Merge tag 'keys-next-20150123' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next

2015-01-29 11:03:24 +11:00 · 2015-01-29 11:03:24 +11:00 · bfc8419670
parent 90200f1916 e994393acd
commit bfc8419670
5 changed files with 20 additions and 40 deletions
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@ -323,8 +323,6 @@ about the status of the key service:
 	U	Under construction by callback to userspace
 	N	Negative key
     This file must be enabled at kernel configuration time as it allows anyone
     to list the keys database.
 (*) /proc/key-users
--- a/kernel/Makefile
+++ b/kernel/Makefile
@ -142,7 +142,7 @@ endif
 kernel/system_certificates.o: $(obj)/x509_certificate_list
 quiet_cmd_x509certs  = CERTS   $@
-      cmd_x509certs  = cat $(X509_CERTIFICATES) /dev/null >$@ $(foreach X509,$(X509_CERTIFICATES),; echo "  - Including cert $(X509)")
+      cmd_x509certs  = cat $(X509_CERTIFICATES) /dev/null >$@ $(foreach X509,$(X509_CERTIFICATES),; $(kecho) "  - Including cert $(X509)")
 targets += $(obj)/x509_certificate_list
 $(obj)/x509_certificate_list: $(X509_CERTIFICATES) $(obj)/.x509.list
--- a/scripts/asn1_compiler.c
+++ b/scripts/asn1_compiler.c
@ -311,6 +311,9 @@ struct token {
 static struct token *token_list;
 static unsigned nr_tokens;
 static _Bool verbose;
 #define debug(fmt, ...) do { if (verbose) printf(fmt, ## __VA_ARGS__); } while (0)
 static int directive_compare(const void *_key, const void *_pdir)
 {
@ -322,21 +325,21 @@ static int directive_compare(const void *_key, const void *_pdir)
 	dlen = strlen(dir);
 	clen = (dlen < token->size) ? dlen : token->size;
-	//printf("cmp(%*.*s,%s) = ",
+	//debug("cmp(%*.*s,%s) = ",
 	//       (int)token->size, (int)token->size, token->value,
 	//       dir);
 	val = memcmp(token->value, dir, clen);
 	if (val != 0) {
-		//printf("%d [cmp]\n", val);
+		//debug("%d [cmp]\n", val);
 		return val;
 	}
 	if (dlen == token->size) {
-		//printf("0\n");
+		//debug("0\n");
 		return 0;
 	}
-	//printf("%d\n", (int)dlen - (int)token->size);
+	//debug("%d\n", (int)dlen - (int)token->size);
 	return dlen - token->size; /* shorter -> negative */
 }
@ -515,13 +518,13 @@ static void tokenise(char *buffer, char *end)
 	}
 	nr_tokens = tix;
-	printf("Extracted %u tokens\n", nr_tokens);
+	debug("Extracted %u tokens\n", nr_tokens);
 #if 0
 	{
 		int n;
 		for (n = 0; n < nr_tokens; n++)
-			printf("Token %3u: '%*.*s'\n",
+			debug("Token %3u: '%*.*s'\n",
 			       n,
 			       (int)token_list[n].size, (int)token_list[n].size,
 			       token_list[n].value);
@ -542,6 +545,7 @@ int main(int argc, char **argv)
 	ssize_t readlen;
 	FILE *out, *hdr;
 	char *buffer, *p;
 	char *kbuild_verbose;
 	int fd;
 	if (argc != 4) {
@ -550,6 +554,10 @@ int main(int argc, char **argv)
 		exit(2);
 	}
 	kbuild_verbose = getenv("KBUILD_VERBOSE");
 	if (kbuild_verbose)
 		verbose = atoi(kbuild_verbose);
 	filename = argv[1];
 	outputname = argv[2];
 	headername = argv[3];
@ -748,11 +756,11 @@ static void build_type_list(void)
 	qsort(type_index, nr, sizeof(type_index[0]), type_index_compare);
-	printf("Extracted %u types\n", nr_types);
+	debug("Extracted %u types\n", nr_types);
 #if 0
 	for (n = 0; n < nr_types; n++) {
 		struct type *type = type_index[n];
-		printf("- %*.*s\n",
+		debug("- %*.*s\n",
 		       (int)type->name->size,
 		       (int)type->name->size,
 		       type->name->value);
@ -793,7 +801,7 @@ static void parse(void)
 	} while (type++, !(type->flags & TYPE_STOP_MARKER));
-	printf("Extracted %u actions\n", nr_actions);
+	debug("Extracted %u actions\n", nr_actions);
 }
 static struct element *element_list;
@ -1284,7 +1292,7 @@ static void render(FILE *out, FILE *hdr)
 	}
 	/* We do two passes - the first one calculates all the offsets */
-	printf("Pass 1\n");
+	debug("Pass 1\n");
 	nr_entries = 0;
 	root = &type_list[0];
 	render_element(NULL, root->element, NULL);
@ -1295,7 +1303,7 @@ static void render(FILE *out, FILE *hdr)
 		e->flags &= ~ELEMENT_RENDERED;
 	/* And then we actually render */
-	printf("Pass 2\n");
+	debug("Pass 2\n");
 	fprintf(out, "\n");
 	fprintf(out, "static const unsigned char %s_machine[] = {\n",
 		grammar_name);
--- a/security/keys/Kconfig
+++ b/security/keys/Kconfig
@ -80,21 +80,3 @@ config ENCRYPTED_KEYS
 	  Userspace only ever sees/stores encrypted blobs.
 	  If you are unsure as to whether this is required, answer N.
 config KEYS_DEBUG_PROC_KEYS
 	bool "Enable the /proc/keys file by which keys may be viewed"
 	depends on KEYS
 	help
 	  This option turns on support for the /proc/keys file - through which
 	  can be listed all the keys on the system that are viewable by the
 	  reading process.
 	  The only keys included in the list are those that grant View
 	  permission to the reading process whether or not it possesses them.
 	  Note that LSM security checks are still performed, and may further
 	  filter out keys that the current process is not authorised to view.
 	  Only key attributes are listed here; key payloads are not included in
 	  the resulting table.
 	  If you are unsure as to whether this is required, answer N.
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@ -18,7 +18,6 @@
 #include <asm/errno.h>
 #include "internal.h"
 #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
 static int proc_keys_open(struct inode *inode, struct file *file);
 static void *proc_keys_start(struct seq_file *p, loff_t *_pos);
 static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos);
@ -38,7 +37,6 @@ static const struct file_operations proc_keys_fops = {
 	.llseek		= seq_lseek,
 	.release	= seq_release,
 };
 #endif
 static int proc_key_users_open(struct inode *inode, struct file *file);
 static void *proc_key_users_start(struct seq_file *p, loff_t *_pos);
@ -67,11 +65,9 @@ static int __init key_proc_init(void)
 {
 	struct proc_dir_entry *p;
 #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
 	p = proc_create("keys", 0, NULL, &proc_keys_fops);
 	if (!p)
 		panic("Cannot create /proc/keys\n");
 #endif
 	p = proc_create("key-users", 0, NULL, &proc_key_users_fops);
 	if (!p)
@ -86,8 +82,6 @@ __initcall(key_proc_init);
 * Implement "/proc/keys" to provide a list of the keys on the system that
 * grant View permission to the caller.
 */
 #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
 static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n)
 {
 	struct user_namespace *user_ns = seq_user_ns(p);
@ -275,8 +269,6 @@ static int proc_keys_show(struct seq_file *m, void *v)
 	return 0;
 }
 #endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */
 static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n)
 {
 	while (n) {