* [PULL] modules
@ 2010-05-19 8:09 Rusty Russell
0 siblings, 0 replies; 7+ messages in thread
From: Rusty Russell @ 2010-05-19 8:09 UTC (permalink / raw)
To: Linus Torvalds; +Cc: linux-kernel, Ondrej Zary, Brandon Philips
The following changes since commit 537b60d17894b7c19a6060feae40299d7109d6e7:
Linus Torvalds (1):
Merge branch 'x86-uv-for-linus' of git://git.kernel.org/.../tip/linux-2.6-tip
are available in the git repository at:
ssh://master.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus.git modules
Ondrej Zary (1):
MODULE_DEVICE_TABLE(isapnp, ...) does nothing
Rusty Russell (3):
isapnp: move definitions to mod_devicetable.h so file2alias can reach them.
hisax_fcpcipnp: fix broken isapnp device table.
module: drop the lock while waiting for module to complete initialization.
drivers/isdn/hisax/hisax_fcpcipnp.c | 3 +-
include/linux/isapnp.h | 8 +----
include/linux/mod_devicetable.h | 7 ++++
kernel/module.c | 57 ++++++++++++++++++++++-------------
scripts/mod/file2alias.c | 17 ++++++++++
5 files changed, 63 insertions(+), 29 deletions(-)
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PULL] modules
@ 2010-08-05 3:29 Rusty Russell
0 siblings, 0 replies; 7+ messages in thread
From: Rusty Russell @ 2010-08-05 3:29 UTC (permalink / raw)
To: Linus Torvalds; +Cc: linux-kernel
I'm pretty happy with this; there have been no complaints since that initial
flurry of fixes.
The following changes since commit 3cfc2c42c1cbc8e238bb9c0612c0df4565e3a8b4:
Linus Torvalds (1):
Merge branch 'for-next' of git://git.kernel.org/.../jikos/trivial
are available in the git repository at:
ssh://master.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus.git modules
Eric Dumazet (1):
module: module_unload_init() cleanup
Linus Torvalds (4):
module: refactor load_module
module: refactor load_module part 2
module: reduce stack usage for each_symbol()
module: add load_info
Rusty Russell (14):
module: refactor load_module part 3
module: refactor load_module part 4
module: refactor load_module part 5
module: refactor out section header rewriting
module: refactor out section header rewriting: FIX modversions
module: kallsyms functions take struct load_info
module: fix crash in get_ksymbol() when oopsing in module init
module: layout_and_allocate
module: sysfs cleanup
module: fix sysfs cleanup for !CONFIG_SYSFS
module: pass load_info into other functions
module: move module args strndup_user to just before use
module: group post-relocation functions into post_relocation()
module: cleanup comments, remove noinline
kernel/module.c | 1088 +++++++++++++++++++++++++++++--------------------------
1 files changed, 581 insertions(+), 507 deletions(-)
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PULL] modules
@ 2012-10-10 9:57 Rusty Russell
2012-10-14 20:11 ` Linus Torvalds
0 siblings, 1 reply; 7+ messages in thread
From: Rusty Russell @ 2012-10-10 9:57 UTC (permalink / raw)
To: Linus Torvalds
Cc: LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David Howells,
David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer,
linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz,
Ralf Baechle, Randy Dunlap, Sam Ravnborg
The following changes since commit 925a6f0bf8bd122d5d2429af7f0ca0fecf4ae71f:
Merge tag 'hwspinlock-3.6-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ohad/hwspinlock (2012-09-18 11:58:54 -0700)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux.git modules-next
for you to fetch changes up to dbadc17683e6c673a69b236c0f041b931cc55c42:
X.509: Fix indefinite length element skip error handling (2012-10-10 20:06:39 +1030)
----------------------------------------------------------------
module signing is the highlight, but it's an all-over David Howells frenzy...
----------------------------------------------------------------
David Howells (30):
Make most arch asm/module.h files use asm-generic/module.h
KEYS: Add payload preparsing opportunity prior to key instantiate or update
MPILIB: Provide count_leading/trailing_zeros() based on arch functions
KEYS: Document asymmetric key type
KEYS: Implement asymmetric key type
KEYS: Asymmetric key pluggable data parsers
KEYS: Asymmetric public-key algorithm crypto key subtype
KEYS: Provide signature verification with an asymmetric key
MPILIB: Reinstate mpi_cmp[_ui]() and export for RSA signature verification
RSA: Implement signature verification algorithm [PKCS#1 / RFC3447]
RSA: Fix signature verification for shorter signatures
X.509: Implement simple static OID registry
X.509: Add utility functions to render OIDs as strings
X.509: Add simple ASN.1 grammar compiler
X.509: Add an ASN.1 decoder
MPILIB: Provide a function to read raw data into an MPI
X.509: Add a crypto key parser for binary (DER) X.509 certificates
MODSIGN: Add FIPS policy
MODSIGN: Provide gitignore and make clean rules for extra files
MODSIGN: Provide Kconfig options
MODSIGN: Automatically generate module signing keys if missing
MODSIGN: Provide module signing public keys to the kernel
MODSIGN: Implement module signature checking
MODSIGN: Provide a script for generating a key ID from an X.509 cert
MODSIGN: Sign modules during the build process
MODSIGN: Use the same digest for the autogen key sig as for the module sig
MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs
MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking
X.509: Convert some printk calls to pr_devel
X.509: Fix indefinite length element skip error handling
Matthew Garrett (1):
module: taint kernel when lve module is loaded
Ralf Baechle (1):
MIPS: Fix module.c build for 32 bit
Randy Dunlap (1):
asymmetric keys: fix printk format warning
Rusty Russell (4):
module: fix symbol waiting when module fails before init
module: wait when loading a module which is currently initializing.
module: signature checking hook
MODSIGN: Make mrproper should remove generated files.
.gitignore | 14 +
Documentation/crypto/asymmetric-keys.txt | 312 ++++++
Documentation/kernel-parameters.txt | 6 +
Documentation/security/keys.txt | 50 +-
Makefile | 6 +-
arch/Kconfig | 19 +
arch/alpha/Kconfig | 2 +
arch/alpha/include/asm/module.h | 10 +-
arch/arm/Kconfig | 2 +
arch/arm/include/asm/module.h | 8 +-
arch/avr32/Kconfig | 2 +
arch/avr32/include/asm/module.h | 6 +-
arch/blackfin/Kconfig | 2 +
arch/blackfin/include/asm/module.h | 4 +-
arch/c6x/Kconfig | 1 +
arch/c6x/include/asm/module.h | 12 +-
arch/cris/Kconfig | 1 +
arch/cris/include/asm/Kbuild | 2 +
arch/cris/include/asm/module.h | 9 -
arch/frv/include/asm/module.h | 8 +-
arch/h8300/Kconfig | 1 +
arch/h8300/include/asm/Kbuild | 2 +
arch/h8300/include/asm/module.h | 11 -
arch/hexagon/Kconfig | 1 +
arch/ia64/Kconfig | 2 +
arch/ia64/include/asm/module.h | 6 +-
arch/m32r/Kconfig | 1 +
arch/m32r/include/asm/Kbuild | 2 +
arch/m32r/include/asm/module.h | 10 -
arch/m32r/kernel/module.c | 15 -
arch/m68k/Kconfig | 3 +
arch/m68k/include/asm/module.h | 6 +-
arch/microblaze/Kconfig | 1 +
arch/mips/Kconfig | 3 +
arch/mips/include/asm/module.h | 10 +-
arch/mips/kernel/Makefile | 1 +
arch/mips/kernel/module-rela.c | 145 +++
arch/mips/kernel/module.c | 121 +--
arch/mn10300/Kconfig | 1 +
arch/mn10300/include/asm/module.h | 7 +-
arch/openrisc/Kconfig | 1 +
arch/parisc/Kconfig | 2 +
arch/parisc/include/asm/module.h | 16 +-
arch/powerpc/Kconfig | 2 +
arch/powerpc/include/asm/module.h | 7 +-
arch/s390/Kconfig | 2 +
arch/s390/include/asm/module.h | 18 +-
arch/score/Kconfig | 2 +
arch/score/include/asm/module.h | 6 +-
arch/score/kernel/module.c | 10 -
arch/sh/Kconfig | 2 +
arch/sh/include/asm/module.h | 14 +-
arch/sparc/Kconfig | 1 +
arch/sparc/include/asm/Kbuild | 1 +
arch/sparc/include/asm/module.h | 24 -
arch/tile/Kconfig | 1 +
arch/unicore32/Kconfig | 1 +
arch/x86/Kconfig | 2 +
arch/x86/um/Kconfig | 2 +
arch/xtensa/Kconfig | 1 +
arch/xtensa/include/asm/module.h | 9 +-
crypto/Kconfig | 1 +
crypto/Makefile | 1 +
crypto/asymmetric_keys/.gitignore | 1 +
crypto/asymmetric_keys/Kconfig | 38 +
crypto/asymmetric_keys/Makefile | 27 +
crypto/asymmetric_keys/asymmetric_keys.h | 15 +
crypto/asymmetric_keys/asymmetric_type.c | 274 +++++
crypto/asymmetric_keys/public_key.c | 108 ++
crypto/asymmetric_keys/public_key.h | 30 +
crypto/asymmetric_keys/rsa.c | 277 ++++++
crypto/asymmetric_keys/signature.c | 49 +
crypto/asymmetric_keys/x509.asn1 | 60 ++
crypto/asymmetric_keys/x509_cert_parser.c | 496 +++++++++
crypto/asymmetric_keys/x509_parser.h | 36 +
crypto/asymmetric_keys/x509_public_key.c | 239 +++++
crypto/asymmetric_keys/x509_rsakey.asn1 | 4 +
fs/cifs/cifs_spnego.c | 6 +-
fs/cifs/cifsacl.c | 8 +-
include/asm-generic/bitops/count_zeros.h | 57 ++
include/asm-generic/module.h | 40 +-
include/crypto/public_key.h | 108 ++
include/keys/asymmetric-parser.h | 37 +
include/keys/asymmetric-subtype.h | 55 +
include/keys/asymmetric-type.h | 25 +
include/keys/user-type.h | 6 +-
include/linux/asn1.h | 67 ++
include/linux/asn1_ber_bytecode.h | 87 ++
include/linux/asn1_decoder.h | 24 +
include/linux/key-type.h | 35 +-
include/linux/module.h | 8 +
include/linux/moduleloader.h | 36 +-
include/linux/mpi.h | 1 +
include/linux/oid_registry.h | 92 ++
init/Kconfig | 68 ++
kernel/Makefile | 77 ++
kernel/modsign_pubkey.c | 113 +++
kernel/module-internal.h | 15 +
kernel/module.c | 157 ++-
kernel/module_signing.c | 243 +++++
lib/.gitignore | 2 +-
lib/Kconfig | 5 +
lib/Makefile | 18 +
lib/asn1_decoder.c | 487 +++++++++
lib/build_OID_registry | 209 ++++
lib/mpi/Makefile | 1 +
lib/mpi/longlong.h | 138 +--
lib/mpi/mpi-bit.c | 2 +-
lib/mpi/mpi-cmp.c | 70 ++
lib/mpi/mpi-pow.c | 4 +-
lib/mpi/mpicoder.c | 55 +
lib/oid_registry.c | 170 ++++
net/ceph/crypto.c | 9 +-
net/dns_resolver/dns_key.c | 6 +-
net/rxrpc/ar-key.c | 40 +-
scripts/.gitignore | 1 +
scripts/Makefile | 2 +
scripts/Makefile.build | 11 +
scripts/Makefile.modpost | 77 +-
scripts/asn1_compiler.c | 1545 +++++++++++++++++++++++++++++
scripts/sign-file | 115 +++
scripts/x509keyid | 268 +++++
security/keys/encrypted-keys/encrypted.c | 16 +-
security/keys/key.c | 114 ++-
security/keys/keyctl.c | 18 +-
security/keys/keyring.c | 6 +-
security/keys/request_key_auth.c | 8 +-
security/keys/trusted.c | 16 +-
security/keys/user_defined.c | 14 +-
129 files changed, 6803 insertions(+), 594 deletions(-)
create mode 100644 Documentation/crypto/asymmetric-keys.txt
delete mode 100644 arch/cris/include/asm/module.h
delete mode 100644 arch/h8300/include/asm/module.h
delete mode 100644 arch/m32r/include/asm/module.h
create mode 100644 arch/mips/kernel/module-rela.c
delete mode 100644 arch/sparc/include/asm/module.h
create mode 100644 crypto/asymmetric_keys/.gitignore
create mode 100644 crypto/asymmetric_keys/Kconfig
create mode 100644 crypto/asymmetric_keys/Makefile
create mode 100644 crypto/asymmetric_keys/asymmetric_keys.h
create mode 100644 crypto/asymmetric_keys/asymmetric_type.c
create mode 100644 crypto/asymmetric_keys/public_key.c
create mode 100644 crypto/asymmetric_keys/public_key.h
create mode 100644 crypto/asymmetric_keys/rsa.c
create mode 100644 crypto/asymmetric_keys/signature.c
create mode 100644 crypto/asymmetric_keys/x509.asn1
create mode 100644 crypto/asymmetric_keys/x509_cert_parser.c
create mode 100644 crypto/asymmetric_keys/x509_parser.h
create mode 100644 crypto/asymmetric_keys/x509_public_key.c
create mode 100644 crypto/asymmetric_keys/x509_rsakey.asn1
create mode 100644 include/asm-generic/bitops/count_zeros.h
create mode 100644 include/crypto/public_key.h
create mode 100644 include/keys/asymmetric-parser.h
create mode 100644 include/keys/asymmetric-subtype.h
create mode 100644 include/keys/asymmetric-type.h
create mode 100644 include/linux/asn1.h
create mode 100644 include/linux/asn1_ber_bytecode.h
create mode 100644 include/linux/asn1_decoder.h
create mode 100644 include/linux/oid_registry.h
create mode 100644 kernel/modsign_pubkey.c
create mode 100644 kernel/module-internal.h
create mode 100644 kernel/module_signing.c
create mode 100644 lib/asn1_decoder.c
create mode 100755 lib/build_OID_registry
create mode 100644 lib/mpi/mpi-cmp.c
create mode 100644 lib/oid_registry.c
create mode 100644 scripts/asn1_compiler.c
create mode 100644 scripts/sign-file
create mode 100755 scripts/x509keyid
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PULL] modules
2012-10-10 9:57 Rusty Russell
@ 2012-10-14 20:11 ` Linus Torvalds
2012-10-14 20:53 ` Linus Torvalds
2012-10-15 9:16 ` Rusty Russell
0 siblings, 2 replies; 7+ messages in thread
From: Linus Torvalds @ 2012-10-14 20:11 UTC (permalink / raw)
To: Rusty Russell
Cc: LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David Howells,
David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer,
linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz,
Ralf Baechle, Randy Dunlap, Sam Ravnborg
On Wed, Oct 10, 2012 at 2:57 AM, Rusty Russell <rusty@rustcorp.com.au> wrote:
>
> ----------------------------------------------------------------
> module signing is the highlight, but it's an all-over David Howells frenzy...
>
> ----------------------------------------------------------------
Hmm. What happened here? It *looks* from your pull request like you
had a tag, and you usually do, but there's no tag anywhere..
I've pulled and resolved the branch, and I'm going through it now, but
I'd like this verified before I push out if it all looks fine..
Linus
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PULL] modules
2012-10-14 20:11 ` Linus Torvalds
@ 2012-10-14 20:53 ` Linus Torvalds
2012-10-14 21:27 ` Alan Cox
2012-10-15 9:16 ` Rusty Russell
1 sibling, 1 reply; 7+ messages in thread
From: Linus Torvalds @ 2012-10-14 20:53 UTC (permalink / raw)
To: Rusty Russell
Cc: LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David Howells,
David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer,
linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz,
Ralf Baechle, Randy Dunlap, Sam Ravnborg
On Sun, Oct 14, 2012 at 1:11 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> I've pulled and resolved the branch, and I'm going through it now, but
> I'd like this verified before I push out if it all looks fine..
Hmm. So this thing makes me wonder:
/* Not having a signature is only an error if we're strict. */
if (err < 0 && fips_enabled)
panic("Module verification failed with error %d in FIPS mode\n",
err);
do we really want to panic (even in fips_enabled mode)?
Sounds like it will just kill the machine if we ever end up having an
unsigned module by mistake anywhere.
I realize that fips_enabled is only for crazy people, but it's exactly
code like this that limits it to only crazy people. Is there some
*reason* for this?
Linus
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PULL] modules
2012-10-14 20:53 ` Linus Torvalds
@ 2012-10-14 21:27 ` Alan Cox
0 siblings, 0 replies; 7+ messages in thread
From: Alan Cox @ 2012-10-14 21:27 UTC (permalink / raw)
To: Linus Torvalds
Cc: Rusty Russell, LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter,
David Howells, David S. Miller, Dmitry Kasatkin, Herbert Xu,
Josh Boyer, linux-crypto, Lucas De Marchi, Matthew Garrett,
Milan Broz, Ralf Baechle, Randy Dunlap, Sam Ravnborg
> I realize that fips_enabled is only for crazy people, but it's exactly
> code like this that limits it to only crazy people. Is there some
> *reason* for this?
Presumably its so a typical server with reboot on panic will reboot so
the attacker can hide the attempt better ;-)
Alan
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PULL] modules
2012-10-14 20:11 ` Linus Torvalds
2012-10-14 20:53 ` Linus Torvalds
@ 2012-10-15 9:16 ` Rusty Russell
1 sibling, 0 replies; 7+ messages in thread
From: Rusty Russell @ 2012-10-15 9:16 UTC (permalink / raw)
To: Linus Torvalds
Cc: LKML, Alex Lyashkov, Arnd Bergmann, Dan Carpenter, David Howells,
David S. Miller, Dmitry Kasatkin, Herbert Xu, Josh Boyer,
linux-crypto, Lucas De Marchi, Matthew Garrett, Milan Broz,
Ralf Baechle, Randy Dunlap, Sam Ravnborg
Linus Torvalds <torvalds@linux-foundation.org> writes:
> On Wed, Oct 10, 2012 at 2:57 AM, Rusty Russell <rusty@rustcorp.com.au> wrote:
>>
>> ----------------------------------------------------------------
>> module signing is the highlight, but it's an all-over David Howells frenzy...
>>
>> ----------------------------------------------------------------
>
> Hmm. What happened here? It *looks* from your pull request like you
> had a tag, and you usually do, but there's no tag anywhere..
>
> I've pulled and resolved the branch, and I'm going through it now, but
> I'd like this verified before I push out if it all looks fine..
>
> Linus
Ah, I missed pushing the tag. I used to fabricate a git tree for you
from my quilt series, and that script did the right thing.
Thanks,
Rusty.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-10-15 11:48 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-05-19 8:09 [PULL] modules Rusty Russell
-- strict thread matches above, loose matches on Subject: below --
2010-08-05 3:29 Rusty Russell
2012-10-10 9:57 Rusty Russell
2012-10-14 20:11 ` Linus Torvalds
2012-10-14 20:53 ` Linus Torvalds
2012-10-14 21:27 ` Alan Cox
2012-10-15 9:16 ` Rusty Russell
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox