Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp2686110rdh; Wed, 27 Sep 2023 09:36:32 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHvExz+KJAgRc5ghrCwITj4jOj+ugzZdLW2+RCU8zkGR8wWcJCjwI+S8cZCyzoptUpdBX40 X-Received: by 2002:a81:48d5:0:b0:59b:d872:5ca8 with SMTP id v204-20020a8148d5000000b0059bd8725ca8mr2976770ywa.22.1695832592370; Wed, 27 Sep 2023 09:36:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695832592; cv=none; d=google.com; s=arc-20160816; b=vFBFZdT9SzfDumvcks6yfXLF7ZHykO1WKH0nLcQcbhO/U83dSUAQxHjsBgNyVXlX6H 4odJjtIWexKKZTPYHaz7efV/M7+p3ta+o81L4y0wczS7tpwkcKzyrj0GwYV9iQyeOud1 ZJt1XEFUauWFWqFxIEEGrMNXLfP9pCdHxI4npeTvCDATbF7NsUyTxZeajvswy+89ahCm 84E94Rk0pJ5M6EVtRWqFEmYKkEJn7adLzmrQnVnUT/CZ8muS0h95KbJGcLwxZk6OBJsn ukY/VJCo3LeXvzRmIpSosZLr2VugaT856v0HlhnLuT/vQVghfrUt3AX6P4cluKVN6Zu9 cDag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:subject:cc:to:from:date:references:in-reply-to :message-id:mime-version:user-agent:feedback-id:dkim-signature :dkim-signature; bh=2gR1k5tdvr6okGB4cxabccqENyYy1BsDzaxYM7gOAjg=; fh=T3NkJqqVQ8osnOfUTLQeaGUI+6GIwC7pc6aIH+q7zvY=; b=t4FZv++9/YDF2+6UIh1ReHZJztZSjb40ZOmaIXLmu332F8hpXPvEFtng0yrIaxbDm+ 4pbjPAHT2SJzTvLUZMRWfUHzauJ4X5O6wSQ1kV86N/J/7dsUTShcXVsd0u0XxCZUycBS L4k/Ti7LJoGDzQCNrOPepjiyP/9M7X1fIDAtQRl8ZDwqGgZDj9kt1+ApCTZDT3hveAsX c2u0pTwP2NCOWPugQTmngMba4oDL6TQ4vxSasSy54AZ2vcccVS2f4rRGrgJU5ocsMGTg XKbaZg31sL2tE+1/t88r45Yj8Oq/LasnV29H48I/ez+9G52TkIaqzdkpczC5bs0EMfO5 LILA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arndb.de header.s=fm1 header.b=N8L3qu7I; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=nxUAAk+S; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id k63-20020a638442000000b00578e7a37c46si16472394pgd.50.2023.09.27.09.36.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Sep 2023 09:36:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@arndb.de header.s=fm1 header.b=N8L3qu7I; dkim=pass header.i=@messagingengine.com header.s=fm2 header.b=nxUAAk+S; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id BED2B8049B7D; Wed, 27 Sep 2023 04:13:35 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231318AbjI0LNT (ORCPT + 99 others); Wed, 27 Sep 2023 07:13:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39072 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231344AbjI0LNQ (ORCPT ); Wed, 27 Sep 2023 07:13:16 -0400 Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E7101191; Wed, 27 Sep 2023 04:13:14 -0700 (PDT) Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id 3707D3200901; Wed, 27 Sep 2023 07:13:13 -0400 (EDT) Received: from imap51 ([10.202.2.101]) by compute6.internal (MEProxy); Wed, 27 Sep 2023 07:13:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arndb.de; h=cc :cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1695813192; x=1695899592; bh=2g R1k5tdvr6okGB4cxabccqENyYy1BsDzaxYM7gOAjg=; b=N8L3qu7IGuS3tYz7Sd zUVcuPBUDQBsUSKNW6M2EI+2+ZYZ4rY+eoWrM4EuXIOkdGs6e4S2zZh5hrTz90EH +CqoPQx6adFOb5hDQW2wiCPxPsyX1RMgWi3lpfnGZkXjx6echYH91u1jnSilnQ49 AjrpBjcbvh3/GJajom8fda99rDQR5MiAJWldlDXO6T2K3P0So54swYyyCSnuvKGQ omaj4B2R8i35SDtUpQHj2cL+GOxABW0INslLNnKBOdcy1254etf1pEZMbvKwP04N j63FwMVgYoO6Xsy6OMmpvG0UEF0JIiFc1cSKAh6KR2ZzBEpupB/eVIKqn9Q/9aUs wU/g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; t=1695813192; x=1695899592; bh=2gR1k5tdvr6ok GB4cxabccqENyYy1BsDzaxYM7gOAjg=; b=nxUAAk+ScjcqqqPXv9SO/lY9pux8I 9Tl++nzZx+sE2/NjL/dY42nd6fgqeWLC8DHODHPerNX94N1sQ5OJhHGmy9+SDuE2 VWN9ZBMaP15qMKPqhhBwUMRbLjwaMWHgornKlFzu83NbP2Tc3QEowDEP9cqt/9bI 0G3ca9avn/ra/ML5D10E3etkw4Nc8kkvVdG8oLg8tF5LTag3D1S94R2wixC7ux0l ik7KYfUewkR98bYPR/DxK1DjwvaCvz2TC9NIyJTxQ6b1/JLdjfmiAAl7vVdrGMaL IS+kpP8wht1+rDhpP+yoVnOSq1RTsl8wa53UovEUotP9BIlLD6jD+sItg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvjedrtdefgddutdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvvefutgesthdtredtreertdenucfhrhhomhepfdetrhhn ugcuuegvrhhgmhgrnhhnfdcuoegrrhhnugesrghrnhgusgdruggvqeenucggtffrrghtth gvrhhnpeffheeugeetiefhgeethfejgfdtuefggeejleehjeeutefhfeeggefhkedtkeet ffenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrrh hnugesrghrnhgusgdruggv X-ME-Proxy: Feedback-ID: i56a14606:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 1938FB6008D; Wed, 27 Sep 2023 07:13:10 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-957-ga1ccdb4cff-fm-20230919.001-ga1ccdb4c MIME-Version: 1.0 Message-Id: <9065720e-5a5c-428a-a28d-a3337ac31f85@app.fastmail.com> In-Reply-To: <31585f93157c5c4487b53e3bcb6aac9e92e62f92.camel@linux.ibm.com> References: <20230927072223.2555698-1-arnd@kernel.org> <31585f93157c5c4487b53e3bcb6aac9e92e62f92.camel@linux.ibm.com> Date: Wed, 27 Sep 2023 13:12:49 +0200 From: "Arnd Bergmann" To: "Mimi Zohar" , "Arnd Bergmann" , "Dmitry Kasatkin" Cc: "Paul Moore" , "James Morris" , "Serge E. Hallyn" , "Jarkko Sakkinen" , "Nayna Jain" , "Eric Snowberg" , "Tianjia Zhang" , "Randy Dunlap" , "Oleksandr Tymoshenko" , linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] ima: rework CONFIG_IMA dependency block Content-Type: text/plain X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Wed, 27 Sep 2023 04:13:36 -0700 (PDT) On Wed, Sep 27, 2023, at 12:52, Mimi Zohar wrote: > On Wed, 2023-09-27 at 09:22 +0200, Arnd Bergmann wrote: >> From: Arnd Bergmann >> >> Changing the direct dependencies of IMA_BLACKLIST_KEYRING and >> IMA_LOAD_X509 caused them to no longer depend on IMA, but a >> a configuration without IMA results in link failures: >> >> arm-linux-gnueabi-ld: security/integrity/iint.o: in function `integrity_load_keys': >> iint.c:(.init.text+0xd8): undefined reference to `ima_load_x509' >> >> aarch64-linux-ld: security/integrity/digsig_asymmetric.o: in function `asymmetric_verify': >> digsig_asymmetric.c:(.text+0x104): undefined reference to `ima_blacklist_keyring' >> >> Adding explicit dependencies on IMA would fix this, but a more reliable >> way to do this is to enclose the entire Kconfig file in an 'if IMA' block. >> This also allows removing the existing direct dependencies. >> >> Fixes: be210c6d3597f ("ima: Finish deprecation of IMA_TRUSTED_KEYRING Kconfig") >> Signed-off-by: Arnd Bergmann > > Oleksandr Tymoshenko's patch to address this, made it into linux-next > today. > > Commit be210c6d3597 ("ima: Finish deprecation of IMA_TRUSTED_KEYRING > Kconfig") made it last night into linux-next. No, that is the patch that caused the regression for me, since it is missing the IMA dependencies. Arnd