[kbuild-all] Re: [PATCH v6 03/13] KEYS: CA link restriction

Hi Eric, Thank you for the patch! Yet something to improve: [auto build test ERROR on 6880fa6c56601bb8ed59df6c30fd390cc5f6dd8f] url: https://github.com/0day-ci/linux/commits/Eric-Snowberg/Enroll-kernel-keys... base: 6880fa6c56601bb8ed59df6c30fd390cc5f6dd8f config: x86_64-randconfig-c022-20210916 (attached as .config) compiler: gcc-9 (Debian 9.3.0-22) 9.3.0 reproduce (this is a W=1 build): # https://github.com/0day-ci/linux/commit/f65599b2308bdd9f29cfafd3286622f71... git remote add linux-review https://github.com/0day-ci/linux git fetch --no-tags linux-review Eric-Snowberg/Enroll-kernel-keys-thru-MOK/20210915-051742 git checkout f65599b2308bdd9f29cfafd3286622f71aafa0b5 # save the attached .config to linux build tree mkdir build_dir make W=1 O=build_dir ARCH=x86_64 SHELL=/bin/bash If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp(a)intel.com&gt; All errors (new ones prefixed by >>): ld: crypto/asymmetric_keys/restrict.o: in function `restrict_link_by_ca': vim +148 crypto/asymmetric_keys/restrict.c 110 111 /** 112 * restrict_link_by_ca - Restrict additions to a ring of CA keys 113 * @dest_keyring: Keyring being linked to. 114 * @type: The type of key being added. 115 * @payload: The payload of the new key. 116 * @trusted: Unused. 117 * 118 * Check if the new certificate is a CA. If it is a CA, then mark the new 119 * certificate as being ok to link. 120 * 121 * Returns 0 if the new certificate was accepted, -ENOKEY if we could not find 122 * a matching parent certificate in the trusted list. -ENOPKG if the signature 123 * uses unsupported crypto, or some other error if there is a matching 124 * certificate but the signature check cannot be performed. 125 */ 126 int restrict_link_by_ca(struct key *dest_keyring, 127 const struct key_type *type, 128 const union key_payload *payload, 129 struct key *trust_keyring) 130 { 131 const struct public_key_signature *sig; 132 const struct public_key *pkey; 133 134 if (type != &key_type_asymmetric) 135 return -EOPNOTSUPP; 136 137 sig = payload->data[asym_auth]; 138 if (!sig) 139 return -ENOPKG; 140 141 if (!sig->auth_ids[0] && !sig->auth_ids[1]) 142 return -ENOKEY; 143 144 pkey = payload->data[asym_crypto]; 145 if (!pkey) 146 return -ENOPKG; 147 149 } 150 --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org