. It is checked upon ima_file_free hook to set initial
security.ima value.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
security/integrity/ima/ima_appraise.c | 7 +--
security/integrity/ima/ima_main.c | 12 +++-
security/integrity/integrity.h| 1 +
3 files changed, 13
(value), 0);
close(fd);
This patch skips integrity verification if IMA_NEW_FILE flag is set.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
security/integrity/evm/evm_main.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/security/integrity/evm/evm_main.c
b
came to the
kernel.
- Dmitry
Dmitry Kasatkin (3):
ima: provide flag to identify new empty files
evm: skip integrity verification for newly created files
ima: pass 'opened' flag to identify newly created files
fs/namei.c| 2 +-
fs/nfsd/vfs.c
When SIGNATURE=y but depends on CRYPTO=m, it selects MPILIB as module
producing build break. This patch makes digsig to select crypto for
correcting dependency.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
lib/Kconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff
to `sprint_oid'
crypto/built-in.o: In function `rsa_extract_mpi':
- Dmitry
Dmitry Kasatkin (2):
asymmetric_keys: make crypto builtin if asymmetric keys selected as
builtin
digsig: make crypto builtin if digsig selected as builtin
crypto/Kconfig | 6 +-
crypto
.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
crypto/Kconfig | 6 +-
crypto/asymmetric_keys/Kconfig | 2 ++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index ce4012a..96835d6 100644
--- a/crypto/Kconfig
+++ b/crypto
On 11 July 2014 23:10, Pavel Machek pa...@ucw.cz wrote:
On Wed 2014-07-02 11:40:50, Christoph Hellwig wrote:
On Wed, Jul 02, 2014 at 11:55:41AM -0400, Jeff Moyer wrote:
It's acceptable.
It's not because it will then also affect other reads going on at the
same time.
The whole concept of
Hi David,
If patches from integrity/next-trusted-keys goes via your tree, then I
suggest that you re-base your patches on the top of our
patchset, because it is unclear how long review of PE, PKCS7 patches
will take and if they will be pulled...
I would do it with different pull requests.
-
On 10/07/14 11:02, Marek Vasut wrote:
> On Thursday, July 10, 2014 at 01:05:39 AM, Dmitry Kasatkin wrote:
>> On 10 July 2014 00:00, Marek Vasut wrote:
>>> On Tuesday, July 08, 2014 at 10:07:16 AM, Dmitry Kasatkin wrote:
>>> [...]
>>>
>>>>> Righ
On 10/07/14 11:02, Marek Vasut wrote:
On Thursday, July 10, 2014 at 01:05:39 AM, Dmitry Kasatkin wrote:
On 10 July 2014 00:00, Marek Vasut ma...@denx.de wrote:
On Tuesday, July 08, 2014 at 10:07:16 AM, Dmitry Kasatkin wrote:
[...]
Right, but my concern is not about unloading the kernel
Hi David,
If patches from integrity/next-trusted-keys goes via your tree, then I
suggest that you re-base your patches on the top of our
patchset, because it is unclear how long review of PE, PKCS7 patches
will take and if they will be pulled...
I would do it with different pull requests.
-
On 10 July 2014 00:00, Marek Vasut wrote:
> On Tuesday, July 08, 2014 at 10:07:16 AM, Dmitry Kasatkin wrote:
> [...]
>> > Right, but my concern is not about unloading the kernel module, but
>> > about the IMA module parameters left initialized. The existing code
>&g
On 10 July 2014 00:00, Marek Vasut ma...@denx.de wrote:
On Tuesday, July 08, 2014 at 10:07:16 AM, Dmitry Kasatkin wrote:
[...]
Right, but my concern is not about unloading the kernel module, but
about the IMA module parameters left initialized. The existing code
will continue using ahash
On 07/07/14 19:34, Mimi Zohar wrote:
> On Mon, 2014-07-07 at 19:11 +0300, Dmitry Kasatkin wrote:
>> On 07/07/14 18:44, Mimi Zohar wrote:
>>> On Mon, 2014-07-07 at 16:37 +0300, Dmitry Kasatkin wrote:
>>>> On 07/07/14 14:56, Mimi Zohar wrote:
>>>>&
On 07/07/14 19:34, Mimi Zohar wrote:
On Mon, 2014-07-07 at 19:11 +0300, Dmitry Kasatkin wrote:
On 07/07/14 18:44, Mimi Zohar wrote:
On Mon, 2014-07-07 at 16:37 +0300, Dmitry Kasatkin wrote:
On 07/07/14 14:56, Mimi Zohar wrote:
On Fri, 2014-07-04 at 15:05 +0300, Dmitry Kasatkin wrote
On 07/07/14 18:44, Mimi Zohar wrote:
> On Mon, 2014-07-07 at 16:37 +0300, Dmitry Kasatkin wrote:
>> On 07/07/14 14:56, Mimi Zohar wrote:
>>> On Fri, 2014-07-04 at 15:05 +0300, Dmitry Kasatkin wrote:
>>>> +/**
>>> This is the kernel-doc delimiter.
>>
On 07/07/14 14:56, Mimi Zohar wrote:
> On Fri, 2014-07-04 at 15:05 +0300, Dmitry Kasatkin wrote:
>> Async hash API allows to use HW acceleration for hash calculation.
>> It may give significant performance gain or/and reduce power consumption,
>> which might be very beneficia
On 07/07/14 14:56, Mimi Zohar wrote:
On Fri, 2014-07-04 at 15:05 +0300, Dmitry Kasatkin wrote:
Async hash API allows to use HW acceleration for hash calculation.
It may give significant performance gain or/and reduce power consumption,
which might be very beneficial for battery powered
On 07/07/14 18:44, Mimi Zohar wrote:
On Mon, 2014-07-07 at 16:37 +0300, Dmitry Kasatkin wrote:
On 07/07/14 14:56, Mimi Zohar wrote:
On Fri, 2014-07-04 at 15:05 +0300, Dmitry Kasatkin wrote:
+/**
This is the kernel-doc delimiter.
+ * ima_calc_file_hash - calculae file hash
+ *
Missing
From: Jonghwa Lee
Signed-off-by: Jonghwa Lee
Signed-off-by: Chanwoo Choi
---
drivers/extcon/extcon-max77693.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/extcon/extcon-max77693.c b/drivers/extcon/extcon-max77693.c
index 2c7c3e1..0e9f734 100644
---
When USB cable is connected to jig, device disables console.
This patch forces using UART when jig cable is connected.
It allows to charge the device, which also prevents it from sleeping.
Signed-off-by: Dmitry Kasatkin
Signed-off-by: Jonghwa Lee
Signed-off-by: MyungJoo Ham
---
drivers/extcon
Signed-off-by: Dmitry Kasatkin
Signed-off-by: Jonghwa Lee
Signed-off-by: MyungJoo Ham
---
drivers/extcon/extcon-max77693.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/extcon/extcon-max77693.c b/drivers/extcon/extcon-max77693.c
index 0e9f734..1b194b3
Hi,
I found out that this commits are missing from upstream kernel.
Please take care to apply.
Thanks,
Dmitry
Dmitry Kasatkin (2):
extcon: max77693: Differentiate info message for easier debugging
extcon: max77693: Force using UART path for jig
Jonghwa Lee (1):
extcon: max77693: Fix bug
. Ahash allocated once on the first use.
- hash calculation falls back to sahsh if ahash allocation/calculation fails
- complex initialization separated from variable declaration
- improved comments
- Dmitry
Dmitry Kasatkin (3):
ima: use ahash API for file hash calculation
ima: introduce multi
parameter replaced with module parameter
Signed-off-by: Dmitry Kasatkin
---
Documentation/kernel-parameters.txt | 8 +++
security/integrity/ima/ima_crypto.c | 98 -
2 files changed, 104 insertions(+), 2 deletions(-)
diff --git a/Documentation/kernel
Asynchronous hash API allows initiate hash calculation and perform
other tasks while hash is calculated.
This patch introduces usage of double buffering for simultaneous
hashing and reading of the next chunk of data from the storage.
Changes in v3:
- better comments
Signed-off-by: Dmitry
.
- hash calculation falls back to shash if ahash allocation/calculation fails
- complex initialization separated from variable declaration
- improved comments
Signed-off-by: Dmitry Kasatkin
---
Documentation/kernel-parameters.txt | 9 ++
security/integrity/ima/ima_crypto.c | 185
Asynchronous hash API allows initiate hash calculation and perform
other tasks while hash is calculated.
This patch introduces usage of double buffering for simultaneous
hashing and reading of the next chunk of data from the storage.
Changes in v3:
- better comments
Signed-off-by: Dmitry
.
- hash calculation falls back to shash if ahash allocation/calculation fails
- complex initialization separated from variable declaration
- improved comments
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
Documentation/kernel-parameters.txt | 9 ++
security/integrity/ima/ima_crypto.c
ahash crypto modules. Ahash allocated once on the first use.
- hash calculation falls back to sahsh if ahash allocation/calculation fails
- complex initialization separated from variable declaration
- improved comments
- Dmitry
Dmitry Kasatkin (3):
ima: use ahash API for file hash calculation
parameter replaced with module parameter
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
Documentation/kernel-parameters.txt | 8 +++
security/integrity/ima/ima_crypto.c | 98 -
2 files changed, 104 insertions(+), 2 deletions(-)
diff --git
Hi,
I found out that this commits are missing from upstream kernel.
Please take care to apply.
Thanks,
Dmitry
Dmitry Kasatkin (2):
extcon: max77693: Differentiate info message for easier debugging
extcon: max77693: Force using UART path for jig
Jonghwa Lee (1):
extcon: max77693: Fix bug
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
Signed-off-by: Jonghwa Lee jonghwa3@samsung.com
Signed-off-by: MyungJoo Ham myungjoo@samsung.com
---
drivers/extcon/extcon-max77693.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/extcon/extcon
When USB cable is connected to jig, device disables console.
This patch forces using UART when jig cable is connected.
It allows to charge the device, which also prevents it from sleeping.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
Signed-off-by: Jonghwa Lee jonghwa3@samsung.com
From: Jonghwa Lee jonghwa3@samsung.com
Signed-off-by: Jonghwa Lee jonghwa3@samsung.com
Signed-off-by: Chanwoo Choi cw00.c...@samsung.com
---
drivers/extcon/extcon-max77693.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/extcon/extcon-max77693.c
On 2 July 2014 23:21, Mimi Zohar wrote:
> On Tue, 2014-07-01 at 23:12 +0300, Dmitry Kasatkin wrote:
>> Use of multiple-page collect buffers reduces:
>> 1) the number of block IO requests
>> 2) the number of asynchronous hash update requests
>>
>> Second is imp
On 2 July 2014 21:45, Jeff Moyer wrote:
> Christoph Hellwig writes:
>
>> On Wed, Jul 02, 2014 at 11:55:41AM -0400, Jeff Moyer wrote:
>>> It's acceptable.
>>
>> It's not because it will then also affect other reads going on at the
>> same time.
>
> OK, that part I was fuzzy on. I wasn't sure if
On 2 July 2014 21:33, Dave Hansen wrote:
> On 07/01/2014 01:12 PM, Dmitry Kasatkin wrote:
>> + ima_ahash= [IMA] Asynchronous hash usage parameters
>> + Format:
>> + Set the minimal file size when
On 2 July 2014 20:44, Mimi Zohar wrote:
> On Tue, 2014-07-01 at 23:12 +0300, Dmitry Kasatkin wrote:
>
>> -/*
>> - * Calculate the MD5/SHA1 file digest
>> - */
>> +static struct crypto_ahash *ima_alloc_atfm(enum hash_algo algo)
>> +{
>> + struct crypt
On 2 July 2014 19:40, Mimi Zohar wrote:
> On Tue, 2014-07-01 at 23:12 +0300, Dmitry Kasatkin wrote:
>> Async hash API allows to use HW acceleration for hash calculation.
>> It may give significant performance gain or/and reduce power consumption,
>> which might be very b
Hi Jeff,
Thanks for reply.
On 2 July 2014 18:55, Jeff Moyer wrote:
> Hi, Dmitry,
>
> Dmitry Kasatkin writes:
>
>> Hi,
>>
>> We are looking for advice on reading files opened for direct_io.
>
> [snip]
>
>> 2. Temporarily clear O_DIRECT in file->f
Hi,
We are looking for advice on reading files opened for direct_io.
IMA subsystem (security/integrity/ima) reads file content to kernel
buffer with kernel_read() like function to calculate a file hash.
It does not open another instance of 'struct file' but uses one
allocated via 'open' system
Hi,
We are looking for advice on reading files opened for direct_io.
IMA subsystem (security/integrity/ima) reads file content to kernel
buffer with kernel_read() like function to calculate a file hash.
It does not open another instance of 'struct file' but uses one
allocated via 'open' system
Hi Jeff,
Thanks for reply.
On 2 July 2014 18:55, Jeff Moyer jmo...@redhat.com wrote:
Hi, Dmitry,
Dmitry Kasatkin d.kasat...@samsung.com writes:
Hi,
We are looking for advice on reading files opened for direct_io.
[snip]
2. Temporarily clear O_DIRECT in file-f_flags.
[snip]
3. Open
On 2 July 2014 19:40, Mimi Zohar zo...@linux.vnet.ibm.com wrote:
On Tue, 2014-07-01 at 23:12 +0300, Dmitry Kasatkin wrote:
Async hash API allows to use HW acceleration for hash calculation.
It may give significant performance gain or/and reduce power consumption,
which might be very beneficial
On 2 July 2014 20:44, Mimi Zohar zo...@linux.vnet.ibm.com wrote:
On Tue, 2014-07-01 at 23:12 +0300, Dmitry Kasatkin wrote:
-/*
- * Calculate the MD5/SHA1 file digest
- */
+static struct crypto_ahash *ima_alloc_atfm(enum hash_algo algo)
+{
+ struct crypto_ahash *tfm = ima_ahash_tfm
On 2 July 2014 21:33, Dave Hansen dave.han...@intel.com wrote:
On 07/01/2014 01:12 PM, Dmitry Kasatkin wrote:
+ ima_ahash= [IMA] Asynchronous hash usage parameters
+ Format: min_file_size
+ Set the minimal file size when use asynchronous hash
On 2 July 2014 21:45, Jeff Moyer jmo...@redhat.com wrote:
Christoph Hellwig h...@infradead.org writes:
On Wed, Jul 02, 2014 at 11:55:41AM -0400, Jeff Moyer wrote:
It's acceptable.
It's not because it will then also affect other reads going on at the
same time.
OK, that part I was fuzzy
On 2 July 2014 23:21, Mimi Zohar zo...@linux.vnet.ibm.com wrote:
On Tue, 2014-07-01 at 23:12 +0300, Dmitry Kasatkin wrote:
Use of multiple-page collect buffers reduces:
1) the number of block IO requests
2) the number of asynchronous hash update requests
Second is important for HW
.
Signed-off-by: Dmitry Kasatkin
---
Documentation/kernel-parameters.txt | 5 +
security/integrity/ima/ima_crypto.c | 185 +++-
2 files changed, 186 insertions(+), 4 deletions(-)
diff --git a/Documentation/kernel-parameters.txt
b/Documentation/kernel
comments
- Dmitry
Dmitry Kasatkin (3):
ima: use ahash API for file hash calculation
ima: introduce multi-page collect buffers
ima: provide double buffering for hash calculation
Documentation/kernel-parameters.txt | 6 +
security/integrity/ima/ima_crypto.c | 287
' specifies that minimal file
size to use ahash is 2048 byes and buffer size is 16384 bytes.
Default buffer size is 4096 bytes.
Signed-off-by: Dmitry Kasatkin
---
Documentation/kernel-parameters.txt | 3 +-
security/integrity/ima/ima_crypto.c | 85 ++---
2 files changed, 81
Asynchronous hash API allows initiate hash calculation and perform
other tasks while hash is calculated.
This patch introduces usage of double buffering for simultaneous
hashing and reading of the next chunk of data from the storage.
Signed-off-by: Dmitry Kasatkin
---
security/integrity/ima
Asynchronous hash API allows initiate hash calculation and perform
other tasks while hash is calculated.
This patch introduces usage of double buffering for simultaneous
hashing and reading of the next chunk of data from the storage.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
variable declaration
- improved comments
- Dmitry
Dmitry Kasatkin (3):
ima: use ahash API for file hash calculation
ima: introduce multi-page collect buffers
ima: provide double buffering for hash calculation
Documentation/kernel-parameters.txt | 6 +
security/integrity/ima/ima_crypto.c
' specifies that minimal file
size to use ahash is 2048 byes and buffer size is 16384 bytes.
Default buffer size is 4096 bytes.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
Documentation/kernel-parameters.txt | 3 +-
security/integrity/ima/ima_crypto.c | 85
.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
Documentation/kernel-parameters.txt | 5 +
security/integrity/ima/ima_crypto.c | 185 +++-
2 files changed, 186 insertions(+), 4 deletions(-)
diff --git a/Documentation/kernel-parameters.txt
b
On 26/06/14 14:54, Mimi Zohar wrote:
> On Thu, 2014-06-19 at 18:20 +0300, Dmitry Kasatkin wrote:
>> Async hash API allows to use HW acceleration for hash calculation.
>> It may give significant performance gain or/and reduce power consumption,
>> which might be very beneficia
On 27/06/14 20:44, Mimi Zohar wrote:
> On Fri, 2014-06-27 at 14:55 +0100, David Howells wrote:
>> Mimi Zohar wrote:
>>
>>> This patch defines a new kernel parameter 'keys_ownerid' to identify
>>> the owner's key which must be used for trust validation of certificates.
>> "ca_keys" or "only_ca"
On 27/06/14 16:38, David Howells wrote:
> Mimi Zohar wrote:
>
>> +if (strncmp(id, "id:", 3) == 0)
>> Use memcmp() here.
'id' function parameter comes from "keys_ownerid" kernel parameter.
User can supply anything shorter than "id:".
Though comparing 3 bytes should not produce any memory
On 27/06/14 16:38, David Howells wrote:
Mimi Zohar zo...@linux.vnet.ibm.com wrote:
+if (strncmp(id, id:, 3) == 0)
Use memcmp() here.
'id' function parameter comes from keys_ownerid kernel parameter.
User can supply anything shorter than id:.
Though comparing 3 bytes should not produce
On 27/06/14 20:44, Mimi Zohar wrote:
On Fri, 2014-06-27 at 14:55 +0100, David Howells wrote:
Mimi Zohar zo...@linux.vnet.ibm.com wrote:
This patch defines a new kernel parameter 'keys_ownerid' to identify
the owner's key which must be used for trust validation of certificates.
ca_keys or
On 26/06/14 14:54, Mimi Zohar wrote:
On Thu, 2014-06-19 at 18:20 +0300, Dmitry Kasatkin wrote:
Async hash API allows to use HW acceleration for hash calculation.
It may give significant performance gain or/and reduce power consumption,
which might be very beneficial for battery powered devices
On 26/06/14 16:20, Dmitry Kasatkin wrote:
> On 26/06/14 15:49, Mimi Zohar wrote:
>> On Tue, 2014-06-24 at 16:27 +0300, Dmitry Kasatkin wrote:
>>> 3.16 commit aad4f8bb42af06371aa0e85bf0cd9d52c0494985
>>> 'switch simple generic_file_aio_read() users to ->read_i
On 26/06/14 15:49, Mimi Zohar wrote:
> On Tue, 2014-06-24 at 16:27 +0300, Dmitry Kasatkin wrote:
>> 3.16 commit aad4f8bb42af06371aa0e85bf0cd9d52c0494985
>> 'switch simple generic_file_aio_read() users to ->read_iter()'
>> replaced ->aio_read with ->read_it
On 26/06/14 15:49, Mimi Zohar wrote:
On Tue, 2014-06-24 at 16:27 +0300, Dmitry Kasatkin wrote:
3.16 commit aad4f8bb42af06371aa0e85bf0cd9d52c0494985
'switch simple generic_file_aio_read() users to -read_iter()'
replaced -aio_read with -read_iter in most of the file systems
and introduced
On 26/06/14 16:20, Dmitry Kasatkin wrote:
On 26/06/14 15:49, Mimi Zohar wrote:
On Tue, 2014-06-24 at 16:27 +0300, Dmitry Kasatkin wrote:
3.16 commit aad4f8bb42af06371aa0e85bf0cd9d52c0494985
'switch simple generic_file_aio_read() users to -read_iter()'
replaced -aio_read with -read_iter
On 13 June 2014 19:06, Dmitry Kasatkin wrote:
> On 13 June 2014 19:03, Ming Lei wrote:
>> On Fri, Jun 13, 2014 at 11:09 PM, Dmitry Kasatkin
>> wrote:
>>> There is no need to read attr because inode structure contains size
>>> of the file. Use i_size_read() inste
On 13 June 2014 19:06, Dmitry Kasatkin dmitry.kasat...@gmail.com wrote:
On 13 June 2014 19:03, Ming Lei ming@canonical.com wrote:
On Fri, Jun 13, 2014 at 11:09 PM, Dmitry Kasatkin
d.kasat...@samsung.com wrote:
There is no need to read attr because inode structure contains size
of the file
On 23/06/14 14:32, Mimi Zohar wrote:
> On Thu, 2014-06-19 at 18:20 +0300, Dmitry Kasatkin wrote:
>> Async hash API allows to use HW acceleration for hash calculation.
>> It may give significant performance gain or/and reduce power consumption,
>> which might be very beneficia
t '->read' and ima_kernel_read is not affected.
When ->read is not set, this patch adopts fallback call changes from the
vfs_read.
Signed-off-by: Dmitry Kasatkin
---
security/integrity/ima/ima_crypto.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/security/integrity/ima/
' and ima_kernel_read is not affected.
When -read is not set, this patch adopts fallback call changes from the
vfs_read.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
security/integrity/ima/ima_crypto.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/security/integrity/ima
On 23/06/14 14:32, Mimi Zohar wrote:
On Thu, 2014-06-19 at 18:20 +0300, Dmitry Kasatkin wrote:
Async hash API allows to use HW acceleration for hash calculation.
It may give significant performance gain or/and reduce power consumption,
which might be very beneficial for battery powered
Hi Mimi,
If there is no objections, should we queue this patch for next release?
- Dmitry
On 16/05/14 15:03, Dmitry Kasatkin wrote:
> Before IMA appraisal was introduced, IMA was using own integrity cache
> lock along with i_mutex. process_measurement and ima_file_free took
> the ii
.
Signed-off-by: Dmitry Kasatkin
---
Documentation/kernel-parameters.txt | 3 ++
security/integrity/ima/ima_crypto.c | 81 +++--
2 files changed, 81 insertions(+), 3 deletions(-)
diff --git a/Documentation/kernel-parameters.txt
b/Documentation/kernel
by this
parameter, shash will be used. Thus, by defult, original shash
implementation is used.
Signed-off-by: Dmitry Kasatkin
---
Documentation/kernel-parameters.txt | 3 +
security/integrity/ima/ima_crypto.c | 182 +++-
2 files changed, 181 insertions(+), 4 deletions
makes HW acceleration more
efficient. It adds kernel parameter to specify buffer size to use.
Third patch introduces double-buffering which allows to readahead next portion
of data for hashing while calculating the hash.
- Dmitry
Dmitry Kasatkin (3):
ima: use ahash API for file hash calculation
Asynchronous hash API allows initiate hash calculation and perform
other tasks while hash is calculated.
This patch introduces usage of double buffering for simultenous
hashing and reading of the next chunk of data from the storage.
Signed-off-by: Dmitry Kasatkin
---
security/integrity/ima
Asynchronous hash API allows initiate hash calculation and perform
other tasks while hash is calculated.
This patch introduces usage of double buffering for simultenous
hashing and reading of the next chunk of data from the storage.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
makes HW acceleration more
efficient. It adds kernel parameter to specify buffer size to use.
Third patch introduces double-buffering which allows to readahead next portion
of data for hashing while calculating the hash.
- Dmitry
Dmitry Kasatkin (3):
ima: use ahash API for file hash calculation
by this
parameter, shash will be used. Thus, by defult, original shash
implementation is used.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
Documentation/kernel-parameters.txt | 3 +
security/integrity/ima/ima_crypto.c | 182 +++-
2 files changed, 181
.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
Documentation/kernel-parameters.txt | 3 ++
security/integrity/ima/ima_crypto.c | 81 +++--
2 files changed, 81 insertions(+), 3 deletions(-)
diff --git a/Documentation/kernel-parameters.txt
b
Hi Mimi,
If there is no objections, should we queue this patch for next release?
- Dmitry
On 16/05/14 15:03, Dmitry Kasatkin wrote:
Before IMA appraisal was introduced, IMA was using own integrity cache
lock along with i_mutex. process_measurement and ima_file_free took
the iint-mutex first
On 16/06/14 14:43, Mimi Zohar wrote:
> On Thu, 2014-06-12 at 23:17 +0300, Dmitry Kasatkin wrote:
>> Instead of allowing public keys, with certificates signed by any
>> key on the system trusted keyring, to be added to a trusted keyring,
>> this patch further restricts the
' to identify
the owner's key which must be used for trust validation of certificates.
Based on Mimi's "KEYS: define an owner trusted keyring" patch.
Signed-off-by: Dmitry Kasatkin
---
Documentation/kernel-parameters.txt | 5 +
crypto/asymmetric_keys/x509_public_
Key id matching will also be used in the following patch.
To avoid code duplication this patch moves functionality
to a separate function.
Signed-off-by: Dmitry Kasatkin
---
crypto/asymmetric_keys/asymmetric_keys.h | 2 ++
crypto/asymmetric_keys/asymmetric_type.c | 50
parameter
'keys_ownerid' to allow trust validation using builtin keys.
Based on Mimi's "KEYS: define an owner trusted keyring" patch.
Signed-off-by: Dmitry Kasatkin
---
Documentation/kernel-parameters.txt | 2 +-
crypto/asymmetric_keys/x509_public_key.c | 9 +++--
include/l
parameter 'keys_ownerid={id: | builtin}'
to use specific key or any builtin key.
Changes to v1:
* key id matching code from asymmetric_type.c is reused in the patch
Thanks,
Dmitry
Dmitry Kasatkin (3):
KEYS: make key id matching as a dedicated function
KEYS: validate certificate trust only
parameter
'keys_ownerid' to allow trust validation using builtin keys.
Based on Mimi's KEYS: define an owner trusted keyring patch.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
Documentation/kernel-parameters.txt | 2 +-
crypto/asymmetric_keys/x509_public_key.c | 9
parameter 'keys_ownerid={id: | builtin}'
to use specific key or any builtin key.
Changes to v1:
* key id matching code from asymmetric_type.c is reused in the patch
Thanks,
Dmitry
Dmitry Kasatkin (3):
KEYS: make key id matching as a dedicated function
KEYS: validate certificate trust only
On 16/06/14 14:43, Mimi Zohar wrote:
On Thu, 2014-06-12 at 23:17 +0300, Dmitry Kasatkin wrote:
Instead of allowing public keys, with certificates signed by any
key on the system trusted keyring, to be added to a trusted keyring,
this patch further restricts the certificates to those signed
Key id matching will also be used in the following patch.
To avoid code duplication this patch moves functionality
to a separate function.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
crypto/asymmetric_keys/asymmetric_keys.h | 2 ++
crypto/asymmetric_keys/asymmetric_type.c | 50
' to identify
the owner's key which must be used for trust validation of certificates.
Based on Mimi's KEYS: define an owner trusted keyring patch.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
Documentation/kernel-parameters.txt | 5 +
crypto/asymmetric_keys/x509_public_key.c
On 14 June 2014 03:02, Richard Guy Briggs wrote:
> On 14/04/02, Richard Guy Briggs wrote:
>> On 14/04/02, Mimi Zohar wrote:
>> > On Wed, 2014-04-02 at 14:18 -0400, Eric Paris wrote:
>> > > On Wed, 2014-04-02 at 14:12 -0400, Mimi Zohar wrote:
>> > > > On Wed, 2014-04-02 at 14:00 -0400, Steve Grubb
On 14 June 2014 03:02, Richard Guy Briggs r...@redhat.com wrote:
On 14/04/02, Richard Guy Briggs wrote:
On 14/04/02, Mimi Zohar wrote:
On Wed, 2014-04-02 at 14:18 -0400, Eric Paris wrote:
On Wed, 2014-04-02 at 14:12 -0400, Mimi Zohar wrote:
On Wed, 2014-04-02 at 14:00 -0400, Steve Grubb
On 13 June 2014 19:03, Ming Lei wrote:
> On Fri, Jun 13, 2014 at 11:09 PM, Dmitry Kasatkin
> wrote:
>> There is no need to read attr because inode structure contains size
>> of the file. Use i_size_read() instead.
>>
>> Signed-off-by: Dmitry Kasatkin
>
&
Hi,
You are right about file type.
inode structure also contains information about file type..
There is no need to use vfs_getattr().
Thanks,
Dmitry
Dmitry Kasatkin (1):
firmware: read firmware size using i_size_read()
drivers/base/firmware_class.c | 17 +++--
1 file changed, 3
There is no need to read attr because inode structure contains size
of the file. Use i_size_read() instead.
Signed-off-by: Dmitry Kasatkin
---
drivers/base/firmware_class.c | 17 +++--
1 file changed, 3 insertions(+), 14 deletions(-)
diff --git a/drivers/base/firmware_class.c b
There is no need to read attr because inode structure contains size
of the file. Use i_size_read() instead.
Signed-off-by: Dmitry Kasatkin d.kasat...@samsung.com
---
drivers/base/firmware_class.c | 17 +++--
1 file changed, 3 insertions(+), 14 deletions(-)
diff --git a/drivers/base
Hi,
You are right about file type.
inode structure also contains information about file type..
There is no need to use vfs_getattr().
Thanks,
Dmitry
Dmitry Kasatkin (1):
firmware: read firmware size using i_size_read()
drivers/base/firmware_class.c | 17 +++--
1 file changed, 3
301 - 400 of 735 matches
Mail list logo