Hi Stephan,
Le 16/10/2017 à 23:10, Stephan Mueller a écrit :
Am Montag, 16. Oktober 2017, 08:53:00 CEST schrieb Christophe LEROY:
Hi Christophe,
Hi Stephan,
I get an issue with md5sum of a big file with kernel 4.9. It don't get
that issue with kernel 4.13.
The key to the difference in
Hi Again Stephan
Le 17/10/2017 à 09:58, Christophe LEROY a écrit :
Hi Stephan,
Le 16/10/2017 à 23:10, Stephan Mueller a écrit :
Am Montag, 16. Oktober 2017, 08:53:00 CEST schrieb Christophe LEROY:
Hi Christophe,
Hi Stephan,
I get an issue with md5sum of a big file with kernel 4.9. It
Thanks Bart,
Reviewed-by: Johannes Thumshirn
--
Johannes Thumshirn Storage
jthumsh...@suse.de+49 911 74053 689
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: Felix Imendörffer, Jane Smithard, Graham
Le 15/10/2017 à 11:20, Gilad Ben-Yossef a écrit :
The talitos driver starts several async crypto ops and waits for their
completions. Move it over to generic code doing the same.
Signed-off-by: Gilad Ben-Yossef
Tested-by: Christophe Leroy
---
Add support for MD5, SHA1, SHA256 hash algorithms for Exynos HW.
It uses the crypto framework asynchronous hash api.
It is based on omap-sham.c driver.
S5P has some HW differencies and is not implemented.
Modifications in s5p-sss:
- Add hash supporting structures and functions.
- Modify irq
change spaces into tabs in defines
Signed-off-by: Kamil Konieczny
---
drivers/crypto/s5p-sss.c | 190 +++
1 file changed, 95 insertions(+), 95 deletions(-)
diff --git a/drivers/crypto/s5p-sss.c
First patch cleans up spaces in defines, second adds HASH support for Exynos.
Changes:
version 7:
- fix ifdef into if(IS_ENABLED()) as suggested by Krzysztof Kozlowski
version 6:
- fixes suggested by Vladimir Zapolskiy: change HASH_OP enum into bool, fix
comments, change int into unsigned int
On Sun, Oct 15, 2017 at 6:38 PM, Herbert Xu wrote:
>
> On Sun, Oct 15, 2017 at 10:19:45AM +0100, Gilad Ben-Yossef wrote:
> >
> > Changes from v8:
> > - Remove the translation of EAGAIN return code to the
> > previous return code of EBUSY for the user space
> >
On Sun, Oct 15, 2017 at 10:19:45AM +0100, Gilad Ben-Yossef wrote:
> Many users of kernel async. crypto services have a pattern of
> starting an async. crypto op and than using a completion
> to wait for it to end.
>
> This patch set simplifies this common use case in two ways:
>
> First, by
On Tue, 2017-10-17 at 08:21 +0200, Hannes Reinecke wrote:
> On 10/17/2017 12:49 AM, Bart Van Assche wrote:
> > Signed-off-by: Bart Van Assche
> > Reviewed-by: Johannes Thumshirn
> > Cc: linux-s...@vger.kernel.org
> > Cc: Martin K. Petersen
On Tue, 2017-10-17 at 08:14 +0200, Hannes Reinecke wrote:
> On 10/17/2017 12:49 AM, Bart Van Assche wrote:
> > [ ... ]
> > void target_free_sgl(struct scatterlist *sgl, int nents)
> > {
> > - struct scatterlist *sg;
> > - int count;
> > -
> > - for_each_sg(sgl, sg, nents, count)
> > -
+ linux-accelerat...@lists.ozlabs.org
Seems sensible to have this email actually go to the new list so
at least it appears in the archive.
Sorry all, I should have thought of this before pressing send,
Jonathan
On Tue, 17 Oct 2017 13:48:10 +0100
Jonathan Cameron
On Tue, 17 Oct 2017 11:00:40 +1100
Andrew Donnellan wrote:
> On 17/10/17 01:07, Jonathan Cameron wrote:
> >
> >
> >>> So as ever with a linux community focusing on a particular topic, the
> >>> obvious solution is a mailing list. There are a number of options on
On 10/17/2017 12:49 AM, Bart Van Assche wrote:
> Use the sgl_alloc() and sgl_free() functions instead of open coding
> these functions.
>
> Signed-off-by: Bart Van Assche
> Cc: Ard Biesheuvel
> Cc: Herbert Xu
> ---
On 10/17/2017 12:49 AM, Bart Van Assche wrote:
> Many kernel drivers contain code that allocates and frees both a
> scatterlist and the pages that populate that scatterlist.
> Introduce functions in lib/scatterlist.c that perform these tasks
> instead of duplicating this functionality in multiple
On 10/17/2017 12:49 AM, Bart Van Assche wrote:
> Use the sgl_alloc() and sgl_free() functions instead of open coding
> these functions.
>
> Signed-off-by: Bart Van Assche
> Reviewed-by: Johannes Thumshirn
> Cc: Keith Busch
>
On 10/17/2017 12:49 AM, Bart Van Assche wrote:
> Use the sgl_alloc() and sgl_free() functions instead of open coding
> these functions.
>
> Signed-off-by: Bart Van Assche
> Reviewed-by: Johannes Thumshirn
> Cc: Keith Busch
>
On 10/17/2017 12:49 AM, Bart Van Assche wrote:
> Use the sgl_alloc_order() and sgl_free() functions instead of open
> coding these functions.
>
> Signed-off-by: Bart Van Assche
> Cc: Nicholas A. Bellinger
> Cc: Christoph Hellwig
> Cc:
On 10/17/2017 12:49 AM, Bart Van Assche wrote:
> Use the sgl_alloc_order() and sgl_free_order() functions instead
> of open coding these functions.
>
> Signed-off-by: Bart Van Assche
> Reviewed-by: Johannes Thumshirn
> Cc: linux-s...@vger.kernel.org
>
On 10/17/2017 12:49 AM, Bart Van Assche wrote:
> Signed-off-by: Bart Van Assche
> Reviewed-by: Johannes Thumshirn
> Cc: linux-s...@vger.kernel.org
> Cc: Martin K. Petersen
> Cc: Anil Ravindranath
On 10/17/2017 12:49 AM, Bart Van Assche wrote:
> Use the sgl_alloc_order() and sgl_free_order() functions instead
> of open coding these functions.
>
> Signed-off-by: Bart Van Assche
> Reviewed-by: Johannes Thumshirn
> Cc: linux-s...@vger.kernel.org
>
On 10/16/2017 08:51 AM, Andrey Ryabinin wrote:
> struct sha256_ctx_mgr allocated in sha256_mb_mod_init() via kzalloc()
> and later passed in sha256_mb_flusher_mgr_flush_avx2() function where
> instructions vmovdqa used to access the struct. vmovdqa requires
> 16-bytes aligned argument, but nothing
Am Dienstag, 17. Oktober 2017, 09:58:31 CEST schrieb Christophe LEROY:
Hi Christophe,
>
> > If you tamper with the code shown above from libkcapi and set
> > alg_max_pages to a low value, the library reverts to sendmsg after the
> > given number of pages.
> Couldn't we get the libkcapi to
On 10/12/2017 11:55 AM, Colin King wrote:
From: Colin Ian King
Variable qim is assigned but never read, it is redundant and can
be removed.
Cleans up clang warning: Value stored to 'qim' is never read
Fixes: 4b394a232df7 ("crypto: ccp - Let a v5 CCP provide the same
The "goto out" statement doesn't have any purpose since there's no cleanup
to be done when returning early, so remove it. This also makes the rc
variable unnecessary so remove it as well.
Also, the xattr_len and fmt variables are redundant so remove them as well.
Signed-off-by: Thiago Jung
This patch removes unnecessary parentheses from all EVM and IMA files
not yet cleaned up by the previous patches.
It is separate from the previous one so that it can be easily dropped if
the churn and conflict potential is deemed not worth it.
Confirmed that the patch is correct by comparing the
This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by
a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT
which in turn selects CONFIG_KEYS. Kconfig then complains that
CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS.
Signed-off-by: Thiago Jung Bauermann
Replace nested ifs in the EVM xattr verification logic with a switch
statement, making the code easier to understand.
Also, add comments to the if statements in the out section.
Signed-off-by: Mimi Zohar
Signed-off-by: Thiago Jung Bauermann
Superfluous parentheses just add clutter to the code, making it harder to
read and to understand.
In order to avoid churn and minimize conflicts with other patches from the
community, this patch only removes superfluous parentheses from lines that
are modified by other patches in this series.
IMA will need to obtain the keyring used to verify file signatures so that
it can verify the module-style signature appended to files.
Signed-off-by: Thiago Jung Bauermann
---
security/integrity/digsig.c| 28 +++-
IMA will need to access the digest used in the signature so that it can
verify files containing module-style appended signatures. For this purpose,
add function pkcs7_get_message_sig.
It will also need to verify an already parsed PKCS#7 message. For this
purpose, add function
ima_read_modsig will need it so that it can show an error message.
Signed-off-by: Thiago Jung Bauermann
---
security/integrity/ima/ima.h| 2 ++
security/integrity/ima/ima_policy.c | 12 ++--
2 files changed, 8 insertions(+), 6 deletions(-)
diff
When module-style signatures appended at the end of files are supported for
IMA appraisal, the code will fallback to the xattr signature if the
appended one fails to verify.
The problem is that we don't know whether we need to fallback to the xattr
signature until the appraise step, and by then
A non-zero value is converted to 1 when assigned to a bool variable, so the
conditional operator in is_ima_appraise_enabled is redundant.
The value of a comparison operator is either 1 or 0 so the conditional
operator in ima_inode_setxattr is redundant as well.
Confirmed that the patch is
From: Suniel Mahesh
Comparision operator "equal to" not required on a variable
"foo" of type "bool". Bool has only two values, can be used
directly or with logical not.
This fixes the following coccinelle warning:
WARNING: Comparison of bool to 0/1
Signed-off-by: Suniel
This patch introduces the modsig keyword to the IMA policy syntax to
specify that a given hook should expect the file to have the IMA signature
appended to it. Here is how it can be used in a rule:
appraise func=KEXEC_KERNEL_CHECK appraise_type=modsig|imasig
With this rule, IMA will accept
This patch removes unnecessary parentheses from all EVM and IMA files
touched by this patch series.
The difference from the previous patch is that it cleans up the files as a
whole, not just the lines that were already going to be modified by other
patches. It is separate from the previous one so
This patch actually implements the appraise_type=modsig option, allowing
IMA to read and verify modsig signatures
Signed-off-by: Thiago Jung Bauermann
---
security/integrity/ima/ima.h | 17 +++--
security/integrity/ima/ima_appraise.c | 119
Hello,
The main highlight in this version is that it fixes a bug where the modsig
wasn't being included in the measurement list if the appraised file was
already measured by another rule. The fix is in the last patch.
Another change is that the last patch in the v4 series ("ima: Support
Add modsig support for templates which require the contents of the file
signature to be included in the measurement list.
Suggested-by: Mimi Zohar
Signed-off-by: Thiago Jung Bauermann
---
security/integrity/ima/ima.h | 8
Even though struct evm_ima_xattr_data includes a fixed-size array to hold a
SHA1 digest, most of the code ignores the array and uses the struct to mean
"type indicator followed by data of unspecified size" and tracks the real
size of what the struct represents in a separate length variable.
The
IMA will use the module_signature format for append signatures, so export
the relevant definitions and factor out the code which verifies that the
appended signature trailer is valid.
Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it
and be able to use
This is the code needed by IMA-appraise to work with modsig signatures.
It will be used by the next patch.
Signed-off-by: Thiago Jung Bauermann
---
security/integrity/ima/Kconfig | 3 +
security/integrity/ima/ima.h| 34 +++
The patch implementing modsig support will retry verifying the xattr
signature if the modsig verification fails, and if we have already passed
the modsig as the xattr_value we'll have problems if we pass the xattr sig
in the second call to evm_verifyxattr.
Since this is an optimization and not
From: Suniel Mahesh
Return "false" instead of 0.
This fixes the following coccinelle warning:
WARNING: return of 0/1 in function 'ssi_is_hw_key' with return type bool.
Signed-off-by: Suniel Mahesh
---
Changes for v2:
- Changed the commit log to give
On Wed, Oct 18, 2017 at 07:40:14AM +0530, suni...@techveda.org wrote:
> From: Suniel Mahesh
>
> Comparision operator "equal to" not required on a variable
> "foo" of type "bool". Bool has only two values, can be used
> directly or with logical not.
>
> This fixes the
On Wed, Oct 18, 2017 at 07:42:53AM +0530, suni...@techveda.org wrote:
> From: Suniel Mahesh
>
> Return "false" instead of 0.
>
> This fixes the following coccinelle warning:
> WARNING: return of 0/1 in function 'ssi_is_hw_key' with return type bool.
So close! The order of
On Tue, Oct 17, 2017 at 5:06 PM, Russell King - ARM Linux
wrote:
> On Sun, Oct 15, 2017 at 10:19:45AM +0100, Gilad Ben-Yossef wrote:
>> Many users of kernel async. crypto services have a pattern of
>> starting an async. crypto op and than using a completion
>> to wait for
48 matches
Mail list logo