| Message ID | 20230224032703.7789-1-rdunlap@infradead.org |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp681834wrd;
Thu, 23 Feb 2023 19:38:10 -0800 (PST)
X-Google-Smtp-Source:
AK7set/hUkh+fWgkGNVlWGMZx/zCxdgf+rteTqSu+0OKrE4iY/VLm5TSkEx2LsIV2RDdA7JicRv3
X-Received: by 2002:a17:906:3782:b0:8a6:93a4:c892 with SMTP id
n2-20020a170906378200b008a693a4c892mr22006944ejc.44.1677209890135;
Thu, 23 Feb 2023 19:38:10 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1677209890; cv=none;
d=google.com; s=arc-20160816;
b=RGumEY+oLqI/hzMHlKXZ1Sh89P9O2LoMqVcF6NDg+/50DAAH4shJNVpw3Nk42DsNZk
zBsZFy/F6niJEC1i3360V3Ab3ba5Z6VfCfWV7rhpG/TLl4HKzhq8+BdodTK6KhZSfkgP
XG8XdpPOyYY+Ek6ChVdRWErhPUEGjPKxu2xBP3/0ANfOQq0felhPmkNXhPqSfXcf2IYe
inX+D+/aNJV82m5coBpTJX4MeQZHHZ04CxBZMtQYpvxItDTbSYrqCpJMiThu0OhAFxrP
ezgH9rr7bo4Dah22NXlo17Ml1ZhsbnvDmdS53Ce38nb5UDPbXOihRyJOAHfG+k+Y73LZ
MUuA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=3IhXFWZbsoRSpNhQKpLcLNnprR4jfrb5zB61a/c73DM=;
b=F2FSRd3dGDX8UCgS8xb0lUAMwswd+Hbs3pGl0s5pIvwUplzuMTaBmeJHhSCNuN6cQ5
ZALgCHiko4wCcsWvBhj+JP+IU5PihAvMGf0QygedDDk9aCJcEl6TH+uMCLYqs+t/3u6e
xLtaVT0Q3yOFPA9+aA20YuQnro8/lETU2vsa5VJtgo3bn7tqbgJNBxWpY7UfIzOwrUvv
nhsE+kWsv30vn1W1RYzrS7Xkh/v4avN4tgZxYDp2RAZBsLZzrQJ7sD6GTLLYM0IFG0MH
uV6QKbJdQSXmxZDDgRZQqB+POPQgUaGAO+cJIo25vCB8TSbRs9iYoDlyCxH6QgCuwqci
SLgg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@infradead.org header.s=bombadil.20210309
header.b=TvJszvU6;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
c8-20020aa7d608000000b004ad7c1fb712si12108383edr.620.2023.02.23.19.37.47;
Thu, 23 Feb 2023 19:38:10 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@infradead.org header.s=bombadil.20210309
header.b=TvJszvU6;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229799AbjBXD1M (ORCPT <rfc822;jeff.pang.chn@gmail.com>
+ 99 others); Thu, 23 Feb 2023 22:27:12 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58880 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229445AbjBXD1K (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 23 Feb 2023 22:27:10 -0500
Received: from bombadil.infradead.org (bombadil.infradead.org
[IPv6:2607:7c80:54:3::133])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B5B9515C6;
Thu, 23 Feb 2023 19:27:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=infradead.org; s=bombadil.20210309; h=Content-Transfer-Encoding:
MIME-Version:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
Content-ID:Content-Description:In-Reply-To:References;
bh=3IhXFWZbsoRSpNhQKpLcLNnprR4jfrb5zB61a/c73DM=;
b=TvJszvU6fu+GFni5Ufd2ji7V0n
rI22ILCnkzDwWKe8PUnCgs2zeK0O6Rm6HChCToBO1HqhRUB+0s6jeckV3UPZuO0IGg650u6uaV8cb
KWg48RrES0dfHlpkP2SBcJiSZ54+8ILjllVMDgDnS8Xr9Fc53sqMk3rqB28D4BSC6ET9QfLN9LLd2
eLHricqsAOb1z+YBHw+7izQvqnqYdH6LP6HC5kWay5yH+tfSkMKG8Xa4+f6rk044cBgu/obZaLOrc
jkskMiyRi5nbTWhnQ0Moj7BdQeRIHykwrfayh6v023BI5QrHOKPzjBYcmMQHClPl/NMJz2paQ9Ak7
EDfWtiBw==;
Received: from [2601:1c2:980:9ec0::df2f] (helo=bombadil.infradead.org)
by bombadil.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat
Linux))
id 1pVOji-0014K7-Fa; Fri, 24 Feb 2023 03:27:06 +0000
From: Randy Dunlap <rdunlap@infradead.org>
To: linux-kernel@vger.kernel.org
Cc: Randy Dunlap <rdunlap@infradead.org>,
Mimi Zohar <zohar@linux.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org,
Fabio Estevam <festevam@gmail.com>,
Rajiv Andrade <srajiv@linux.vnet.ibm.com>,
Richard Weinberger <richard@nod.at>,
Anton Ivanov <anton.ivanov@cambridgegreys.com>,
Johannes Berg <johannes@sipsolutions.net>,
linux-um@lists.infradead.org
Subject: [PATCH] IMA: allow/fix UML builds
Date: Thu, 23 Feb 2023 19:27:03 -0800
Message-Id: <20230224032703.7789-1-rdunlap@infradead.org>
X-Mailer: git-send-email 2.39.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1758682037614220390?=
X-GMAIL-MSGID: =?utf-8?q?1758682037614220390?=
|
| Series |
IMA: allow/fix UML builds
|
|
Commit Message
Randy Dunlap
Feb. 24, 2023, 3:27 a.m. UTC
UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling
NO_IOMEM).
Current IMA build on UML fails on allmodconfig (with TCG_TPM=m):
ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry':
ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend'
ld: security/integrity/ima/ima_init.o: in function `ima_init':
ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip'
ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm':
ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read'
ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read'
Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM
is set, regardless of the UML Kconfig setting.
This updates TCG_TPM from =m to =y and fixes the linker errors.
Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: linux-integrity@vger.kernel.org
Cc: Fabio Estevam <festevam@gmail.com>
Cc: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-um@lists.infradead.org
---
security/integrity/ima/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
ping? On 2/23/23 19:27, Randy Dunlap wrote: > UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling > NO_IOMEM). > > Current IMA build on UML fails on allmodconfig (with TCG_TPM=m): > > ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry': > ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend' > ld: security/integrity/ima/ima_init.o: in function `ima_init': > ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip' > ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm': > ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read' > ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read' > > Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM > is set, regardless of the UML Kconfig setting. > This updates TCG_TPM from =m to =y and fixes the linker errors. > > Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies") > Signed-off-by: Randy Dunlap <rdunlap@infradead.org> > Cc: Mimi Zohar <zohar@linux.ibm.com> > Cc: Dmitry Kasatkin <dmitry.kasatkin@gmail.com> > Cc: linux-integrity@vger.kernel.org > Cc: Fabio Estevam <festevam@gmail.com> > Cc: Rajiv Andrade <srajiv@linux.vnet.ibm.com> > Cc: Richard Weinberger <richard@nod.at> > Cc: Anton Ivanov <anton.ivanov@cambridgegreys.com> > Cc: Johannes Berg <johannes@sipsolutions.net> > Cc: linux-um@lists.infradead.org > --- > security/integrity/ima/Kconfig | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff -- a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig > --- a/security/integrity/ima/Kconfig > +++ b/security/integrity/ima/Kconfig > @@ -8,7 +8,7 @@ config IMA > select CRYPTO_HMAC > select CRYPTO_SHA1 > select CRYPTO_HASH_INFO > - select TCG_TPM if HAS_IOMEM && !UML > + select TCG_TPM if HAS_IOMEM > select TCG_TIS if TCG_TPM && X86 > select TCG_CRB if TCG_TPM && ACPI > select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES
On Thu, 2023-02-23 at 19:27 -0800, Randy Dunlap wrote: > UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling > NO_IOMEM). > > Current IMA build on UML fails on allmodconfig (with TCG_TPM=m): > > ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry': > ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend' > ld: security/integrity/ima/ima_init.o: in function `ima_init': > ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip' > ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm': > ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read' > ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read' > > Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM > is set, regardless of the UML Kconfig setting. > This updates TCG_TPM from =m to =y and fixes the linker errors. > > Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies") > Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Indicating this resolves a commit which was upstreamed in linux-3.4, while the fix for that commit 0bbadafdc49d ("um: allow disabling NO_IOMEM") was upstreamed only in linux-5.14, leaves out an important detail. Is the proper way of indicating this disconnect by adding to the fixes line the kernel? Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies") # v5.14+
On 3/14/23 11:28, Mimi Zohar wrote: > On Thu, 2023-02-23 at 19:27 -0800, Randy Dunlap wrote: >> UML supports HAS_IOMEM since 0bbadafdc49d (um: allow disabling >> NO_IOMEM). >> >> Current IMA build on UML fails on allmodconfig (with TCG_TPM=m): >> >> ld: security/integrity/ima/ima_queue.o: in function `ima_add_template_entry': >> ima_queue.c:(.text+0x2d9): undefined reference to `tpm_pcr_extend' >> ld: security/integrity/ima/ima_init.o: in function `ima_init': >> ima_init.c:(.init.text+0x43f): undefined reference to `tpm_default_chip' >> ld: security/integrity/ima/ima_crypto.o: in function `ima_calc_boot_aggregate_tfm': >> ima_crypto.c:(.text+0x1044): undefined reference to `tpm_pcr_read' >> ld: ima_crypto.c:(.text+0x10d8): undefined reference to `tpm_pcr_read' >> >> Modify the IMA Kconfig entry so that it selects TCG_TPM if HAS_IOMEM >> is set, regardless of the UML Kconfig setting. >> This updates TCG_TPM from =m to =y and fixes the linker errors. >> >> Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies") >> Signed-off-by: Randy Dunlap <rdunlap@infradead.org> > > Indicating this resolves a commit which was upstreamed in linux-3.4, > while the fix for that commit 0bbadafdc49d ("um: allow disabling > NO_IOMEM") was upstreamed only in linux-5.14, leaves out an important > detail. > > Is the proper way of indicating this disconnect by adding to the fixes > line the kernel? > Fixes: f4a0391dfa91 ("ima: fix Kconfig dependencies") # v5.14+ Yes, that is acceptable AFAIK. Also Cc: stable@vger.kernel.org or AUTOSEL would probably take care of this as it is.
diff -- a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -8,7 +8,7 @@ config IMA select CRYPTO_HMAC select CRYPTO_SHA1 select CRYPTO_HASH_INFO - select TCG_TPM if HAS_IOMEM && !UML + select TCG_TPM if HAS_IOMEM select TCG_TIS if TCG_TPM && X86 select TCG_CRB if TCG_TPM && ACPI select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES