From: kernel test robot <lkp@intel.com>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: oe-kbuild-all@lists.linux.dev, linux-integrity@vger.kernel.org
Subject: [zohar-integrity:next-integrity.ima-sigv3-support-1 13/15] security/integrity/evm/evm_main.c:267:22: error: too many arguments to function 'integrity_digsig_verify'
Date: Tue, 17 Mar 2026 20:02:23 +0800 [thread overview]
Message-ID: <202603171952.z3Qgv7vC-lkp@intel.com> (raw)
tree: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity.ima-sigv3-support-1
head: 9037cd4a36eb9554fb5968a4c1a990d44843190b
commit: d45011bbc88d112e7eea4dbb9a1b3b0081d0b30a [13/15] ima: Define asymmetric_verify_v3() to verify IMA sigv3 signatures
config: i386-randconfig-006-20260317 (https://download.01.org/0day-ci/archive/20260317/202603171952.z3Qgv7vC-lkp@intel.com/config)
compiler: gcc-14 (Debian 14.2.0-19) 14.2.0
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20260317/202603171952.z3Qgv7vC-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202603171952.z3Qgv7vC-lkp@intel.com/
All errors (new ones prefixed by >>):
security/integrity/evm/evm_main.c: In function 'evm_verify_hmac':
>> security/integrity/evm/evm_main.c:267:22: error: too many arguments to function 'integrity_digsig_verify'
267 | rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM,
| ^~~~~~~~~~~~~~~~~~~~~~~
In file included from security/integrity/evm/evm.h:18,
from security/integrity/evm/evm_main.c:28:
security/integrity/evm/../integrity.h:143:19: note: declared here
143 | static inline int integrity_digsig_verify(const unsigned int id,
| ^~~~~~~~~~~~~~~~~~~~~~~
vim +/integrity_digsig_verify +267 security/integrity/evm/evm_main.c
cd708c938f055c Mimi Zohar 2023-12-18 172
66dbc325afcef9 Mimi Zohar 2011-03-15 173 /*
66dbc325afcef9 Mimi Zohar 2011-03-15 174 * evm_verify_hmac - calculate and compare the HMAC with the EVM xattr
66dbc325afcef9 Mimi Zohar 2011-03-15 175 *
66dbc325afcef9 Mimi Zohar 2011-03-15 176 * Compute the HMAC on the dentry's protected set of extended attributes
7102ebcd65c1cd Mimi Zohar 2011-05-12 177 * and compare it against the stored security.evm xattr.
7102ebcd65c1cd Mimi Zohar 2011-05-12 178 *
7102ebcd65c1cd Mimi Zohar 2011-05-12 179 * For performance:
ceb5faef848b2f Tanya Agarwal 2025-01-24 180 * - use the previously retrieved xattr value and length to calculate the
66dbc325afcef9 Mimi Zohar 2011-03-15 181 * HMAC.)
7102ebcd65c1cd Mimi Zohar 2011-05-12 182 * - cache the verification result in the iint, when available.
66dbc325afcef9 Mimi Zohar 2011-03-15 183 *
66dbc325afcef9 Mimi Zohar 2011-03-15 184 * Returns integrity status
66dbc325afcef9 Mimi Zohar 2011-03-15 185 */
66dbc325afcef9 Mimi Zohar 2011-03-15 186 static enum integrity_status evm_verify_hmac(struct dentry *dentry,
66dbc325afcef9 Mimi Zohar 2011-03-15 187 const char *xattr_name,
66dbc325afcef9 Mimi Zohar 2011-03-15 188 char *xattr_value,
75a323e604fc77 Roberto Sassu 2024-02-15 189 size_t xattr_value_len)
66dbc325afcef9 Mimi Zohar 2011-03-15 190 {
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 191 struct evm_ima_xattr_data *xattr_data = NULL;
5feeb61183dde9 Matthew Garrett 2018-06-08 192 struct signature_v2_hdr *hdr;
566be59ab86c0e Mimi Zohar 2011-08-22 193 enum integrity_status evm_status = INTEGRITY_PASS;
5feeb61183dde9 Matthew Garrett 2018-06-08 194 struct evm_digest digest;
75a323e604fc77 Roberto Sassu 2024-02-15 195 struct inode *inode = d_backing_inode(dentry);
75a323e604fc77 Roberto Sassu 2024-02-15 196 struct evm_iint_cache *iint = evm_iint_inode(inode);
cdef685be5b4ae Roberto Sassu 2021-05-14 197 int rc, xattr_len, evm_immutable = 0;
66dbc325afcef9 Mimi Zohar 2011-03-15 198
50b977481fce90 Matthew Garrett 2017-11-07 199 if (iint && (iint->evm_status == INTEGRITY_PASS ||
50b977481fce90 Matthew Garrett 2017-11-07 200 iint->evm_status == INTEGRITY_PASS_IMMUTABLE))
24e0198efe0df5 Dmitry Kasatkin 2011-05-06 201 return iint->evm_status;
66dbc325afcef9 Mimi Zohar 2011-03-15 202
47add87ad18147 Stefan Berger 2024-02-23 203 /*
47add87ad18147 Stefan Berger 2024-02-23 204 * On unsupported filesystems without EVM_INIT_X509 enabled, skip
47add87ad18147 Stefan Berger 2024-02-23 205 * signature verification.
47add87ad18147 Stefan Berger 2024-02-23 206 */
5e2e4d0ea5c2c8 Stefan Berger 2024-02-23 207 if (!(evm_initialized & EVM_INIT_X509) &&
5e2e4d0ea5c2c8 Stefan Berger 2024-02-23 208 is_unsupported_hmac_fs(dentry))
cd708c938f055c Mimi Zohar 2023-12-18 209 return INTEGRITY_UNKNOWN;
cd708c938f055c Mimi Zohar 2023-12-18 210
6d38ca01c0c2d6 Dmitry Kasatkin 2011-05-06 211 /* if status is not PASS, try to check again - against -ENOMEM */
6d38ca01c0c2d6 Dmitry Kasatkin 2011-05-06 212
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 213 /* first need to know the sig type */
4609e1f18e19c3 Christian Brauner 2023-01-13 214 rc = vfs_getxattr_alloc(&nop_mnt_idmap, dentry, XATTR_NAME_EVM,
c7c7a1a18af4c3 Tycho Andersen 2021-01-21 215 (char **)&xattr_data, 0, GFP_NOFS);
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 216 if (rc <= 0) {
1f1009791b2e81 Dmitry Kasatkin 2014-08-15 217 evm_status = INTEGRITY_FAIL;
1f1009791b2e81 Dmitry Kasatkin 2014-08-15 218 if (rc == -ENODATA) {
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 219 rc = evm_find_protected_xattrs(dentry);
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 220 if (rc > 0)
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 221 evm_status = INTEGRITY_NOLABEL;
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 222 else if (rc == 0)
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 223 evm_status = INTEGRITY_NOXATTRS; /* new file */
1f1009791b2e81 Dmitry Kasatkin 2014-08-15 224 } else if (rc == -EOPNOTSUPP) {
1f1009791b2e81 Dmitry Kasatkin 2014-08-15 225 evm_status = INTEGRITY_UNKNOWN;
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 226 }
566be59ab86c0e Mimi Zohar 2011-08-22 227 goto out;
566be59ab86c0e Mimi Zohar 2011-08-22 228 }
66dbc325afcef9 Mimi Zohar 2011-03-15 229
b1aaab22e263d0 Dmitry Kasatkin 2013-10-10 230 xattr_len = rc;
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 231
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 232 /* check value type */
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 233 switch (xattr_data->type) {
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 234 case EVM_XATTR_HMAC:
650b29dbdf2caf Thiago Jung Bauermann 2019-06-11 235 if (xattr_len != sizeof(struct evm_xattr)) {
b4bfec7f4a8642 Seth Forshee 2016-08-01 236 evm_status = INTEGRITY_FAIL;
b4bfec7f4a8642 Seth Forshee 2016-08-01 237 goto out;
b4bfec7f4a8642 Seth Forshee 2016-08-01 238 }
5feeb61183dde9 Matthew Garrett 2018-06-08 239
5feeb61183dde9 Matthew Garrett 2018-06-08 240 digest.hdr.algo = HASH_ALGO_SHA1;
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 241 rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
a652aa59068bd7 Stefan Berger 2024-02-23 242 xattr_value_len, &digest, iint);
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 243 if (rc)
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 244 break;
650b29dbdf2caf Thiago Jung Bauermann 2019-06-11 245 rc = crypto_memneq(xattr_data->data, digest.digest,
5feeb61183dde9 Matthew Garrett 2018-06-08 246 SHA1_DIGEST_SIZE);
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 247 if (rc)
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 248 rc = -EINVAL;
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 249 break;
50b977481fce90 Matthew Garrett 2017-11-07 250 case EVM_XATTR_PORTABLE_DIGSIG:
cdef685be5b4ae Roberto Sassu 2021-05-14 251 evm_immutable = 1;
cdef685be5b4ae Roberto Sassu 2021-05-14 252 fallthrough;
cdef685be5b4ae Roberto Sassu 2021-05-14 253 case EVM_IMA_XATTR_DIGSIG:
455b6c9112eff8 Roberto Sassu 2020-09-04 254 /* accept xattr with non-empty signature field */
455b6c9112eff8 Roberto Sassu 2020-09-04 255 if (xattr_len <= sizeof(struct signature_v2_hdr)) {
455b6c9112eff8 Roberto Sassu 2020-09-04 256 evm_status = INTEGRITY_FAIL;
455b6c9112eff8 Roberto Sassu 2020-09-04 257 goto out;
455b6c9112eff8 Roberto Sassu 2020-09-04 258 }
455b6c9112eff8 Roberto Sassu 2020-09-04 259
5feeb61183dde9 Matthew Garrett 2018-06-08 260 hdr = (struct signature_v2_hdr *)xattr_data;
5feeb61183dde9 Matthew Garrett 2018-06-08 261 digest.hdr.algo = hdr->hash_algo;
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 262 rc = evm_calc_hash(dentry, xattr_name, xattr_value,
a652aa59068bd7 Stefan Berger 2024-02-23 263 xattr_value_len, xattr_data->type, &digest,
a652aa59068bd7 Stefan Berger 2024-02-23 264 iint);
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 265 if (rc)
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 266 break;
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 @267 rc = integrity_digsig_verify(INTEGRITY_KEYRING_EVM,
b1aaab22e263d0 Dmitry Kasatkin 2013-10-10 268 (const char *)xattr_data, xattr_len,
d45011bbc88d11 Mimi Zohar 2026-03-10 269 digest.digest, digest.hdr.length,
d45011bbc88d11 Mimi Zohar 2026-03-10 270 digest.hdr.algo);
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 271 if (!rc) {
50b977481fce90 Matthew Garrett 2017-11-07 272 if (xattr_data->type == EVM_XATTR_PORTABLE_DIGSIG) {
50b977481fce90 Matthew Garrett 2017-11-07 273 if (iint)
50b977481fce90 Matthew Garrett 2017-11-07 274 iint->flags |= EVM_IMMUTABLE_DIGSIG;
50b977481fce90 Matthew Garrett 2017-11-07 275 evm_status = INTEGRITY_PASS_IMMUTABLE;
70946c4ac2a9e0 Sascha Hauer 2018-03-01 276 } else if (!IS_RDONLY(inode) &&
70946c4ac2a9e0 Sascha Hauer 2018-03-01 277 !(inode->i_sb->s_readonly_remount) &&
47add87ad18147 Stefan Berger 2024-02-23 278 !IS_IMMUTABLE(inode) &&
5e2e4d0ea5c2c8 Stefan Berger 2024-02-23 279 !is_unsupported_hmac_fs(dentry)) {
c2baec7ffaf6a2 Dmitry Kasatkin 2014-10-01 280 evm_update_evmxattr(dentry, xattr_name,
c2baec7ffaf6a2 Dmitry Kasatkin 2014-10-01 281 xattr_value,
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 282 xattr_value_len);
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 283 }
50b977481fce90 Matthew Garrett 2017-11-07 284 }
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 285 break;
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 286 default:
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 287 rc = -EINVAL;
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 288 break;
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 289 }
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 290
cdef685be5b4ae Roberto Sassu 2021-05-14 291 if (rc) {
cdef685be5b4ae Roberto Sassu 2021-05-14 292 if (rc == -ENODATA)
cdef685be5b4ae Roberto Sassu 2021-05-14 293 evm_status = INTEGRITY_NOXATTRS;
cdef685be5b4ae Roberto Sassu 2021-05-14 294 else if (evm_immutable)
cdef685be5b4ae Roberto Sassu 2021-05-14 295 evm_status = INTEGRITY_FAIL_IMMUTABLE;
cdef685be5b4ae Roberto Sassu 2021-05-14 296 else
cdef685be5b4ae Roberto Sassu 2021-05-14 297 evm_status = INTEGRITY_FAIL;
cdef685be5b4ae Roberto Sassu 2021-05-14 298 }
87ac3d002d567f Mimi Zohar 2021-05-13 299 pr_debug("digest: (%d) [%*phN]\n", digest.hdr.length, digest.hdr.length,
87ac3d002d567f Mimi Zohar 2021-05-13 300 digest.digest);
7102ebcd65c1cd Mimi Zohar 2011-05-12 301 out:
7102ebcd65c1cd Mimi Zohar 2011-05-12 302 if (iint)
7102ebcd65c1cd Mimi Zohar 2011-05-12 303 iint->evm_status = evm_status;
15647eb3985ef3 Dmitry Kasatkin 2011-09-01 304 kfree(xattr_data);
7102ebcd65c1cd Mimi Zohar 2011-05-12 305 return evm_status;
66dbc325afcef9 Mimi Zohar 2011-03-15 306 }
66dbc325afcef9 Mimi Zohar 2011-03-15 307
:::::: The code at line 267 was first introduced by commit
:::::: 15647eb3985ef30dfd657038924dc85c03026733 evm: digital signature verification support
:::::: TO: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
:::::: CC: Dmitry Kasatkin <dmitry.kasatkin@intel.com>
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2026-03-17 12:02 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202603171952.z3Qgv7vC-lkp@intel.com \
--to=lkp@intel.com \
--cc=linux-integrity@vger.kernel.org \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox