From: kernel test robot <lkp@intel.com>
To: "Lee, Chun-Yi" <joeyli.kernel@gmail.com>,
David Howells <dhowells@redhat.com>
Cc: kbuild-all@lists.01.org, Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
Ben Boeckel <me@benboeckel.net>,
Randy Dunlap <rdunlap@infradead.org>,
Malte Gell <malte.gell@gmx.de>,
Varad Gautam <varad.gautam@suse.com>,
keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v6,2/4] PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification
Date: Thu, 29 Apr 2021 21:04:41 +0800 [thread overview]
Message-ID: <202104292055.jWRp4lBa-lkp@intel.com> (raw)
In-Reply-To: <20210429072851.24057-3-jlee@suse.com>
[-- Attachment #1: Type: text/plain, Size: 3375 bytes --]
Hi Chun-Yi",
I love your patch! Yet something to improve:
[auto build test ERROR on linus/master]
[also build test ERROR on next-20210429]
[cannot apply to cryptodev/master crypto/master v5.12]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Lee-Chun-Yi/Check-codeSigning-extended-key-usage-extension/20210429-153115
base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git d72cd4ad4174cfd2257c426ad51e4f53bcfde9c9
config: powerpc64-randconfig-m031-20210429 (attached as .config)
compiler: powerpc-linux-gcc (GCC) 9.3.0
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# https://github.com/0day-ci/linux/commit/63e6809a57ca114d297694a24283256990aa10df
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Lee-Chun-Yi/Check-codeSigning-extended-key-usage-extension/20210429-153115
git checkout 63e6809a57ca114d297694a24283256990aa10df
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=gcc-9.3.0 make.cross W=1 ARCH=powerpc64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All errors (new ones prefixed by >>):
certs/blacklist.c: In function 'is_key_on_revocation_list':
>> certs/blacklist.c:188:8: error: too few arguments to function 'pkcs7_validate_trust'
188 | ret = pkcs7_validate_trust(pkcs7, blacklist_keyring);
| ^~~~~~~~~~~~~~~~~~~~
In file included from certs/blacklist.h:3,
from certs/blacklist.c:19:
include/crypto/pkcs7.h:32:12: note: declared here
32 | extern int pkcs7_validate_trust(struct pkcs7_message *pkcs7,
| ^~~~~~~~~~~~~~~~~~~~
vim +/pkcs7_validate_trust +188 certs/blacklist.c
56c5812623f953 Eric Snowberg 2021-01-22 179
56c5812623f953 Eric Snowberg 2021-01-22 180 /**
56c5812623f953 Eric Snowberg 2021-01-22 181 * is_key_on_revocation_list - Determine if the key for a PKCS#7 message is revoked
56c5812623f953 Eric Snowberg 2021-01-22 182 * @pkcs7: The PKCS#7 message to check
56c5812623f953 Eric Snowberg 2021-01-22 183 */
56c5812623f953 Eric Snowberg 2021-01-22 184 int is_key_on_revocation_list(struct pkcs7_message *pkcs7)
56c5812623f953 Eric Snowberg 2021-01-22 185 {
56c5812623f953 Eric Snowberg 2021-01-22 186 int ret;
56c5812623f953 Eric Snowberg 2021-01-22 187
56c5812623f953 Eric Snowberg 2021-01-22 @188 ret = pkcs7_validate_trust(pkcs7, blacklist_keyring);
56c5812623f953 Eric Snowberg 2021-01-22 189
56c5812623f953 Eric Snowberg 2021-01-22 190 if (ret == 0)
56c5812623f953 Eric Snowberg 2021-01-22 191 return -EKEYREJECTED;
56c5812623f953 Eric Snowberg 2021-01-22 192
56c5812623f953 Eric Snowberg 2021-01-22 193 return -ENOKEY;
56c5812623f953 Eric Snowberg 2021-01-22 194 }
56c5812623f953 Eric Snowberg 2021-01-22 195 #endif
56c5812623f953 Eric Snowberg 2021-01-22 196
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 33418 bytes --]
next prev parent reply other threads:[~2021-04-29 13:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-29 7:28 [PATCH v6 0/4] Check codeSigning extended key usage extension Lee, Chun-Yi
2021-04-29 7:28 ` [PATCH v6,1/4] X.509: Add CodeSigning extended key usage parsing Lee, Chun-Yi
2021-04-29 7:28 ` [PATCH v6,2/4] PKCS#7: Check codeSigning EKU for kernel module and kexec pe verification Lee, Chun-Yi
2021-04-29 13:04 ` kernel test robot [this message]
2021-04-29 7:28 ` [PATCH v6,3/4] modsign: Add codeSigning EKU when generating X.509 key generation config Lee, Chun-Yi
2021-04-29 7:28 ` [PATCH v6,4/4] Documentation/admin-guide/module-signing.rst: add openssl command option example for CodeSign EKU Lee, Chun-Yi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202104292055.jWRp4lBa-lkp@intel.com \
--to=lkp@intel.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=joeyli.kernel@gmail.com \
--cc=kbuild-all@lists.01.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=malte.gell@gmx.de \
--cc=me@benboeckel.net \
--cc=rdunlap@infradead.org \
--cc=varad.gautam@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox