Re: md5sum (from libkcapi) fails on kernel 4.9 but not on 4.13

Hi Stephan, Le 16/10/2017 à 23:10, Stephan Mueller a écrit : Am Montag, 16. Oktober 2017, 08:53:00 CEST schrieb Christophe LEROY: Hi Christophe, Hi Stephan, I get an issue with md5sum of a big file with kernel 4.9. It don't get that issue with kernel 4.13. The key to the difference in

Re: md5sum (from libkcapi) fails on kernel 4.9 but not on 4.13

Hi Again Stephan Le 17/10/2017 à 09:58, Christophe LEROY a écrit : Hi Stephan, Le 16/10/2017 à 23:10, Stephan Mueller a écrit : Am Montag, 16. Oktober 2017, 08:53:00 CEST schrieb Christophe LEROY: Hi Christophe, Hi Stephan, I get an issue with md5sum of a big file with kernel 4.9. It

Re: [PATCH v2 1/8] lib/scatterlist: Introduce sgl_alloc() and sgl_free()

Thanks Bart, Reviewed-by: Johannes Thumshirn -- Johannes Thumshirn Storage jthumsh...@suse.de+49 911 74053 689 SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg GF: Felix Imendörffer, Jane Smithard, Graham

Re: [PATCH v9 17/20] crypto: talitos: move to generic async completion

Le 15/10/2017 à 11:20, Gilad Ben-Yossef a écrit : The talitos driver starts several async crypto ops and waits for their completions. Move it over to generic code doing the same. Signed-off-by: Gilad Ben-Yossef Tested-by: Christophe Leroy ---

[PATCH v7 2/2] crypto: s5p-sss: Add HASH support for Exynos

Add support for MD5, SHA1, SHA256 hash algorithms for Exynos HW. It uses the crypto framework asynchronous hash api. It is based on omap-sham.c driver. S5P has some HW differencies and is not implemented. Modifications in s5p-sss: - Add hash supporting structures and functions. - Modify irq

[PATCH v7 1/2] crypto: s5p-sss: change spaces into tabs in defines

change spaces into tabs in defines Signed-off-by: Kamil Konieczny --- drivers/crypto/s5p-sss.c | 190 +++ 1 file changed, 95 insertions(+), 95 deletions(-) diff --git a/drivers/crypto/s5p-sss.c

[PATCH v7 0/2] crypto: s5p-sss: Add HASH support for Exynos

First patch cleans up spaces in defines, second adds HASH support for Exynos. Changes: version 7: - fix ifdef into if(IS_ENABLED()) as suggested by Krzysztof Kozlowski version 6: - fixes suggested by Vladimir Zapolskiy: change HASH_OP enum into bool, fix comments, change int into unsigned int

Re: [PATCH v9 00/20] simplify crypto wait for async op

On Sun, Oct 15, 2017 at 6:38 PM, Herbert Xu wrote: > > On Sun, Oct 15, 2017 at 10:19:45AM +0100, Gilad Ben-Yossef wrote: > > > > Changes from v8: > > - Remove the translation of EAGAIN return code to the > > previous return code of EBUSY for the user space > >

Re: [PATCH v9 00/20] simplify crypto wait for async op

On Sun, Oct 15, 2017 at 10:19:45AM +0100, Gilad Ben-Yossef wrote: > Many users of kernel async. crypto services have a pattern of > starting an async. crypto op and than using a completion > to wait for it to end. > > This patch set simplifies this common use case in two ways: > > First, by

Re: [PATCH v2 7/8] scsi/pmcraid: Remove an unused structure member

On Tue, 2017-10-17 at 08:21 +0200, Hannes Reinecke wrote: > On 10/17/2017 12:49 AM, Bart Van Assche wrote: > > Signed-off-by: Bart Van Assche > > Reviewed-by: Johannes Thumshirn > > Cc: linux-s...@vger.kernel.org > > Cc: Martin K. Petersen

Re: [PATCH v2 5/8] target: Use sgl_alloc_order() and sgl_free()

On Tue, 2017-10-17 at 08:14 +0200, Hannes Reinecke wrote: > On 10/17/2017 12:49 AM, Bart Van Assche wrote: > > [ ... ] > > void target_free_sgl(struct scatterlist *sgl, int nents) > > { > > - struct scatterlist *sg; > > - int count; > > - > > - for_each_sg(sgl, sg, nents, count) > > -

Re: New Linux accelerators discussion list [was: Re: Fostering linux community collaboration on hardware accelerators]

+ linux-accelerat...@lists.ozlabs.org Seems sensible to have this email actually go to the new list so at least it appears in the archive. Sorry all, I should have thought of this before pressing send, Jonathan On Tue, 17 Oct 2017 13:48:10 +0100 Jonathan Cameron

Re: New Linux accelerators discussion list [was: Re: Fostering linux community collaboration on hardware accelerators]

On Tue, 17 Oct 2017 11:00:40 +1100 Andrew Donnellan wrote: > On 17/10/17 01:07, Jonathan Cameron wrote: > > > > > >>> So as ever with a linux community focusing on a particular topic, the > >>> obvious solution is a mailing list. There are a number of options on

Re: [PATCH v2 2/8] crypto: scompress - use sgl_alloc() and sgl_free()

On 10/17/2017 12:49 AM, Bart Van Assche wrote: > Use the sgl_alloc() and sgl_free() functions instead of open coding > these functions. > > Signed-off-by: Bart Van Assche > Cc: Ard Biesheuvel > Cc: Herbert Xu > ---

Re: [PATCH v2 1/8] lib/scatterlist: Introduce sgl_alloc() and sgl_free()

On 10/17/2017 12:49 AM, Bart Van Assche wrote: > Many kernel drivers contain code that allocates and frees both a > scatterlist and the pages that populate that scatterlist. > Introduce functions in lib/scatterlist.c that perform these tasks > instead of duplicating this functionality in multiple

Re: [PATCH v2 3/8] nvmet/fc: Use sgl_alloc() and sgl_free()

On 10/17/2017 12:49 AM, Bart Van Assche wrote: > Use the sgl_alloc() and sgl_free() functions instead of open coding > these functions. > > Signed-off-by: Bart Van Assche > Reviewed-by: Johannes Thumshirn > Cc: Keith Busch >

Re: [PATCH v2 4/8] nvmet/rdma: Use sgl_alloc() and sgl_free()

On 10/17/2017 12:49 AM, Bart Van Assche wrote: > Use the sgl_alloc() and sgl_free() functions instead of open coding > these functions. > > Signed-off-by: Bart Van Assche > Reviewed-by: Johannes Thumshirn > Cc: Keith Busch >

Re: [PATCH v2 5/8] target: Use sgl_alloc_order() and sgl_free()

On 10/17/2017 12:49 AM, Bart Van Assche wrote: > Use the sgl_alloc_order() and sgl_free() functions instead of open > coding these functions. > > Signed-off-by: Bart Van Assche > Cc: Nicholas A. Bellinger > Cc: Christoph Hellwig > Cc:

Re: [PATCH v2 6/8] scsi/ipr: Use sgl_alloc_order() and sgl_free_order()

On 10/17/2017 12:49 AM, Bart Van Assche wrote: > Use the sgl_alloc_order() and sgl_free_order() functions instead > of open coding these functions. > > Signed-off-by: Bart Van Assche > Reviewed-by: Johannes Thumshirn > Cc: linux-s...@vger.kernel.org >

Re: [PATCH v2 7/8] scsi/pmcraid: Remove an unused structure member

On 10/17/2017 12:49 AM, Bart Van Assche wrote: > Signed-off-by: Bart Van Assche > Reviewed-by: Johannes Thumshirn > Cc: linux-s...@vger.kernel.org > Cc: Martin K. Petersen > Cc: Anil Ravindranath

Re: [PATCH v2 8/8] scsi/pmcraid: Use sgl_alloc_order() and sgl_free_order()

On 10/17/2017 12:49 AM, Bart Van Assche wrote: > Use the sgl_alloc_order() and sgl_free_order() functions instead > of open coding these functions. > > Signed-off-by: Bart Van Assche > Reviewed-by: Johannes Thumshirn > Cc: linux-s...@vger.kernel.org >

Re: [PATCH 1/2] x86/crypto/sha256-mb: fix panic due to unaligned access

On 10/16/2017 08:51 AM, Andrey Ryabinin wrote: > struct sha256_ctx_mgr allocated in sha256_mb_mod_init() via kzalloc() > and later passed in sha256_mb_flusher_mgr_flush_avx2() function where > instructions vmovdqa used to access the struct. vmovdqa requires > 16-bytes aligned argument, but nothing

Re: md5sum (from libkcapi) fails on kernel 4.9 but not on 4.13

Am Dienstag, 17. Oktober 2017, 09:58:31 CEST schrieb Christophe LEROY: Hi Christophe, > > > If you tamper with the code shown above from libkcapi and set > > alg_max_pages to a low value, the library reverts to sendmsg after the > > given number of pages. > Couldn't we get the libkcapi to

Re: [PATCH] crypto: ccp: remove unused variable qim

On 10/12/2017 11:55 AM, Colin King wrote: From: Colin Ian King Variable qim is assigned but never read, it is redundant and can be removed. Cleans up clang warning: Value stored to 'qim' is never read Fixes: 4b394a232df7 ("crypto: ccp - Let a v5 CCP provide the same

[PATCH v5 05/18] ima: Simplify ima_eventsig_init

The "goto out" statement doesn't have any purpose since there's no cleanup to be done when returning early, so remove it. This also makes the rc variable unnecessary so remove it as well. Also, the xattr_len and fmt variables are redundant so remove them as well. Signed-off-by: Thiago Jung

[PATCH v5 04/18] evm, ima: Remove more superfluous parentheses

This patch removes unnecessary parentheses from all EVM and IMA files not yet cleaned up by the previous patches. It is separate from the previous one so that it can be easily dropped if the churn and conflict potential is deemed not worth it. Confirmed that the patch is correct by comparing the

[PATCH v5 08/18] integrity: Select CONFIG_KEYS instead of depending on it

This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT which in turn selects CONFIG_KEYS. Kconfig then complains that CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS. Signed-off-by: Thiago Jung Bauermann

[PATCH v5 06/18] ima: Improvements in ima_appraise_measurement

Replace nested ifs in the EVM xattr verification logic with a switch statement, making the code easier to understand. Also, add comments to the if statements in the out section. Signed-off-by: Mimi Zohar Signed-off-by: Thiago Jung Bauermann

[PATCH v5 02/18] ima: Remove some superfluous parentheses

Superfluous parentheses just add clutter to the code, making it harder to read and to understand. In order to avoid churn and minimize conflicts with other patches from the community, this patch only removes superfluous parentheses from lines that are modified by other patches in this series.

[PATCH v5 14/18] integrity: Introduce integrity_keyring_from_id

IMA will need to obtain the keyring used to verify file signatures so that it can verify the module-style signature appended to files. Signed-off-by: Thiago Jung Bauermann --- security/integrity/digsig.c| 28 +++-

[PATCH v5 13/18] PKCS#7: Introduce pkcs7_get_message_sig and verify_pkcs7_message_sig

IMA will need to access the digest used in the signature so that it can verify files containing module-style appended signatures. For this purpose, add function pkcs7_get_message_sig. It will also need to verify an already parsed PKCS#7 message. For this purpose, add function

[PATCH v5 11/18] ima: Export func_tokens

ima_read_modsig will need it so that it can show an error message. Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/ima.h| 2 ++ security/integrity/ima/ima_policy.c | 12 ++-- 2 files changed, 8 insertions(+), 6 deletions(-) diff

[PATCH v5 10/18] ima: Store measurement after appraisal

When module-style signatures appended at the end of files are supported for IMA appraisal, the code will fallback to the xattr signature if the appended one fails to verify. The problem is that we don't know whether we need to fallback to the xattr signature until the appraise step, and by then

[PATCH v5 01/18] ima: Remove redundant conditional operator

A non-zero value is converted to 1 when assigned to a bool variable, so the conditional operator in is_ima_appraise_enabled is redundant. The value of a comparison operator is either 1 or 0 so the conditional operator in ima_inode_setxattr is redundant as well. Confirmed that the patch is

[PATCH v2] staging: ccree: Fix bool comparison

From: Suniel Mahesh Comparision operator "equal to" not required on a variable "foo" of type "bool". Bool has only two values, can be used directly or with logical not. This fixes the following coccinelle warning: WARNING: Comparison of bool to 0/1 Signed-off-by: Suniel

[PATCH v5 15/18] ima: Add modsig appraise_type option for module-style appended signatures

This patch introduces the modsig keyword to the IMA policy syntax to specify that a given hook should expect the file to have the IMA signature appended to it. Here is how it can be used in a rule: appraise func=KEXEC_KERNEL_CHECK appraise_type=modsig|imasig With this rule, IMA will accept

[PATCH v5 03/18] evm, ima: Remove superfluous parentheses

This patch removes unnecessary parentheses from all EVM and IMA files touched by this patch series. The difference from the previous patch is that it cleans up the files as a whole, not just the lines that were already going to be modified by other patches. It is separate from the previous one so

[PATCH v5 17/18] ima: Implement support for module-style appended signatures

This patch actually implements the appraise_type=modsig option, allowing IMA to read and verify modsig signatures Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/ima.h | 17 +++-- security/integrity/ima/ima_appraise.c | 119

[PATCH v5 00/18] Appended signatures support for IMA appraisal

Hello, The main highlight in this version is that it fixes a bug where the modsig wasn't being included in the measurement list if the appraised file was already measured by another rule. The fix is in the last patch. Another change is that the last patch in the v4 series ("ima: Support

[PATCH v5 18/18] ima: Write modsig to the measurement list

Add modsig support for templates which require the contents of the file signature to be included in the measurement list. Suggested-by: Mimi Zohar Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/ima.h | 8

[PATCH v5 07/18] integrity: Introduce struct evm_xattr

Even though struct evm_ima_xattr_data includes a fixed-size array to hold a SHA1 digest, most of the code ignores the array and uses the struct to mean "type indicator followed by data of unspecified size" and tracks the real size of what the struct represents in a separate length variable. The

[PATCH v5 12/18] MODSIGN: Export module signature definitions

IMA will use the module_signature format for append signatures, so export the relevant definitions and factor out the code which verifies that the appended signature trailer is valid. Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it and be able to use

[PATCH v5 16/18] ima: Add functions to read and verify a modsig signature

This is the code needed by IMA-appraise to work with modsig signatures. It will be used by the next patch. Signed-off-by: Thiago Jung Bauermann --- security/integrity/ima/Kconfig | 3 + security/integrity/ima/ima.h| 34 +++

[PATCH v5 09/18] ima: Don't pass xattr value to EVM xattr verification.

The patch implementing modsig support will retry verifying the xattr signature if the modsig verification fails, and if we have already passed the modsig as the xattr_value we'll have problems if we pass the xattr sig in the second call to evm_verifyxattr. Since this is an optimization and not

[PATCH v2] staging: ccree: fix boolreturn.cocci warning

From: Suniel Mahesh Return "false" instead of 0. This fixes the following coccinelle warning: WARNING: return of 0/1 in function 'ssi_is_hw_key' with return type bool. Signed-off-by: Suniel Mahesh --- Changes for v2: - Changed the commit log to give

Re: [PATCH v2] staging: ccree: Fix bool comparison

On Wed, Oct 18, 2017 at 07:40:14AM +0530, suni...@techveda.org wrote: > From: Suniel Mahesh > > Comparision operator "equal to" not required on a variable > "foo" of type "bool". Bool has only two values, can be used > directly or with logical not. > > This fixes the

Re: [PATCH v2] staging: ccree: fix boolreturn.cocci warning

On Wed, Oct 18, 2017 at 07:42:53AM +0530, suni...@techveda.org wrote: > From: Suniel Mahesh > > Return "false" instead of 0. > > This fixes the following coccinelle warning: > WARNING: return of 0/1 in function 'ssi_is_hw_key' with return type bool. So close! The order of

Re: [PATCH v9 00/20] simplify crypto wait for async op

On Tue, Oct 17, 2017 at 5:06 PM, Russell King - ARM Linux wrote: > On Sun, Oct 15, 2017 at 10:19:45AM +0100, Gilad Ben-Yossef wrote: >> Many users of kernel async. crypto services have a pattern of >> starting an async. crypto op and than using a completion >> to wait for