On Wed, Aug 15, 2012 at 9:36 AM, Catalin Marinas
catalin.mari...@arm.com wrote:
Couldn't test it because the patch got messed up somewhere on the
email path (tabs replaced with spaces). Is there a Git tree I can grab
it from (or you could just send it to me separately as attachment)?
Sorry
On Aug 15, 2012, at 3:46 PM, Sage Weil wrote:
I'm experiencing a stall with Ceph daemons communicating over TCP that
occurs reliably with 3.6-rc1 (and linus/master) but not 3.5. The basic
situation is:
- the socket is two processes communicating over TCP on the same host, e.g.
tcp
On 08/15/2012 12:49 PM, Eric W. Biederman wrote:
There is also the trick of getting a shorter directory name using
/proc/self/fd if you are threaded and can't change the directory.
The obvious choices at this point are
- Teach bind and connect and af_unix sockets to take longer AF_UNIX
On Wed, Aug 15, 2012 at 04:45:46PM -0400, J. Bruce Fields wrote:
On Wed, Aug 15, 2012 at 01:21:20PM +0400, Cyrill Gorcunov wrote:
To provide fsnotify object inodes being watched without
binding to alphabetical path we need to encode them with
exportfs help. This patch adds a helper which
On Wed, 15 Aug 2012, Atchley, Scott wrote:
On Aug 15, 2012, at 3:46 PM, Sage Weil wrote:
I'm experiencing a stall with Ceph daemons communicating over TCP that
occurs reliably with 3.6-rc1 (and linus/master) but not 3.5. The basic
situation is:
- the socket is two processes
Hi,
Am 15.08.2012 22:42, schrieb Alexey Khoroshilov:
If pci_register_driver() failed, resources allocated in
ddb_class_create() are leaked. The patch fixes it.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov khoroshi...@ispras.ru
---
On Wed, Aug 15, 2012 at 11:11 PM, Serge Hallyn
serge.hal...@canonical.com wrote:
Quoting Dmitry Kasatkin (dmitry.kasat...@intel.com):
There are several functions, that need to calculate digest.
This patch adds common function for use by integrity subsystem.
Signed-off-by: Dmitry Kasatkin
On Wed, Aug 15, 2012 at 11:16 PM, Serge Hallyn
serge.hal...@canonical.com wrote:
Quoting Dmitry Kasatkin (dmitry.kasat...@intel.com):
IMA measures/appraises modules when modprobe or insmod opens and read them.
Unfortunately, there are no guarantees between what is read by userspace and
what is
On Wed, Aug 15, 2012 at 01:21:19PM +0400, Cyrill Gorcunov wrote:
-static int fdinfo_open_helper(struct inode *inode, int *f_flags, struct path
*path)
+static int fdinfo_open_helper(struct inode *inode, int *f_flags, struct file
**f_file, struct path *path)
Bloody bad taste, that... This
On Wed, 2012-08-15 at 16:37 -0300, Ezequiel Garcia wrote:
I forgot to add this work is part of a project funded by CE workgroup.
You can find more details here:
http://elinux.org/Kernel_dynamic_memory_allocation_tracking_and_reduction
Thanks,
I'll try to get some time tomorrow to look
H. Peter Anvin h...@zytor.com writes:
On 08/15/2012 12:49 PM, Eric W. Biederman wrote:
There is also the trick of getting a shorter directory name using
/proc/self/fd if you are threaded and can't change the directory.
The obvious choices at this point are
- Teach bind and connect and
On Wed, Aug 15, 2012 at 01:21:19PM +0400, Cyrill Gorcunov wrote:
struct proc_fdinfo {
- loff_t f_pos;
- int f_flags;
+ struct file *f_file;
+ int f_flags;
};
+ struct proc_fdinfo *fdinfo;
+ struct seq_file *m;
+ int ret;
fdinfo
On Wed, Aug 15, 2012 at 10:16:28PM +0100, Al Viro wrote:
On Wed, Aug 15, 2012 at 01:21:19PM +0400, Cyrill Gorcunov wrote:
-static int fdinfo_open_helper(struct inode *inode, int *f_flags, struct
path *path)
+static int fdinfo_open_helper(struct inode *inode, int *f_flags, struct
file
On Sat, Aug 11, 2012 at 05:32:18PM +0800, Huacai Chen wrote:
Subject: [PATCH V5 13/18] drm: Define SAREA_MAX for Loongson (PageSize =
16KB).
But your code doesn't define it just for Loongsson as the log message claims
but rather for all MIPS.
diff --git a/include/drm/drm_sarea.h
On Wed, 15 Aug 2012, Bruno Prémont wrote:
I see. Alan Stern has fixed a huge pile of things in this area in 3.6-rc1.
I have expected all of those to actually be on theoretical problems not
ever having happened in the wild, but it might be that you are actually
chasing on of those.
The LLC code wrongly returns 0, i.e. success, when the socket is
zapped. Together with the uninitialized uaddrlen pointer argument from
sys_getsockname this leads to an arbitrary memory leak of up to 128
bytes kernel stack via the getsockname() syscall.
Return an error instead when the socket is
The CCID3 code fails to initialize the trailing padding bytes of struct
tfrc_tx_info added for alignment on 64 bit architectures. It that for
potentially leaks four bytes kernel stack via the getsockopt() syscall.
Add an explicit memset(0) before filling the structure to avoid the
info leak.
The implementation of dev_ifconf() for the compat ioctl interface uses
an intermediate ifc structure allocated in userland for the duration of
the syscall. Though, it fails to initialize the padding bytes inserted
for alignment and that for leaks four bytes of kernel stack. Add an
explicit
The RFCOMM code fails to initialize the two padding bytes of struct
rfcomm_dev_list_req inserted for alignment before copying it to
userland. Additionally there are two padding bytes in each instance of
struct rfcomm_dev_info. The ioctl() that for disclosures two bytes plus
dev_num times two bytes
If at least one of CONFIG_IP_VS_PROTO_TCP or CONFIG_IP_VS_PROTO_UDP is
not set, __ip_vs_get_timeouts() does not fully initialize the structure
that gets copied to userland and that for leaks up to 12 bytes of kernel
stack. Add an explicit memset(0) before passing the structure to
ccid_hc_rx_getsockopt() and ccid_hc_tx_getsockopt() might be called with
a NULL ccid pointer leading to a NULL pointer dereference. This could
lead to a privilege escalation if the attacker is able to map page 0 and
prepare it with a fake ccid_ops pointer.
Signed-off-by: Mathias Krause
On Wed, Aug 15, 2012 at 10:29:27PM +0100, Al Viro wrote:
This, BTW, is too convoluted for its own good. What you need is
something like
struct whatever {
struct seq_file *m;
struct file *f;
int flags;
};
with single allocation of that sucker in your -open(). Set
The L2TP code for IPv6 fails to initialize the l2tp_unused member of
struct sockaddr_l2tpip6 and that for leaks two bytes kernel stack via
the getsockname() syscall. Initialize l2tp_unused with 0 to avoid the
info leak.
Signed-off-by: Mathias Krause mini...@googlemail.com
Cc: James Chapman
The HCI code fails to initialize the two padding bytes of struct
hci_ufilter before copying it to userland -- that for leaking two
bytes kernel stack. Add an explicit memset(0) before filling the
structure to avoid the info leak.
Signed-off-by: Mathias Krause mini...@googlemail.com
Cc: Marcel
The HCI code fails to initialize the hci_channel member of struct
sockaddr_hci and that for leaks two bytes kernel stack via the
getsockname() syscall. Initialize hci_channel with 0 to avoid the
info leak.
Signed-off-by: Mathias Krause mini...@googlemail.com
Cc: Marcel Holtmann
The L2CAP code fails to initialize the l2_bdaddr_type member of struct
sockaddr_l2 and the padding byte added for alignment. It that for leaks
two bytes kernel stack via the getsockname() syscall. Add an explicit
memset(0) before filling the structure to avoid the info leak.
Signed-off-by:
The RFCOMM code fails to initialize the trailing padding byte of struct
sockaddr_rc added for alignment. It that for leaks one byte kernel stack
via the getsockname() syscall. Add an explicit memset(0) before filling
the structure to avoid the info leak.
Signed-off-by: Mathias Krause
The RFCOMM code fails to initialize the key_size member of struct
bt_security before copying it to userland -- that for leaking one
byte kernel stack. Initialize key_size with 0 to avoid the info
leak.
Signed-off-by: Mathias Krause mini...@googlemail.com
Cc: Marcel Holtmann mar...@holtmann.org
Hi David,
this series fixes quite a bunch of info leaks under net/. There is also
one NULL pointer deref fix (dccp: check ccid before..) that could be
abused for privilege escalation.
The info leak fixes might be material for stable, too. But I leave the
decision up to you.
On request, test
The ATM code fails to initialize the two padding bytes of struct
sockaddr_atmpvc inserted for alignment. Add an explicit memset(0)
before filling the structure to avoid the info leak.
Signed-off-by: Mathias Krause mini...@googlemail.com
---
net/atm/common.c |1 +
1 file changed, 1
The ATM code fails to initialize the two padding bytes of struct
sockaddr_atmpvc inserted for alignment. Add an explicit memset(0)
before filling the structure to avoid the info leak.
Signed-off-by: Mathias Krause mini...@googlemail.com
---
net/atm/pvc.c |1 +
1 file changed, 1 insertion(+)
On Wed, 2012-08-15 at 18:59 +0200, Oleg Nesterov wrote:
On 07/26, Ananth N Mavinakayanahalli wrote:
From: Ananth N Mavinakayanahalli ana...@in.ibm.com
This is the port of uprobes to powerpc. Usage is similar to x86.
I am just curious why this series was ignored by powerpc
On 8/15/2012 12:57 PM, Andy Lutomirski wrote:
On Wed, Aug 15, 2012 at 4:50 AM, John Robinson
john.robin...@anonymous.org.uk wrote:
On 15/08/2012 01:49, Andy Lutomirski wrote:
If I do:
# dd if=/dev/zero of=/dev/md0p1 bs=8M
[...]
It looks like md isn't recognizing that I'm writing whole
On Wed, 15 Aug 2012, Kent Yoder wrote:
Hi Jesper,
Unfortunately we just get NULL back, so we can't really tell the user
exactely what went wrong, but we can at least avoid crashing and
return an error (-EIO seemed more generic and more suitable here than
-ENOMEM or something else,
On Sun, 12 Aug 2012 10:14:05 +0800
Fengguang Wu fengguang...@intel.com wrote:
From: Mel Gorman mgor...@suse.de
The following build error occurred during an alpha build:
net/core/sock.c:274:36: error: initializer element is not constant
Dave Anglin says:
Here is the line in sock.i:
On Thu, Aug 16, 2012 at 01:02:37AM +0400, Cyrill Gorcunov wrote:
On Wed, Aug 15, 2012 at 04:45:46PM -0400, J. Bruce Fields wrote:
On Wed, Aug 15, 2012 at 01:21:20PM +0400, Cyrill Gorcunov wrote:
To provide fsnotify object inodes being watched without
binding to alphabetical path we need
From: Stephen Hemminger shemmin...@vyatta.com
Date: Tue, 14 Aug 2012 08:19:33 -0700
Alternative solution for problem found by Linux Driver Verification
project (linuxtesting.org).
As it noted in the comment before the br_handle_frame_finish
function, this function should be called under
On Wed, Aug 15, 2012 at 3:00 PM, Stan Hoeppner s...@hardwarefreak.com wrote:
On 8/15/2012 12:57 PM, Andy Lutomirski wrote:
On Wed, Aug 15, 2012 at 4:50 AM, John Robinson
john.robin...@anonymous.org.uk wrote:
On 15/08/2012 01:49, Andy Lutomirski wrote:
If I do:
# dd if=/dev/zero
From: Ben Hutchings bhutchi...@solarflare.com
Date: Tue, 14 Aug 2012 23:33:44 +0100
I think we will also need to limit the depth of the device stack so we
don't run out of stack space here. __netif_receive() implements a kind
of tail recursion whenever a packet is passed up, but
From: Jiri Pirko j...@resnulli.us
Date: Wed, 15 Aug 2012 09:46:12 +0200
You are probably right. I'm not sure how to handle this correctly
though. Adding some hard limit number might not be correct.
I would just use a hard limit of something like 8 for now, and if we
need to expand this limit
In drivers/char/tpm/tpm_acpi.c::read_log() we call
acpi_os_map_memory(). That call may fail for a number of reasons
(invalid address, out of memory etc). If the call fails it returns
NULL and we just pass that to memcpy() unconditionally, which will go
bad when it tries to dereference the pointer.
On Wed, Aug 08, 2012 at 11:34:09PM -0700, Tejun Heo wrote:
Hello,
On Wed, Aug 8, 2012 at 11:12 PM, Kent Overstreet koverstr...@google.com
wrote:
But if it's a pointer to heap allocated memory, but the bio was embedded
in another struct? I've seen a fair number of instances of that (md,
On Fri, Aug 03, 2012 at 05:06:27PM +0200, René Bürgel wrote:
Hello,
this is a patches-series for controllers using the ezusb-functions.
ezusb: remove dependency to usb_serial interface
euzsb: add support for Cypress FX2LP
ezusb: add functions for firmware download
Nice series, but your
On Mon, Aug 13, 2012 at 09:34:45PM -0700, Keith Packard wrote:
This is left over from the old PLL sharing code and isn't useful now
that PLLs are shared when possible.
Signed-off-by: Keith Packard kei...@keithp.com
Queued for -next, thanks for the patch. I'll hold off a bit on the others
On Mon, 13 Aug 2012 15:19:40 +0200 (CEST)
Jiri Kosina jkos...@suse.cz wrote:
On Fri, 3 Aug 2012, Jiri Kosina wrote:
Historically, the top three bytes of personality have been used for things
such as ADDR_NO_RANDOMIZE, which made sense only for specific
architectures.
We now,
On Fri, 3 Aug 2012 14:46:29 -0500
Robin Holt h...@sgi.com wrote:
On many of our larger systems, CPU 0 has had all of its IRQ resources
consumed before XPC loads. Worse cases on machines with multiple
10 GigE cards and multiple IB cards have depleted the entire first
socket of IRQs. That
On Wed, Aug 15, 2012 at 8:55 PM, Peter Zijlstra a.p.zijls...@chello.nl wrote:
On Wed, 2012-08-15 at 20:24 +0600, Rakib Mullick wrote:
How do you plan to test this power saving scheme? Using powertop? Or,
is there any other tools?
We should start out simple enough that we can validate it by
On Mon, 6 Aug 2012 21:37:45 +0800
Hillf Danton dhi...@gmail.com wrote:
On Mon, Aug 6, 2012 at 9:24 PM, Michal Hocko mho...@suse.cz wrote:
On Sat 04-08-12 14:08:31, Hillf Danton wrote:
The computation of page offset index is incorrect to be used in scanning
prio tree, as huge page offset is
Both md and dm use __GFP_WAIT allocations from mempools in
generic_make_request.
I think you found an interesting bug here. Suppose that we have three
stacked devices: d1 depends on d2 and d2 depends on d3.
Now, a bio b1 comes to d1. d1 splits it to two bios: b2.1 and b2.2 and
sends
In article xs4all.502c1c01.1040...@hardwarefreak.com you write:
It's time to blow away the array and start over. You're already
misaligned, and a 512KB chunk is insanely unsuitable for parity RAID,
but for a handful of niche all streaming workloads with little/no
rewrite, such as video
Hi Maarten,
Ok, here comes the promised review (finally!), but it's rather a
high-level thingy. I've mostly thought about how we could create a neat
api with the following points. For a bit of clarity, I've grouped the
different considerations a bit.
Easy Integration
Where I
Em 15-08-2012 18:00, Lars Hanisch escreveu:
Hi,
Am 15.08.2012 22:42, schrieb Alexey Khoroshilov:
If pci_register_driver() failed, resources allocated in
ddb_class_create() are leaked. The patch fixes it.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey
Hi Michal,
On Tue, Aug 14, 2012 at 04:19:55PM +0200, Michal Nazarewicz wrote:
Minchan Kim minc...@kernel.org writes:
This patch introudes MIGRATE_DISCARD mode in migration.
It drop clean cache pages instead of migration so that
migration latency could be reduced. Of course, it could
The latest maintenance release Git v1.7.11.5 is now available at
the usual places.
The release tarballs are found at:
http://code.google.com/p/git-core/downloads/list
and their SHA-1 checksums are:
44013d9418ef23dd8bb67e80b27c9327356bfae8 git-1.7.11.5.tar.gz
A release candidate Git v1.7.12-rc3 is now available for testing
at the usual places.
The release tarballs are found at:
http://code.google.com/p/git-core/downloads/list
and their SHA-1 checksums are:
8719af22c3479b3e21845a6fba0b9c56087a0280 git-1.7.12.rc3.tar.gz
On Sun, Aug 12, 2012 at 2:42 PM, Henrik Rydberg rydb...@euromail.se wrote:
Collect common frame synchronization tasks in a new function,
input_mt_sync_frame(). Depending on the flags set, it drops
unseen contacts and performs pointer emulation.
Signed-off-by: Henrik Rydberg
Hi Rik,
On Wed, Aug 15, 2012 at 02:58:01PM -0400, Rik van Riel wrote:
On 08/14/2012 04:57 AM, Minchan Kim wrote:
This patch introudes MIGRATE_DISCARD mode in migration.
It drop clean cache pages instead of migration so that
migration latency could be reduced. Of course, it could
evict code
This patch moves direct control of the MPU voltage regulator out of the
cpufreq driver .target callback and instead uses the common dvfs clk
rate-change notifier infrastructure.
Ideally it would be nice to reduce the .target callback for omap's
cpufreq driver to a simple call to clk_set_rate.
The second version of the reentrancy/dvfs rfc differs from the
original[1] in that the former used per-clk mutexes and this version
uses a global lock to protect access to a per-clk enum. The enum can be
in one of two states, LOCKED or UNLOCKED.
The second patch in the series introduces a new
In the commit titled clk: new locking scheme for reentrancy it became
possible for nested calls to the clock api. The OMAP3+ DPLL .set_rate
callback has been using the __clk_prepare and __clk_unprepare calls as a
way around this limitation, but these calls are no longer needed with
the
Dynamic voltage and frequency scaling (dvfs) is a common power saving
technique in many of today's modern processors. This patch introduces a
common clk rate-change notifier handler which scales voltage
appropriately whenever clk_set_rate is called on an affected clock.
There are three
The global prepare_lock mutex prevents concurrent operations in the clk
api. This incurs a performance penalty when unrelated clock subtrees
are contending for the lock.
Additionally there are use cases which benefit from reentrancy into the
clk api. A simple example is reparenting a mux clock
On 8/15/2012 5:10 PM, Andy Lutomirski wrote:
On Wed, Aug 15, 2012 at 3:00 PM, Stan Hoeppner s...@hardwarefreak.com wrote:
On 8/15/2012 12:57 PM, Andy Lutomirski wrote:
On Wed, Aug 15, 2012 at 4:50 AM, John Robinson
john.robin...@anonymous.org.uk wrote:
On 15/08/2012 01:49, Andy Lutomirski
On Sun, 12 Aug 2012 10:40:18 -0600
Shuah Khan shuah.k...@hp.com wrote:
kmem_cache_create() does cache integrity checks when CONFIG_DEBUG_VM
is defined. These checks interspersed with the regular code path has
lead to compile time warnings when compiled without CONFIG_DEBUG_VM
defined.
Hi,
Kernel: 3.5.1 x86_64
Just FYI, this may have been due to an NFS issue (remote host turned
off during dump possibly) but reporting just incase:
[41793.725267] [ cut here ]
[41793.725273] WARNING: at include/linux/iocontext.h:140
copy_process.part.56+0x1041/0x1190()
On Thu, Aug 16, 2012 at 08:33:23AM +0900, Minchan Kim wrote:
Hi Rik,
On Wed, Aug 15, 2012 at 02:58:01PM -0400, Rik van Riel wrote:
On 08/14/2012 04:57 AM, Minchan Kim wrote:
This patch introudes MIGRATE_DISCARD mode in migration.
It drop clean cache pages instead of migration so that
Remove the need for the boardinfo, this driver only supports one board type.
Convert the driver to use the comedi PCI auto config (attach_pci).
Cleanup the digital output insn_bits function.
H Hartley Sweeten (7):
staging: comedi: contec_pci_dio: remove thisboard macro
staging: comedi:
This macro relies on a local variable of a specific name. Remove the
macro and use the comedi_board() helper to get the thisboard pointer.
Move the 'dev-board_name = thisboard-name;' in contec_attach().
The contec_find_pci_dev() function modifies the dev-board_ptr.
Signed-off-by: H Hartley
The dev_dbg function trace messages in the contec_do_insn_bits
and contec_di_insn_bits functions are just noise. Remove them.
Signed-off-by: H Hartley Sweeten hswee...@visionengravers.com
Cc: Ian Abbott abbo...@mev.co.uk
Cc: Greg Kroah-hartman gre...@linuxfoundation.org
---
The model, in_ports, out_ports, and out_boffs information in the
boardinfo is not used by the driver. Remove them.
Signed-off-by: H Hartley Sweeten hswee...@visionengravers.com
Cc: Ian Abbott abbo...@mev.co.uk
Cc: Greg Kroah-hartman gre...@linuxfoundation.org
---
Only one board type is supported by this driver. Instead of
passing the register offsets for the digital in/out ports in
the boardinfo, define the register map and use that to access
the ports.
Signed-off-by: H Hartley Sweeten hswee...@visionengravers.com
Cc: Ian Abbott abbo...@mev.co.uk
Cc: Greg
The boardinfo code is not needed by this driver. Only one board
type is supported.
Signed-off-by: H Hartley Sweeten hswee...@visionengravers.com
Cc: Ian Abbott abbo...@mev.co.uk
Cc: Greg Kroah-hartman gre...@linuxfoundation.org
---
drivers/staging/comedi/drivers/contec_pci_dio.c | 19
Convert this PCI driver to use the comedi PCI auto config attach
mechanism by adding an attach_pci callback function. Since the
driver does not require any external configuration options, disable
the legacy attach by making the attach simply return -ENOSYS. This
removes the need to walk to pci bus
Create local variables for the mask and bits values passed in
the data pointer to make this function a bit clearer.
Return the state of the output bits (s-state) in data[1] since
this is what comedilib is expecting.
Signed-off-by: H Hartley Sweeten hswee...@visionengravers.com
Cc: Ian Abbott
+ switch (mask) {
+ case IIO_CHAN_INFO_RAW:
+ *val = result;
+ return IIO_VAL_INT;
+ case IIO_CHAN_INFO_SCALE:
+ *val = adc_const[id] * ((result * 1000 + 500) / 1000);
This looks wrong. The IIO_CHAN_INFO_SCALE attribute is the factor by
which
On Thu, Aug 16, 2012 at 5:31 AM, Ralf Baechle r...@linux-mips.org wrote:
On Sat, Aug 11, 2012 at 05:32:18PM +0800, Huacai Chen wrote:
Subject: [PATCH V5 13/18] drm: Define SAREA_MAX for Loongson (PageSize =
16KB).
But your code doesn't define it just for Loongsson as the log message claims
On Wed, Aug 15, 2012 at 04:05:24PM +0100, Anthony Olech wrote:
This is the HWMON component driver of the Dialog DA9058 PMIC.
This driver is just one component of the whole DA9058 PMIC driver.
It depends on the CORE and ADC component drivers of the DA9058 MFD.
If so, please state as
The endless IRQ is as below:
...
[ 82.215244,0] IRQ
[ 82.215399,0] IRQ
[ 82.215554,0] IRQ
[ 82.215710,0] IRQ
[ 82.215865,0] IRQ
[ 82.216022,0] IRQ
[ 82.216178,0] IRQ
[ 82.216333,0] IRQ
[ 82.216488,0] IRQ
[ 82.216643,0] IRQ
[ 82.216798,0] IRQ
[
On Wed, Aug 15, 2012 at 4:50 PM, Stan Hoeppner s...@hardwarefreak.com wrote:
On 8/15/2012 5:10 PM, Andy Lutomirski wrote:
On Wed, Aug 15, 2012 at 3:00 PM, Stan Hoeppner s...@hardwarefreak.com
wrote:
On 8/15/2012 12:57 PM, Andy Lutomirski wrote:
On Wed, Aug 15, 2012 at 4:50 AM, John Robinson
On 08/15/2012 10:43 AM, Arjan van de Ven wrote:
The easy cop-out is provide the sysadmin a slider.
The slightly less easy one is to (and we're taking this approach
in the new P state code we're working on) say in the default
setting, we're going to sacrifice up to 5% performance from peak
to
On 8/15/2012 6:14 PM, Rik van Riel wrote:
On 08/15/2012 10:43 AM, Arjan van de Ven wrote:
The easy cop-out is provide the sysadmin a slider.
The slightly less easy one is to (and we're taking this approach
in the new P state code we're working on) say in the default
setting, we're going to
On 8/15/2012 6:14 PM, Rik van Riel wrote:
The idea Matthew and I have is simply planning for a shorter
sleep period (discarding the outliers to the high end in the
function once known as detect_repeating_patterns), and going
to a deeper C state if we have significantly overslept.
The new
Hi Rusty,
I've posted new versions of my module signing patches to my GIT trees.
The patches with (approximately) your preferred way of attaching the signature
can be found here and I've followed this message with them:
Create a key type that can be used for general cryptographic operations, such
as encryption, decryption, signature generation and signature verification.
The key type is crypto and can provide access to a variety of cryptographic
algorithms.
Signed-off-by: David Howells dhowe...@redhat.com
---
Add a facility whereby a key subtype may be asked to verify a signature against
the data it is purported to have signed.
This adds four routines:
(1) struct crypto_key_verify_context *
verify_sig_begin(struct key *keyring, const void *sig, size_t siglen);
This sets up a verification
Add a subtype for supporting asymmetric public-key encryption algorithms such
as DSA (FIPS-186) and RSA (PKCS#1 / RFC1337).
Signed-off-by: David Howells dhowe...@redhat.com
---
security/keys/crypto/Kconfig | 10 +++
security/keys/crypto/Makefile |3 +
Implement RSA public key cryptography [PKCS#1 / RFC3447]. At this time, only
the signature verification algorithm is supported. This uses the asymmetric
public key subtype to hold its key data.
Signed-off-by: David Howells dhowe...@redhat.com
---
security/keys/crypto/Kconfig |7 +
gpg can produce a signature file where length of signature is less than the
modulus size because the amount of space an MPI takes up is kept as low as
possible by discarding leading zeros. This regularly happens for several
modules during the build.
Fix it by relaxing check in RSA verification
functions will occur in line. I also don't see why the sdev reference
couldn't drop to zero here.
scsi_request_fn is called under the lock of request_queue-queue_lock.
If we drop the sdev reference to zero here,
scsi_device_dev_release_usercontext is
invoked and make request_queue to NULL. When
Provide a simple parser that extracts the packets from a PGP packet blob and
passes the desirous ones to the given processor function:
struct pgp_parse_context {
u64 types_of_interest;
int (*process_packet)(struct pgp_parse_context *context,
Provide some PGP signature parsing helpers:
(1) A function to parse V4 signature subpackets and pass the desired ones to
a processor function:
int pgp_parse_sig_subpkts(const u8 *data, size_t datalen,
struct pgp_parse_sig_context *ctx);
(2) A
Implement a PGP data parser for the crypto key type to use when instantiating a
key.
This parser attempts to parse the instantiation data as a PGP packet sequence
(RFC 4880) and if it parses okay, attempts to extract a public-key algorithm
key or subkey from it.
If it finds such a key, it will
Provide handlers for PGP-based public-key algorithm signature verification.
This does most of the work involved in signature verification as most of it is
public-key algorithm agnostic. The public-key verification algorithm itself
is just the last little bit and is supplied the complete hash data
Implement a signature parser that will attempt to parse a signature blob as a
PGP packet format message. If it can, it will find an appropriate crypto key
and set the public-key algorithm according to the data in the signature.
Signed-off-by: David Howells dhowe...@redhat.com
---
Provide a facility to autogenerate the name of PGP keys from the contents of
the payload. If add_key() is given a blank description, a description is
constructed from the last user ID packet in the payload data plus the last 8
hex digits of the key ID. For instance:
keyctl padd crypto
Provide a function to load keys from a PGP keyring blob for use in initialising
the module signing key keyring:
int load_PGP_keys(const u8 *pgpdata, size_t pgpdatalen,
struct key *keyring, const char *descprefix);
The keys are labelled with descprefix plus a
Provide gitignore and make clean rules for extra files to hide and clean up the
extra files produced by module signing stuff once it is added. Also add a
clean up rule for the module content extractor program used to extract the data
to be signed.
Signed-off-by: David Howells dhowe...@redhat.com
Provide documentation and kernel configuration options for module signing.
The documentation can be found in:
Documentation/module-signing.txt
The following configuration options are added:
(1) CONFIG_MODULE_SIG
Enable module signing. This will both cause the build process to
If CONFIG_MODULE_SIG is set, then this patch will cause the module to get a
signature installed. The following steps will occur:
(1) The module will be linked to foo.ko.unsigned instead of foo.ko
(2) The module will be stripped using both strip -x -g and eu-strip to
ensure minimal size
Include a PGP keyring containing the public keys required to perform module
verification in the kernel image during build and create a special keyring
during boot which is then populated with keys of crypto type holding the public
keys found in the PGP keyring.
These can be seen by root:
601 - 700 of 1534 matches
Mail list logo
