- 23 Oct, 2018 22 commits
-
-
Sascha Hauer authored
This patch calculates the necessary hashes and HMACs for the default filesystem so that the dynamically created default fs can be authenticated. Signed-off-by:
Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by:
Richard Weinberger <richard@nod.at>
-
Sascha Hauer authored
This adds a HMAC covering the super block node and adds the logic that decides if a filesystem shall be mounted unauthenticated or authenticated. Signed-off-by:
-
Sascha Hauer authored
During creation of the default filesystem on an empty flash the default LPT is created. With this patch a hash over the default LPT is calculated which can be added to the default filesystems master node. Signed-off-by:
-
Sascha Hauer authored
The master node contains hashes over the root index node and the LPT. This patch adds a HMAC to authenticate the master node itself. Signed-off-by:
-
Sascha Hauer authored
The LPT needs to be authenticated aswell. Since the LPT is only written during commit it is enough to authenticate the whole LPT with a single hash which is stored in the master node. Only the leaf nodes (pnodes) are hashed which makes the implementation much simpler than it would be to hash the complete LPT. Signed-off-by:
-
Sascha Hauer authored
Make sure that during replay all buds can be authenticated. To do this we calculate the hash chain until we find an authentication node and check the HMAC in that node against the current status of the hash chain. After a power cut it can happen that some nodes have been written, but not yet the authentication node for them. These nodes have to be discarded during replay. Signed-off-by:
-
Sascha Hauer authored
To be able to authenticate the garbage collector journal head add authentication nodes to the buds the garbage collector creates. Signed-off-by:
-
Sascha Hauer authored
Nodes that are written to flash can only be authenticated through the index after the next commit. When a journal replay is necessary the nodes are not yet referenced by the index and thus can't be authenticated. This patch overcomes this situation by creating a hash over all nodes beginning from the commit start node over the reference node(s) and the buds themselves. From time to time we insert authentication nodes. Authentication nodes contain a HMAC from the current hash state, so that they can be used to authenticate a journal replay up to the point where the authentication node is. The hash is continued afterwards so that theoretically we would only have to check the HMAC of the last authentication node we find. Overall we get this picture: ,,,,,,,, ,......,........................................... ,. CS , hash1.----. hash2.----. ,. | , . |hmac . |hmac ,. v , . v . v ,.REF#0,-> bud -> bud -> bud.-> auth -> bud -> bud.-> auth ... ,..|...,........................................... , | , , | ,,,,,,,,,,,,,,, . | hash3,----. , | , |hmac , v , v , REF#1 -> bud -> bud,-> auth ... ,,,|,,,,,,,,,,,,,,,,,, v REF#2 -> ... | V ... Note how hash3 covers CS, REF#0 and REF#1 so that it is not possible to exchange or skip any reference nodes. Unlike the picture suggests the auth nodes themselves are not hashed. With this it is possible for an offline attacker to cut each journal head or to drop the last reference node(s), but not to skip any journal heads or to reorder any operations. Signed-off-by:
-
Sascha Hauer authored
With this patch the hashes over the index nodes stored in the tree node cache are written to flash and are checked when read back from flash. The hash of the root index node is stored in the master node. During journal replay the hashes are regenerated from the read nodes and stored in the tree node cache. This means the nodes must previously be authenticated by other means. This is done in a later patch. Signed-off-by:
-
Sascha Hauer authored
As part of the UBIFS authentication support every branch in the index gets a hash covering the referenced node. To make that happen the tree node cache needs hashes over the nodes. This patch adds a hash argument to ubifs_tnc_add() and ubifs_tnc_add_nm(). The hashes are calculated from the callers of these functions which actually prepare the nodes. With this patch all the leaf nodes of the index tree get hashes, but currently nothing is done with these hashes, this is left for a later patch. Signed-off-by:
-
Sascha Hauer authored
With authentication support some nodes (master node, super block node) get a HMAC embedded into them. This patch adds functions to prepare and write such a node. The difficulty is that besides the HMAC the nodes also have a CRC which must stay valid. This means we first have to initialize all fields in the node, then calculate the HMAC (not covering the CRC) and finally calculate the CRC. Signed-off-by:
-
Sascha Hauer authored
This patch adds the various helper functions needed for authentication support. We need functions to hash nodes, to embed HMACs into a node and to compare hashes and HMACs. Most functions first check if this filesystem is authenticated and bail out early if not, which makes the functions safe to be called with disabled authentication. Signed-off-by:
-
Sascha Hauer authored
When adding authentication support we will embed a HMAC into some nodes. To prepare these nodes we have to first initialize the nodes, then add a HMAC and finally add a CRC. To accomplish this add separate ubifs_init_node/ubifs_crc_node functions. Signed-off-by:
-
Sascha Hauer authored
This patch adds the changes to the on disk format needed for authentication support. We'll add: * a HMAC covering super block node * a HMAC covering the master node * a hash over the root index node to the master node * a hash over the LPT to the master node * a flag to the filesystem flag indicating the filesystem is authenticated * an authentication node necessary to authenticate the nodes written to the journal heads while they are written. * a HMAC of a well known message to the super block node to be able to check if the correct key is provided And finally, not visible in this patch, nevertheless explained here: * hashes over the referenced child nodes in each branch of a index node Signed-off-by:
-
Sascha Hauer authored
The superblock node is read/modified/written several times throughout the UBIFS code. Instead of reading it from the device each time just keep a copy in memory and write back the modified copy when necessary. This patch helps for authentication support, here we not only have to read the superblock node, but also have to authenticate it, which is easier if we do it once during initialization. Signed-off-by:
-
Sascha Hauer authored
write_node() is used only once and can easily be replaced with calls to ubifs_prepare_node()/write_head() which makes the code a bit shorter. Signed-off-by:
-
Sascha Hauer authored
ubifs_lpt_lookup() starts by looking up the nth pnode in the LPT. We already have this functionality in ubifs_pnode_lookup(). Use this function rather than open coding its functionality. Signed-off-by:
-
Sascha Hauer authored
ubifs_lpt_lookup could be implemented using pnode_lookup. To make that possible move pnode_lookup from lpt.c to lpt_commit.c. Rename it to ubifs_pnode_lookup since it's now exported. Signed-off-by:
-
Sascha Hauer authored
read_znode() takes len, lnum and offs arguments which the caller all extracts from the same struct ubifs_zbranch *. When adding authentication support we would have to add a pointer to a hash to the arguments which is also part of struct ubifs_zbranch. Pass the ubifs_zbranch * instead so that we do not have to add another argument. Signed-off-by:
-
Sascha Hauer authored
try_read_node() takes len, lnum and offs arguments which the caller all extracts from the same struct ubifs_zbranch *. When adding authentication support we would have to add a pointer to a hash to the arguments which is also part of struct ubifs_zbranch. Pass the ubifs_zbranch * instead so that we do not have to add another argument. Signed-off-by:
-
Sascha Hauer authored
create_default_filesystem() allocates memory for a node, writes that node and frees the memory directly afterwards. With this patch we allocate memory for all nodes at the beginning of the function and free the memory at the end. This makes it easier to implement authentication support since with authentication support we'll need the contents of some nodes when creating other nodes. Signed-off-by:
-
Gustavo A. R. Silva authored
In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1373884 ("Missing break in switch") Addresses-Coverity-ID: 114869 ("Missing break in switch") Addresses-Coverity-ID: 114870 ("Missing break in switch") Signed-off-by:Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by:
-
- 22 Oct, 2018 8 commits
-
-
Greg Kroah-Hartman authored
-
Greg Kroah-Hartman authored
As I introduced these files, I'm willing to be the maintainer of them as well. Acked-by:
Chris Mason <clm@fb.com> Acked-by:
Olof Johansson <olof@lixom.net> Acked-by:
Steven Rostedt (VMware) <rostedt@goodmis.org> Acked-by:
Theodore Ts'o <tytso@mit.edu> Acked-by:
Thomas Gleixner <tglx@linutronix.de> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Greg Kroah-Hartman authored
The contact point for the kernel's Code of Conduct should now be the Code of Conduct Committee, not the full TAB. Change the email address in the file to properly reflect this. Acked-by:
-
Greg Kroah-Hartman authored
There was a blank <URL> reference for how to find the Code of Conduct Committee. Fix that up by pointing it to the correct kernel.org website page location. Acked-by:
-
Greg Kroah-Hartman authored
Create a link between the Code of Conduct and the Code of Conduct Interpretation so that people can see that they are related. Acked-by:
-
Greg Kroah-Hartman authored
We use the term "TAB" before defining it later in the document. Fix that up by defining it at the first location. Reported-by:
Kuninori Morimoto <kuninori.morimoto.gx@renesas.com> Acked-by:
-
Greg Kroah-Hartman authored
Code of Conduct Interpretation: Add document explaining how the Code of Conduct is to be interpreted The Contributor Covenant Code of Conduct is a general document meant to provide a set of rules for almost any open source community. Every open-source community is unique and the Linux kernel is no exception. Because of this, this document describes how we in the Linux kernel community will interpret it. We also do not expect this interpretation to be static over time, and will adjust it as needed. This document was created with the input and feedback of the TAB as well as many current kernel maintainers. Co-Developed-by:
Alex Deucher <alexander.deucher@amd.com> Acked-by:
Alexei Starovoitov <ast@kernel.org> Acked-by:
Amir Goldstein <amir73il@gmail.com> Acked-by:
Andrew Morton <akpm@linux-foundation.org> Acked-by:
Andy Lutomirski <luto@kernel.org> Acked-by:
Anna-Maria Gleixner <anna-maria@linutronix.de> Acked-by:
Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by:
Benjamin Herrenschmidt <benh@kernel.crashing.org> Acked-by:
Boris Brezillon <boris.brezillon@bootlin.com> Acked-by:
Borislav Petkov <bp@kernel.org> Acked-by:
Christian Lütke-Stetzkamp <christian@lkamp.de> Acked-by:
Colin Ian King <colin.king@canonical.com> Acked-by:
Dan Carpenter <dan.carpenter@oracle.com> Acked-by:
Dan Williams <dan.j.williams@intel.com> Acked-by:
Daniel Borkmann <daniel@iogearbox.net> Acked-by:
Daniel Vetter <daniel.vetter@ffwll.ch> Acked-by:
Dave Airlie <airlied@redhat.com> Acked-by:
Dave Hansen <dave.hansen@linux.intel.com> Acked-by:
David Ahern <dsa@cumulusnetworks.com> Acked-by:
David Sterba <kdave@kernel.org> Acked-by:
Dmitry Torokhov <dmitry.torokhov@gmail.com> Acked-by:
Dominik Brodowski <linux@dominikbrodowski.de> Acked-by:
Eric Dumazet <eric.dumazet@gmail.com> Acked-by:
Felipe Balbi <balbi@kernel.org> Acked-by:
Felix Kuehling <Felix.Kuehling@amd.com> Acked-by:
Florian Fainelli <f.fainelli@gmail.com> Acked-by:
Geert Uytterhoeven <geert@linux-m68k.org> Acked-by:
Grant Likely <grant.likely@secretlab.ca> Acked-by:
Gregory CLEMENT <gregory.clement@bootlin.com> Acked-by:
Guenter Roeck <linux@roeck-us.net> Acked-by:
Hans Verkuil <hverkuil@xs4all.nl> Acked-by:
Hans de Goede <j.w.r.degoede@gmail.com> Acked-by:
Harry Wentland <harry.wentland@amd.com> Acked-by:
Heiko Stuebner <heiko@sntech.de> Acked-by:
Ingo Molnar <mingo@kernel.org> Acked-by:
Jaegeuk Kim <jaegeuk@kernel.org> Acked-by:
James Smart <james.smart@broadcom.com> Acked-by:
James Smart <jsmart2021@gmail.com> Acked-by:
Jan Kara <jack@ucw.cz> Acked-by:
Jani Nikula <jani.nikula@intel.com> Acked-by:
Jason A. Donenfeld <Jason@zx2c4.com> Acked-by:
Jeff Kirsher <jeffrey.t.kirsher@intel.com> Acked-by:
Jens Axboe <axboe@kernel.dk> Acked-by:
Jessica Yu <jeyu@kernel.org> Acked-by:
Jia-Ju Bai <baijiaju1990@gmail.com> Acked-by:
Jiri Kosina <jikos@kernel.org> Acked-by:
Jiri Olsa <jolsa@redhat.com> Acked-by:
Joerg Roedel <joro@8bytes.org> Acked-by:
Johan Hovold <johan@kernel.org> Acked-by:
Johannes Thumshirn <jth@kernel.org> Acked-by:
Jonathan Corbet <corbet@lwn.net> Acked-by:
Julia Lawall <julia.lawall@lip6.fr> Acked-by:
Kees Cook <keescook@chromium.org> Acked-by:
Kirill Tkhai <ktkhai@virtuozzo.com> Acked-by:
Laurent Pinchart <laurent.pinchart@ideasonboard.com> Acked-by:
Lina Iyer <ilina@codeaurora.org> Acked-by:
Linus Torvalds <torvalds@linux-foundation.org> Acked-by:
Linus Walleij <linus.walleij@linaro.org> Acked-by:
Mark Brown <broonie@kernel.org> Acked-by:
Masahiro Yamada <yamada.masahiro@socionext.com> Acked-by:
Masami Hiramatsu <mhiramat@kernel.org> Acked-by:
Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Acked-by:
Matias Bjørling <mb@lightnvm.io> Acked-by:
Mauro Carvalho Chehab <mchehab@kernel.org> Acked-by:
Maxime Ripard <maxime.ripard@bootlin.com> Acked-by:
Michael Ellerman <mpe@ellerman.id.au> Acked-by:
Mike Rapoport <rppt@linux.ibm.com> Acked-by:
Mimi Zohar <zohar@linux.ibm.com> Acked-by:
Miquel Raynal <miquel.raynal@bootlin.com> Acked-by:
Mishi Choudhary <mishi@linux.com> Acked-by:
Nikolay Borisov <n.borisov.lkml@gmail.com> Acked-by:
Oded Gabbay <oded.gabbay@gmail.com> Acked-by:
Palmer Dabbelt <palmer@dabbelt.com> Acked-by:
Paul E. McKenney <paulmck@linux.ibm.com> Acked-by:
Peter Zijlstra <peterz@infradead.org> Acked-by:
Rafael J. Wysocki <rafael@kernel.org> Acked-by:
Rik van Riel <riel@surriel.com> Acked-by:
Rob Clark <robdclark@gmail.com> Acked-by:
Rob Herring <robh@kernel.org> Acked-by:
Rodrigo Vivi <rodrigo.vivi@intel.com> Acked-by:
Sean Paul <sean@poorly.run> Acked-by:
Sebastian Andrzej Siewior <bigeasy@linutronix.de> Acked-by:
Sebastian Reichel <sre@kernel.org> Acked-by:
Sergio Paracuellos <sergio.paracuellos@gmail.com> Acked-by:
Shawn Guo <shawnguo@kernel.org> Acked-by:
Shuah Khan <shuah@kernel.org> Acked-by:
Simon Horman <horms@verge.net.au> Acked-by:
Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Acked-by:
Stephen Hemminger <stephen@networkplumber.org> Acked-by:
Takashi Iwai <tiwai@kernel.org> Acked-by:
Tejun Heo <tj@kernel.org> Acked-by:
Thierry Reding <thierry.reding@gmail.com> Acked-by:
Todd Poynor <toddpoynor@google.com> Acked-by:
Viresh Kumar <viresh.kumar@linaro.org> Acked-by:
Wei Yongjun <weiyongjun1@huawei.com> Acked-by:
YueHaibing <yuehaibing@huawei.com> Reviewed-by:
-
Chris Mason authored
As it was originally worded, this paragraph requires maintainers to enforce the code of conduct, or face potential repercussions. It sends the wrong message, when really we just want maintainers to be part of the solution and not violate the code of conduct themselves. Removing it doesn't limit our ability to enforce the code of conduct, and we can still encourage maintainers to help maintain high standards for the level of discourse in their subsystem. Signed-off-by:
Christoph Hellwig <hch@lst.de> Acked-by:
Florian Westphal <fw@strlen.de> Acked-by:
Tim Bird <tim.bird@sony.com> Acked-by:
Trond Myklebust <trond.myklebust@hammerspace.com> Acked-by:
-
- 21 Oct, 2018 3 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linuxGreg Kroah-Hartman authored
Wolfram writes: "i2c for 4.19 Another driver bugfix and MAINTAINERS addition from I2C." * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: rcar: cleanup DMA for all kinds of failure MAINTAINERS: Add entry for Broadcom STB I2C controller
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netGreg Kroah-Hartman authored
David writes: "Networking: A few straggler bug fixes: 1) Fix indexing of multi-pass dumps of ipv6 addresses, from David Ahern. 2) Revert RCU locking change for bonding netpoll, causes worse problems than it solves. 3) pskb_trim_rcsum_slow() doesn't handle odd trim offsets, resulting in erroneous bad hw checksum triggers with CHECKSUM_COMPLETE devices. From Dimitris Michailidis. 4) a revert to some neighbour code changes that adjust notifications in a way that confuses some apps." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: Revert "neighbour: force neigh_invalidate when NUD_FAILED update is from admin" net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs net: fix pskb_trim_rcsum_slow() with odd trim offset Revert "bond: take rcu lock in netpoll_send_skb_on_dev" -
Roopa Prabhu authored
This reverts commit 8e326289. This patch results in unnecessary netlink notification when one tries to delete a neigh entry already in NUD_FAILED state. Found this with a buggy app that tries to delete a NUD_FAILED entry repeatedly. While the notification issue can be fixed with more checks, adding more complexity here seems unnecessary. Also, recent tests with other changes in the neighbour code have shown that the INCOMPLETE and PROBE checks are good enough for the original issue. Signed-off-by:
Roopa Prabhu <roopa@cumulusnetworks.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
- 20 Oct, 2018 7 commits
-
-
David Ahern authored
The loop wants to skip previously dumped addresses, so loops until current index >= saved index. If the message fills it wants to save the index for the next address to dump - ie., the one that did not fit in the current message. Currently, it is incrementing the index counter before comparing to the saved index, and then the saved index is off by 1 - it assumes the current address is going to fit in the message. Change the index handling to increment only after a succesful dump. Fixes: 502a2ffd ("ipv6: convert idev_list to list macros") Signed-off-by:
David Ahern <dsahern@gmail.com> Signed-off-by:
-
Wolfram Sang authored
DMA needs to be cleaned up not only on timeout, but on all errors where it has been setup before. Fixes: 73e8b052 ("i2c: rcar: add DMA support") Signed-off-by:
Wolfram Sang <wsa+renesas@sang-engineering.com> Signed-off-by:
Wolfram Sang <wsa@the-dreams.de>
-
Kamal Dasu authored
Add an entry for the Broadcom STB I2C controller in the MAINTAINERS file. Signed-off-by:
Kamal Dasu <kdasu.kdev@gmail.com> Acked-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipGreg Kroah-Hartman authored
Ingo writes: "x86 fixes: It's 4 misc fixes, 3 build warning fixes and 3 comment fixes. In hindsight I'd have left out the 3 comment fixes to make the pull request look less scary at such a late point in the cycle. :-/" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/swiotlb: Enable swiotlb for > 4GiG RAM on 32-bit kernels x86/fpu: Fix i486 + no387 boot crash by only saving FPU registers on context switch if there is an FPU x86/fpu: Remove second definition of fpu in __fpu__restore_sig() x86/entry/64: Further improve paranoid_entry comments x86/entry/32: Clear the CS high bits x86/boot: Add -Wno-pointer-sign to KBUILD_CFLAGS x86/time: Correct the attribute on jiffies' definition x86/entry: Add some paranoid entry/exit CR3 handling comments x86/percpu: Fix this_cpu_read() x86/tsc: Force inlining of cyc2ns bits
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipGreg Kroah-Hartman authored
Ingo writes: "scheduler fixes: Two fixes: a CFS-throttling bug fix, and an interactivity fix." * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/fair: Fix the min_vruntime update logic in dequeue_entity() sched/fair: Fix throttle_list starvation with low CFS quota
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipGreg Kroah-Hartman authored
Ingo writes: "perf fixes: Misc perf tooling fixes." * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf tools: Stop fallbacking to kallsyms for vdso symbols lookup perf tools: Pass build flags to traceevent build perf report: Don't crash on invalid inline debug information perf cpu_map: Align cpu map synthesized events properly. perf tools: Fix tracing_path_mount proper path perf tools: Fix use of alternatives to find JDIR perf evsel: Store ids for events with their own cpus perf_event__synthesize_event_update_cpus perf vendor events intel: Fix wrong filter_band* values for uncore events Revert "perf tools: Fix PMU term format max value calculation" tools headers uapi: Sync kvm.h copy tools arch uapi: Sync the x86 kvm.h copy
-
Dimitris Michailidis authored
We've been getting checksum errors involving small UDP packets, usually 59B packets with 1 extra non-zero padding byte. netdev_rx_csum_fault() has been complaining that HW is providing bad checksums. Turns out the problem is in pskb_trim_rcsum_slow(), introduced in commit 88078d98 ("net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends"). The source of the problem is that when the bytes we are trimming start at an odd address, as in the case of the 1 padding byte above, skb_checksum() returns a byte-swapped value. We cannot just combine this with skb->csum using csum_sub(). We need to use csum_block_sub() here that takes into account the parity of the start address and handles the swapping. Matches existing code in __skb_postpull_rcsum() and esp_remove_trailer(). Fixes: 88078d98 ("net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends") Signed-off-by:
Dimitris Michailidis <dmichail@google.com> Reviewed-by:
Eric Dumazet <edumazet@google.com> Signed-off-by:
-
