Unnamed repository; edit this file 'description' to name the repository. https://git.kobert.dev/pm24.git/atom?h=v3.7-rc3 2012-10-20T00:30:40Z 2012-10-20T00:30:40Z David Howells dhowells@redhat.com 2012-10-20T00:19:29Z urn:sha1:caabe240574aec05b2f5667414ce80f9075c2ba1 Emit the magic string that indicates a module has a signature after the signature data instead of before it. This allows module_sig_check() to be made simpler and faster by the elimination of the search for the magic string. Instead we just need to do a single memcmp(). This works because at the end of the signature data there is the fixed-length signature information block. This block then falls immediately prior to the magic number. From the contents of the information block, it is trivial to calculate the size of the signature data and thus the size of the actual module data. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2012-10-19T23:11:21Z David Howells dhowells@redhat.com 2012-10-19T22:56:37Z urn:sha1:b37d1bfb55d4b8a7d234fad0a84dca3336cee50b Turn sign-file into perl and merge in x509keyid. The latter doesn't need to be a separate script as it doesn't actually need to work out the SHA1 sum of the X.509 certificate itself, since it can get that from the X.509 certificate. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2012-10-19T19:43:19Z Linus Torvalds torvalds@linux-foundation.org 2012-10-19T19:43:19Z urn:sha1:b05e585d4964cf0a70573d29113a1236ced98abf Rusty had clearly not actually tested his module signing changes that I (trustingly) applied as commit e2a666d52b48 ("kbuild: sign the modules at install time"). That commit had multiple bugs: - using "${#VARIABLE}" to get the number of characters in a shell variable may look clever, but it's locale-dependent: it returns the number of *characters*, not bytes. And we do need bytes. So don't use "${#..}" expansion, do the stupid "wc -c" thing instead (where "c" stands for "bytes", not "characters", despite the letter. - Rusty had confused "siglen" and "signerlen", and his conversion didn't set "signerlen" at all, and incorrectly set "siglen" to the size of the signer, not the size of the signature. End result: the modified sign-file script did create something that superficially *looked* like a signature, but didn't actually work at all, and would fail the signature check. Oops. Tssk, tssk, Rusty. But Rusty was definitely right that this whole thing should be rewritten in perl by somebody who has the perl-fu to do so. That is not me, though - I'm just doing an emergency fix for the shell script. Cc: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2012-10-19T15:27:43Z Rusty Russell rusty@rustcorp.com.au 2012-10-19T01:23:15Z urn:sha1:e2a666d52b4825c26c857cada211f3baac26a600 Linus deleted the old code and put signing on the install command, I fixed it to extract the keyid and signer-name within sign-file and cleaned up that script now it always signs in-place. Some enthusiast should convert sign-key to perl and pull x509keyid into it. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2012-10-18T18:47:53Z Linus Torvalds torvalds@linux-foundation.org 2012-10-18T18:47:53Z urn:sha1:bab58350e565756df9e45daafe8301a309b35e7e Pull DeviceTree fixes from Rob Herring: "A handful of fixes: - a fix for dtc from upstream - sparse fixes in DeviceTree code - stub of_get_child_by_name for !OF builds" * tag 'dt-fixes-for-3.7' of git://sources.calxeda.com/kernel/linux: dtc: fix for_each_*() to skip first object if deleted of/platform: sparse fix of/irq: sparse fixes of/address: sparse fixes of: add stub of_get_child_by_name for non-OF builds 2012-10-17T20:53:04Z Stephen Warren swarren@nvidia.com 2012-10-08T22:15:26Z urn:sha1:205a8eb7ce713c7f1722297dd97d19dcea6f266c The previous definition of for_each_*() would always include the very first object within the list, irrespective of whether it was marked deleted, since the deleted flag was not checked on the first object, but only on any "next" object. Fix for_each_*() to check the deleted flag in the loop body every iteration to correct this. (upstream dtc commit 1762ab42ef77db7ab2776d0d6cba3515150f518a) Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Rob Herring <rob.herring@calxeda.com> 2012-10-17T11:25:44Z Catalin Marinas catalin.marinas@arm.com 2012-10-17T11:25:44Z urn:sha1:3c5994c83895c89d344f24a86276f00d308e142b Several arch/*/include/uapi/asm/* header simply include the corresponding <asm-generic/*> file. This patch allows such files to be specified in uapi/asm/Kbuild via "generic-y += ..." to be automatically generated (similar to asm/Kbuild). Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: David Howells <dhowells@redhat.com> Cc: Michal Marek <mmarek@suse.cz> Cc: Arnd Bergmann <arnd@arndb.de> 2012-10-15T20:01:05Z Michal Marek mmarek@suse.cz 2012-10-15T19:16:56Z urn:sha1:3ce9e53e788881da0d5f3912f80e0dd6b501f304 Commit fe04ddf7c291 ("kbuild: Do not package /boot and /lib in make tar-pkg") accidentally reverted two previous kbuild commits. I don't know what I was thinking. This brings back changes made by commits 24cc7fb69a5b ("x86/kbuild: archscripts depends on scripts_basic") and c1c1a59e37da ("firmware: fix directory creation rule matching with make 3.80") Reported-by: Jan Beulich <JBeulich@suse.com> Cc: <stable@vger.kernel.org> Signed-off-by: Michal Marek <mmarek@suse.cz> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2012-10-14T20:39:34Z Linus Torvalds torvalds@linux-foundation.org 2012-10-14T20:39:34Z urn:sha1:d25282d1c9b9bc4cda7f9d3c0205108e99aa7a9d Pull module signing support from Rusty Russell: "module signing is the highlight, but it's an all-over David Howells frenzy..." Hmm "Magrathea: Glacier signing key". Somebody has been reading too much HHGTTG. * 'modules-next' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: (37 commits) X.509: Fix indefinite length element skip error handling X.509: Convert some printk calls to pr_devel asymmetric keys: fix printk format warning MODSIGN: Fix 32-bit overflow in X.509 certificate validity date checking MODSIGN: Make mrproper should remove generated files. MODSIGN: Use utf8 strings in signer's name in autogenerated X.509 certs MODSIGN: Use the same digest for the autogen key sig as for the module sig MODSIGN: Sign modules during the build process MODSIGN: Provide a script for generating a key ID from an X.509 cert MODSIGN: Implement module signature checking MODSIGN: Provide module signing public keys to the kernel MODSIGN: Automatically generate module signing keys if missing MODSIGN: Provide Kconfig options MODSIGN: Provide gitignore and make clean rules for extra files MODSIGN: Add FIPS policy module: signature checking hook X.509: Add a crypto key parser for binary (DER) X.509 certificates MPILIB: Provide a function to read raw data into an MPI X.509: Add an ASN.1 decoder X.509: Add simple ASN.1 grammar compiler ... 2012-10-12T01:32:29Z Linus Torvalds torvalds@linux-foundation.org 2012-10-12T01:32:29Z urn:sha1:cbd8aca472134e666eee87462177f1be854ebbf8 Pull kbuild misc changes from Michal Marek: "In the non-critical part of kbuild, I have - Some make coccicheck improvements and two new tests - Support for a cleaner html output in scripts/kernel-doc, named html5 (no, it does not play videos, yet) BTW, Randy wants to route further kernel-doc patches through the kbuild tree." * 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: Update SmPL/Coccinelle section of MAINTAINERS coccicheck: Add the rep+ctxt mode scripts/coccinelle/tests/odd_ptr_err.cocci: semantic patch for IS_ERR/PTR_ERR inconsistency scripts/tags.sh: Add magic for pci access functions scripts/coccinelle: ptr_ret: Add ternary operator version scripts/kernel-doc: drop maintainer scripts/kernel-doc: added support for html5