summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames Morris <james.l.morris@oracle.com>2015-01-29 11:03:24 +1100
committerJames Morris <james.l.morris@oracle.com>2015-01-29 11:03:24 +1100
commitbfc8419670bb6edc53b7423900a50f3c974839a0 (patch)
treeb9b3972498a9be988ec37c67c5f552c34f8efa2a
parent90200f19160734feceb92a3a054864c340242699 (diff)
parente994393acd65e729a574aaca466eab22b5b39cc6 (diff)
downloadlwn-bfc8419670bb6edc53b7423900a50f3c974839a0.tar.gz
lwn-bfc8419670bb6edc53b7423900a50f3c974839a0.zip
Merge tag 'keys-next-20150123' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next
-rw-r--r--Documentation/security/keys.txt2
-rw-r--r--kernel/Makefile2
-rw-r--r--scripts/asn1_compiler.c30
-rw-r--r--security/keys/Kconfig18
-rw-r--r--security/keys/proc.c8
5 files changed, 20 insertions, 40 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 821c936e1a63..c9e7f4f223a5 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -323,8 +323,6 @@ about the status of the key service:
U Under construction by callback to userspace
N Negative key
- This file must be enabled at kernel configuration time as it allows anyone
- to list the keys database.
(*) /proc/key-users
diff --git a/kernel/Makefile b/kernel/Makefile
index a59481a3fa6c..23e17a7e7a63 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -142,7 +142,7 @@ endif
kernel/system_certificates.o: $(obj)/x509_certificate_list
quiet_cmd_x509certs = CERTS $@
- cmd_x509certs = cat $(X509_CERTIFICATES) /dev/null >$@ $(foreach X509,$(X509_CERTIFICATES),; echo " - Including cert $(X509)")
+ cmd_x509certs = cat $(X509_CERTIFICATES) /dev/null >$@ $(foreach X509,$(X509_CERTIFICATES),; $(kecho) " - Including cert $(X509)")
targets += $(obj)/x509_certificate_list
$(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list
diff --git a/scripts/asn1_compiler.c b/scripts/asn1_compiler.c
index 91c4117637ae..7750e9c31483 100644
--- a/scripts/asn1_compiler.c
+++ b/scripts/asn1_compiler.c
@@ -311,6 +311,9 @@ struct token {
static struct token *token_list;
static unsigned nr_tokens;
+static _Bool verbose;
+
+#define debug(fmt, ...) do { if (verbose) printf(fmt, ## __VA_ARGS__); } while (0)
static int directive_compare(const void *_key, const void *_pdir)
{
@@ -322,21 +325,21 @@ static int directive_compare(const void *_key, const void *_pdir)
dlen = strlen(dir);
clen = (dlen < token->size) ? dlen : token->size;
- //printf("cmp(%*.*s,%s) = ",
+ //debug("cmp(%*.*s,%s) = ",
// (int)token->size, (int)token->size, token->value,
// dir);
val = memcmp(token->value, dir, clen);
if (val != 0) {
- //printf("%d [cmp]\n", val);
+ //debug("%d [cmp]\n", val);
return val;
}
if (dlen == token->size) {
- //printf("0\n");
+ //debug("0\n");
return 0;
}
- //printf("%d\n", (int)dlen - (int)token->size);
+ //debug("%d\n", (int)dlen - (int)token->size);
return dlen - token->size; /* shorter -> negative */
}
@@ -515,13 +518,13 @@ static void tokenise(char *buffer, char *end)
}
nr_tokens = tix;
- printf("Extracted %u tokens\n", nr_tokens);
+ debug("Extracted %u tokens\n", nr_tokens);
#if 0
{
int n;
for (n = 0; n < nr_tokens; n++)
- printf("Token %3u: '%*.*s'\n",
+ debug("Token %3u: '%*.*s'\n",
n,
(int)token_list[n].size, (int)token_list[n].size,
token_list[n].value);
@@ -542,6 +545,7 @@ int main(int argc, char **argv)
ssize_t readlen;
FILE *out, *hdr;
char *buffer, *p;
+ char *kbuild_verbose;
int fd;
if (argc != 4) {
@@ -550,6 +554,10 @@ int main(int argc, char **argv)
exit(2);
}
+ kbuild_verbose = getenv("KBUILD_VERBOSE");
+ if (kbuild_verbose)
+ verbose = atoi(kbuild_verbose);
+
filename = argv[1];
outputname = argv[2];
headername = argv[3];
@@ -748,11 +756,11 @@ static void build_type_list(void)
qsort(type_index, nr, sizeof(type_index[0]), type_index_compare);
- printf("Extracted %u types\n", nr_types);
+ debug("Extracted %u types\n", nr_types);
#if 0
for (n = 0; n < nr_types; n++) {
struct type *type = type_index[n];
- printf("- %*.*s\n",
+ debug("- %*.*s\n",
(int)type->name->size,
(int)type->name->size,
type->name->value);
@@ -793,7 +801,7 @@ static void parse(void)
} while (type++, !(type->flags & TYPE_STOP_MARKER));
- printf("Extracted %u actions\n", nr_actions);
+ debug("Extracted %u actions\n", nr_actions);
}
static struct element *element_list;
@@ -1284,7 +1292,7 @@ static void render(FILE *out, FILE *hdr)
}
/* We do two passes - the first one calculates all the offsets */
- printf("Pass 1\n");
+ debug("Pass 1\n");
nr_entries = 0;
root = &type_list[0];
render_element(NULL, root->element, NULL);
@@ -1295,7 +1303,7 @@ static void render(FILE *out, FILE *hdr)
e->flags &= ~ELEMENT_RENDERED;
/* And then we actually render */
- printf("Pass 2\n");
+ debug("Pass 2\n");
fprintf(out, "\n");
fprintf(out, "static const unsigned char %s_machine[] = {\n",
grammar_name);
diff --git a/security/keys/Kconfig b/security/keys/Kconfig
index a4f3f8c48d6e..72483b8f1be5 100644
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@@ -80,21 +80,3 @@ config ENCRYPTED_KEYS
Userspace only ever sees/stores encrypted blobs.
If you are unsure as to whether this is required, answer N.
-
-config KEYS_DEBUG_PROC_KEYS
- bool "Enable the /proc/keys file by which keys may be viewed"
- depends on KEYS
- help
- This option turns on support for the /proc/keys file - through which
- can be listed all the keys on the system that are viewable by the
- reading process.
-
- The only keys included in the list are those that grant View
- permission to the reading process whether or not it possesses them.
- Note that LSM security checks are still performed, and may further
- filter out keys that the current process is not authorised to view.
-
- Only key attributes are listed here; key payloads are not included in
- the resulting table.
-
- If you are unsure as to whether this is required, answer N.
diff --git a/security/keys/proc.c b/security/keys/proc.c
index 972eeb336b81..f0611a6368cd 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -18,7 +18,6 @@
#include <asm/errno.h>
#include "internal.h"
-#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
static int proc_keys_open(struct inode *inode, struct file *file);
static void *proc_keys_start(struct seq_file *p, loff_t *_pos);
static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos);
@@ -38,7 +37,6 @@ static const struct file_operations proc_keys_fops = {
.llseek = seq_lseek,
.release = seq_release,
};
-#endif
static int proc_key_users_open(struct inode *inode, struct file *file);
static void *proc_key_users_start(struct seq_file *p, loff_t *_pos);
@@ -67,11 +65,9 @@ static int __init key_proc_init(void)
{
struct proc_dir_entry *p;
-#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
p = proc_create("keys", 0, NULL, &proc_keys_fops);
if (!p)
panic("Cannot create /proc/keys\n");
-#endif
p = proc_create("key-users", 0, NULL, &proc_key_users_fops);
if (!p)
@@ -86,8 +82,6 @@ __initcall(key_proc_init);
* Implement "/proc/keys" to provide a list of the keys on the system that
* grant View permission to the caller.
*/
-#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
-
static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n)
{
struct user_namespace *user_ns = seq_user_ns(p);
@@ -275,8 +269,6 @@ static int proc_keys_show(struct seq_file *m, void *v)
return 0;
}
-#endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */
-
static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n)
{
while (n) {