From 93d224c64cd9d8334b61fdd3b906c6614e0f2427 Mon Sep 17 00:00:00 2001 From: Shuicheng Lin Date: Thu, 27 Dec 2018 22:52:17 +0800 Subject: [PATCH] fix integrity driver build issue with CentOS 7.6 3.10.0-957.1.3 kernel Porting upstream patch to fix the build failure with the new kernel Depends-On: https://review.openstack.org/625785 Depends-On: https://review.openstack.org/625786 Story: 2004521 Task: 28584 Change-Id: I261d2d9534d90064d250ffabc11221caadcc2a04 Signed-off-by: Shuicheng Lin --- .../integrity/centos/build_srpm.data | 2 +- .../integrity/centos/integrity-kmod.spec | 1 + .../Changes-for-CentOS-7.6-support.patch | 120 ++++++++++++++++++ 3 files changed, 122 insertions(+), 1 deletion(-) create mode 100644 kernel/kernel-modules/integrity/centos/patches/Changes-for-CentOS-7.6-support.patch diff --git a/kernel/kernel-modules/integrity/centos/build_srpm.data b/kernel/kernel-modules/integrity/centos/build_srpm.data index d07dc140a..76557562e 100644 --- a/kernel/kernel-modules/integrity/centos/build_srpm.data +++ b/kernel/kernel-modules/integrity/centos/build_srpm.data @@ -2,4 +2,4 @@ COPY_LIST=" \ $FILES_BASE/* \ $PATCHES_BASE/* \ $STX_BASE/downloads/integrity-kmod-e6aef069.tar.gz" -TIS_PATCH_VER=5 +TIS_PATCH_VER=6 diff --git a/kernel/kernel-modules/integrity/centos/integrity-kmod.spec b/kernel/kernel-modules/integrity/centos/integrity-kmod.spec index c0e6ee45f..1c70a882e 100644 --- a/kernel/kernel-modules/integrity/centos/integrity-kmod.spec +++ b/kernel/kernel-modules/integrity/centos/integrity-kmod.spec @@ -36,6 +36,7 @@ Patch02: 0002-integrity-expose-module-params.patch Patch03: 0003-integrity-restrict-by-iversion.patch Patch04: 0004-integrity-disable-set-xattr-on-imasig.patch Patch05: Changes-for-CentOS-7.4-support.patch +Patch06: Changes-for-CentOS-7.6-support.patch %define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//') diff --git a/kernel/kernel-modules/integrity/centos/patches/Changes-for-CentOS-7.6-support.patch b/kernel/kernel-modules/integrity/centos/patches/Changes-for-CentOS-7.6-support.patch new file mode 100644 index 000000000..869ca3396 --- /dev/null +++ b/kernel/kernel-modules/integrity/centos/patches/Changes-for-CentOS-7.6-support.patch @@ -0,0 +1,120 @@ +From 5b60e1a889246a5a0d131e74ceaf240fc0637c9f Mon Sep 17 00:00:00 2001 +From: Shuicheng Lin +Date: Sat, 29 Dec 2018 02:51:39 +0800 +Subject: [PATCH] pick upstream patch to fix build failure with CentOS 7.6 + 3.10.0-957.1.3 kernel + +Pick upstream patch from "git://git.infradead.org/users/jjs/linux-tpmdd.git" + +" +From aad887f6641145fec2a801da2ce4ed36cf99c6a5 Mon Sep 17 00:00:00 2001 +From: Jarkko Sakkinen +Date: Sun, 5 Nov 2017 13:16:26 +0200 +Subject: [PATCH] tpm: use struct tpm_chip for tpm_chip_find_get() + +Device number (the character device index) is not a stable identifier +for a TPM chip. That is the reason why every call site passes +TPM_ANY_NUM to tpm_chip_find_get(). + +This commit changes the API in a way that instead a struct tpm_chip +instance is given and NULL means the default chip. In addition, this +commit refines the documentation to be up to date with the +implementation. + +Suggested-by: Jason Gunthorpe (@chip_num -> @chip part) +Signed-off-by: Jarkko Sakkinen +Reviewed-by: Jason Gunthorpe +Tested-by: PrasannaKumar Muralidharan +" + +Signed-off-by: Shuicheng Lin +--- + ima/ima_crypto.c | 2 +- + ima/ima_init.c | 2 +- + ima/ima_queue.c | 2 +- + integrity/ima/ima_crypto.c | 2 +- + integrity/ima/ima_init.c | 2 +- + integrity/ima/ima_queue.c | 2 +- + 6 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/ima/ima_crypto.c b/ima/ima_crypto.c +index 802d5d2..3371d13 100644 +--- a/ima/ima_crypto.c ++++ b/ima/ima_crypto.c +@@ -644,7 +644,7 @@ static void __init ima_pcrread(int idx, u8 *pcr) + if (!ima_used_chip) + return; + +- if (tpm_pcr_read(TPM_ANY_NUM, idx, pcr) != 0) ++ if (tpm_pcr_read(NULL, idx, pcr) != 0) + pr_err("Error Communicating to TPM chip\n"); + } + +diff --git a/ima/ima_init.c b/ima/ima_init.c +index a7362e8..577c7b7 100644 +--- a/ima/ima_init.c ++++ b/ima/ima_init.c +@@ -115,7 +115,7 @@ int __init ima_init(void) + + if (ima_used_chip != 0) { + ima_used_chip = 0; +- rc = tpm_pcr_read(TPM_ANY_NUM, 0, pcr_i); ++ rc = tpm_pcr_read(NULL, 0, pcr_i); + if (rc == 0) + ima_used_chip = 1; + } +diff --git a/ima/ima_queue.c b/ima/ima_queue.c +index d9aa5ab..9946363 100644 +--- a/ima/ima_queue.c ++++ b/ima/ima_queue.c +@@ -145,7 +145,7 @@ static int ima_pcr_extend(const u8 *hash, int pcr) + if (!ima_used_chip) + return result; + +- result = tpm_pcr_extend(TPM_ANY_NUM, pcr, hash); ++ result = tpm_pcr_extend(NULL, pcr, hash); + if (result != 0) + pr_err("Error Communicating to TPM chip, result: %d\n", result); + return result; +diff --git a/integrity/ima/ima_crypto.c b/integrity/ima/ima_crypto.c +index 802d5d2..3371d13 100644 +--- a/integrity/ima/ima_crypto.c ++++ b/integrity/ima/ima_crypto.c +@@ -644,7 +644,7 @@ static void __init ima_pcrread(int idx, u8 *pcr) + if (!ima_used_chip) + return; + +- if (tpm_pcr_read(TPM_ANY_NUM, idx, pcr) != 0) ++ if (tpm_pcr_read(NULL, idx, pcr) != 0) + pr_err("Error Communicating to TPM chip\n"); + } + +diff --git a/integrity/ima/ima_init.c b/integrity/ima/ima_init.c +index 2967d49..29b72cd 100644 +--- a/integrity/ima/ima_init.c ++++ b/integrity/ima/ima_init.c +@@ -110,7 +110,7 @@ int __init ima_init(void) + int rc; + + ima_used_chip = 0; +- rc = tpm_pcr_read(TPM_ANY_NUM, 0, pcr_i); ++ rc = tpm_pcr_read(NULL, 0, pcr_i); + if (rc == 0) + ima_used_chip = 1; + +diff --git a/integrity/ima/ima_queue.c b/integrity/ima/ima_queue.c +index d9aa5ab..9946363 100644 +--- a/integrity/ima/ima_queue.c ++++ b/integrity/ima/ima_queue.c +@@ -145,7 +145,7 @@ static int ima_pcr_extend(const u8 *hash, int pcr) + if (!ima_used_chip) + return result; + +- result = tpm_pcr_extend(TPM_ANY_NUM, pcr, hash); ++ result = tpm_pcr_extend(NULL, pcr, hash); + if (result != 0) + pr_err("Error Communicating to TPM chip, result: %d\n", result); + return result; +-- +2.7.4 +