linux-next: build warnings after merge of the keys tree

Mon, 29 Jul 2019 19:31:27 -0700 

Hi all,

After merging the keys tree, today's linux-next build (x86_64
allmodconfig) produced these warnings:

In file included from include/linux/keyctl.h:11,
                 from include/linux/key.h:35,
                 from include/linux/cred.h:13,
                 from fs/verity/signature.c:10:
fs/verity/signature.c: In function 'fsverity_init_signature':
include/uapi/linux/keyctl.h:52:24: warning: passing argument 5 of 
'keyring_alloc' makes pointer from integer without a cast [-Wint-conversion]
 #define KEY_POS_SEARCH 0x08000000 /* possessor can find a key in search / 
search a keyring */
                        ^
fs/verity/signature.c:140:25: note: in expansion of macro 'KEY_POS_SEARCH'
         current_cred(), KEY_POS_SEARCH |
                         ^~~~~~~~~~~~~~
In file included from include/linux/cred.h:13,
                 from fs/verity/signature.c:10:
include/linux/key.h:386:20: note: expected 'struct key_acl *' but argument is 
of type 'int'
 extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t 
gid,
                    ^~~~~~~~~~~~~

Caused by commit

  f802f2b3a991 ("keys: Replace uid/gid/perm permissions checking with an ACL")

interacting with commit

  318ce3c7b2ff ("fs-verity: support builtin file signatures")

from the fsverity tree.

(Have I mentioned that I have API changes? ;-))

I have applied the following merge fix patch:

From: Stephen Rothwell <s...@canb.auug.org.au>
Date: Tue, 30 Jul 2019 12:13:38 +1000
Subject: [PATCH] fsverity: merge fix for keyring_alloc API change

Signed-off-by: Stephen Rothwell <s...@canb.auug.org.au>
---
 fs/verity/signature.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/fs/verity/signature.c b/fs/verity/signature.c
index c8b255232de5..a7aac30c56ae 100644
--- a/fs/verity/signature.c
+++ b/fs/verity/signature.c
@@ -131,15 +131,26 @@ static inline int __init fsverity_sysctl_init(void)
 }
 #endif /* !CONFIG_SYSCTL */
 
+static struct key_acl fsverity_acl = {
+       .usage  = REFCOUNT_INIT(1),
+       .possessor_viewable = true,
+       .nr_ace = 2,
+       .aces = {
+               KEY_POSSESSOR_ACE(KEY_ACE_SEARCH | KEY_ACE_JOIN |
+                                 KEY_ACE_INVAL),
+               KEY_OWNER_ACE(KEY_ACE_VIEW | KEY_ACE_READ | KEY_ACE_WRITE |
+                             KEY_ACE_CLEAR | KEY_ACE_SEARCH |
+                             KEY_ACE_SET_SECURITY | KEY_ACE_REVOKE),
+       }
+};
+
 int __init fsverity_init_signature(void)
 {
        struct key *ring;
        int err;
 
        ring = keyring_alloc(".fs-verity", KUIDT_INIT(0), KGIDT_INIT(0),
-                            current_cred(), KEY_POS_SEARCH |
-                               KEY_USR_VIEW | KEY_USR_READ | KEY_USR_WRITE |
-                               KEY_USR_SEARCH | KEY_USR_SETATTR,
+                            current_cred(), &fsverity_acl,
                             KEY_ALLOC_NOT_IN_QUOTA, NULL, NULL);
        if (IS_ERR(ring))
                return PTR_ERR(ring);
-- 
2.20.1

-- 
Cheers,
Stephen Rothwell

Attachment: pgpr2DwPAOeD6.pgp
Description: OpenPGP digital signature

Reply via email to