linux-next: build warnings after merge of the keys tree

Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> · Tue, 30 Jul 2019 12:30:42 +1000

Hi all,

After merging the keys tree, today's linux-next build (x86_64
allmodconfig) produced these warnings:

In file included from include/linux/keyctl.h:11,
                 from include/linux/key.h:35,
                 from include/linux/cred.h:13,
                 from fs/verity/signature.c:10:
fs/verity/signature.c: In function 'fsverity_init_signature':
include/uapi/linux/keyctl.h:52:24: warning: passing argument 5 of 'keyring_alloc' makes pointer from integer without a cast [-Wint-conversion]
 #define KEY_POS_SEARCH 0x08000000 /* possessor can find a key in search / search a keyring */
                        ^
fs/verity/signature.c:140:25: note: in expansion of macro 'KEY_POS_SEARCH'
         current_cred(), KEY_POS_SEARCH |
                         ^~~~~~~~~~~~~~
In file included from include/linux/cred.h:13,
                 from fs/verity/signature.c:10:
include/linux/key.h:386:20: note: expected 'struct key_acl *' but argument is of type 'int'
 extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
                    ^~~~~~~~~~~~~

Caused by commit

  f802f2b3a991 ("keys: Replace uid/gid/perm permissions checking with an ACL")

interacting with commit

  318ce3c7b2ff ("fs-verity: support builtin file signatures")

from the fsverity tree.

(Have I mentioned that I have API changes? ;-))

I have applied the following merge fix patch:

From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
Date: Tue, 30 Jul 2019 12:13:38 +1000
Subject: [PATCH] fsverity: merge fix for keyring_alloc API change

Signed-off-by: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
---
 fs/verity/signature.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/fs/verity/signature.c b/fs/verity/signature.c
index c8b255232de5..a7aac30c56ae 100644
--- a/fs/verity/signature.c
+++ b/fs/verity/signature.c
@@ -131,15 +131,26 @@ static inline int __init fsverity_sysctl_init(void)
 }
 #endif /* !CONFIG_SYSCTL */
 
+static struct key_acl fsverity_acl = {
+	.usage	= REFCOUNT_INIT(1),
+	.possessor_viewable = true,
+	.nr_ace	= 2,
+	.aces = {
+		KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_JOIN |
+				  KEY_ACE_INVAL),
+		KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_WRITE |
+			      KEY_ACE_CLEAR | KEY_ACE_SEARCH |
+			      KEY_ACE_SET_SECURITY | KEY_ACE_REVOKE),
+	}
+};
+
 int __init fsverity_init_signature(void)
 {
 	struct key *ring;
 	int err;
 
 	ring = keyring_alloc(".fs-verity", KUIDT_INIT(0), KGIDT_INIT(0),
-			     current_cred(), KEY_POS_SEARCH |
-				KEY_USR_VIEW | KEY_USR_READ | KEY_USR_WRITE |
-				KEY_USR_SEARCH | KEY_USR_SETATTR,
+			     current_cred(), &fsverity_acl,
 			     KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
 	if (IS_ERR(ring))
 		return PTR_ERR(ring);
-- 
2.20.1

-- 
Cheers,
Stephen Rothwell
Attachment:
pgpdhNz64npsJ.pgp

Description: OpenPGP digital signature




