linux-next: build failure after merge of the keys tree

From: Stephen Rothwell
Date: Thu Dec 10 2020 - 23:55:04 EST


Hi all,

After merging the keys tree, today's linux-next build (x86_64
allmodconfig) failed like this:

In file included from include/linux/cred.h:13,
from security/integrity/ima/ima_mok.c:12:
security/integrity/ima/ima_mok.c: In function 'ima_mok_init':
include/linux/key.h:292:29: warning: passing argument 7 of 'keyring_alloc' makes pointer from integer without a cast [-Wint-conversion]
292 | #define KEY_ALLOC_SET_KEEP 0x0020 /* Set the KEEP flag on the key/keyring */
| ^~~~~~
| |
| int
security/integrity/ima/ima_mok.c:42:5: note: in expansion of macro 'KEY_ALLOC_SET_KEEP'
42 | KEY_ALLOC_SET_KEEP,
| ^~~~~~~~~~~~~~~~~~
include/linux/key.h:410:30: note: expected 'struct key_restriction *' but argument is of type 'int'
410 | struct key_restriction *restrict_link,
| ~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
security/integrity/ima/ima_mok.c:43:5: error: passing argument 8 of 'keyring_alloc' from incompatible pointer type [-Werror=incompatible-pointer-types]
43 | restriction, NULL);
| ^~~~~~~~~~~
| |
| struct key_restriction *
In file included from include/linux/cred.h:13,
from security/integrity/ima/ima_mok.c:12:
include/linux/key.h:411:18: note: expected 'struct key *' but argument is of type 'struct key_restriction *'
411 | struct key *dest);
| ~~~~~~~~~~~~^~~~
security/integrity/ima/ima_mok.c:36:26: error: too many arguments to function 'keyring_alloc'
36 | ima_blacklist_keyring = keyring_alloc(".ima_blacklist",
| ^~~~~~~~~~~~~
In file included from include/linux/cred.h:13,
from security/integrity/ima/ima_mok.c:12:
include/linux/key.h:406:20: note: declared here
406 | extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid,
| ^~~~~~~~~~~~~

Caused by commit

33c36b2053de ("certs: Fix blacklist flag type confusion")

I have applied the following fix patch for today:

From: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
Date: Fri, 11 Dec 2020 15:46:09 +1100
Subject: [PATCH] fixup for "certs: Fix blacklist flag type confusion"

Signed-off-by: Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx>
---
security/integrity/ima/ima_mok.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/security/integrity/ima/ima_mok.c b/security/integrity/ima/ima_mok.c
index ce8871d96f12..5594dd38ab04 100644
--- a/security/integrity/ima/ima_mok.c
+++ b/security/integrity/ima/ima_mok.c
@@ -38,8 +38,7 @@ __init int ima_mok_init(void)
(KEY_POS_ALL & ~KEY_POS_SETATTR) |
KEY_USR_VIEW | KEY_USR_READ |
KEY_USR_WRITE | KEY_USR_SEARCH,
- KEY_ALLOC_NOT_IN_QUOTA,
- KEY_ALLOC_SET_KEEP,
+ KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_SET_KEEP,
restriction, NULL);

if (IS_ERR(ima_blacklist_keyring))
--
2.29.2

--
Cheers,
Stephen Rothwell

Attachment: pgpG_bMIioX0k.pgp
Description: OpenPGP digital signature