All of lore.kernel.org
 help / color / mirror / Atom feed
* FAILED: patch "[PATCH] Replace magic for trusting the secondary keyring with #define" failed to apply to 4.9-stable tree
@ 2018-09-07  9:13 gregkh
  2018-09-07 10:32 ` Yannik Sembritzki
  0 siblings, 1 reply; 3+ messages in thread
From: gregkh @ 2018-09-07  9:13 UTC (permalink / raw)
  To: yannik, dhowells, torvalds; +Cc: stable


The patch below does not apply to the 4.9-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

>From 817aef260037f33ee0f44c17fe341323d3aebd6d Mon Sep 17 00:00:00 2001
From: Yannik Sembritzki <yannik@sembritzki.me>
Date: Thu, 16 Aug 2018 14:05:10 +0100
Subject: [PATCH] Replace magic for trusting the secondary keyring with #define

Replace the use of a magic number that indicates that verify_*_signature()
should use the secondary keyring with a symbol.

Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/certs/system_keyring.c b/certs/system_keyring.c
index 6251d1b27f0c..81728717523d 100644
--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -15,6 +15,7 @@
 #include <linux/cred.h>
 #include <linux/err.h>
 #include <linux/slab.h>
+#include <linux/verification.h>
 #include <keys/asymmetric-type.h>
 #include <keys/system_keyring.h>
 #include <crypto/pkcs7.h>
@@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *data, size_t len,
 
 	if (!trusted_keys) {
 		trusted_keys = builtin_trusted_keys;
-	} else if (trusted_keys == (void *)1UL) {
+	} else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
 #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
 		trusted_keys = secondary_trusted_keys;
 #else
diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c
index e284d9cb9237..5b2f6a2b5585 100644
--- a/crypto/asymmetric_keys/pkcs7_key_type.c
+++ b/crypto/asymmetric_keys/pkcs7_key_type.c
@@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep)
 
 	return verify_pkcs7_signature(NULL, 0,
 				      prep->data, prep->datalen,
-				      (void *)1UL, usage,
+				      VERIFY_USE_SECONDARY_KEYRING, usage,
 				      pkcs7_view_content, prep);
 }
 
diff --git a/include/linux/verification.h b/include/linux/verification.h
index a10549a6c7cd..cfa4730d607a 100644
--- a/include/linux/verification.h
+++ b/include/linux/verification.h
@@ -12,6 +12,12 @@
 #ifndef _LINUX_VERIFICATION_H
 #define _LINUX_VERIFICATION_H
 
+/*
+ * Indicate that both builtin trusted keys and secondary trusted keys
+ * should be used.
+ */
+#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
+
 /*
  * The use to which an asymmetric key is being put.
  */

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: FAILED: patch "[PATCH] Replace magic for trusting the secondary keyring with #define" failed to apply to 4.9-stable tree
  2018-09-07  9:13 FAILED: patch "[PATCH] Replace magic for trusting the secondary keyring with #define" failed to apply to 4.9-stable tree gregkh
@ 2018-09-07 10:32 ` Yannik Sembritzki
  2018-09-07 11:00   ` Greg KH
  0 siblings, 1 reply; 3+ messages in thread
From: Yannik Sembritzki @ 2018-09-07 10:32 UTC (permalink / raw)
  To: gregkh, dhowells, torvalds, stable

I've never backported a linux patch before; so I'm not sure if this is
the right format.
However, this cleanly applies to the linux-4.9.y branch.
This is a backport of commit 817aef260037f33ee0f44c17fe341323d3aebd6d.

----------------------------
Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
Cc: stable@vger.kernel.org
---
�certs/system_keyring.c����������������� |��� 3 ++-
�crypto/asymmetric_keys/pkcs7_key_type.c |��� 2 +-
�include/linux/verification.h����������� |��� 6 ++++++
�3 files changed, 9 insertions(+), 2 deletions(-)

--- a/certs/system_keyring.c
+++ b/certs/system_keyring.c
@@ -15,5 +15,6 @@
�#include <linux/cred.h>
�#include <linux/err.h>
+#include <linux/verification.h>
�#include <keys/asymmetric-type.h>
�#include <keys/system_keyring.h>
�#include <crypto/pkcs7.h>
@@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *d
�
���� if (!trusted_keys) {
���� ��� trusted_keys = builtin_trusted_keys;
-��� } else if (trusted_keys == (void *)1UL) {
+��� } else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
�#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
���� ��� trusted_keys = secondary_trusted_keys;
�#else
--- a/crypto/asymmetric_keys/pkcs7_key_type.c
+++ b/crypto/asymmetric_keys/pkcs7_key_type.c
@@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_pre
�
���� return verify_pkcs7_signature(NULL, 0,
���� ��� ��� ��� ����� prep->data, prep->datalen,
-��� ��� ��� ��� ����� (void *)1UL, usage,
+��� ��� ��� ��� ����� VERIFY_USE_SECONDARY_KEYRING, usage,
���� ��� ��� ��� ����� pkcs7_view_content, prep);
�}
�
--- a/include/linux/verification.h
+++ b/include/linux/verification.h
@@ -13,6 +13,12 @@
�#define _LINUX_VERIFICATION_H
�
�/*
+ * Indicate that both builtin trusted keys and secondary trusted keys
+ * should be used.
+ */
+#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
+
+/*
� * The use to which an asymmetric key is being put.
� */
�enum key_being_used_for {


On 07.09.2018 11:13, gregkh@linuxfoundation.org wrote:
> The patch below does not apply to the 4.9-stable tree.
> If someone wants it applied there, or to any other stable or longterm
> tree, then please email the backport, including the original git commit
> id to <stable@vger.kernel.org>.
>
> thanks,
>
> greg k-h
>
> ------------------ original commit in Linus's tree ------------------
>
> From 817aef260037f33ee0f44c17fe341323d3aebd6d Mon Sep 17 00:00:00 2001
> From: Yannik Sembritzki <yannik@sembritzki.me>
> Date: Thu, 16 Aug 2018 14:05:10 +0100
> Subject: [PATCH] Replace magic for trusting the secondary keyring with #define
>
> Replace the use of a magic number that indicates that verify_*_signature()
> should use the secondary keyring with a symbol.
>
> Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
> Signed-off-by: David Howells <dhowells@redhat.com>
> Cc: keyrings@vger.kernel.org
> Cc: linux-security-module@vger.kernel.org
> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
>
> diff --git a/certs/system_keyring.c b/certs/system_keyring.c
> index 6251d1b27f0c..81728717523d 100644
> --- a/certs/system_keyring.c
> +++ b/certs/system_keyring.c
> @@ -15,6 +15,7 @@
>  #include <linux/cred.h>
>  #include <linux/err.h>
>  #include <linux/slab.h>
> +#include <linux/verification.h>
>  #include <keys/asymmetric-type.h>
>  #include <keys/system_keyring.h>
>  #include <crypto/pkcs7.h>
> @@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *data, size_t len,
>  
>  	if (!trusted_keys) {
>  		trusted_keys = builtin_trusted_keys;
> -	} else if (trusted_keys == (void *)1UL) {
> +	} else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
>  #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
>  		trusted_keys = secondary_trusted_keys;
>  #else
> diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c
> index e284d9cb9237..5b2f6a2b5585 100644
> --- a/crypto/asymmetric_keys/pkcs7_key_type.c
> +++ b/crypto/asymmetric_keys/pkcs7_key_type.c
> @@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep)
>  
>  	return verify_pkcs7_signature(NULL, 0,
>  				      prep->data, prep->datalen,
> -				      (void *)1UL, usage,
> +				      VERIFY_USE_SECONDARY_KEYRING, usage,
>  				      pkcs7_view_content, prep);
>  }
>  
> diff --git a/include/linux/verification.h b/include/linux/verification.h
> index a10549a6c7cd..cfa4730d607a 100644
> --- a/include/linux/verification.h
> +++ b/include/linux/verification.h
> @@ -12,6 +12,12 @@
>  #ifndef _LINUX_VERIFICATION_H
>  #define _LINUX_VERIFICATION_H
>  
> +/*
> + * Indicate that both builtin trusted keys and secondary trusted keys
> + * should be used.
> + */
> +#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
> +
>  /*
>   * The use to which an asymmetric key is being put.
>   */
>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: FAILED: patch "[PATCH] Replace magic for trusting the secondary keyring with #define" failed to apply to 4.9-stable tree
  2018-09-07 10:32 ` Yannik Sembritzki
@ 2018-09-07 11:00   ` Greg KH
  0 siblings, 0 replies; 3+ messages in thread
From: Greg KH @ 2018-09-07 11:00 UTC (permalink / raw)
  To: Yannik Sembritzki; +Cc: dhowells, torvalds, stable

On Fri, Sep 07, 2018 at 12:32:48PM +0200, Yannik Sembritzki wrote:
> I've never backported a linux patch before; so I'm not sure if this is
> the right format.
> However, this cleanly applies to the linux-4.9.y branch.
> This is a backport of commit 817aef260037f33ee0f44c17fe341323d3aebd6d.
> 
> ----------------------------
> Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me>
> Cc: stable@vger.kernel.org
> ---
> �certs/system_keyring.c����������������� |��� 3 ++-
> �crypto/asymmetric_keys/pkcs7_key_type.c |��� 2 +-
> �include/linux/verification.h����������� |��� 6 ++++++
> �3 files changed, 9 insertions(+), 2 deletions(-)
> 
> --- a/certs/system_keyring.c
> +++ b/certs/system_keyring.c
> @@ -15,5 +15,6 @@
> �#include <linux/cred.h>
> �#include <linux/err.h>
> +#include <linux/verification.h>
> �#include <keys/asymmetric-type.h>
> �#include <keys/system_keyring.h>
> �#include <crypto/pkcs7.h>
> @@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *d
> �
> ���� if (!trusted_keys) {
> ���� ��� trusted_keys = builtin_trusted_keys;
> -��� } else if (trusted_keys == (void *)1UL) {
> +��� } else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) {
> �#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING
> ���� ��� trusted_keys = secondary_trusted_keys;
> �#else
> --- a/crypto/asymmetric_keys/pkcs7_key_type.c
> +++ b/crypto/asymmetric_keys/pkcs7_key_type.c
> @@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_pre
> �
> ���� return verify_pkcs7_signature(NULL, 0,
> ���� ��� ��� ��� ����� prep->data, prep->datalen,
> -��� ��� ��� ��� ����� (void *)1UL, usage,
> +��� ��� ��� ��� ����� VERIFY_USE_SECONDARY_KEYRING, usage,
> ���� ��� ��� ��� ����� pkcs7_view_content, prep);
> �}
> �
> --- a/include/linux/verification.h
> +++ b/include/linux/verification.h
> @@ -13,6 +13,12 @@
> �#define _LINUX_VERIFICATION_H
> �
> �/*
> + * Indicate that both builtin trusted keys and secondary trusted keys
> + * should be used.
> + */
> +#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL)
> +
> +/*
> � * The use to which an asymmetric key is being put.
> � */
> �enum key_being_used_for {

The patch is whitespace damaged and can not be applied :(

Care to fix that up and resend it?

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-09-07 15:41 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-09-07  9:13 FAILED: patch "[PATCH] Replace magic for trusting the secondary keyring with #define" failed to apply to 4.9-stable tree gregkh
2018-09-07 10:32 ` Yannik Sembritzki
2018-09-07 11:00   ` Greg KH

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.