Lucas De Marchi writes:
> Hi!
>
> CC'ing Rusty and mailing lists
Thanks.
> Rusty and ohers: it looks like both CONFIG_CRC32 and
> CONFIG_CRYPTO_CRC32 can be compiled as module, and they generate
> modules with the same name, crc32. Could that be fixed?
Gah. Looks like it's been that way since
Herbert Xu writes:
> Currently we're hiding mod->sig_ok under an ifdef in open code.
> This patch adds a module_sig_ok accessor function and removes that
> ifdef.
>
> Cc: Rusty Russell
> Signed-off-by: Herbert Xu
Did you want me to take this via module
Herbert Xu writes:
> There is no point in doing a manual completion for cleanup_done
> when struct completion fits in perfectly.
>
> Signed-off-by: Herbert Xu
Indeed.
Acked-by: Rusty Russell
Thanks,
Rusty.
> ---
>
> drivers/char/hw_random/core.c | 12 +++-
Herbert Xu writes:
> The kref solution is still buggy because we were only focusing
> on the register/unregister race. The same race affects the
> setting of current_rng through sysfs.
>
> This patch fixes it by using kref_get_unless_zero.
>
> Signed-off-by: Herbert Xu
This patch scares me a li
Herbert Xu writes:
> Currently we only register the device when a valid RNG is added.
> However the way it's done is buggy because we test whether there
> is a current RNG to determine whether we need to register. As
> the current RNG may be missing due to a reinitialisation error
> this can lead
Tim Chen writes:
> On Fri, 2014-02-14 at 15:28 -0500, Neil Horman wrote:
>> On Fri, Feb 14, 2014 at 11:14:37AM -0800, Tim Chen wrote:
>> > We added the soft module dependency of various crypto algorithm's module
>> > alias
>> > to generic crypto algorithm's module. This loads hardware accelerat
Lucas De Marchi writes:
> On Tue, Sep 17, 2013 at 11:10 PM, Rusty Russell wrote:
>> Lucas De Marchi writes:
>>> On Thu, Sep 12, 2013 at 9:07 PM, Rusty Russell
>>> wrote:
>>>> I'm happy to change this macro to create a modinfo line like
>>&
Lucas De Marchi writes:
> On Thu, Sep 12, 2013 at 9:07 PM, Rusty Russell wrote:
>> Lucas De Marchi writes:
>>> On Wed, Jul 24, 2013 at 11:03 PM, Herbert Xu
>>> wrote:
>>>> On Thu, Jul 25, 2013 at 09:32:02AM +0930, Rusty Russell wrote:
>
Lucas De Marchi writes:
> On Wed, Jul 24, 2013 at 11:03 PM, Herbert Xu
> wrote:
>> On Thu, Jul 25, 2013 at 09:32:02AM +0930, Rusty Russell wrote:
>>> Herbert Xu writes:
>>> > Hi Rusty:
>>> >
>>> > I don't know why this patch n
Herbert Xu writes:
> On Tue, Jul 30, 2013 at 03:26:50PM +0930, Rusty Russell wrote:
>>
>> Does this imply that you want me to push that to Linus now, and/or CC
>> stable? Was planning for *next* merge window...
>
> Next merge window is fine. However, it would be good
Tim Chen writes:
> On Tue, 2013-07-30 at 09:08 +1000, Herbert Xu wrote:
>> On Mon, Jul 29, 2013 at 01:39:06PM -0700, Tim Chen wrote:
>> >
>> > Herbert, what are your thoughts on a proper fix to initrd issue for
>> > crct10dif modules not getting included? Or can we
>> > let the config option for
Alexander Holler writes:
> Am 02.05.2013 16:09, schrieb Alexander Holler:
>> I don't see any real use case where checking the validity dates of X.509
>> certificates at parsing time adds any security gain. In contrast, doing so
>> makes MODSIGN unusable on systems without a RTC (or systems with a
Linus Torvalds writes:
> On Wed, Oct 10, 2012 at 2:57 AM, Rusty Russell wrote:
>>
>>
>> module signing is the highlight, but it's an all
ld for 32 bit
Randy Dunlap (1):
asymmetric keys: fix printk format warning
Rusty Russell (4):
module: fix symbol waiting when module fails before init
module: wait when loading a module which is currently initializing.
module: signature checking hook
MODSIGN: Make mr
"Kasatkin, Dmitry" writes:
> http://git.kernel.org/?p=linux/kernel/git/rusty/linux.git;a=commit;h=a15e196c5543d1d2d7f0cd70e62351aeb1f8b871
>
> It breaks bisect..
>
> CC kernel/module_signing.o
> kernel/module_signing.c: In function ‘mod_verify_sig’:
> kernel/module_signing.c:21:10: error: ‘
Stephen Rothwell writes:
> [Lets also cc Rusty who committed the patch ...]
>
> On Wed, 03 Oct 2012 16:04:46 -0700 Randy Dunlap wrote:
>>
>> From: Randy Dunlap
>>
>> Fix printk format warning in x509_cert_parser.c:
>>
>> crypto/asymmetric_keys/x509_cert_parser.c: In function 'x509_note_OID':
David Howells writes:
> Rusty Russell wrote:
>
>> Right. I think we need to use different names for generated vs supplied
>> files
>
> The problem with supplied files is people who do allyesconfig, allmodconfig
> and randconfig just to test things finding that their
Josh Boyer writes:
> On Sat, Sep 29, 2012 at 08:13:25AM +0100, David Howells wrote:
>> Rusty Russell wrote:
>>
>> > [2.808075] Loading module verification certificates
>> > [2.809331] X.509: Cert 6e03943da0f3b015ba6ed7f5e0cac4fe48680994 has
>>
David Howells writes:
> Rusty Russell wrote:
>
>> -source ./.config
>> +. ./.config
>
> Does that make a difference?
It does on Ubuntu, where /bin/sh => dash. "source" is a bashism.
Cheers,
Rusty.
--
To unsubscribe from this list: send the line &
David Howells writes:
> Rusty Russell wrote:
>
>> I noticed the Cert number didn't change with rebuilds: "distclean"
>> didn't remove some files:
>>
>> $ git clean -f -f -x -d
>> Removing extra_certificates
>> Removing signing_key.
David Howells writes:
> Rusty Russell wrote:
>
>> And after those three fixes, I still get all fail:
>>
>> [3.361036] Request for unknown module key 'Magrathea: Glacier signing
>> key: 6
>> e03943da0f3b015ba6ed7f5e0cac4fe48680994' err -11
>
Mimi Zohar writes:
> On Wed, 2012-09-26 at 13:16 +0930, Rusty Russell wrote:
>> David Howells writes:
>> > The module signing patches provide:
>> >
>> > - Some fixes to Rusty's patch. Also an additional patch to extend the
>> > policy
>&
Signed-off-by: Rusty Russell
diff --git a/scripts/Makefile.modpost b/scripts/Makefile.modpost
index 90b1bb1..2a4d1a1 100644
--- a/scripts/Makefile.modpost
+++ b/scripts/Makefile.modpost
@@ -165,11 +165,13 @@ endif
# We strip the module as best we can - note that using both strip and eu-strip
Signed-off-by: Rusty Russell
diff --git a/scripts/sign-file b/scripts/sign-file
index 1a472bb..e58e34e 100644
--- a/scripts/sign-file
+++ b/scripts/sign-file
@@ -10,7 +10,7 @@ scripts=`dirname $0`
CONFIG_MODULE_SIG_SHA512=y
if [ -r .config ]
then
-source ./.config
+. ./.config
fi
David Howells writes:
> Hi Rusty,
>
> Could you pull my tree?
>
> David
> ---
>
> The following changes since commit eeea3ac912207dcf759b95b2b4c36f96bce583bf:
>
> Merge tag 'fixes-for-linus' of
> git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc (2012-09-06
> 10:23:58 -0700)
>
> are a
David Howells writes:
> Hi Rusty,
>
> Could you pull my tree?
And after those three fixes, I still get all fail:
[3.361036] Request for unknown module key 'Magrathea: Glacier signing key: 6
e03943da0f3b015ba6ed7f5e0cac4fe48680994' err -11
rusty@rusty-x201:~/devel/kernel/linux (tmp-merge)$
David Howells writes:
> Rusty Russell wrote:
>
>> We do a very simple search for a particular string appended to the module
>> (which is cache-hot and about to be SHA'd anyway). There's both a config
>> option and a boot parameter which control whether we
FIPS mode\n",
err);
if (err == -ENOKEY && !sig_enforce)
err = 0;
return err;
In preparation, I've changed that below (and also, fixed up the -ENOKEY
which I said I'd do, and didn't).
Thanks,
Rusty.
PS. Agre
On Thu, 15 Dec 2011 00:14:31 +, David Howells wrote:
> Rusty Russell wrote:
>
> > > > We can have false positives, but at worst that make us report EINVAL
> > > > (bad signature) instead of ENOENT (no signature).
> > >
> > > EKEYREJECTED
On Mon, 12 Dec 2011 16:11:27 +, David Howells wrote:
> Rusty Russell wrote:
>
> > OK, then you need to generate stripped modules as part of the build,
> > too. It's a bit of a pain, sure, but hardly a showstopper.
>
> They'd have to be maximally st
On Mon, 12 Dec 2011 01:21:40 +, David Howells wrote:
> Rusty Russell wrote:
>
> > I think you misunderstand, I'm talking about the modinfo command, not
> > the .modinfo section.
>
> Sorry, yes. But why do you need to enhance modinfo?
I was suggesting
On Sat, 10 Dec 2011 14:08:34 +, David Howells wrote:
> Rusty Russell wrote:
>
> > > > Sure, you now need to re-append that after stripping, but that's not the
> > > > kernel's problem.
> > >
> > > You may also have to remove the s
On Sat, 10 Dec 2011 10:37:23 -0800, Arjan van de Ven
wrote:
> >
> > Yes, there may be more than stripped and unstripped. You may need to
> > do fancy things. But now, adding a signature is so easy that it's
> > not a real problem. And we can always have a hook, like:
> >
> > if VARIA
On Fri, 09 Dec 2011 18:43:26 +, David Howells wrote:
> Rusty Russell wrote:
>
> > And adds a great deal of code in a supposedly security-sensitive path to
> > achieve it.
> >
> > How about simply append a signature to the module? That'd be about 20 lines
On Fri, 02 Dec 2011 18:46:51 +, David Howells wrote:
> Signed modules may be safely stripped as the signature only covers those parts
> of the module the kernel actually uses and any ELF metadata required to deal
> with them. Any necessary ELF metadata that is affected by stripping is
> canon
On Thu, 1 Apr 2010 05:33:51 am Brandon Philips wrote:
> On 09:36 Tue 30 Mar 2010, Rusty Russell wrote:
> > The real fix here is to drop the lock, like Brandon suggested, but
> > we need to do it more carefully: when we re-acquire the lock we need
> > to re-lookup the symbol i
return an errno rather than a bool, and if
it's -EBUSY we drop the lock and wait in the caller, then reaquire the
lock.
Reported-by: Brandon Philips
Signed-off-by: Rusty Russell
diff --git a/kernel/module.c b/kernel/module.c
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -510,33 +510,25 @@
37 matches
Mail list logo
