On Mon, Sep 28, 2020 at 5:36 PM David Laight wrote:
>
> From: Dmitry Kasatkin
> > Sent: 28 September 2020 15:03
> >
> > "copy_mount_options" function came to my eyes.
> > It splits copy into 2 pieces - over page boundaries.
> > I wonder what is the re
Hi,
"copy_mount_options" function came to my eyes.
It splits copy into 2 pieces - over page boundaries.
I wonder what is the real reason for doing this?
Original comment was that we need exact bytes and some user memcpy
functions do not return correct number on page fault.
But how would all
On 13/03/2019 16:38, gre...@linuxfoundation.org wrote:
On Wed, Mar 13, 2019 at 02:12:30PM +, Dmitry Kasatkin wrote:
From: Sasha Levin
Sent: Tuesday, March 12, 2019 1:16 AM
To: Dmitry Kasatkin
Cc: Al Viro; yuehaibing; linux-kernel@vger.kernel.org;
linux-fsde...@vger.kernel.org
From: Sasha Levin
Sent: Tuesday, March 12, 2019 1:16 AM
To: Dmitry Kasatkin
Cc: Al Viro; yuehaibing; linux-kernel@vger.kernel.org;
linux-fsde...@vger.kernel.org; keesc...@chromium.org; sta...@vger.kernel.org;
gre...@google.com
Subject: Re: [PATCH -next] exec: Fix mem leak
From: Al Viro on behalf of Al Viro
Sent: Tuesday, February 19, 2019 4:25 AM
To: yuehaibing
Cc: linux-kernel@vger.kernel.org; linux-fsde...@vger.kernel.org; Dmitry
Kasatkin; keesc...@chromium.org
Subject: Re: [PATCH -next] exec: Fix mem leak in kernel_read_file
On Tue, Feb 19, 2019 at 10
Hi,
I will have a look to patches.
Thanks,
Dmitry
On Tue, Aug 14, 2018 at 9:34 PM James Morris wrote:
>
> On Tue, 14 Aug 2018, David Jacobson wrote:
>
> > This patchset introduces evmtest — a stand alone tool for regression
> > testing IMA.
>
> Nice!
>
> I usually run the SELinux testsuite as
Hi,
I will have a look to patches.
Thanks,
Dmitry
On Tue, Aug 14, 2018 at 9:34 PM James Morris wrote:
>
> On Tue, 14 Aug 2018, David Jacobson wrote:
>
> > This patchset introduces evmtest — a stand alone tool for regression
> > testing IMA.
>
> Nice!
>
> I usually run the SELinux testsuite as
Looks goo, you also updated comments of location of some functions.
Acked-by: Dmitry Kasatkin
Thanks
From: Vasily Averin [v...@virtuozzo.com]
Sent: Friday, June 01, 2018 7:29 PM
To: Andrew Morton; linux-kernel@vger.kernel.org
Cc: Dmitry Kasatkin
Subject
Looks goo, you also updated comments of location of some functions.
Acked-by: Dmitry Kasatkin
Thanks
From: Vasily Averin [v...@virtuozzo.com]
Sent: Friday, June 01, 2018 7:29 PM
To: Andrew Morton; linux-kernel@vger.kernel.org
Cc: Dmitry Kasatkin
Subject
Hi,
Could I ask FS maintainers to test IMA with this patch additionally
and provide ack/tested.
We tested but may be you have and some special testing.
Thanks in advance,
Dmitry
On Tue, Dec 5, 2017 at 9:06 PM, Dmitry Kasatkin
<dmitry.kasat...@gmail.com> wrote:
> The origin
Hi,
Could I ask FS maintainers to test IMA with this patch additionally
and provide ack/tested.
We tested but may be you have and some special testing.
Thanks in advance,
Dmitry
On Tue, Dec 5, 2017 at 9:06 PM, Dmitry Kasatkin
wrote:
> The original design was discussed 3+ years
process_measurement()
Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com>
---
security/integrity/iint.c | 2 +
security/integrity/ima/ima_appraise.c | 27 +++---
security/integrity/ima/ima_main.c | 70 ---
security/integrity/int
process_measurement()
Signed-off-by: Dmitry Kasatkin
---
security/integrity/iint.c | 2 +
security/integrity/ima/ima_appraise.c | 27 +++---
security/integrity/ima/ima_main.c | 70 ---
security/integrity/integrity.h| 18 ++--
On 04/12/17 17:40, Dmitry Kasatkin wrote:
On 04/12/17 15:42, Roberto Sassu wrote:
On 12/4/2017 1:06 PM, Mimi Zohar wrote:
Hi Dmitry,
On Fri, 2017-12-01 at 20:40 +0200, Dmitry Kasatkin wrote:
The original design was discussed 3+ years ago, but was never
completed/upstreamed.
Based
On 04/12/17 17:40, Dmitry Kasatkin wrote:
On 04/12/17 15:42, Roberto Sassu wrote:
On 12/4/2017 1:06 PM, Mimi Zohar wrote:
Hi Dmitry,
On Fri, 2017-12-01 at 20:40 +0200, Dmitry Kasatkin wrote:
The original design was discussed 3+ years ago, but was never
completed/upstreamed.
Based
On 04/12/17 15:42, Roberto Sassu wrote:
On 12/4/2017 1:06 PM, Mimi Zohar wrote:
Hi Dmitry,
On Fri, 2017-12-01 at 20:40 +0200, Dmitry Kasatkin wrote:
The original design was discussed 3+ years ago, but was never
completed/upstreamed.
Based on the recent discussions with Linus
https
On 04/12/17 15:42, Roberto Sassu wrote:
On 12/4/2017 1:06 PM, Mimi Zohar wrote:
Hi Dmitry,
On Fri, 2017-12-01 at 20:40 +0200, Dmitry Kasatkin wrote:
The original design was discussed 3+ years ago, but was never
completed/upstreamed.
Based on the recent discussions with Linus
https
attr_flags to atomic_flags
Changes in v2:
* revert taking the i_mutex in integrity_inode_get() so that iint allocation
could be done with i_mutex taken
* move taking the i_mutex from appraisal code to the process_measurement()
Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com&g
attr_flags to atomic_flags
Changes in v2:
* revert taking the i_mutex in integrity_inode_get() so that iint allocation
could be done with i_mutex taken
* move taking the i_mutex from appraisal code to the process_measurement()
Signed-off-by: Dmitry Kasatkin
---
security/integrity/iint.c
On Thu, Nov 10, 2016 at 4:56 PM, Mimi Zohar wrote:
> [Posting with abbreviated Cc list.]
>
> The TPM PCRs are only reset on a hard reboot. In order to validate a
> TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement list
> of the running kernel must be
On Thu, Nov 10, 2016 at 4:56 PM, Mimi Zohar wrote:
> [Posting with abbreviated Cc list.]
>
> The TPM PCRs are only reset on a hard reboot. In order to validate a
> TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement list
> of the running kernel must be saved and then restored on
On Thu, Nov 10, 2016 at 4:56 PM, Mimi Zohar wrote:
> The TPM PCRs are only reset on a hard reboot. In order to validate a
> TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement list
> of the running kernel must be saved and restored on boot. This patch
>
On Thu, Nov 10, 2016 at 4:56 PM, Mimi Zohar wrote:
> The TPM PCRs are only reset on a hard reboot. In order to validate a
> TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement list
> of the running kernel must be saved and restored on boot. This patch
> restores the measurement
On Fri, Oct 21, 2016 at 5:44 AM, Thiago Jung Bauermann
wrote:
> From: Mimi Zohar
>
> The builtin and single custom templates are currently stored in an
> array. In preparation for being able to restore a measurement list
> containing
On Fri, Oct 21, 2016 at 5:44 AM, Thiago Jung Bauermann
wrote:
> From: Mimi Zohar
>
> The builtin and single custom templates are currently stored in an
> array. In preparation for being able to restore a measurement list
> containing multiple builtin/custom templates, this patch stores the
>
On Fri, Oct 21, 2016 at 5:44 AM, Thiago Jung Bauermann
wrote:
> From: Mimi Zohar
>
> In preparation for serializing the binary_runtime_measurements, this patch
> maintains the amount of memory required.
>
> Changelog v5:
> - replace
On Fri, Oct 21, 2016 at 5:44 AM, Thiago Jung Bauermann
wrote:
> From: Mimi Zohar
>
> In preparation for serializing the binary_runtime_measurements, this patch
> maintains the amount of memory required.
>
> Changelog v5:
> - replace CONFIG_KEXEC_FILE with architecture CONFIG_HAVE_IMA_KEXEC
On Fri, Oct 21, 2016 at 5:44 AM, Thiago Jung Bauermann
wrote:
> From: Mimi Zohar
>
> Measurements carried across kexec need to be added to the IMA
> measurement list, but should not prevent measurements of the newly
> booted kernel from
On Fri, Oct 21, 2016 at 5:44 AM, Thiago Jung Bauermann
wrote:
> From: Mimi Zohar
>
> Measurements carried across kexec need to be added to the IMA
> measurement list, but should not prevent measurements of the newly
> booted kernel from being added to the measurement list. This patch
> adds
On Fri, Oct 21, 2016 at 5:44 AM, Thiago Jung Bauermann
wrote:
> From: Mimi Zohar
>
> The TPM PCRs are only reset on a hard reboot. In order to validate a
> TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement list
> of the
On Fri, Oct 21, 2016 at 5:44 AM, Thiago Jung Bauermann
wrote:
> From: Mimi Zohar
>
> The TPM PCRs are only reset on a hard reboot. In order to validate a
> TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement list
> of the running kernel must be saved and restored on boot. This
Hi,
Yes, please make a patch.
Thanks for noticing,
Dmitry
From: Andreas Ziegler [andreas.zieg...@fau.de]
Sent: Tuesday, January 26, 2016 5:39 PM
To: Dmitry Kasatkin
Cc: David Howells; James Morris; Serge E. Hallyn; linux-kernel@vger.kernel.org
Subject
Hi,
Yes, please make a patch.
Thanks for noticing,
Dmitry
From: Andreas Ziegler [andreas.zieg...@fau.de]
Sent: Tuesday, January 26, 2016 5:39 PM
To: Dmitry Kasatkin
Cc: David Howells; James Morris; Serge E. Hallyn; linux-kernel@vger.kernel.org
Subject
Hi,
Updated in the patch.
http://git.kernel.org/cgit/linux/kernel/git/kasatkin/linux-digsig.git/log/?h=ima-next
Dmitry
On Fri, Oct 23, 2015 at 9:30 PM, Mimi Zohar wrote:
> On Thu, 2015-10-22 at 21:49 +0300, Dmitry Kasatkin wrote:
>> Crypto HW kernel module can possibly initialize EVM
Hi,
I added error printing to the patch
http://git.kernel.org/cgit/linux/kernel/git/kasatkin/linux-digsig.git/log/?h=ima-next
Dmitry
On Fri, Oct 23, 2015 at 9:31 PM, Mimi Zohar wrote:
> On Thu, 2015-10-22 at 21:49 +0300, Dmitry Kasatkin wrote:
>> In order to enable EVM before start
Hi,
I added error printing to the patch
http://git.kernel.org/cgit/linux/kernel/git/kasatkin/linux-digsig.git/log/?h=ima-next
Dmitry
On Fri, Oct 23, 2015 at 9:31 PM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote:
> On Thu, 2015-10-22 at 21:49 +0300, Dmitry Kasatkin wrote:
>> In
Hi,
Updated in the patch.
http://git.kernel.org/cgit/linux/kernel/git/kasatkin/linux-digsig.git/log/?h=ima-next
Dmitry
On Fri, Oct 23, 2015 at 9:30 PM, Mimi Zohar <zo...@linux.vnet.ibm.com> wrote:
> On Thu, 2015-10-22 at 21:49 +0300, Dmitry Kasatkin wrote:
>> Crypto HW ke
From: Petko Manolov [pet...@mip-labs.com]
Sent: Friday, October 23, 2015 4:05 PM
To: Dmitry Kasatkin
Cc: zo...@linux.vnet.ibm.com; linux-ima-de...@lists.sourceforge.net;
linux-security-mod...@vger.kernel.org; linux-kernel@vger.kernel.org; Dmitry
Kasatkin
From: Petko Manolov [pet...@mip-labs.com]
Sent: Friday, October 23, 2015 4:05 PM
To: Dmitry Kasatkin
Cc: zo...@linux.vnet.ibm.com; linux-ima-de...@lists.sourceforge.net;
linux-security-mod...@vger.kernel.org; linux-kernel@vger.kernel.org; Dmitry
Kasatkin
if key of any type
is loaded.
Changes in v2:
* EVM_STATE_KEY_SET replaced by EVM_INIT_HMAC
* EVM_STATE_X509_SET replaced by EVM_INIT_X509
Signed-off-by: Dmitry Kasatkin
---
security/integrity/evm/evm.h| 3 +++
security/integrity/evm/evm_crypto.c | 2 ++
security/integrity/evm/evm_main.c | 6
we may need to re-verify
the signature and update iint->flags that there is EVM
signature.
This patch enables that by resetting evm_status to
INTEGRITY_UKNOWN state.
Changes in v2:
* Flag setting moved to EVM layer
Signed-off-by: Dmitry Kasatkin
---
security/integrity/evm/evm_main.
This patch imposes minimum key size limit.
It declares EVM_MIN_KEY_SIZE and EVM_MAX_KEY_SIZE in public header file.
Signed-off-by: Dmitry Kasatkin
---
include/linux/evm.h | 3 +++
security/integrity/evm/evm_crypto.c | 7 +++
2 files changed, 6 insertions(+), 4 deletions
Zohar)
Signed-off-by: Dmitry Kasatkin
---
security/integrity/Kconfig| 11 +++
security/integrity/digsig.c | 14 --
security/integrity/evm/evm_main.c | 8 +---
security/integrity/ima/Kconfig| 5 -
security/integrity/ima/ima.h | 12
to evm_set_key
* EVM_INIT_HMAC moved to evm_set_key
* added bitop to prevent key setting race
Changes in v2:
* use size_t for key size instead of signed int
* provide EVM_MAX_KEY_SIZE macro in
* provide EVM_MIN_KEY_SIZE macro in
Signed-off-by: Dmitry Kasatkin
---
include/linux/evm.h
sent for review few months ago. Please refer to the patch
descriptions for details.
BR,
Dmitry
Dmitry Kasatkin (6):
integrity: define '.evm' as a builtin 'trusted' keyring
evm: load x509 certificate from the kernel
evm: enable EVM when X509 certificate is loaded
evm: provide a function
patch changed to /etc/keys
Signed-off-by: Dmitry Kasatkin
---
security/integrity/evm/Kconfig| 17 +
security/integrity/evm/evm_main.c | 7 +++
security/integrity/iint.c | 1 +
security/integrity/integrity.h| 8
4 files changed, 33 insertions
sent for review few months ago. Please refer to the patch
descriptions for details.
BR,
Dmitry
Dmitry Kasatkin (6):
integrity: define '.evm' as a builtin 'trusted' keyring
evm: load x509 certificate from the kernel
evm: enable EVM when X509 certificate is loaded
evm: provide a function
to evm_set_key
* EVM_INIT_HMAC moved to evm_set_key
* added bitop to prevent key setting race
Changes in v2:
* use size_t for key size instead of signed int
* provide EVM_MAX_KEY_SIZE macro in
* provide EVM_MIN_KEY_SIZE macro in
Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.
Zohar)
Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com>
---
security/integrity/Kconfig| 11 +++
security/integrity/digsig.c | 14 --
security/integrity/evm/evm_main.c | 8 +---
security/integrity/ima/Kconfig| 5 -
security/integri
if key of any type
is loaded.
Changes in v2:
* EVM_STATE_KEY_SET replaced by EVM_INIT_HMAC
* EVM_STATE_X509_SET replaced by EVM_INIT_X509
Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com>
---
security/integrity/evm/evm.h| 3 +++
security/integrity/evm/evm_crypto.c | 2 ++
se
we may need to re-verify
the signature and update iint->flags that there is EVM
signature.
This patch enables that by resetting evm_status to
INTEGRITY_UKNOWN state.
Changes in v2:
* Flag setting moved to EVM layer
Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com>
---
securi
This patch imposes minimum key size limit.
It declares EVM_MIN_KEY_SIZE and EVM_MAX_KEY_SIZE in public header file.
Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com>
---
include/linux/evm.h | 3 +++
security/integrity/evm/evm_crypto.c | 7 +++
2 files chan
patch changed to /etc/keys
Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com>
---
security/integrity/evm/Kconfig| 17 +
security/integrity/evm/evm_main.c | 7 +++
security/integrity/iint.c | 1 +
security/integrity/integrity.h| 8
4
Hi,
Apply this patch, please...
Dmitry
On Thu, Sep 10, 2015 at 10:06 PM, Dmitry Kasatkin
wrote:
> If IMA_LOAD_X509 is enabled either directly or indirectly via
> IMA_APPRAISE_SIGNED_INIT, it enables certificate loading to the IMA trusted
> keyring from the kernel. Due to the
Hi,
Apply this patch, please...
Dmitry
On Thu, Sep 10, 2015 at 10:06 PM, Dmitry Kasatkin
<dmitry.kasat...@gmail.com> wrote:
> If IMA_LOAD_X509 is enabled either directly or indirectly via
> IMA_APPRAISE_SIGNED_INIT, it enables certificate loading to the IMA trusted
> keyring
certificate verification result and allowed to load self-signed or
wrongly signed certificates.
This patch just removes this option.
Signed-off-by: Dmitry Kasatkin
Cc: # 3.19+
---
security/integrity/digsig.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security
certificate verification result and allowed to load self-signed or
wrongly signed certificates.
This patch just removes this option.
Signed-off-by: Dmitry Kasatkin <dmitry.kasat...@huawei.com>
Cc: <sta...@vger.kernel.org> # 3.19+
---
security/integrity/digsig.c | 2 +-
1 fil
Hi,
Yes, please.
(in plain text)
- Dmitry
On 26 January 2015 at 22:49, Stephen Rothwell wrote:
> Hi all,
>
> I noticed commit bfd33c4b4b1a ("MAINTAINERS: email update") in the
> integrity tree today. I assume that I should also update the email
> address in my contacts list?
>
> --
> Cheers,
Hi,
Yes, please.
(in plain text)
- Dmitry
On 26 January 2015 at 22:49, Stephen Rothwell s...@canb.auug.org.au wrote:
Hi all,
I noticed commit bfd33c4b4b1a (MAINTAINERS: email update) in the
integrity tree today. I assume that I should also update the email
address in my contacts list?
Hello,
Sorry for the ugly typo in MAINTAINERS.
- Dmitry
Dmitry Kasatkin (1):
MAINTAINERS: email update
MAINTAINERS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.1.0
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message
Changed to my private email address as I left Samsung.
Signed-off-by: Dmitry Kasatkin
---
MAINTAINERS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index ccb0fef..0ee6758 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -4655,7 +4655,7 @@ F
Changed to my private email address as I left Samsung.
Signed-off-by: Dmitry Kasatkin
---
MAINTAINERS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index ccb0fef..0ee6758 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -4655,7 +4655,7 @@ F
Changed to my private email address as I left Samsung.
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@gmail.com
---
MAINTAINERS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index ccb0fef..0ee6758 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
Changed to my private email address as I left Samsung.
Signed-off-by: Dmitry Kasatkin dmitry.kasat...@gmail.com
---
MAINTAINERS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index ccb0fef..0ee6758 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
Hello,
Sorry for the ugly typo in MAINTAINERS.
- Dmitry
Dmitry Kasatkin (1):
MAINTAINERS: email update
MAINTAINERS | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.1.0
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord
correct.
Acked-by: Dmitry Kasatkin
Dmitry
On 12 January 2015 at 13:43, David Howells wrote:
> Dmitry Kasatkin wrote:
>
>> Ack.
>
> To what email address do I translate that now?
>
> Acked-by: Dmitry Kasatkin
>
> perchance?
>
> David
--
T
correct.
Acked-by: Dmitry Kasatkin dmitry.kasat...@gmail.com
Dmitry
On 12 January 2015 at 13:43, David Howells dhowe...@redhat.com wrote:
Dmitry Kasatkin dmitry.kasat...@gmail.com wrote:
Ack.
To what email address do I translate that now?
Acked-by: Dmitry Kasatkin dmitry.kasat
Hi,
Thank you. Indeed '-cmp' is much more clear.
Ack.
- Dmitry
On 9 January 2015 at 13:00, David Howells wrote:
> This looks very reasonable. cc'ing Dmitry for his check.
>
> David
> ---
> Rasmus Villemoes wrote:
>
>> The condition preceding 'return 1;' makes my head hurt. At this point,
>>
Hi,
Thank you. It looks correct.
Ack.
- Dmitry
On 9 January 2015 at 12:58, David Howells wrote:
> I think you're right - *adding* the two sizes makes no sense. cc'ing Dmitry
> also for his check.
>
> David
>
>
> Rasmus Villemoes wrote:
>
>> If u and v both represent negative integers and
Hi,
Thank you. Indeed '-cmp' is much more clear.
Ack.
- Dmitry
On 9 January 2015 at 13:00, David Howells dhowe...@redhat.com wrote:
This looks very reasonable. cc'ing Dmitry for his check.
David
---
Rasmus Villemoes li...@rasmusvillemoes.dk wrote:
The condition preceding 'return 1;'
Hi,
Thank you. It looks correct.
Ack.
- Dmitry
On 9 January 2015 at 12:58, David Howells dhowe...@redhat.com wrote:
I think you're right - *adding* the two sizes makes no sense. cc'ing Dmitry
also for his check.
David
Rasmus Villemoes li...@rasmusvillemoes.dk wrote:
If u and v both
On 05/12/14 16:04, David Howells wrote:
> Dmitry Kasatkin wrote:
>
>> With just "make all" on Ubuntu.
> What gcc? I don't see any warnings.
>
> David
>
$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.8/lt
On 05/12/14 12:23, David Howells wrote:
> Dmitry Kasatkin wrote:
>
>> sign-file.c produce lots of annoying noise.
> How did you get it to produce that?
>
> David
>
With just "make all" on Ubuntu.
- Dmitry
--
To unsubscribe from this list: send the line &quo
Hi David,
sign-file.c produce lots of annoying noise.
scripts/sign-file.c:153:2: warning: format not a string literal and no
format arguments [-Wformat-security]
ERR(!bd, dest_name);
^
scripts/sign-file.c:179:3: warning: format not a string literal and no
format arguments [-Wformat-security]
Hi David,
sign-file.c produce lots of annoying noise.
scripts/sign-file.c:153:2: warning: format not a string literal and no
format arguments [-Wformat-security]
ERR(!bd, dest_name);
^
scripts/sign-file.c:179:3: warning: format not a string literal and no
format arguments [-Wformat-security]
On 05/12/14 12:23, David Howells wrote:
Dmitry Kasatkin d.kasat...@samsung.com wrote:
sign-file.c produce lots of annoying noise.
How did you get it to produce that?
David
With just make all on Ubuntu.
- Dmitry
--
To unsubscribe from this list: send the line unsubscribe linux-kernel
On 05/12/14 16:04, David Howells wrote:
Dmitry Kasatkin d.kasat...@samsung.com wrote:
With just make all on Ubuntu.
What gcc? I don't see any warnings.
David
$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.8/lto-wrapper
Target: x86_64
On 21/11/14 16:42, Vivek Goyal wrote:
> On Thu, Nov 20, 2014 at 04:54:03PM +, David Howells wrote:
>
> [..]
>> diff --git a/crypto/asymmetric_keys/x509_parser.h
>> b/crypto/asymmetric_keys/x509_parser.h
>> index 3dfe6b5d6f0b..223b72344060 100644
>> --- a/crypto/asymmetric_keys/x509_parser.h
On 26/11/14 16:17, David Howells wrote:
> Extract both parts of the AuthorityKeyIdentifier, not just the keyIdentifier,
> as the second part can be used to match X.509 certificates by issuer and
> serialNumber.
>
> Signed-off-by: David Howells
> ---
>
> crypto/asymmetric_keys/Makefile
On 26/11/14 16:17, David Howells wrote:
Extract both parts of the AuthorityKeyIdentifier, not just the keyIdentifier,
as the second part can be used to match X.509 certificates by issuer and
serialNumber.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/Makefile
On 21/11/14 16:42, Vivek Goyal wrote:
On Thu, Nov 20, 2014 at 04:54:03PM +, David Howells wrote:
[..]
diff --git a/crypto/asymmetric_keys/x509_parser.h
b/crypto/asymmetric_keys/x509_parser.h
index 3dfe6b5d6f0b..223b72344060 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++
Hello,
Yes, we will pick it up.
Thanks,
Dmitry
On 03/12/14 08:04, Michael Ellerman wrote:
> On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to:
>
> warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies
> (TCG_TPM && PPC_PSERIES)
>
Hello,
Yes, we will pick it up.
Thanks,
Dmitry
On 03/12/14 08:04, Michael Ellerman wrote:
On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to:
warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies
(TCG_TPM PPC_PSERIES)
tpm_ibmvtpm.c:(.text+0x14f3e8):
On 20/11/14 18:53, David Howells wrote:
> Here's a set of patches that does the following:
>
> (1) Extracts both parts of an X.509 AuthorityKeyIdentifier (AKID) extension.
> We already extract the bit that can match the subjectKeyIdentifier (SKID)
> of the parent X.509 cert, but we
On 21/11/14 14:59, Dmitry Kasatkin wrote:
> Hi David,
>
> Before I go into reviewing the patches just want to let you know that
> Integrity stuff seems to work fine with these changes.
Actually after cleaning the tree and re-signing the modules, I get following
Unrecognized ch
On 21/11/14 14:59, Dmitry Kasatkin wrote:
Hi David,
Before I go into reviewing the patches just want to let you know that
Integrity stuff seems to work fine with these changes.
Actually after cleaning the tree and re-signing the modules, I get following
Unrecognized character \x7F; marked
On 20/11/14 18:53, David Howells wrote:
Here's a set of patches that does the following:
(1) Extracts both parts of an X.509 AuthorityKeyIdentifier (AKID) extension.
We already extract the bit that can match the subjectKeyIdentifier (SKID)
of the parent X.509 cert, but we currently
Hi David,
Before I go into reviewing the patches just want to let you know that
Integrity stuff seems to work fine with these changes.
Thanks,
Dmitry
On 20/11/14 18:53, David Howells wrote:
> Here's a set of patches that does the following:
>
> (1) Extracts both parts of an X.509
Hi David,
Before I go into reviewing the patches just want to let you know that
Integrity stuff seems to work fine with these changes.
Thanks,
Dmitry
On 20/11/14 18:53, David Howells wrote:
Here's a set of patches that does the following:
(1) Extracts both parts of an X.509
Provide the function to load x509 certificates from the kernel into the
integrity kernel keyring.
Changes in v2:
* configuration option removed
* function declared as '__init'
Signed-off-by: Dmitry Kasatkin
---
security/integrity/digsig.c| 37 -
security
of kernel_read(), to integrity_kernel_read().
Changes in v3:
* Patch descriptions improved (Mimi)
Changes in v2:
* configuration option removed
* function declared as '__init'
Signed-off-by: Dmitry Kasatkin
---
security/integrity/iint.c | 78 +
security
Signed-off-by: Dmitry Kasatkin
---
security/integrity/ima/Kconfig | 7 +++
security/integrity/ima/ima_policy.c | 5 +
2 files changed, 12 insertions(+)
diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig
index 8288edc..31b44b8 100644
--- a/security
().
* integrity_read_file() moved from digsig.c to iint.c because it is used
by IMA crypto subsystem and should not depend on digsig support being
enabled.
-Dmitry
*** BLURB HERE ***
Dmitry Kasatkin (6):
integrity: define a new function integrity_read_file()
integrity: provide a function
integrity_kernel_read() duplicates the file read operations code
in vfs_read(). This patch refactors vfs_read() code creating a
helper function __vfs_read(). It is used by both vfs_read() and
integrity_kernel_read().
Signed-off-by: Dmitry Kasatkin
---
fs/read_write.c | 24
clears ima_policy_flag to disable
appraisal to load key. Use it to skip appraisal rules.
* Key directory path changed to /etc/keys (Mimi)
Changes in v2:
* added '__init'
* use ima_policy_flag to disable appraisal to load keys
Signed-off-by: Dmitry Kasatkin
---
security/integrity/ima/Kconfig
functions
Signed-off-by: Dmitry Kasatkin
---
include/linux/integrity.h | 6 ++
init/main.c | 6 +-
security/integrity/iint.c | 11 +++
3 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/include/linux/integrity.h b/include/linux/integrity.h
index 83222ce
functions
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
include/linux/integrity.h | 6 ++
init/main.c | 6 +-
security/integrity/iint.c | 11 +++
3 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/include/linux/integrity.h b/include/linux
().
* integrity_read_file() moved from digsig.c to iint.c because it is used
by IMA crypto subsystem and should not depend on digsig support being
enabled.
-Dmitry
*** BLURB HERE ***
Dmitry Kasatkin (6):
integrity: define a new function integrity_read_file()
integrity: provide a function
clears ima_policy_flag to disable
appraisal to load key. Use it to skip appraisal rules.
* Key directory path changed to /etc/keys (Mimi)
Changes in v2:
* added '__init'
* use ima_policy_flag to disable appraisal to load keys
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
security
integrity_kernel_read() duplicates the file read operations code
in vfs_read(). This patch refactors vfs_read() code creating a
helper function __vfs_read(). It is used by both vfs_read() and
integrity_kernel_read().
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
fs/read_write.c
1 - 100 of 735 matches
Mail list logo