| Message ID | 20230207025958.974056-3-eric.snowberg@oracle.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Add CA enforcement keyring restrictions | expand |
On Mon, 2023-02-06 at 21:59 -0500, Eric Snowberg wrote: > Compiling with 'W=1' results in warnings that 'Function parameter or member > not described' > > Add the missing parameters for > restrict_link_by_builtin_and_secondary_trusted and > restrict_link_to_builtin_trusted. > > Use /* instead of /** for get_builtin_and_secondary_restriction, since > it is a static function. > > Fix wrong function name restrict_link_to_builtin_trusted. > > Fixes: d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically") > Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> > Reviewed-by: Petr Vorel <pvorel@suse.cz> > --- > certs/system_keyring.c | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > > diff --git a/certs/system_keyring.c b/certs/system_keyring.c > index 5042cc54fa5e..e531b88bc570 100644 > --- a/certs/system_keyring.c > +++ b/certs/system_keyring.c > @@ -33,7 +33,11 @@ extern __initconst const unsigned long system_certificate_list_size; > extern __initconst const unsigned long module_cert_size; > > /** > - * restrict_link_to_builtin_trusted - Restrict keyring addition by built in CA > + * restrict_link_by_builtin_trusted - Restrict keyring addition by built in CA While fixing the kernel doc, might as well update "built in" to be consistent. > + * @dest_keyring: Keyring being linked to. > + * @type: The type of key being added. > + * @payload: The payload of the new key. > + * @restriction_key: A ring of keys that can be used to vouch for the new cert. > * > * Restrict the addition of keys into a keyring based on the key-to-be-added > * being vouched for by a key in the built in system keyring. > @@ -50,7 +54,11 @@ int restrict_link_by_builtin_trusted(struct key *dest_keyring, > #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING > /** > * restrict_link_by_builtin_and_secondary_trusted - Restrict keyring > - * addition by both builtin and secondary keyrings > + * addition by both builtin and secondary keyrings. and here > + * @dest_keyring: Keyring being linked to. > + * @type: The type of key being added. > + * @payload: The payload of the new key. > + * @restrict_key: A ring of keys that can be used to vouch for the new cert. > * > * Restrict the addition of keys into a keyring based on the key-to-be-added > * being vouched for by a key in either the built-in or the secondary system and here > @@ -75,7 +83,7 @@ int restrict_link_by_builtin_and_secondary_trusted( > secondary_trusted_keys); > } > > -/** > +/* > * Allocate a struct key_restriction for the "builtin and secondary trust" > * keyring. Only for use in system_trusted_keyring_init(). > */ Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
On Mon, Feb 06, 2023 at 09:59:54PM -0500, Eric Snowberg wrote: > Compiling with 'W=1' results in warnings that 'Function parameter or member > not described' > > Add the missing parameters for > restrict_link_by_builtin_and_secondary_trusted and > restrict_link_to_builtin_trusted. > > Use /* instead of /** for get_builtin_and_secondary_restriction, since > it is a static function. > > Fix wrong function name restrict_link_to_builtin_trusted. > > Fixes: d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically") > Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> > Reviewed-by: Petr Vorel <pvorel@suse.cz> > --- > certs/system_keyring.c | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > > diff --git a/certs/system_keyring.c b/certs/system_keyring.c > index 5042cc54fa5e..e531b88bc570 100644 > --- a/certs/system_keyring.c > +++ b/certs/system_keyring.c > @@ -33,7 +33,11 @@ extern __initconst const unsigned long system_certificate_list_size; > extern __initconst const unsigned long module_cert_size; > > /** > - * restrict_link_to_builtin_trusted - Restrict keyring addition by built in CA > + * restrict_link_by_builtin_trusted - Restrict keyring addition by built in CA > + * @dest_keyring: Keyring being linked to. > + * @type: The type of key being added. > + * @payload: The payload of the new key. > + * @restriction_key: A ring of keys that can be used to vouch for the new cert. > * > * Restrict the addition of keys into a keyring based on the key-to-be-added > * being vouched for by a key in the built in system keyring. > @@ -50,7 +54,11 @@ int restrict_link_by_builtin_trusted(struct key *dest_keyring, > #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING > /** > * restrict_link_by_builtin_and_secondary_trusted - Restrict keyring > - * addition by both builtin and secondary keyrings > + * addition by both builtin and secondary keyrings. > + * @dest_keyring: Keyring being linked to. > + * @type: The type of key being added. > + * @payload: The payload of the new key. > + * @restrict_key: A ring of keys that can be used to vouch for the new cert. > * > * Restrict the addition of keys into a keyring based on the key-to-be-added > * being vouched for by a key in either the built-in or the secondary system > @@ -75,7 +83,7 @@ int restrict_link_by_builtin_and_secondary_trusted( > secondary_trusted_keys); > } > > -/** > +/* > * Allocate a struct key_restriction for the "builtin and secondary trust" > * keyring. Only for use in system_trusted_keyring_init(). > */ > -- > 2.27.0 > Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> BR, Jarkko
diff --git a/certs/system_keyring.c b/certs/system_keyring.c index 5042cc54fa5e..e531b88bc570 100644 --- a/certs/system_keyring.c +++ b/certs/system_keyring.c @@ -33,7 +33,11 @@ extern __initconst const unsigned long system_certificate_list_size; extern __initconst const unsigned long module_cert_size; /** - * restrict_link_to_builtin_trusted - Restrict keyring addition by built in CA + * restrict_link_by_builtin_trusted - Restrict keyring addition by built in CA + * @dest_keyring: Keyring being linked to. + * @type: The type of key being added. + * @payload: The payload of the new key. + * @restriction_key: A ring of keys that can be used to vouch for the new cert. * * Restrict the addition of keys into a keyring based on the key-to-be-added * being vouched for by a key in the built in system keyring. @@ -50,7 +54,11 @@ int restrict_link_by_builtin_trusted(struct key *dest_keyring, #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING /** * restrict_link_by_builtin_and_secondary_trusted - Restrict keyring - * addition by both builtin and secondary keyrings + * addition by both builtin and secondary keyrings. + * @dest_keyring: Keyring being linked to. + * @type: The type of key being added. + * @payload: The payload of the new key. + * @restrict_key: A ring of keys that can be used to vouch for the new cert. * * Restrict the addition of keys into a keyring based on the key-to-be-added * being vouched for by a key in either the built-in or the secondary system @@ -75,7 +83,7 @@ int restrict_link_by_builtin_and_secondary_trusted( secondary_trusted_keys); } -/** +/* * Allocate a struct key_restriction for the "builtin and secondary trust" * keyring. Only for use in system_trusted_keyring_init(). */
Compiling with 'W=1' results in warnings that 'Function parameter or member not described' Add the missing parameters for restrict_link_by_builtin_and_secondary_trusted and restrict_link_to_builtin_trusted. Use /* instead of /** for get_builtin_and_secondary_restriction, since it is a static function. Fix wrong function name restrict_link_to_builtin_trusted. Fixes: d3bfe84129f6 ("certs: Add a secondary system keyring that can be added to dynamically") Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com> Reviewed-by: Petr Vorel <pvorel@suse.cz> --- certs/system_keyring.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-)