erify the consistent of e820 memory map
by md5 digest")
Reviewed-by: Eric Biggers
Tested-by: Dexuan Cui
Reviewed-by: Dexuan Cui
Signed-off-by: Chris von Recklinghausen
---
v1 -> v2
bump up RESTORE_MAGIC
v2 -> v3
move embelishment from cover letter to commit comments (no code
erify the consistent of e820 memory map
by md5 digest")
Signed-off-by: Chris von Recklinghausen
---
v1 -> v2
bump up RESTORE_MAGIC
v2 -> v3
move embelishment from cover letter to commit comments (no code change)
v3 -> v4
add note to comments that md5 isn't used for
erify the consistent of e820 memory map
by md5 digest")
Signed-off-by: Chris von Recklinghausen
---
v1 -> v2
bump up RESTORE_MAGIC
v2 -> v3
move embelishment from cover letter to commit comments (no code change)
v3 -> v4
add note to comments that md5 isn't used for
such
inadvertent deviations.
Fixes: 62a03defeabd ("PM / hibernate: Verify the consistent of e820 memory map
by md5 digest")
Signed-off-by: Chris von Recklinghausen
---
v1 -> v2
bump up RESTORE_MAGIC
v2 -> v3
move embelishment from cover letter to commit comments (no code
such
inadvertent deviations.
Signed-off-by: Chris von Recklinghausen
---
v1 -> v2
bump up RESTORE_MAGIC
v2 -> v3
move embelishment from cover letter to commit comments (no code change)
v3 -> v4
add note to comments that md5 isn't used for encryption here.
v4 -> v5
reword commen
On 4/12/21 3:27 PM, Ard Biesheuvel wrote:
On Mon, 12 Apr 2021 at 21:20, Eric Biggers wrote:
On Mon, Apr 12, 2021 at 03:04:58PM -0400, Chris von Recklinghausen wrote:
On 4/12/21 1:45 PM, Eric Biggers wrote:
On Mon, Apr 12, 2021 at 10:09:32AM -0400, Chris von Recklinghausen wrote:
Suspend
On 4/12/21 3:20 PM, Eric Biggers wrote:
On Mon, Apr 12, 2021 at 03:04:58PM -0400, Chris von Recklinghausen wrote:
On 4/12/21 1:45 PM, Eric Biggers wrote:
On Mon, Apr 12, 2021 at 10:09:32AM -0400, Chris von Recklinghausen wrote:
Suspend fails on a system in fips mode because md5 is used
On 4/12/21 1:45 PM, Eric Biggers wrote:
On Mon, Apr 12, 2021 at 10:09:32AM -0400, Chris von Recklinghausen wrote:
Suspend fails on a system in fips mode because md5 is used for the e820
integrity check and is not available. Use crc32 instead.
This patch changes the integrity check algorithm
check.
Fixes: 62a03defeabd ("PM / hibernate: Verify the consistent of e820 memory map
by md5 digest")
Signed-off-by: Chris von Recklinghausen
---
v1 -> v2
bump up RESTORE_MAGIC
v2 -> v3
move embelishment from cover letter to commit comments (no code change)
v3 -
On 4/9/21 12:56 PM, David Laight wrote:
From: Chris von Recklinghausen
Sent: 08 April 2021 11:46
Suspend fails on a system in fips mode because md5 is used for the e820
integrity check and is not available. Use crc32 instead.
Prior to this patch, MD5 is used only to create a digest to ensure
On 4/8/21 11:30 AM, Eric Biggers wrote:
On Thu, Apr 08, 2021 at 09:15:06AM -0400, Chris von Recklinghausen wrote:
Suspend fails on a system in fips mode because md5 is used for the e820
integrity check and is not available. Use crc32 instead.
This patch changes the integrity check algorithm
Dexuan Cui
Reviewed-by: Dexuan Cui
Signed-off-by: Chris von Recklinghausen
---
v1 -> v2
bump up RESTORE_MAGIC
v2 -> v3
move embelishment from cover letter to commit comments (no code change)
v3 -> v4
add note to comments that md5 isn't used for encryption here.
v4 -> v5
rew
Dexuan Cui
Reviewed-by: Dexuan Cui
Signed-off-by: Chris von Recklinghausen
---
v1 -> v2
bump up RESTORE_MAGIC
v2 -> v3
move embelishment from cover letter to commit comments (no code change)
v3 -> v4
add note to comments that md5 isn't used for encryption here.
arch/x86/pow
to use crc32 instead of md5 since crc32 is available in both FIPS and
non-FIPS modes.
Fixes: 62a03defeabd ("PM / hibernate: Verify the consistent of e820 memory map
by md5 digest")
Tested-by: Dexuan Cui
Reviewed-by: Dexuan Cui
Signed-off-by: Chris von Recklinghausen
---
v1 ->
On 4/1/21 9:38 AM, Rafael J. Wysocki wrote:
On Thu, Apr 1, 2021 at 10:47 AM Ard Biesheuvel wrote:
On Tue, 30 Mar 2021 at 21:56, Simo Sorce wrote:
On Tue, 2021-03-30 at 21:45 +0200, Ard Biesheuvel wrote:
On Tue, 30 Mar 2021 at 20:05, Simo Sorce wrote:
On Tue, 2021-03-30 at 16:46 +0200,
. This patch set changes the integrity check to use crc32
instead of md5 since crc32 is available in both FIPS and non-FIPS modes.
Chris von Recklinghausen (1):
use crc32 instead of md5 for hibernation e820 integrity check
arch/x86/power/hibernate.c | 35 +++
1 file
Suspend fails on a system in fips mode because md5 is used for the e820
integrity check and is not available. Use crc32 instead.
Fixes: 62a03defeabd ("PM / hibernate: Verify the consistent of e820 memory map
by md5 digest")
Signed-off-by: Chris von Recklinghausen
---
arch
. This patch set changes the integrity check to use crc32
instead of md5 since crc32 is available in both FIPS and non-FIPS modes.
Chris von Recklinghausen (1):
use crc32 instead of md5 for hibernation image integrity check
arch/x86/power/hibernate.c | 31 +--
1 file
Suspend fails on a system in fips mode because md5 is used for the e820
integrity check and is not available. Use crc32 instead.
Fixes: 62a03defeabd ("PM / hibernate: Verify the consistent of e820 memory map
by md5 digest")
Signed-off-by: Chris von Recklinghausen
---
arch
On 3/30/21 10:46 AM, Rafael J. Wysocki wrote:
On Tue, Mar 30, 2021 at 12:14 AM Dexuan Cui wrote:
Hi,
MD5 was marked incompliant with FIPS in 2009:
a3bef3a31a19 ("crypto: testmgr - Skip algs not flagged fips_allowed in fips
mode")
a1915d51e8e7 ("crypto: testmgr - Mark algs allowed in fips
bringing it to your attention. If there's anything I can do to
help to further analyze this or try out a fix, I'm happy to help.
Thanks,
Chris von Recklinghausen
Red Hat
On 10/21/2019 10:21 AM, David Howells wrote:
> Chris von Recklinghausen wrote:
>
>> The put_user call from keyring_read_iterator caused a page fault which
>> attempts to lock mm->mmap_sem and type->lock_class (key->sem) in the reverse
>> order that keyrin
before taking the read semaphore to
ensure that the page is present by the time keyring_read_iterator is called.
Suggested-by: Waiman Long
Signed-off-by: Chris von Recklinghausen
---
security/keys/keyctl.c | 10 --
security/keys/keyring.c | 7 +++
2 files changed, 11 insertions(+), 6 deletio
On 10/23/2018 05:34 PM, Igor Stoppa wrote:
> Prevent leaks of protected memory to userspace.
> The protection from overwrited from userspace is already available, once
> the memory is write protected.
>
> Signed-off-by: Igor Stoppa
> CC: Kees Cook
> CC: Chris von Reckli
On 10/23/2018 05:34 PM, Igor Stoppa wrote:
> Prevent leaks of protected memory to userspace.
> The protection from overwrited from userspace is already available, once
> the memory is write protected.
>
> Signed-off-by: Igor Stoppa
> CC: Kees Cook
> CC: Chris von Reckli
move check to __check_object_size so as to not break optimization of
__builtin_constant_p()
include linux/atomic.h before linux/jump_label.h
Signed-off-by: Chris von Recklinghausen
---
.../admin-guide/kernel-parameters.txt | 11
include/linux/jump_label.h
move check to __check_object_size so as to not break optimization of
__builtin_constant_p()
include linux/atomic.h before linux/jump_label.h
Signed-off-by: Chris von Recklinghausen
---
.../admin-guide/kernel-parameters.txt | 11
include/linux/jump_label.h
move check to __check_object_size so as to not break optimization of
__builtin_constant_p()
include linux/atomic.h before linux/jump_label.h
Signed-off-by: Chris von Recklinghausen
---
Documentation/admin-guide/kernel-parameters.txt | 11 ++
include/lin
move check to __check_object_size so as to not break optimization of
__builtin_constant_p()
include linux/atomic.h before linux/jump_label.h
Signed-off-by: Chris von Recklinghausen
---
Documentation/admin-guide/kernel-parameters.txt | 11 ++
include/lin
From: Chris von Recklinghausen
Enabling HARDENED_USERCOPY causes measurable regressions in
networking performance, up to 8% under UDP flood.
I'm running an a small packet UDP flood using pktgen vs. a host b2b
connected. On the receiver side the UDP packets are processed by a
simple user space
From: Chris von Recklinghausen
Enabling HARDENED_USERCOPY causes measurable regressions in
networking performance, up to 8% under UDP flood.
I'm running an a small packet UDP flood using pktgen vs. a host b2b
connected. On the receiver side the UDP packets are processed by a
simple user space
== true)
v1->v2:
remove CONFIG_HUC_DEFAULT_OFF
default is now enabled, boot param disables
move check to __check_object_size so as to not break optimization of
__builtin_constant_p()
include linux/atomic.h before linux/jump_label.h
Sign
== true)
v1->v2:
remove CONFIG_HUC_DEFAULT_OFF
default is now enabled, boot param disables
move check to __check_object_size so as to not break optimization of
__builtin_constant_p()
include linux/atomic.h before linux/jump_label.h
Sign
so as to not break optimization of
__builtin_constant_p()
include linux/atomic.h before linux/jump_label.h
Signed-off-by: Chris von Recklinghausen
---
.../admin-guide/kernel-parameters.txt | 11
include/linux/jump_label.h| 6 +
include/linux/thre
so as to not break optimization of
__builtin_constant_p()
include linux/atomic.h before linux/jump_label.h
Signed-off-by: Chris von Recklinghausen
---
.../admin-guide/kernel-parameters.txt | 11
include/linux/jump_label.h| 6 +
include/linux/thre
eck to __check_object_size so as to not break optimization of
__builtin_constant_p()
include linux/atomic.h before linux/jump_label.h
Signed-off-by: Chris von Recklinghausen
---
.../admin-guide/kernel-parameters.rst | 1 +
.../admin-guide/kernel-parameters.
eck to __check_object_size so as to not break optimization of
__builtin_constant_p()
include linux/atomic.h before linux/jump_label.h
Signed-off-by: Chris von Recklinghausen
---
.../admin-guide/kernel-parameters.rst | 1 +
.../admin-guide/kernel-parameters.
in with the default configuration and
enable the stricter check on a per-boot basis.
This change adds a config variable and a boot parameter to conditionally
enable HARDENED_USER_COPY at boot time, and switch HUC to off if
HUC_DEFAULT_OFF is set.
Signed-off-by: Chris von Recklinghausen
---
.../admin
in with the default configuration and
enable the stricter check on a per-boot basis.
This change adds a config variable and a boot parameter to conditionally
enable HARDENED_USER_COPY at boot time, and switch HUC to off if
HUC_DEFAULT_OFF is set.
Signed-off-by: Chris von Recklinghausen
---
.../admin
39 matches
Mail list logo
