* FAILED: patch "[PATCH] Replace magic for trusting the secondary keyring with #define" failed to apply to 4.9-stable tree @ 2018-09-07 9:13 gregkh 2018-09-07 10:32 ` Yannik Sembritzki 0 siblings, 1 reply; 3+ messages in thread From: gregkh @ 2018-09-07 9:13 UTC (permalink / raw) To: yannik, dhowells, torvalds; +Cc: stable The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable@vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 817aef260037f33ee0f44c17fe341323d3aebd6d Mon Sep 17 00:00:00 2001 From: Yannik Sembritzki <yannik@sembritzki.me> Date: Thu, 16 Aug 2018 14:05:10 +0100 Subject: [PATCH] Replace magic for trusting the secondary keyring with #define Replace the use of a magic number that indicates that verify_*_signature() should use the secondary keyring with a symbol. Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me> Signed-off-by: David Howells <dhowells@redhat.com> Cc: keyrings@vger.kernel.org Cc: linux-security-module@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> diff --git a/certs/system_keyring.c b/certs/system_keyring.c index 6251d1b27f0c..81728717523d 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c @@ -15,6 +15,7 @@ #include <linux/cred.h> #include <linux/err.h> #include <linux/slab.h> +#include <linux/verification.h> #include <keys/asymmetric-type.h> #include <keys/system_keyring.h> #include <crypto/pkcs7.h> @@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *data, size_t len, if (!trusted_keys) { trusted_keys = builtin_trusted_keys; - } else if (trusted_keys == (void *)1UL) { + } else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) { #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING trusted_keys = secondary_trusted_keys; #else diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c index e284d9cb9237..5b2f6a2b5585 100644 --- a/crypto/asymmetric_keys/pkcs7_key_type.c +++ b/crypto/asymmetric_keys/pkcs7_key_type.c @@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep) return verify_pkcs7_signature(NULL, 0, prep->data, prep->datalen, - (void *)1UL, usage, + VERIFY_USE_SECONDARY_KEYRING, usage, pkcs7_view_content, prep); } diff --git a/include/linux/verification.h b/include/linux/verification.h index a10549a6c7cd..cfa4730d607a 100644 --- a/include/linux/verification.h +++ b/include/linux/verification.h @@ -12,6 +12,12 @@ #ifndef _LINUX_VERIFICATION_H #define _LINUX_VERIFICATION_H +/* + * Indicate that both builtin trusted keys and secondary trusted keys + * should be used. + */ +#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL) + /* * The use to which an asymmetric key is being put. */ ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: FAILED: patch "[PATCH] Replace magic for trusting the secondary keyring with #define" failed to apply to 4.9-stable tree 2018-09-07 9:13 FAILED: patch "[PATCH] Replace magic for trusting the secondary keyring with #define" failed to apply to 4.9-stable tree gregkh @ 2018-09-07 10:32 ` Yannik Sembritzki 2018-09-07 11:00 ` Greg KH 0 siblings, 1 reply; 3+ messages in thread From: Yannik Sembritzki @ 2018-09-07 10:32 UTC (permalink / raw) To: gregkh, dhowells, torvalds, stable I've never backported a linux patch before; so I'm not sure if this is the right format. However, this cleanly applies to the linux-4.9.y branch. This is a backport of commit 817aef260037f33ee0f44c17fe341323d3aebd6d. ---------------------------- Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me> Cc: stable@vger.kernel.org --- �certs/system_keyring.c����������������� |��� 3 ++- �crypto/asymmetric_keys/pkcs7_key_type.c |��� 2 +- �include/linux/verification.h����������� |��� 6 ++++++ �3 files changed, 9 insertions(+), 2 deletions(-) --- a/certs/system_keyring.c +++ b/certs/system_keyring.c @@ -15,5 +15,6 @@ �#include <linux/cred.h> �#include <linux/err.h> +#include <linux/verification.h> �#include <keys/asymmetric-type.h> �#include <keys/system_keyring.h> �#include <crypto/pkcs7.h> @@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *d � ���� if (!trusted_keys) { ���� ��� trusted_keys = builtin_trusted_keys; -��� } else if (trusted_keys == (void *)1UL) { +��� } else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) { �#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING ���� ��� trusted_keys = secondary_trusted_keys; �#else --- a/crypto/asymmetric_keys/pkcs7_key_type.c +++ b/crypto/asymmetric_keys/pkcs7_key_type.c @@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_pre � ���� return verify_pkcs7_signature(NULL, 0, ���� ��� ��� ��� ����� prep->data, prep->datalen, -��� ��� ��� ��� ����� (void *)1UL, usage, +��� ��� ��� ��� ����� VERIFY_USE_SECONDARY_KEYRING, usage, ���� ��� ��� ��� ����� pkcs7_view_content, prep); �} � --- a/include/linux/verification.h +++ b/include/linux/verification.h @@ -13,6 +13,12 @@ �#define _LINUX_VERIFICATION_H � �/* + * Indicate that both builtin trusted keys and secondary trusted keys + * should be used. + */ +#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL) + +/* � * The use to which an asymmetric key is being put. � */ �enum key_being_used_for { On 07.09.2018 11:13, gregkh@linuxfoundation.org wrote: > The patch below does not apply to the 4.9-stable tree. > If someone wants it applied there, or to any other stable or longterm > tree, then please email the backport, including the original git commit > id to <stable@vger.kernel.org>. > > thanks, > > greg k-h > > ------------------ original commit in Linus's tree ------------------ > > From 817aef260037f33ee0f44c17fe341323d3aebd6d Mon Sep 17 00:00:00 2001 > From: Yannik Sembritzki <yannik@sembritzki.me> > Date: Thu, 16 Aug 2018 14:05:10 +0100 > Subject: [PATCH] Replace magic for trusting the secondary keyring with #define > > Replace the use of a magic number that indicates that verify_*_signature() > should use the secondary keyring with a symbol. > > Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me> > Signed-off-by: David Howells <dhowells@redhat.com> > Cc: keyrings@vger.kernel.org > Cc: linux-security-module@vger.kernel.org > Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> > > diff --git a/certs/system_keyring.c b/certs/system_keyring.c > index 6251d1b27f0c..81728717523d 100644 > --- a/certs/system_keyring.c > +++ b/certs/system_keyring.c > @@ -15,6 +15,7 @@ > #include <linux/cred.h> > #include <linux/err.h> > #include <linux/slab.h> > +#include <linux/verification.h> > #include <keys/asymmetric-type.h> > #include <keys/system_keyring.h> > #include <crypto/pkcs7.h> > @@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *data, size_t len, > > if (!trusted_keys) { > trusted_keys = builtin_trusted_keys; > - } else if (trusted_keys == (void *)1UL) { > + } else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) { > #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING > trusted_keys = secondary_trusted_keys; > #else > diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c > index e284d9cb9237..5b2f6a2b5585 100644 > --- a/crypto/asymmetric_keys/pkcs7_key_type.c > +++ b/crypto/asymmetric_keys/pkcs7_key_type.c > @@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_preparsed_payload *prep) > > return verify_pkcs7_signature(NULL, 0, > prep->data, prep->datalen, > - (void *)1UL, usage, > + VERIFY_USE_SECONDARY_KEYRING, usage, > pkcs7_view_content, prep); > } > > diff --git a/include/linux/verification.h b/include/linux/verification.h > index a10549a6c7cd..cfa4730d607a 100644 > --- a/include/linux/verification.h > +++ b/include/linux/verification.h > @@ -12,6 +12,12 @@ > #ifndef _LINUX_VERIFICATION_H > #define _LINUX_VERIFICATION_H > > +/* > + * Indicate that both builtin trusted keys and secondary trusted keys > + * should be used. > + */ > +#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL) > + > /* > * The use to which an asymmetric key is being put. > */ > ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: FAILED: patch "[PATCH] Replace magic for trusting the secondary keyring with #define" failed to apply to 4.9-stable tree 2018-09-07 10:32 ` Yannik Sembritzki @ 2018-09-07 11:00 ` Greg KH 0 siblings, 0 replies; 3+ messages in thread From: Greg KH @ 2018-09-07 11:00 UTC (permalink / raw) To: Yannik Sembritzki; +Cc: dhowells, torvalds, stable On Fri, Sep 07, 2018 at 12:32:48PM +0200, Yannik Sembritzki wrote: > I've never backported a linux patch before; so I'm not sure if this is > the right format. > However, this cleanly applies to the linux-4.9.y branch. > This is a backport of commit 817aef260037f33ee0f44c17fe341323d3aebd6d. > > ---------------------------- > Signed-off-by: Yannik Sembritzki <yannik@sembritzki.me> > Cc: stable@vger.kernel.org > --- > �certs/system_keyring.c����������������� |��� 3 ++- > �crypto/asymmetric_keys/pkcs7_key_type.c |��� 2 +- > �include/linux/verification.h����������� |��� 6 ++++++ > �3 files changed, 9 insertions(+), 2 deletions(-) > > --- a/certs/system_keyring.c > +++ b/certs/system_keyring.c > @@ -15,5 +15,6 @@ > �#include <linux/cred.h> > �#include <linux/err.h> > +#include <linux/verification.h> > �#include <keys/asymmetric-type.h> > �#include <keys/system_keyring.h> > �#include <crypto/pkcs7.h> > @@ -230,7 +231,7 @@ int verify_pkcs7_signature(const void *d > � > ���� if (!trusted_keys) { > ���� ��� trusted_keys = builtin_trusted_keys; > -��� } else if (trusted_keys == (void *)1UL) { > +��� } else if (trusted_keys == VERIFY_USE_SECONDARY_KEYRING) { > �#ifdef CONFIG_SECONDARY_TRUSTED_KEYRING > ���� ��� trusted_keys = secondary_trusted_keys; > �#else > --- a/crypto/asymmetric_keys/pkcs7_key_type.c > +++ b/crypto/asymmetric_keys/pkcs7_key_type.c > @@ -63,7 +63,7 @@ static int pkcs7_preparse(struct key_pre > � > ���� return verify_pkcs7_signature(NULL, 0, > ���� ��� ��� ��� ����� prep->data, prep->datalen, > -��� ��� ��� ��� ����� (void *)1UL, usage, > +��� ��� ��� ��� ����� VERIFY_USE_SECONDARY_KEYRING, usage, > ���� ��� ��� ��� ����� pkcs7_view_content, prep); > �} > � > --- a/include/linux/verification.h > +++ b/include/linux/verification.h > @@ -13,6 +13,12 @@ > �#define _LINUX_VERIFICATION_H > � > �/* > + * Indicate that both builtin trusted keys and secondary trusted keys > + * should be used. > + */ > +#define VERIFY_USE_SECONDARY_KEYRING ((struct key *)1UL) > + > +/* > � * The use to which an asymmetric key is being put. > � */ > �enum key_being_used_for { The patch is whitespace damaged and can not be applied :( Care to fix that up and resend it? thanks, greg k-h ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-09-07 15:41 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-09-07 9:13 FAILED: patch "[PATCH] Replace magic for trusting the secondary keyring with #define" failed to apply to 4.9-stable tree gregkh 2018-09-07 10:32 ` Yannik Sembritzki 2018-09-07 11:00 ` Greg KH
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.