linux-next: build failure after merge of the keys tree

[Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>]

Hi all,

After merging the keys tree, today's linux-next build (x86_64
allmodconfig) failed like this:

In file included from include/linux/cred.h:13,
                 from security/integrity/ima/ima_mok.c:12:
security/integrity/ima/ima_mok.c: In function 'ima_mok_init':
include/linux/key.h:292:29: warning: passing argument 7 of 'keyring_alloc' makes pointer from integer without a cast [-Wint-conversion]
  292 | #define KEY_ALLOC_SET_KEEP  0x0020 /* Set the KEEP flag on the key/keyring */
      |                             ^~~~~~
      |                             |
      |                             int
security/integrity/ima/ima_mok.c:42:5: note: in expansion of macro 'KEY_ALLOC_SET_KEEP'
   42 |     KEY_ALLOC_SET_KEEP,
      |     ^~~~~~~~~~~~~~~~~~
include/linux/key.h:410:30: note: expected 'struct key_restriction *' but argument is of type 'int'
  410 |      struct key_restriction *restrict_link,
      |      ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
security/integrity/ima/ima_mok.c:43:5: error: passing argument 8 of 'keyring_alloc' from incompatible pointer type [-Werror=incompatible-pointer-types]
   43 |     restriction, NULL);
      |     ^~~~~~~~~~~
      |     |
      |     struct key_restriction *
In file included from include/linux/cred.h:13,
                 from security/integrity/ima/ima_mok.c:12:
include/linux/key.h:411:18: note: expected 'struct key *' but argument is of type 'struct key_restriction *'
  411 |      struct key *dest);
      |      ~~~~~~~~~~~~^~~~
security/integrity/ima/ima_mok.c:36:26: error: too many arguments to function 'keyring_alloc'
   36 |  ima_blacklist_keyring = keyring_alloc(".ima_blacklist",
      |                          ^~~~~~~~~~~~~
In file included from include/linux/cred.h:13,
                 from security/integrity/ima/ima_mok.c:12:
include/linux/key.h:406:20: note: declared here
  406 | extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
      |                    ^~~~~~~~~~~~~

Caused by commit

  33c36b2053de ("certs: Fix blacklist flag type confusion")

I have applied the following fix patch for today:

From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
Date: Fri, 11 Dec 2020 15:46:09 +1100
Subject: [PATCH] fixup for "certs: Fix blacklist flag type confusion"

Signed-off-by: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
---
 security/integrity/ima/ima_mok.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/security/integrity/ima/ima_mok.c b/security/integrity/ima/ima_mok.c
index ce8871d96f12..5594dd38ab04 100644
--- a/security/integrity/ima/ima_mok.c
+++ b/security/integrity/ima/ima_mok.c
@@ -38,8 +38,7 @@ __init int ima_mok_init(void)
 				(KEY_POS_ALL & ~KEY_POS_SETATTR) |
 				KEY_USR_VIEW | KEY_USR_READ |
 				KEY_USR_WRITE | KEY_USR_SEARCH,
-				KEY_ALLOC_NOT_IN_QUOTA,
-				KEY_ALLOC_SET_KEEP,
+				KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_SET_KEEP,
 				restriction, NULL);
 
 	if (IS_ERR(ima_blacklist_keyring))
-- 
2.29.2

-- 
Cheers,
Stephen Rothwell

Attachment: pgpDEhE8TteY4.pgp
Description: OpenPGP digital signature