starlingx/integ
Code Issues Proposed changes

fix integrity driver build issue with CentOS 7.6 3.10.0-957.1.3 kernel

Browse Source 
Porting upstream patch to fix the build failure with the new kernel

Depends-On: https://review.openstack.org/625785
Depends-On: https://review.openstack.org/625786

Story: 2004521
Task: 28584

Change-Id: I261d2d9534d90064d250ffabc11221caadcc2a04
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
This commit is contained in:
Shuicheng Lin 2018-12-27 22:52:17 +08:00
parent a186c686c0
commit 93d224c64c
3 changed files with 122 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
kernel/kernel-modules/integrity/centos/build_srpm.data
View File

@ -2,4 +2,4 @@ COPY_LIST=" \
$FILES_BASE/* \ $FILES_BASE/* \
$PATCHES_BASE/* \ $PATCHES_BASE/* \
$STX_BASE/downloads/integrity-kmod-e6aef069.tar.gz" $STX_BASE/downloads/integrity-kmod-e6aef069.tar.gz"
TIS_PATCH_VER=5 TIS_PATCH_VER=6

1
kernel/kernel-modules/integrity/centos/integrity-kmod.spec
View File

@ -36,6 +36,7 @@ Patch02: 0002-integrity-expose-module-params.patch
Patch03: 0003-integrity-restrict-by-iversion.patch Patch03: 0003-integrity-restrict-by-iversion.patch
Patch04: 0004-integrity-disable-set-xattr-on-imasig.patch Patch04: 0004-integrity-disable-set-xattr-on-imasig.patch
Patch05: Changes-for-CentOS-7.4-support.patch Patch05: Changes-for-CentOS-7.4-support.patch
Patch06: Changes-for-CentOS-7.6-support.patch
%define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//') %define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//')

120
kernel/kernel-modules/integrity/centos/patches/Changes-for-CentOS-7.6-support.patch Normal file
View File

@ -0,0 +1,120 @@
From 5b60e1a889246a5a0d131e74ceaf240fc0637c9f Mon Sep 17 00:00:00 2001
From: Shuicheng Lin <shuicheng.lin@intel.com>
Date: Sat, 29 Dec 2018 02:51:39 +0800
Subject: [PATCH] pick upstream patch to fix build failure with CentOS 7.6
3.10.0-957.1.3 kernel
Pick upstream patch from "git://git.infradead.org/users/jjs/linux-tpmdd.git"
"
From aad887f6641145fec2a801da2ce4ed36cf99c6a5 Mon Sep 17 00:00:00 2001
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Date: Sun, 5 Nov 2017 13:16:26 +0200
Subject: [PATCH] tpm: use struct tpm_chip for tpm_chip_find_get()
Device number (the character device index) is not a stable identifier
for a TPM chip. That is the reason why every call site passes
TPM_ANY_NUM to tpm_chip_find_get().
This commit changes the API in a way that instead a struct tpm_chip
instance is given and NULL means the default chip. In addition, this
commit refines the documentation to be up to date with the
implementation.
Suggested-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> (@chip_num -> @chip part)
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jason Gunthorpe <jgg@ziepe.ca>
Tested-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
"
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
---
ima/ima_crypto.c | 2 +-
ima/ima_init.c | 2 +-
ima/ima_queue.c | 2 +-
integrity/ima/ima_crypto.c | 2 +-
integrity/ima/ima_init.c | 2 +-
integrity/ima/ima_queue.c | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/ima/ima_crypto.c b/ima/ima_crypto.c
index 802d5d2..3371d13 100644
--- a/ima/ima_crypto.c
+++ b/ima/ima_crypto.c
@@ -644,7 +644,7 @@ static void __init ima_pcrread(int idx, u8 *pcr)
if (!ima_used_chip)
return;
- if (tpm_pcr_read(TPM_ANY_NUM, idx, pcr) != 0)
+ if (tpm_pcr_read(NULL, idx, pcr) != 0)
pr_err("Error Communicating to TPM chip\n");
}
diff --git a/ima/ima_init.c b/ima/ima_init.c
index a7362e8..577c7b7 100644
--- a/ima/ima_init.c
+++ b/ima/ima_init.c
@@ -115,7 +115,7 @@ int __init ima_init(void)
if (ima_used_chip != 0) {
ima_used_chip = 0;
- rc = tpm_pcr_read(TPM_ANY_NUM, 0, pcr_i);
+ rc = tpm_pcr_read(NULL, 0, pcr_i);
if (rc == 0)
ima_used_chip = 1;
}
diff --git a/ima/ima_queue.c b/ima/ima_queue.c
index d9aa5ab..9946363 100644
--- a/ima/ima_queue.c
+++ b/ima/ima_queue.c
@@ -145,7 +145,7 @@ static int ima_pcr_extend(const u8 *hash, int pcr)
if (!ima_used_chip)
return result;
- result = tpm_pcr_extend(TPM_ANY_NUM, pcr, hash);
+ result = tpm_pcr_extend(NULL, pcr, hash);
if (result != 0)
pr_err("Error Communicating to TPM chip, result: %d\n", result);
return result;
diff --git a/integrity/ima/ima_crypto.c b/integrity/ima/ima_crypto.c
index 802d5d2..3371d13 100644
--- a/integrity/ima/ima_crypto.c
+++ b/integrity/ima/ima_crypto.c
@@ -644,7 +644,7 @@ static void __init ima_pcrread(int idx, u8 *pcr)
if (!ima_used_chip)
return;
- if (tpm_pcr_read(TPM_ANY_NUM, idx, pcr) != 0)
+ if (tpm_pcr_read(NULL, idx, pcr) != 0)
pr_err("Error Communicating to TPM chip\n");
}
diff --git a/integrity/ima/ima_init.c b/integrity/ima/ima_init.c
index 2967d49..29b72cd 100644
--- a/integrity/ima/ima_init.c
+++ b/integrity/ima/ima_init.c
@@ -110,7 +110,7 @@ int __init ima_init(void)
int rc;
ima_used_chip = 0;
- rc = tpm_pcr_read(TPM_ANY_NUM, 0, pcr_i);
+ rc = tpm_pcr_read(NULL, 0, pcr_i);
if (rc == 0)
ima_used_chip = 1;
diff --git a/integrity/ima/ima_queue.c b/integrity/ima/ima_queue.c
index d9aa5ab..9946363 100644
--- a/integrity/ima/ima_queue.c
+++ b/integrity/ima/ima_queue.c
@@ -145,7 +145,7 @@ static int ima_pcr_extend(const u8 *hash, int pcr)
if (!ima_used_chip)
return result;
- result = tpm_pcr_extend(TPM_ANY_NUM, pcr, hash);
+ result = tpm_pcr_extend(NULL, pcr, hash);
if (result != 0)
pr_err("Error Communicating to TPM chip, result: %d\n", result);
return result;
--
2.7.4