCaKtPmRiW5EIYH3QEW8=; b=K6oG+T0a926j2IErMtTuz1pIiPlQGzuxdlDaZLkSF7n6qAUCvAvIx2DoX/aZJg63dCzQGI 5dWgJxoTgHAA+7Kg1sTT8Bsp887Zl56gPLwPdGOFW82VmkOHeXDzB0ignl3VKbagyPIolS jKAtmbatQXc1CHxQdovH/kwgRUcAwRo= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-589-GeElnHFXPGuvzElqb4d5IA-1; Wed, 09 Dec 2020 07:14:59 -0500 X-MC-Unique: GeElnHFXPGuvzElqb4d5IA-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A136C801ABA; Wed, 9 Dec 2020 12:14:58 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id B9EEE60BF3; Wed, 9 Dec 2020 12:14:57 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 04/18] security/keys: use kvfree_sensitive() From: David Howells To: Jarkko Sakkinen Cc: Denis Efremov , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:14:57 +0000 Message-ID: <160751609699.1238376.10901466590541653794.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Denis Efremov Use kvfree_sensitive() instead of open-coding it. Signed-off-by: Denis Efremov Signed-off-by: David Howells Reviewed-by: Jarkko Sakkinen --- security/keys/big_key.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/security/keys/big_key.c b/security/keys/big_key.c index 691347dea3c1..d17e5f09eeb8 100644 --- a/security/keys/big_key.c +++ b/security/keys/big_key.c @@ -121,8 +121,7 @@ int big_key_preparse(struct key_preparsed_payload *prep) *path = file->f_path; path_get(path); fput(file); - memzero_explicit(buf, enclen); - kvfree(buf); + kvfree_sensitive(buf, enclen); } else { /* Just store the data in a buffer */ void *data = kmalloc(datalen, GFP_KERNEL); @@ -140,8 +139,7 @@ int big_key_preparse(struct key_preparsed_payload *prep) err_enckey: kfree_sensitive(enckey); error: - memzero_explicit(buf, enclen); - kvfree(buf); + kvfree_sensitive(buf, enclen); return ret; } @@ -273,8 +271,7 @@ long big_key_read(const struct key *key, char *buffer, size_t buflen) err_fput: fput(file); error: - memzero_explicit(buf, enclen); - kvfree(buf); + kvfree_sensitive(buf, enclen); } else { ret = datalen; memcpy(buffer, key->payload.data[big_key_data], datalen); From patchwork Wed Dec 9 12:15:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020069 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E5D26C433FE for ; Wed, 9 Dec 2020 12:16:46 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C91F123BAF for ; Wed, 9 Dec 2020 12:16:46 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731429AbgLIMQo (ORCPT ); Wed, 9 Dec 2020 07:16:44 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:37066 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731415AbgLIMQi (ORCPT ); Wed, 9 Dec 2020 07:16:38 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516112; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2hCEY4/SQPzDg3IIM7GlZ/Meflenf1/Y7AL3ZB5FbPk=; b=iNoWeHg0uKAzSZdH7gftwIkBTArR8GzCVacyGTXFLyj5dCzzSf76JKs1cnbjFw/QJldjVS ECXH66NP4CpcZ707Xb8a9c0Y6wDy6V/SJ2ftLJE7XyOkUAOMXOmBXRNrlO/NWd+r5JHNFz yyGl6+aQlnzVZCNtEGmVWfY9cuR2jjE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-14-eJsGjwiCOGCpuaN_U1OShA-1; Wed, 09 Dec 2020 07:15:07 -0500 X-MC-Unique: eJsGjwiCOGCpuaN_U1OShA-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0E560801AE6; Wed, 9 Dec 2020 12:15:06 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9F8C55C1D0; Wed, 9 Dec 2020 12:15:04 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 05/18] KEYS: asymmetric: Fix kerneldoc From: David Howells To: Jarkko Sakkinen Cc: Krzysztof Kozlowski , Randy Dunlap , Ben Boeckel , Jarkko Sakkinen , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:15:03 +0000 Message-ID: <160751610385.1238376.13063844632857670423.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Krzysztof Kozlowski Fix W=1 compile warnings (invalid kerneldoc): crypto/asymmetric_keys/asymmetric_type.c:160: warning: Function parameter or member 'kid1' not described in 'asymmetric_key_id_same' crypto/asymmetric_keys/asymmetric_type.c:160: warning: Function parameter or member 'kid2' not described in 'asymmetric_key_id_same' crypto/asymmetric_keys/asymmetric_type.c:160: warning: Excess function parameter 'kid_1' description in 'asymmetric_key_id_same' crypto/asymmetric_keys/asymmetric_type.c:160: warning: Excess function parameter 'kid_2' description in 'asymmetric_key_id_same' Signed-off-by: Krzysztof Kozlowski Signed-off-by: David Howells Acked-by: Randy Dunlap Reviewed-by: Ben Boeckel Reviewed-by: Jarkko Sakkinen --- crypto/asymmetric_keys/asymmetric_type.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c index 33e77d846caa..ad8af3d70ac0 100644 --- a/crypto/asymmetric_keys/asymmetric_type.c +++ b/crypto/asymmetric_keys/asymmetric_type.c @@ -152,7 +152,8 @@ EXPORT_SYMBOL_GPL(asymmetric_key_generate_id); /** * asymmetric_key_id_same - Return true if two asymmetric keys IDs are the same. - * @kid_1, @kid_2: The key IDs to compare + * @kid1: The key ID to compare + * @kid2: The key ID to compare */ bool asymmetric_key_id_same(const struct asymmetric_key_id *kid1, const struct asymmetric_key_id *kid2) @@ -168,7 +169,8 @@ EXPORT_SYMBOL_GPL(asymmetric_key_id_same); /** * asymmetric_key_id_partial - Return true if two asymmetric keys IDs * partially match - * @kid_1, @kid_2: The key IDs to compare + * @kid1: The key ID to compare + * @kid2: The key ID to compare */ bool asymmetric_key_id_partial(const struct asymmetric_key_id *kid1, const struct asymmetric_key_id *kid2) From patchwork Wed Dec 9 12:15:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020095 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F88FC4361B for ; Wed, 9 Dec 2020 12:20:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F1B1123BCE for ; Wed, 9 Dec 2020 12:20:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731411AbgLIMQt (ORCPT ); Wed, 9 Dec 2020 07:16:49 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:23103 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731424AbgLIMQq (ORCPT ); Wed, 9 Dec 2020 07:16:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516119; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/mvd3i8Iisj3of36p/MCFCEO3iZ3VRAoJPd3yylzh6w=; b=ULUneFF/JfolHdwcCA+E6fkQs1wAwkqaY/sIe/vISMArqkOPf206W8HDe6RwdI8NB5gtmE 5u2hMSC4dyWxWza27hZ1Capwd9MpRtRKRVR0rbOWeRR1LX2sY+JhhUIw7Ix/tc2Lj+pc8T vXA3R619HTjXtWNs9X0+C6azE78juRE= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-257-9cqO1hUXOkmEWPtLscZjoA-1; Wed, 09 Dec 2020 07:15:15 -0500 X-MC-Unique: 9cqO1hUXOkmEWPtLscZjoA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id ECB49107ACE3; Wed, 9 Dec 2020 12:15:13 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id 136096E521; Wed, 9 Dec 2020 12:15:11 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 06/18] security: keys: delete repeated words in comments From: David Howells To: Jarkko Sakkinen Cc: Randy Dunlap , keyrings@vger.kernel.org, James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org, dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:15:11 +0000 Message-ID: <160751611127.1238376.11653059698742959354.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Randy Dunlap Drop repeated words in comments. {to, will, the} Signed-off-by: Randy Dunlap Signed-off-by: David Howells Reviewed-by: Jarkko Sakkinen Cc: keyrings@vger.kernel.org Cc: James Morris Cc: "Serge E. Hallyn" Cc: linux-security-module@vger.kernel.org --- security/keys/keyctl.c | 2 +- security/keys/keyring.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 61a614c21b9b..96a92a645216 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -506,7 +506,7 @@ long keyctl_keyring_clear(key_serial_t ringid) * keyring, otherwise replace the link to the matching key with a link to the * new key. * - * The key must grant the caller Link permission and the the keyring must grant + * The key must grant the caller Link permission and the keyring must grant * the caller Write permission. Furthermore, if an additional link is created, * the keyring's quota will be extended. * diff --git a/security/keys/keyring.c b/security/keys/keyring.c index 977066208387..5e6a90760753 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -881,7 +881,7 @@ static bool search_nested_keyrings(struct key *keyring, * * Keys are matched to the type provided and are then filtered by the match * function, which is given the description to use in any way it sees fit. The - * match function may use any attributes of a key that it wishes to to + * match function may use any attributes of a key that it wishes to * determine the match. Normally the match function from the key type would be * used. * @@ -1204,7 +1204,7 @@ static int keyring_detect_cycle_iterator(const void *object, } /* - * See if a cycle will will be created by inserting acyclic tree B in acyclic + * See if a cycle will be created by inserting acyclic tree B in acyclic * tree A at the topmost level (ie: as a direct child of A). * * Since we are adding B to A at the top level, checking for cycles should just From patchwork Wed Dec 9 12:15:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020071 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C74ACC4361B for ; Wed, 9 Dec 2020 12:17:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8936F23B85 for ; Wed, 9 Dec 2020 12:17:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730684AbgLIMRB (ORCPT ); Wed, 9 Dec 2020 07:17:01 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:33885 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731437AbgLIMQu (ORCPT ); Wed, 9 Dec 2020 07:16:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516124; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zGZTiwKPbzuNxYRc0EhfYab3vSDv6XVztRD7Rd/Qdu8=; b=Z1fID4S3CVZKfVAablqtDRnIXgwAiLQkk9gwQWLj46XdssGjJfLumYPCJ4GwzixZsiTTyB bibKQ1JUrGlYr8f4aQbR8NsSL/w5U7A2cYCx857HIHTCG5XHEcgeTearhQXEVqmsInHKdr iYro6iTy+eSQNQJpgqNlbbRZFaaYKbk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-366-tvjdctg3PO-8Q_5Se2UQKw-1; Wed, 09 Dec 2020 07:15:21 -0500 X-MC-Unique: tvjdctg3PO-8Q_5Se2UQKw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D3854107ACE6; Wed, 9 Dec 2020 12:15:20 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id ED63C5D719; Wed, 9 Dec 2020 12:15:19 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 07/18] KEYS: remove redundant memset From: David Howells To: Jarkko Sakkinen Cc: Tom Rix , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:15:19 +0000 Message-ID: <160751611918.1238376.7060458630378643472.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Tom Rix Reviewing use of memset in keyctrl_pkey.c keyctl_pkey_params_get prologue code to set params up memset(params, 0, sizeof(*params)); params->encoding = "raw"; keyctl_pkey_query has the same prologue and calls keyctl_pkey_params_get. So remove the prologue. Signed-off-by: Tom Rix Signed-off-by: David Howells --- security/keys/keyctl_pkey.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/security/keys/keyctl_pkey.c b/security/keys/keyctl_pkey.c index 931d8dfb4a7f..5de0d599a274 100644 --- a/security/keys/keyctl_pkey.c +++ b/security/keys/keyctl_pkey.c @@ -166,8 +166,6 @@ long keyctl_pkey_query(key_serial_t id, struct kernel_pkey_query res; long ret; - memset(¶ms, 0, sizeof(params)); - ret = keyctl_pkey_params_get(id, _info, ¶ms); if (ret < 0) goto error; From patchwork Wed Dec 9 12:15:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020073 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF1D4C4167B for ; Wed, 9 Dec 2020 12:17:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A8CDA23B81 for ; Wed, 9 Dec 2020 12:17:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731456AbgLIMRB (ORCPT ); Wed, 9 Dec 2020 07:17:01 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:21922 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731452AbgLIMQ5 (ORCPT ); Wed, 9 Dec 2020 07:16:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516130; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aHzSkHSzjoS+gFz+yV6eFCrIuBgpftRSDaDJB/PyNOc=; b=PKIr2oG9vFBC+0kNButqVb4Jo5A6+8HJ2v1rfgDwiqU6ZgPt3bb+yNCdRqzF35IgvpAcPL p4m9E0N9De+RRwVp2r3Vue/GYnbY8ABjdJTSQkZ8whSWBrz+b1G6uGQcIcHkVmgarXmsmG VNoYDvxrM2SjPrPVm2X98jYNZ0I4Ajw= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-328-A6L93quOP9SIAuYG9bpamQ-1; Wed, 09 Dec 2020 07:15:29 -0500 X-MC-Unique: A6L93quOP9SIAuYG9bpamQ-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id CADEB800D55; Wed, 9 Dec 2020 12:15:27 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id D93796E521; Wed, 9 Dec 2020 12:15:26 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 08/18] crypto: asymmetric_keys: fix some comments in pkcs7_parser.h From: David Howells To: Jarkko Sakkinen Cc: Randy Dunlap , keyrings@vger.kernel.org, dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:15:26 +0000 Message-ID: <160751612606.1238376.15142782931893308010.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Randy Dunlap Drop the doubled word "the" in a comment. Change "THis" to "This". Signed-off-by: Randy Dunlap Signed-off-by: David Howells Cc: keyrings@vger.kernel.org --- crypto/asymmetric_keys/pkcs7_parser.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/crypto/asymmetric_keys/pkcs7_parser.h b/crypto/asymmetric_keys/pkcs7_parser.h index 6565fdc2d4ca..e17f7ce4fb43 100644 --- a/crypto/asymmetric_keys/pkcs7_parser.h +++ b/crypto/asymmetric_keys/pkcs7_parser.h @@ -41,10 +41,9 @@ struct pkcs7_signed_info { * * This contains the generated digest of _either_ the Content Data or * the Authenticated Attributes [RFC2315 9.3]. If the latter, one of - * the attributes contains the digest of the the Content Data within - * it. + * the attributes contains the digest of the Content Data within it. * - * THis also contains the issuing cert serial number and issuer's name + * This also contains the issuing cert serial number and issuer's name * [PKCS#7 or CMS ver 1] or issuing cert's SKID [CMS ver 3]. */ struct public_key_signature *sig; From patchwork Wed Dec 9 12:15:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020093 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65A50C433FE for ; Wed, 9 Dec 2020 12:20:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 33C2723BCE for ; Wed, 9 Dec 2020 12:20:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728786AbgLIMUJ (ORCPT ); Wed, 9 Dec 2020 07:20:09 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:38008 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731492AbgLIMRM (ORCPT ); Wed, 9 Dec 2020 07:17:12 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516145; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=I2OeoEaPoabGaS5Q60oqAdJsgF7TInIBkil2seWc1YY=; b=WRQHzUOgIkg3zccAwBVoRbskP0tBiXMAx2g/pBOjvGDu+97CbRu0rOVfaYqj8Ji0EZVcoQ UtedSARZmQ8IsGp2A4iORQfVdahnUJNji2R6r3mrMmRbXjVUTPCPVpX3ZbmF7xvolmDgxW 5TgQpcn6qreODrpj+YYZmteFgarTRbQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-411-absk2GxwMJWUb2H1Gy9eyg-1; Wed, 09 Dec 2020 07:15:36 -0500 X-MC-Unique: absk2GxwMJWUb2H1Gy9eyg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C5109800D55; Wed, 9 Dec 2020 12:15:34 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id D173D620DE; Wed, 9 Dec 2020 12:15:33 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 09/18] encrypted-keys: Replace HTTP links with HTTPS ones From: David Howells To: Jarkko Sakkinen Cc: "Alexander A. Klimov" , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:15:33 +0000 Message-ID: <160751613305.1238376.10058420900385575623.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Alexander A. Klimov Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov Signed-off-by: David Howells --- include/keys/encrypted-type.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/keys/encrypted-type.h b/include/keys/encrypted-type.h index 38afb341c3f2..abfcbe02001a 100644 --- a/include/keys/encrypted-type.h +++ b/include/keys/encrypted-type.h @@ -2,7 +2,7 @@ /* * Copyright (C) 2010 IBM Corporation * Copyright (C) 2010 Politecnico di Torino, Italy - * TORSEC group -- http://security.polito.it + * TORSEC group -- https://security.polito.it * * Authors: * Mimi Zohar From patchwork Wed Dec 9 12:15:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020075 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9AC8C433FE for ; Wed, 9 Dec 2020 12:17:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8439223BC8 for ; Wed, 9 Dec 2020 12:17:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731528AbgLIMRU (ORCPT ); Wed, 9 Dec 2020 07:17:20 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:24379 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731475AbgLIMRP (ORCPT ); Wed, 9 Dec 2020 07:17:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516148; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3/BnNwqyFLJmky74hsLoVI8kJdDI5RrCamyHKgioUvo=; b=O8qhq7rK6CtkXZgjXjUPvLB84yyzwGnamv/xL6ybl3vBbqlGAvMgKzCWAPcIfHBAcW/xGZ 2DX4VSYhPaZqdyVLls5j5r/CHYRB2w77UpyIxgKnTrr4tWSxQLbkofdo6CLdBh1DVoZbqj z/+SlcQ50IV41OAbfnsc31O+7jIos6I= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-508-3qUFdTI4O-yFfjXt3VnqXA-1; Wed, 09 Dec 2020 07:15:44 -0500 X-MC-Unique: 3qUFdTI4O-yFfjXt3VnqXA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 40E0D190A7A5; Wed, 9 Dec 2020 12:15:43 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id C0FFF1007625; Wed, 9 Dec 2020 12:15:40 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 10/18] PKCS#7: drop function from kernel-doc pkcs7_validate_trust_one From: David Howells To: Jarkko Sakkinen Cc: Alex Shi , Herbert Xu , "David S. Miller" , keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:15:40 +0000 Message-ID: <160751614001.1238376.11020737504208096405.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Alex Shi The function is a static function, so no needs add into kernel-doc. and we could avoid warning: crypto/asymmetric_keys/pkcs7_trust.c:25: warning: Function parameter or member 'pkcs7' not described in 'pkcs7_validate_trust_one' crypto/asymmetric_keys/pkcs7_trust.c:25: warning: Function parameter or member 'sinfo' not described in 'pkcs7_validate_trust_one' crypto/asymmetric_keys/pkcs7_trust.c:25: warning: Function parameter or member 'trust_keyring' not described in 'pkcs7_validate_trust_one' Signed-off-by: Alex Shi Cc: David Howells Cc: Herbert Xu Cc: "David S. Miller" Cc: keyrings@vger.kernel.org Cc: linux-crypto@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: David Howells --- crypto/asymmetric_keys/pkcs7_trust.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c index 61af3c4d82cc..b531df2013c4 100644 --- a/crypto/asymmetric_keys/pkcs7_trust.c +++ b/crypto/asymmetric_keys/pkcs7_trust.c @@ -16,7 +16,7 @@ #include #include "pkcs7_parser.h" -/** +/* * Check the trust on one PKCS#7 SignedInfo block. */ static int pkcs7_validate_trust_one(struct pkcs7_message *pkcs7, From patchwork Wed Dec 9 12:15:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020077 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D70A7C4361B for ; Wed, 9 Dec 2020 12:17:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A808A23BED for ; Wed, 9 Dec 2020 12:17:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731475AbgLIMRZ (ORCPT ); Wed, 9 Dec 2020 07:17:25 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:58650 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731534AbgLIMRY (ORCPT ); Wed, 9 Dec 2020 07:17:24 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516157; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vewwtXxJtD28dxpSxT0QfL5oq5dwmyIjTJHGwncoaiU=; b=Eb2mQMnkdblxzkZu9pNpyAg/SZnHP+6NMHUiU3nutjNdiFqMgYtNxZ4u63iCi6MEfcltUP FDhl3WwXU+UDemhQnCYFV84Dixhhh8rRZd0Qu8yunYxUAV1+Kyiaag1pnZum6xQUPDHq9o Nmllfmd2F782ApRwtfHDGD5bfzw3/IU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-589-3jflfmXYOai4h_rnOWIOsg-1; Wed, 09 Dec 2020 07:15:53 -0500 X-MC-Unique: 3jflfmXYOai4h_rnOWIOsg-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5F6A31800D42; Wed, 9 Dec 2020 12:15:52 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6CE4071CA7; Wed, 9 Dec 2020 12:15:49 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 11/18] crypto: pkcs7: Use match_string() helper to simplify the code From: David Howells To: Jarkko Sakkinen Cc: YueHaibing , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:15:48 +0000 Message-ID: <160751614848.1238376.4757193989177203825.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: YueHaibing match_string() returns the array index of a matching string. Use it instead of the open-coded implementation. Signed-off-by: YueHaibing Signed-off-by: David Howells --- crypto/asymmetric_keys/pkcs7_verify.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c index ce49820caa97..0b4d07aa8811 100644 --- a/crypto/asymmetric_keys/pkcs7_verify.c +++ b/crypto/asymmetric_keys/pkcs7_verify.c @@ -141,11 +141,10 @@ int pkcs7_get_digest(struct pkcs7_message *pkcs7, const u8 **buf, u32 *len, *buf = sinfo->sig->digest; *len = sinfo->sig->digest_size; - for (i = 0; i < HASH_ALGO__LAST; i++) - if (!strcmp(hash_algo_name[i], sinfo->sig->hash_algo)) { - *hash_algo = i; - break; - } + i = match_string(hash_algo_name, HASH_ALGO__LAST, + sinfo->sig->hash_algo); + if (i >= 0) + *hash_algo = i; return 0; } From patchwork Wed Dec 9 12:15:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020091 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69CE6C4167B for ; Wed, 9 Dec 2020 12:19:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3435123BCE for ; Wed, 9 Dec 2020 12:19:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731557AbgLIMRm (ORCPT ); Wed, 9 Dec 2020 07:17:42 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:29877 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731544AbgLIMRd (ORCPT ); Wed, 9 Dec 2020 07:17:33 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516164; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=StPZWFO2ooUkaCfWPBeP0KHyeWMeGp90us4ehUWeUXU=; b=GyCt+W7dLO5mm+xAKYsHmJ/ocXrdKA1OsvMH8ZcL+/VSI5b8sYLtaSf581qIbFwuTgVoOh CxeGDVb8/1LPYJoRV/2bmY3RhFGUa+CRy6WfQbjLBi8lhTbZA5fI0D/w/r9anxv6kLI5E7 7tM2pvwpGk5ak+TuKFpDvg6VEd86F+4= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-65-NoAMSQEDMdWGQhmptBYKAQ-1; Wed, 09 Dec 2020 07:16:00 -0500 X-MC-Unique: NoAMSQEDMdWGQhmptBYKAQ-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7B9521005504; Wed, 9 Dec 2020 12:15:59 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6236360C7B; Wed, 9 Dec 2020 12:15:58 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 12/18] keys: remove trailing semicolon in macro definition From: David Howells To: Jarkko Sakkinen Cc: Tom Rix , Jarkko Sakkinen , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:15:57 +0000 Message-ID: <160751615760.1238376.13792183884684466805.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Tom Rix The macro use will already have a semicolon. Signed-off-by: Tom Rix Signed-off-by: David Howells Acked-by: Jarkko Sakkinen --- include/linux/key.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/key.h b/include/linux/key.h index 0f2e24f13c2b..1b0837c975b9 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -360,7 +360,7 @@ static inline struct key *request_key(struct key_type *type, * completion of keys undergoing construction with a non-interruptible wait. */ #define request_key_net(type, description, net, callout_info) \ - request_key_tag(type, description, net->key_domain, callout_info); + request_key_tag(type, description, net->key_domain, callout_info) /** * request_key_net_rcu - Request a key for a net namespace under RCU conditions @@ -372,7 +372,7 @@ static inline struct key *request_key(struct key_type *type, * network namespace are used. */ #define request_key_net_rcu(type, description, net) \ - request_key_rcu(type, description, net->key_domain); + request_key_rcu(type, description, net->key_domain) #endif /* CONFIG_NET */ extern int wait_for_key_construction(struct key *key, bool intr); From patchwork Wed Dec 9 12:16:04 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020089 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A838C433FE for ; Wed, 9 Dec 2020 12:19:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DBB6823BCE for ; Wed, 9 Dec 2020 12:19:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731532AbgLIMRm (ORCPT ); Wed, 9 Dec 2020 07:17:42 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:35552 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731554AbgLIMRi (ORCPT ); Wed, 9 Dec 2020 07:17:38 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516172; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uq8L5ulWBHSgEgLynQAoC8tpMqn1Ti7SvvLNdWjWHao=; b=XzsFUHY0ZNYWnF3LvsJ6+D3wyFb/xfaUk4FQGNFHrHPZlvwxEIxPwZunzP3UumhVgXL+do sgDGuMqnU+0YGEkpcVINZ7kbLIUFg9ke+rsjPX8It4v8l2xingFvi65yazqh8RWx3CzbyT 8JYOlzHJNW3JneKjyw04r4TqRsQGoZk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-334-w78lxvIPNmGeVCt0sgu6oQ-1; Wed, 09 Dec 2020 07:16:09 -0500 X-MC-Unique: w78lxvIPNmGeVCt0sgu6oQ-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BEAD01800D42; Wed, 9 Dec 2020 12:16:08 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id CB8C41F436; Wed, 9 Dec 2020 12:16:05 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 13/18] crypto: public_key: Remove redundant header file from public_key.h From: David Howells To: Jarkko Sakkinen Cc: Tianjia Zhang , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:16:04 +0000 Message-ID: <160751616472.1238376.7922728253720706756.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Tianjia Zhang The akcipher.h header file was originally introduced in SM2, and then the definition of SM2 was moved to the existing code. This header file is left and should be removed. Signed-off-by: Tianjia Zhang Signed-off-by: David Howells --- include/crypto/public_key.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 948c5203ca9c..47accec68cb0 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -12,7 +12,6 @@ #include #include -#include /* * Cryptographic data for the public-key subtype of the asymmetric key type. From patchwork Wed Dec 9 12:16:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020079 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B472C4361B for ; Wed, 9 Dec 2020 12:18:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E154C23BCA for ; Wed, 9 Dec 2020 12:18:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731575AbgLIMR4 (ORCPT ); Wed, 9 Dec 2020 07:17:56 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:60754 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731551AbgLIMRr (ORCPT ); Wed, 9 Dec 2020 07:17:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516180; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6n5IZX39MrG3EesHjIkPB9DQmLLlhjhbqUZOtbzeyyo=; b=U8AnNwotSBG6EGiBJeVjPv8V8s+rVGzaNhV3hUNfWgPqr8/RhGSBFvyo2hx67FSr2tlvH+ yeC2d3oWjtAdYrRTtfScZkkgyL0z54FZ64KfKgqx41EFO38BaN1jA4hVUjcX0agm/Us991 8pfrjrT4Oznz3wZ6CieTaOsmaBUHlXM= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-531-VvzraQT8NBO2p70p3j0-AA-1; Wed, 09 Dec 2020 07:16:18 -0500 X-MC-Unique: VvzraQT8NBO2p70p3j0-AA-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 55593190D36F; Wed, 9 Dec 2020 12:16:16 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id D54FC6F960; Wed, 9 Dec 2020 12:16:14 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 14/18] certs/blacklist: fix kernel doc interface issue From: David Howells To: Jarkko Sakkinen Cc: Alex Shi , David Woodhouse , keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:16:14 +0000 Message-ID: <160751617400.1238376.9845973545419551111.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Alex Shi certs/blacklist.c:84: warning: Function parameter or member 'hash' not described in 'mark_hash_blacklisted' Signed-off-by: Alex Shi Cc: David Howells Cc: David Woodhouse Cc: keyrings@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: David Howells --- certs/blacklist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certs/blacklist.c b/certs/blacklist.c index 6514f9ebc943..2719fb2fbc1c 100644 --- a/certs/blacklist.c +++ b/certs/blacklist.c @@ -78,7 +78,7 @@ static struct key_type key_type_blacklist = { /** * mark_hash_blacklisted - Add a hash to the system blacklist - * @hash - The hash as a hex string with a type prefix (eg. "tbs:23aa429783") + * @hash: The hash as a hex string with a type prefix (eg. "tbs:23aa429783") */ int mark_hash_blacklisted(const char *hash) { From patchwork Wed Dec 9 12:16:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020087 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B4A1C19425 for ; Wed, 9 Dec 2020 12:19:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3B3C523BDD for ; Wed, 9 Dec 2020 12:19:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731595AbgLIMSR (ORCPT ); Wed, 9 Dec 2020 07:18:17 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:54653 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731583AbgLIMSK (ORCPT ); Wed, 9 Dec 2020 07:18:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516204; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MDkz6Y28a4vIF46tWhYsBBkipwfVp+4fWxmrdykPSRI=; b=deibfM8UPrfRY41yzlnl8LvfAccGaK8xhyRb/bqOuFMrwv/LY5E/PS+QvpPLmdkoIM8Ot1 oiReEhrpkHYaPCDtiPkgbsEpoKHOl2lIv8D1VZcpGdwSBkejxxAQmrLQ1RHvOBot0esIeB 6P/EA2FU8bX7LfsFL2DGIxjXIvbSLd0= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-454-I0y9m8RhNdek7Uv8Gu22FA-1; Wed, 09 Dec 2020 07:16:40 -0500 X-MC-Unique: I0y9m8RhNdek7Uv8Gu22FA-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 578868BB3FF; Wed, 9 Dec 2020 12:16:23 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3311A5DA98; Wed, 9 Dec 2020 12:16:22 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 15/18] certs: Fix blacklisted hexadecimal hash string check From: David Howells To: Jarkko Sakkinen Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , David Woodhouse , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:16:21 +0000 Message-ID: <160751618139.1238376.15173994145507633358.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Mickaël Salaün When looking for a blacklisted hash, bin2hex() is used to transform a binary hash to an ascii (lowercase) hexadecimal string. This string is then search for in the description of the keys from the blacklist keyring. When adding a key to the blacklist keyring, blacklist_vet_description() checks the hash prefix and the hexadecimal string, but not that this string is lowercase. It is then valid to set hashes with uppercase hexadecimal, which will be silently ignored by the kernel. Add an additional check to blacklist_vet_description() to check that hexadecimal strings are in lowercase. Signed-off-by: Mickaël Salaün Signed-off-by: David Howells Cc: David Woodhouse --- certs/blacklist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certs/blacklist.c b/certs/blacklist.c index 2719fb2fbc1c..a888b934a1cd 100644 --- a/certs/blacklist.c +++ b/certs/blacklist.c @@ -37,7 +37,7 @@ static int blacklist_vet_description(const char *desc) found_colon: desc++; for (; *desc; desc++) { - if (!isxdigit(*desc)) + if (!isxdigit(*desc) || isupper(*desc)) return -EINVAL; n++; } From patchwork Wed Dec 9 12:16:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020083 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60F30C433FE for ; Wed, 9 Dec 2020 12:18:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 16BE523BCF for ; Wed, 9 Dec 2020 12:18:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731393AbgLIMSc (ORCPT ); Wed, 9 Dec 2020 07:18:32 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:21122 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731587AbgLIMSR (ORCPT ); Wed, 9 Dec 2020 07:18:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516211; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KoRlgWZ76r6mz+2EWsEcPFBNoKtzdKCg8Oz1bABru8c=; b=FD4mTFolRlHUaTdtIYE3Gr7zAP90vg1xILHDuiDINKggdsO2AK9CTwpQmJ/fvoyF1z9g7J U2oez1gHwHyOSLbX52NHlRnrUsaZpGVQ+zrpNL1ToMe9IuLl8FqHY5aircDYVk12yKlmu3 jI28gnEMMP2OTJjJuS1Uw0ypSTZlswg= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-560-A_n522AuO_mP_ielic3UIQ-1; Wed, 09 Dec 2020 07:16:49 -0500 X-MC-Unique: A_n522AuO_mP_ielic3UIQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 487601081B43; Wed, 9 Dec 2020 12:16:30 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id 56F1713470; Wed, 9 Dec 2020 12:16:29 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 16/18] PKCS#7: Fix missing include From: David Howells To: Jarkko Sakkinen Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:16:28 +0000 Message-ID: <160751618855.1238376.2264158577168536188.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Mickaël Salaün Add missing linux/types.h for size_t. [DH: Changed from stddef.h] Signed-off-by: Mickaël Salaün Signed-off-by: David Howells --- include/linux/verification.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/verification.h b/include/linux/verification.h index 911ab7c2b1ab..a655923335ae 100644 --- a/include/linux/verification.h +++ b/include/linux/verification.h @@ -8,6 +8,8 @@ #ifndef _LINUX_VERIFICATION_H #define _LINUX_VERIFICATION_H +#include + /* * Indicate that both builtin trusted keys and secondary trusted keys * should be used. From patchwork Wed Dec 9 12:16:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020081 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32645C4361B for ; Wed, 9 Dec 2020 12:18:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 00E2623BCE for ; Wed, 9 Dec 2020 12:18:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731582AbgLIMSS (ORCPT ); Wed, 9 Dec 2020 07:18:18 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:36972 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731600AbgLIMSS (ORCPT ); Wed, 9 Dec 2020 07:18:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516212; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TAQKCgPD/ZwY1Zaj77jTJxxQ5eaZvDsGoqUqUjIFO58=; b=I4l1jETR4WMeo+f6/Zyd2ligc/S4/HNihxrMwnN4ZmrgEDrlG4AFT1nhdktchUHSY2Ognc o9BOhFworoY2KPmXyb+Ksn3aH3/Qcm5C5UUxdpoNhcEZCxfPZjokocV6WqnmEHEryitv1l eSWqi6EGyq67PgsOm2yi8OtoahUeXOM= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-99-nyAFK3BJM1yXYYcXIgPNAQ-1; Wed, 09 Dec 2020 07:16:48 -0500 X-MC-Unique: nyAFK3BJM1yXYYcXIgPNAQ-1 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BB312100D688; Wed, 9 Dec 2020 12:16:37 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id 682425C23A; Wed, 9 Dec 2020 12:16:36 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 17/18] certs: Fix blacklist flag type confusion From: David Howells To: Jarkko Sakkinen Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Petko Manolov , Mimi Zohar , David Woodhouse , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:16:35 +0000 Message-ID: <160751619550.1238376.2380930476046994051.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org KEY_FLAG_KEEP is not meant to be passed to keyring_alloc() or key_alloc(), as these only take KEY_ALLOC_* flags. KEY_FLAG_KEEP has the same value as KEY_ALLOC_BYPASS_RESTRICTION, but fortunately only key_create_or_update() uses it. LSMs using the key_alloc hook don't check that flag. KEY_FLAG_KEEP is then ignored but fortunately (again) the root user cannot write to the blacklist keyring, so it is not possible to remove a key/hash from it. Fix this by adding a KEY_ALLOC_SET_KEEP flag that tells key_alloc() to set KEY_FLAG_KEEP on the new key. blacklist_init() can then, correctly, pass this to keyring_alloc(). We can also use this in ima_mok_init() rather than setting the flag manually. Note that this doesn't fix an observable bug with the current implementation but it is required to allow addition of new hashes to the blacklist in the future without making it possible for them to be removed. Fixes: 734114f8782f ("KEYS: Add a system blacklist keyring") Reported-by: Mickaël Salaün Signed-off-by: David Howells cc: Mickaël Salaün cc: Petko Manolov cc: Mimi Zohar Cc: David Woodhouse --- certs/blacklist.c | 2 +- include/linux/key.h | 1 + security/integrity/ima/ima_mok.c | 3 +-- security/keys/key.c | 2 ++ 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/certs/blacklist.c b/certs/blacklist.c index a888b934a1cd..029471947838 100644 --- a/certs/blacklist.c +++ b/certs/blacklist.c @@ -162,7 +162,7 @@ static int __init blacklist_init(void) KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH, KEY_ALLOC_NOT_IN_QUOTA | - KEY_FLAG_KEEP, + KEY_ALLOC_SET_KEEP, NULL, NULL); if (IS_ERR(blacklist_keyring)) panic("Can't allocate system blacklist keyring\n"); diff --git a/include/linux/key.h b/include/linux/key.h index 1b0837c975b9..7febc4881363 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -289,6 +289,7 @@ extern struct key *key_alloc(struct key_type *type, #define KEY_ALLOC_BUILT_IN 0x0004 /* Key is built into kernel */ #define KEY_ALLOC_BYPASS_RESTRICTION 0x0008 /* Override the check on restricted keyrings */ #define KEY_ALLOC_UID_KEYRING 0x0010 /* allocating a user or user session keyring */ +#define KEY_ALLOC_SET_KEEP 0x0020 /* Set the KEEP flag on the key/keyring */ extern void key_revoke(struct key *key); extern void key_invalidate(struct key *key); diff --git a/security/integrity/ima/ima_mok.c b/security/integrity/ima/ima_mok.c index 36cadadbfba4..ce8871d96f12 100644 --- a/security/integrity/ima/ima_mok.c +++ b/security/integrity/ima/ima_mok.c @@ -39,12 +39,11 @@ __init int ima_mok_init(void) KEY_USR_VIEW | KEY_USR_READ | KEY_USR_WRITE | KEY_USR_SEARCH, KEY_ALLOC_NOT_IN_QUOTA, + KEY_ALLOC_SET_KEEP, restriction, NULL); if (IS_ERR(ima_blacklist_keyring)) panic("Can't allocate IMA blacklist keyring."); - - set_bit(KEY_FLAG_KEEP, &ima_blacklist_keyring->flags); return 0; } device_initcall(ima_mok_init); diff --git a/security/keys/key.c b/security/keys/key.c index e282c6179b21..151ff39b6803 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -303,6 +303,8 @@ struct key *key_alloc(struct key_type *type, const char *desc, key->flags |= 1 << KEY_FLAG_BUILTIN; if (flags & KEY_ALLOC_UID_KEYRING) key->flags |= 1 << KEY_FLAG_UID_KEYRING; + if (flags & KEY_ALLOC_SET_KEEP) + key->flags |= 1 << KEY_FLAG_KEEP; #ifdef KEY_DEBUGGING key->magic = KEY_DEBUG_MAGIC; From patchwork Wed Dec 9 12:16:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 12020085 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3671CC433FE for ; Wed, 9 Dec 2020 12:19:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EA00823BCE for ; Wed, 9 Dec 2020 12:19:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731615AbgLIMS0 (ORCPT ); Wed, 9 Dec 2020 07:18:26 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:39882 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731612AbgLIMSW (ORCPT ); Wed, 9 Dec 2020 07:18:22 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1607516216; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FGNvVuHxlofEiNqFwm4S5XvgARTAcfm7dvdf/jd/fjk=; b=AIUaBl1AaB0/hZCzJJ9EgnruPOqg8l2zvvb5Bzw1Qg7HQbS+cPIpadyLmrF9c8BAKXuc6P N+p8F9t8FDyoBlh4BieXHhWc6J8L8XnDI+Hqft6do/bujdaCgFriBHrPlvOPLzqoIBMr7o 2X7TfHa6IVDOj/BDygBiiykDBat49fQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-587-jxs4pzDNPgK02AI51EzWGA-1; Wed, 09 Dec 2020 07:16:51 -0500 X-MC-Unique: jxs4pzDNPgK02AI51EzWGA-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 00AA6A0CDC; Wed, 9 Dec 2020 12:16:45 +0000 (UTC) Received: from warthog.procyon.org.uk (ovpn-116-67.rdu2.redhat.com [10.10.116.67]) by smtp.corp.redhat.com (Postfix) with ESMTP id CBA2460BD8; Wed, 9 Dec 2020 12:16:43 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH 18/18] certs: Replace K{U,G}IDT_INIT() with GLOBAL_ROOT_{U,G}ID From: David Howells To: Jarkko Sakkinen Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , David Woodhouse , dhowells@redhat.com, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Date: Wed, 09 Dec 2020 12:16:42 +0000 Message-ID: <160751620296.1238376.1118832878833351723.stgit@warthog.procyon.org.uk> In-Reply-To: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> References: <160751606428.1238376.14935502103503420781.stgit@warthog.procyon.org.uk> User-Agent: StGit/0.23 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Precedence: bulk List-ID: X-Mailing-List: keyrings@vger.kernel.org From: Mickaël Salaün Align with the new macros and add appropriate include files. Signed-off-by: Mickaël Salaün Signed-off-by: David Howells Cc: David Woodhouse --- certs/blacklist.c | 4 ++-- certs/system_keyring.c | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/certs/blacklist.c b/certs/blacklist.c index 029471947838..bffe4c6f4a9e 100644 --- a/certs/blacklist.c +++ b/certs/blacklist.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include "blacklist.h" @@ -156,8 +157,7 @@ static int __init blacklist_init(void) blacklist_keyring = keyring_alloc(".blacklist", - KUIDT_INIT(0), KGIDT_INIT(0), - current_cred(), + GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(), (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH, diff --git a/certs/system_keyring.c b/certs/system_keyring.c index 798291177186..4b693da488f1 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include @@ -98,7 +99,7 @@ static __init int system_trusted_keyring_init(void) builtin_trusted_keys = keyring_alloc(".builtin_trusted_keys", - KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), + GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(), ((KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH), KEY_ALLOC_NOT_IN_QUOTA, @@ -109,7 +110,7 @@ static __init int system_trusted_keyring_init(void) #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING secondary_trusted_keys = keyring_alloc(".secondary_trusted_keys", - KUIDT_INIT(0), KGIDT_INIT(0), current_cred(), + GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(), ((KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE),