From: kernel test robot <lkp@intel.com>
To: Nayna Jain <nayna@linux.ibm.com>,
linux-integrity@vger.kernel.org, keyrings@vger.kernel.org
Cc: llvm@lists.linux.dev, kbuild-all@lists.01.org,
dhowells@redhat.com, zohar@linux.ibm.com, jarkko@kernel.org,
seth.forshee@canonical.com,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, Nayna Jain <nayna@linux.ibm.com>
Subject: Re: [PATCH] integrity: support including firmware ".platform" keys at build time
Date: Sat, 11 Sep 2021 08:53:44 +0800 [thread overview]
Message-ID: <202109110847.fhH9aD4r-lkp@intel.com> (raw)
In-Reply-To: <20210910172515.8430-1-nayna@linux.ibm.com>
[-- Attachment #1: Type: text/plain, Size: 8217 bytes --]
Hi Nayna,
I love your patch! Yet something to improve:
[auto build test ERROR on integrity/next-integrity]
[also build test ERROR on linus/master v5.14 next-20210910]
[cannot apply to security/next-testing]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Nayna-Jain/integrity-support-including-firmware-platform-keys-at-build-time/20210911-012617
base: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
config: i386-randconfig-a003-20210910 (attached as .config)
compiler: clang version 14.0.0 (https://github.com/llvm/llvm-project 261cbe98c38f8c1ee1a482fe76511110e790f58a)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/fb58bf03a2f9965a2e0cfdcb16d1bad2fc5f083a
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Nayna-Jain/integrity-support-including-firmware-platform-keys-at-build-time/20210911-012617
git checkout fb58bf03a2f9965a2e0cfdcb16d1bad2fc5f083a
# save the attached .config to linux build tree
mkdir build_dir
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross O=build_dir ARCH=i386 SHELL=/bin/bash
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All error/warnings (new ones prefixed by >>):
>> certs/common.c:11:2: error: unknown type name 'key_ref_t'; did you mean 'key_perm_t'?
key_ref_t key;
^~~~~~~~~
key_perm_t
include/linux/key.h:31:18: note: 'key_perm_t' declared here
typedef uint32_t key_perm_t;
^
>> certs/common.c:31:9: error: implicit declaration of function 'key_create_or_update' [-Werror,-Wimplicit-function-declaration]
key = key_create_or_update(make_key_ref(keyring, 1),
^
>> certs/common.c:36:11: error: use of undeclared identifier 'KEY_POS_ALL'
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
^
>> certs/common.c:36:26: error: use of undeclared identifier 'KEY_POS_SETATTR'
((KEY_POS_ALL & ~KEY_POS_SETATTR) |
^
>> certs/common.c:37:9: error: use of undeclared identifier 'KEY_USR_VIEW'
KEY_USR_VIEW | KEY_USR_READ),
^
>> certs/common.c:37:24: error: use of undeclared identifier 'KEY_USR_READ'
KEY_USR_VIEW | KEY_USR_READ),
^
>> certs/common.c:38:9: error: use of undeclared identifier 'KEY_ALLOC_NOT_IN_QUOTA'
KEY_ALLOC_NOT_IN_QUOTA |
^
>> certs/common.c:39:9: error: use of undeclared identifier 'KEY_ALLOC_BUILT_IN'
KEY_ALLOC_BUILT_IN |
^
>> certs/common.c:40:9: error: use of undeclared identifier 'KEY_ALLOC_BYPASS_RESTRICTION'
KEY_ALLOC_BYPASS_RESTRICTION);
^
>> certs/common.c:41:14: warning: incompatible integer to pointer conversion passing 'key_perm_t' (aka 'unsigned int') to parameter of type 'const void *' [-Wint-conversion]
if (IS_ERR(key)) {
^~~
include/linux/err.h:34:60: note: passing argument to parameter 'ptr' here
static inline bool __must_check IS_ERR(__force const void *ptr)
^
certs/common.c:43:19: warning: incompatible integer to pointer conversion passing 'key_perm_t' (aka 'unsigned int') to parameter of type 'const void *' [-Wint-conversion]
PTR_ERR(key));
^~~
include/linux/printk.h:390:33: note: expanded from macro 'pr_err'
printk(KERN_ERR pr_fmt(fmt), ##__VA_ARGS__)
^~~~~~~~~~~
include/linux/err.h:29:61: note: passing argument to parameter 'ptr' here
static inline long __must_check PTR_ERR(__force const void *ptr)
^
>> certs/common.c:46:26: error: member reference base type 'void' is not a structure or union
key_ref_to_ptr(key)->description);
~~~~~~~~~~~~~~~~~~~^ ~~~~~~~~~~~
include/linux/printk.h:410:36: note: expanded from macro 'pr_notice'
printk(KERN_NOTICE pr_fmt(fmt), ##__VA_ARGS__)
^~~~~~~~~~~
2 warnings and 10 errors generated.
vim +11 certs/common.c
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 6
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 7 int load_certificate_list(const u8 cert_list[],
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 8 const unsigned long list_size,
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 9 const struct key *keyring)
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 10 {
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 @11 key_ref_t key;
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 12 const u8 *p, *end;
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 13 size_t plen;
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 14
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 15 p = cert_list;
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 16 end = p + list_size;
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 17 while (p < end) {
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 18 /* Each cert begins with an ASN.1 SEQUENCE tag and must be more
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 19 * than 256 bytes in size.
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 20 */
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 21 if (end - p < 4)
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 22 goto dodgy_cert;
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 23 if (p[0] != 0x30 &&
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 24 p[1] != 0x82)
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 25 goto dodgy_cert;
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 26 plen = (p[2] << 8) | p[3];
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 27 plen += 4;
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 28 if (plen > end - p)
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 29 goto dodgy_cert;
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 30
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 @31 key = key_create_or_update(make_key_ref(keyring, 1),
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 32 "asymmetric",
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 33 NULL,
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 34 p,
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 35 plen,
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 @36 ((KEY_POS_ALL & ~KEY_POS_SETATTR) |
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 @37 KEY_USR_VIEW | KEY_USR_READ),
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 @38 KEY_ALLOC_NOT_IN_QUOTA |
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 @39 KEY_ALLOC_BUILT_IN |
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 @40 KEY_ALLOC_BYPASS_RESTRICTION);
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 @41 if (IS_ERR(key)) {
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 42 pr_err("Problem loading in-kernel X.509 certificate (%ld)\n",
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 43 PTR_ERR(key));
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 44 } else {
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 45 pr_notice("Loaded X.509 cert '%s'\n",
2565ca7f5ec1a9 Eric Snowberg 2021-01-22 @46 key_ref_to_ptr(key)->description);
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 32911 bytes --]
next prev parent reply other threads:[~2021-09-11 0:54 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-10 17:25 [PATCH] integrity: support including firmware ".platform" keys at build time Nayna Jain
2021-09-10 21:52 ` kernel test robot
2021-09-11 0:53 ` kernel test robot [this message]
2021-09-11 16:29 ` kernel test robot
2021-09-13 19:37 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202109110847.fhH9aD4r-lkp@intel.com \
--to=lkp@intel.com \
--cc=dhowells@redhat.com \
--cc=jarkko@kernel.org \
--cc=kbuild-all@lists.01.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=llvm@lists.linux.dev \
--cc=nayna@linux.ibm.com \
--cc=seth.forshee@canonical.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).