Using get_random_u32 here is faster, more fitting of the use case, and
just as cryptographically secure. It also has the benefit of providing
better randomness at early boot, which is when many of these structures
are assigned.
Signed-off-by: Jason A. Donenfeld
Cc: David Miller
---
net/core
Using get_random_u32 here is faster, more fitting of the use case, and
just as cryptographically secure. It also has the benefit of providing
better randomness at early boot, which is sometimes when this is used.
Signed-off-by: Jason A. Donenfeld
Cc: Steve French
---
fs/cifs/cifsfs.c | 2 +-
1
://www.openwall.com/lists/kernel-hardening/2017/06/02/2
Changes v4->v5:
- Old versions of gcc warned on an uninitialized variable, so set
this to silence warning.
Jason A. Donenfeld (13):
random: invalidate batched entropy after crng init
random: add synchronous API for the urandom pool
ran
leak during an error
condition.
Signed-off-by: Jason A. Donenfeld
Cc: "Nicholas A. Bellinger"
Cc: Lee Duncan
Cc: Chris Leech
---
drivers/target/iscsi/iscsi_target_auth.c | 14 +++---
drivers/target/iscsi/iscsi_target_login.c | 22 ++
2 files changed,
This is much faster and just as secure. It also has the added benefit of
probably returning better randomness at early-boot on systems with
architectural RNGs.
Signed-off-by: Jason A. Donenfeld
Cc: Thomas Graf
Cc: Herbert Xu
---
lib/rhashtable.c | 2 +-
1 file changed, 1 insertion(+), 1
ng an
atomic_t in this way before, even if in practice it works fine.
Signed-off-by: Jason A. Donenfeld
Cc: David Miller
---
net/ipv4/route.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 6883b3d4ba8f..32a3332ec9cf 100644
--- a/net
DEBUG_KERNEL`. This will ensure that the
curious see the messages while others don't have to.
Signed-off-by: Jason A. Donenfeld
---
drivers/char/random.c | 15 +--
lib/Kconfig.debug | 16
2 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/driver
rly on in the function whether the RNG
initialization has been interrupted, rather than later, so we call
wait_for_random_bytes() at the top, so that later on the call to
get_random_bytes() is acceptable.
Signed-off-by: Jason A. Donenfeld
Cc: Marcel Holtmann
Cc: Gustavo Padovan
Cc: Joh
o the top. With the patch series from
January, this patch, and then the ones that come after, I think there's
a relevant amount of code in here to add my name to the top.)
Signed-off-by: Jason A. Donenfeld
Cc: Greg Kroah-Hartman
---
drivers/char/random.c | 37 +++
://www.openwall.com/lists/kernel-hardening/2017/06/02/2
Changes v4->v5:
- Old versions of gcc warned on an uninitialized variable, so set
this to silence warning.
Jason A. Donenfeld (13):
random: invalidate batched entropy after crng init
random: add synchronous API for the urandom pool
ran
Strange, not all compilers do this warning. Fixing with:
diff --git a/drivers/char/random.c b/drivers/char/random.c
index 12758db..5252690 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -2061,8 +2061,8 @@ static DEFINE_PER_CPU(struct batched_entropy,
batched_entropy_u64);
u64 ge
Hi Ted,
Could I get your Signed-off-by on this patchset, so that somebody can
add it to their tree?
Thanks,
Jason
Signed-off-by: Jason A. Donenfeld
Cc: David Howells
Cc: Eric Biggers
Cc: Herbert Xu
Cc: Kirill Marinushkin
Cc: secur...@kernel.org
Cc: sta...@vger.kernel.org
---
Changes v2->v3:
- Do AEAD operations on heap rather than stack.
- Various cleanups.
security/keys/Kconfig | 4 +-
secur
Signed-off-by: Jason A. Donenfeld
Cc: David Howells
Cc: Eric Biggers
Cc: Herbert Xu
Cc: Kirill Marinushkin
Cc: secur...@kernel.org
---
Changes v1->v2:
- The code has now been tested, and it works.
- Style fixups.
- Memory zeroring.
- Use mutex to prevent key reuse race condition.
On Tue, Jun 6, 2017 at 10:58 PM, Eric Biggers wrote:
> No need to select CRYPTO_AEAD; it's already selected by CRYPTO_GCM.
Ack.
>
> Actually I just noticed another bug, which I suppose you might as well fix
> too.
> Because different big_keys may be added or read concurrently, and each is
> enc
On Tue, Jun 6, 2017 at 8:45 PM, David Howells wrote:
> Jason A. Donenfeld wrote:
>
>> Thank you! Perfect instructions, I'll play around with this and make
>> sure it works.
>
> Don't forget that it's bimodal. You need to give it sufficient data to
> tri
On Tue, Jun 6, 2017 at 7:57 PM, Stephan Müller wrote:
> Finally, I am very surprised that I get hardly any answers on patches to
> random.c let alone that any changes to random.c will be applied at all.
FWIW, this is my biggest concern too. You seem willing to work on this
difficult problem. I'm
ble
- Operation ordering on batched entropy invalidation
- Separate out big_key into its own patch to the keys mailing list
- General cleanups
Jason A. Donenfeld (13):
random: invalidate batched entropy after crng init
random: add synchronous API for the urandom pool
random: add get_random_{by
This enables users of get_random_{bytes,u32,u64,int,long} to wait until
the pool is ready before using this function, in case they actually want
to have reliable randomness.
Signed-off-by: Jason A. Donenfeld
---
drivers/char/random.c | 41 +++--
include
These functions are simple convenience wrappers that call
wait_for_random_bytes before calling the respective get_random_*
function.
Signed-off-by: Jason A. Donenfeld
---
include/linux/net.h| 2 ++
include/linux/once.h | 2 ++
include/linux/random.h | 25 +
3
Otherwise, we might be seeding the RNG using bad randomness, which is
dangerous. The one use of this function from within the kernel -- not
from userspace -- is being removed (keys/big_key), so that call site
isn't relevant in assessing this.
Cc: Herbert Xu
Signed-off-by: Jason A. Done
Sorry, meant to cross-post the below to these other two mailing lists.
On Tue, Jun 6, 2017 at 7:39 PM, Jason A. Donenfeld wrote:
> This started out as just replacing the use of crypto/rng with
> get_random_bytes, so that we wouldn't use bad randomness at boot time.
> But, upon l
Using get_random_u32 here is faster, more fitting of the use case, and
just as cryptographically secure. It also has the benefit of providing
better randomness at early boot, which is sometimes when this is used.
Signed-off-by: Jason A. Donenfeld
Cc: Steve French
---
fs/cifs/cifsfs.c | 2 +-
1
This is much faster and just as secure. It also has the added benefit of
probably returning better randomness at early-boot on systems with
architectural RNGs.
Signed-off-by: Jason A. Donenfeld
Cc: Thomas Graf
Cc: Herbert Xu
---
lib/rhashtable.c | 2 +-
1 file changed, 1 insertion(+), 1
Using get_random_u32 here is faster, more fitting of the use case, and
just as cryptographically secure. It also has the benefit of providing
better randomness at early boot, which is when many of these structures
are assigned.
Signed-off-by: Jason A. Donenfeld
Cc: David Miller
---
net/core
ls to get_random_bytes are necessarily acceptable.
Signed-off-by: Jason A. Donenfeld
Cc: Ilya Dryomov
Cc: "Yan, Zheng"
Cc: Sage Weil
---
net/ceph/ceph_common.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c
ind
DEBUG_KERNEL`. This will ensure that the
curious see the messages while others don't have to.
Signed-off-by: Jason A. Donenfeld
---
drivers/char/random.c | 15 +--
lib/Kconfig.debug | 16
2 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/driver
rly on in the function whether the RNG
initialization has been interrupted, rather than later, so we call
wait_for_random_bytes() at the top, so that later on the call to
get_random_bytes() is acceptable.
Signed-off-by: Jason A. Donenfeld
Cc: Marcel Holtmann
Cc: Gustavo Padovan
Cc: Joh
ng an
atomic_t in this way before, even if in practice it works fine.
Signed-off-by: Jason A. Donenfeld
Cc: David Miller
---
net/ipv4/route.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 655d9eebe43e..11e001a42094 100644
--- a/net
leak during an error
condition.
Signed-off-by: Jason A. Donenfeld
Cc: "Nicholas A. Bellinger"
Cc: Lee Duncan
Cc: Chris Leech
---
drivers/target/iscsi/iscsi_target_auth.c | 14 +++---
drivers/target/iscsi/iscsi_target_login.c | 22 ++
2 files changed,
to using a blocking function in key serial allocation, because this will
block booting in some configurations, so here we use the more
appropriate get_random_u32, which will use RDRAND if available.
Signed-off-by: Jason A. Donenfeld
Cc: David Howells
Cc: Mimi Zohar
Cc: David Safford
---
sec
o the top. With the patch series from
January, this patch, and then the ones that come after, I think there's
a relevant amount of code in here to add my name to the top.)
Signed-off-by: Jason A. Donenfeld
Cc: Greg Kroah-Hartman
---
drivers/char/random.c | 37 +++
On Tue, Jun 6, 2017 at 7:26 PM, Eric Biggers wrote:
> I agree that the use of ECB mode in big_key is broken, and thanks for trying
> to
> fix it! I think using GCM is good, but please leave a very conspicuous
> comment
> where the nonce is being set to 0, noting that it's safe only because a un
On Tue, Jun 6, 2017 at 7:03 PM, Theodore Ts'o wrote:
> So it's not clear what you mean by Stephan's work.
I just meant that there's a guy out there who seems really motivated
to work on this stuff in detail, but hasn't seen too much love, AFAIK.
I'm sure there's an interesting technical discussio
Hey again Eric,
One thing led to another and I wound up just rewriting all the crypto
in big_keys.c. I'll include this for v4:
https://git.zx2c4.com/linux-dev/commit/?h=jd/rng-blocker&id=886ff283b9808aecb14aa8e397da8496a9635aed
Not only was the use of crypto/rng inappropriate, but the decision t
Hi Eric,
On Tue, Jun 6, 2017 at 6:44 AM, Eric Biggers wrote:
> I don't think big_key even needs randomness at init time. The 'big_key_rng'
> could just be removed and big_key_gen_enckey() changed to call
> get_random_bytes(). (Or get_random_bytes_wait(), I guess; it's only reachable
> via the k
On Tue, Jun 6, 2017 at 9:45 AM, Greg Kroah-Hartman
wrote:
> If it's needed no matter what, can you make it the first patch in the
> series? And does it need to go to any older kernels as well?
I believe it does belong in older kernels too. I'll work out precisely
which one those are and note it
On Tue, Jun 6, 2017 at 12:08 PM, David Howells wrote:
> Jason A. Donenfeld wrote:
>
>> + key->serial = get_random_u32() >> 1;
>
> If this may sleep, it must be interruptible.
That won't sleep. I could have made it get_random_u32_wait(), but we
On Tue, Jun 6, 2017 at 7:11 AM, Jeffrey Walton wrote:
> On Mon, Jun 5, 2017 at 8:50 PM, Jason A. Donenfeld wrote:
>> These functions are simple convenience wrappers that call
>> wait_for_random_bytes before calling the respective get_random_*
>> function.
>
> It m
Hey Ted,
On Tue, Jun 6, 2017 at 5:00 AM, Theodore Ts'o wrote:
> Note that crypto_rng_reset() is called by big_key_init() in
> security/keys/big_key.c as a late_initcall(). So if we are on a
> system where the crng doesn't get initialized until during the system
> boot scripts, and big_key is com
leak during an error
condition.
Signed-off-by: Jason A. Donenfeld
Cc: "Nicholas A. Bellinger"
Cc: Lee Duncan
Cc: Chris Leech
---
drivers/target/iscsi/iscsi_target_auth.c | 14 +++---
drivers/target/iscsi/iscsi_target_login.c | 22 ++
2 files changed,
rly on in the function whether the RNG
initialization has been interrupted, rather than later, so we call
wait_for_random_bytes() at the top, so that later on the call to
get_random_bytes() is acceptable.
Signed-off-by: Jason A. Donenfeld
Cc: Marcel Holtmann
Cc: Gustavo Padovan
Cc: Joh
ng an
atomic_t in this way before, even if in practice it works fine.
Signed-off-by: Jason A. Donenfeld
Cc: David Miller
---
net/ipv4/route.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 655d9eebe43e..11e001a42094 100644
--- a/net
This is much faster and just as secure. It also has the added benefit of
probably returning better randomness at early-boot on systems with
architectural RNGs.
Signed-off-by: Jason A. Donenfeld
Cc: Thomas Graf
Cc: Herbert Xu
---
lib/rhashtable.c | 2 +-
1 file changed, 1 insertion(+), 1
Using get_random_u32 here is faster, more fitting of the use case, and
just as cryptographically secure. It also has the benefit of providing
better randomness at early boot, which is when many of these structures
are assigned.
Signed-off-by: Jason A. Donenfeld
Cc: David Miller
---
net/core
Otherwise, we might be seeding the RNG using bad randomness, which is
dangerous.
Cc: Herbert Xu
Signed-off-by: Jason A. Donenfeld
---
crypto/rng.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/crypto/rng.c b/crypto/rng.c
index f46dac5288b9..e042437e64b4 100644
--- a
Using get_random_u32 here is faster, more fitting of the use case, and
just as cryptographically secure. It also has the benefit of providing
better randomness at early boot, which is sometimes when this is used.
Signed-off-by: Jason A. Donenfeld
Cc: Steve French
---
fs/cifs/cifsfs.c | 2 +-
1
ion counter, we
introduce a simple rwlock for this invalidation. Since it's only during
this awkward transition period, after things are all set up, we stop
using it, so that it doesn't have an impact on performance.
Signed-off-by: Jason A. Donenfeld
---
d
DEBUG_KERNEL`. This will ensure that the
curious see the messages while others don't have to.
Signed-off-by: Jason A. Donenfeld
---
drivers/char/random.c | 15 +--
lib/Kconfig.debug | 16
2 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/driver
These functions are simple convenience wrappers that call
wait_for_random_bytes before calling the respective get_random_*
function.
Signed-off-by: Jason A. Donenfeld
---
include/linux/net.h| 2 ++
include/linux/once.h | 2 ++
include/linux/random.h | 25 +
3
ls to get_random_bytes are necessarily acceptable.
Signed-off-by: Jason A. Donenfeld
Cc: Ilya Dryomov
Cc: "Yan, Zheng"
Cc: Sage Weil
---
net/ceph/ceph_common.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c
ind
to using a blocking function in key serial allocation, because this will
block booting in some configurations, so here we use the more
appropriate get_random_u32, which will use RDRAND if available.
Signed-off-by: Jason A. Donenfeld
Cc: David Howells
Cc: Mimi Zohar
Cc: David Safford
---
sec
dom_{u32,u64}, so this series makes those
changes in a few places. It's useful here, since on some architectures
that delivers better early randomness.
Jason A. Donenfeld (13):
random: add synchronous API for the urandom pool
random: add get_random_{bytes,u32,u64,int,long,once
This enables users of get_random_{bytes,u32,u64,int,long} to wait until
the pool is ready before using this function, in case they actually want
to have reliable randomness.
Signed-off-by: Jason A. Donenfeld
---
drivers/char/random.c | 41 +++--
include
As this RFC series matures, all the changes are in this branch here, to look at:
https://git.zx2c4.com/linux-dev/log/?h=jd/rng-blocker
Ted -- there's one, in particular, that should probably be picked up
regardless of the rest, and that's "random: invalidate batched entropy
after crng init". Hope
On Mon, Jun 5, 2017 at 5:47 AM, Jason A. Donenfeld wrote:
> - get_random_bytes(&key->serial, sizeof(key->serial));
> + ret = get_random_bytes_wait(&key->serial,
> sizeof(key->serial));
This actually isn't okay at bootup, but I&
These functions are simple convenience wrappers that call
wait_for_random_bytes before calling the respective get_random_*
function.
Signed-off-by: Jason A. Donenfeld
---
include/linux/net.h| 2 ++
include/linux/once.h | 2 ++
include/linux/random.h | 25 +
3
Otherwise, we might use bad random numbers which, particularly in the
case of IV generation, could be quite bad. It makes sense to use the
synchronous API here, because we're always in process context (as the
code is littered with GFP_KERNEL and the like).
Signed-off-by: Jason A. Donenfel
ls to get_random_bytes are necessarily acceptable.
Signed-off-by: Jason A. Donenfeld
Cc: Ilya Dryomov
Cc: "Yan, Zheng"
Cc: Sage Weil
---
net/ceph/ceph_common.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c
ind
leak during an error
condition.
Signed-off-by: Jason A. Donenfeld
Cc: "Nicholas A. Bellinger"
Cc: Lee Duncan
Cc: Chris Leech
---
drivers/target/iscsi/iscsi_target_auth.c | 14 +++---
drivers/target/iscsi/iscsi_target_login.c | 22 ++
2 files changed,
ve it on by default, so that we learn where these issues happen,
in the field, will still allowing some people to turn it off, if they
really know what they're doing and do not want the log entries.
Signed-off-by: Jason A. Donenfeld
---
drivers/char/random.c | 3 +--
lib/Kconfig.debu
Otherwise, we might be seeding the RNG using bad randomness, which is
dangerous.
Cc: Herbert Xu
Signed-off-by: Jason A. Donenfeld
---
crypto/rng.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/crypto/rng.c b/crypto/rng.c
index f46dac5288b9..e042437e64b4 100644
--- a
rly on in the function whether the RNG
initialization has been interrupted, rather than later, so we call
wait_for_random_bytes() at the top, so that later on the call to
get_random_bytes() is acceptable.
Signed-off-by: Jason A. Donenfeld
Cc: Marcel Holtmann
Cc: Gustavo Padovan
Cc: Joh
ble and non-interruptable
waiting and also timeouts, we just support the case that people
will actually use: ordinary interruptable waiting. This simplifies
the API a bit.
- This patch set now has a few examples of where it might be useful.
Jason A. Donenfeld (8):
random: add synchron
This enables users of get_random_{bytes,u32,u64,int,long} to wait until
the pool is ready before using this function, in case they actually want
to have reliable randomness.
Signed-off-by: Jason A. Donenfeld
---
drivers/char/random.c | 41 +++--
include
rted the recent MIPS
changes that give it a separate IRQ stack, so that I could experience
some worst-case situations. I found that limiting it to 24 layers deep
yielded a good stack usage with room for safety, as well as being much
deeper than any driver actually ever creates.
Signed-off-by: Ja
Signed-off-by: Jason A. Donenfeld
Cc: Steffen Klassert
Cc: Herbert Xu
Cc: "David S. Miller"
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 20 +---
net/ipv6/ah6.c | 8 ++--
net/ipv6/esp6.c | 20 +---
4 files changed, 38 insertions(+), 18
Signed-off-by: Jason A. Donenfeld
Acked-by: David Howells
---
net/rxrpc/rxkad.c | 19 ++-
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 1bb9b2ccc267..29fe20ad04aa 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
Signed-off-by: Jason A. Donenfeld
Cc: Sabrina Dubroca
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 91642fd87cd1..b79513b8322f 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net
Signed-off-by: Jason A. Donenfeld
Reviewed-by: Sergei Shtylyov
Cc: "Michael S. Tsirkin"
Cc: Jason Wang
---
drivers/net/virtio_net.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index 3e9246cc49c3..57
is too small; and
2) When the passed in skbuff is too deeply nested.
So, the first patch in this series handles the issues with
skb_to_sgvec directly, and the remaining ones then handle the call
sites.
Jason A. Donenfeld (5):
skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
i
On Sat, Jun 3, 2017 at 7:04 AM, Theodore Ts'o wrote:
> has been pretty terrible?
> This kind of "my shit doesn't stink, but yours does", is not
> The reason why I keep harping on this is because I'm concerned about
> an absolutist attitude towards technical design, where the good is the
Moving pa
These functions are simple convience wrappers that call
wait_for_random_bytes before calling the respective get_random_*
function.
Signed-off-by: Jason A. Donenfeld
---
include/linux/random.h | 30 ++
1 file changed, 30 insertions(+)
diff --git a/include/linux
ve it on by default, so that we learn where these issues happen,
in the field, will still allowing some people to turn it off, if they
really know what they're doing and do not want the log entries.
Signed-off-by: Jason A. Donenfeld
---
drivers/char/random.c | 3 +--
lib/Kconfig.debu
27;ll move forward with polish and with integrating
it into a fix for a few currently buggy get_random_bytes use cases.
Jason A. Donenfeld (3):
random: add synchronous API for the urandom pool
random: add get_random_{bytes,u32,u64,int,long}_wait family
random: warn when kernel uses unseeded
This enables users of get_random_{bytes,u32,u64,int,long} to wait until
the pool is ready before using this function, in case they actually want
to have reliable randomness.
Signed-off-by: Jason A. Donenfeld
---
drivers/char/random.c | 46 --
include
Hi Ted,
Based on the tone of your last email, before I respond to your
individual points, I think it's worth noting that the intent of this
thread is to get a sampling of opinions of the issue of
get_random_bytes, so that I can write a patch that fixes this issue
(or a series of issues) using some
On Fri, Jun 2, 2017 at 7:41 PM, Daniel Micay wrote:
> One of the early uses is initializing the stack canary value for SSP in
> very early boot. If that blocks, it's going to be blocking nearly
> anything else from happening.
>
> On x86, that's only the initial canary since the per-task canaries e
On Fri, Jun 2, 2017 at 7:26 PM, Theodore Ts'o wrote:
> I tried making /dev/urandom block.
> So if you're a security focused individual who is kvetching
> And if we're breaking
Yes yes, bla bla, predictable response. I don't care. Your API is
still broken. Excuses excuses. Yes, somebody needs to d
Further investigations: if the whack-a-mole approach is desirable,
perhaps many of those get_random_bytes calls should be converted to
get_blocking_random_bytes. In that case, this commit, which removed
this helpful API, should be reverted:
commit c2719503f5e1e6213d716bb078bdad01e28ebcbf
Author: H
(Meanwhile...)
In my own code, I'm currently playing with a workaround that looks like this:
--- a/src/main.c
+++ b/src/main.c
+#include
+#include
+struct rng_initializer {
+ struct completion done;
+ struct random_ready_callback cb;
+};
+static void rng_initialized_callback(struc
Hi folks,
This email is about an issue with get_random_bytes(), the CSPRNG used
inside the kernel for generating keys and nonces and whatnot. However,
I will begin with an aside:
/dev/urandom will return bad randomness before its seeded, rather than
blocking, and despite years and years of discus
On Wed, May 24, 2017 at 6:41 PM, Sergei Shtylyov
>I've only looked on the last 2 patches. You can add my:
>
> Reviewed-by: Sergei Shtylyov
>
> if you want. :-)
Will do. For the series, or just for 5/5?
I'm shocked this somehow made it into the commit. I wonder how that happened?
Anyway, fixed in my git repo, and will be part of the next series.
(Unless DaveM wants to fix it up trivially when/if he merges this v9,
which would be faster.)
Barring that, does this look good to you? Could I have you
Hi List,
Could somebody do a holistic review of the series, or at least on
individual commits that seem fine, and sign off on it, so that this
can actually be merged? We're now at v9. I hope we can get this merged
now, but if not, I'd like for v10 to finally land these changes.
Regards,
Jason
Signed-off-by: Jason A. Donenfeld
Cc: Steffen Klassert
Cc: Herbert Xu
Cc: "David S. Miller"
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 20 +---
net/ipv6/ah6.c | 8 ++--
net/ipv6/esp6.c | 20 +---
4 files changed, 38 insertions(+), 18
Signed-off-by: Jason A. Donenfeld
Cc: David Howells
---
net/rxrpc/rxkad.c | 19 ++-
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 1bb9b2ccc267..29fe20ad04aa 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
Signed-off-by: Jason A. Donenfeld
Cc: "Michael S. Tsirkin"
Cc: Jason Wang
---
drivers/net/virtio_net.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index 9320d96a1632..13fbe4b349c2 100644
--- a/d
pc, thanks to feedback from Dave Howells.
Jason A. Donenfeld (5):
skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
ipsec: check return value of skb_to_sgvec always
rxrpc: check return value of skb_to_sgvec always
macsec: check return value of skb_to_sgvec always
virtio_net:
Signed-off-by: Jason A. Donenfeld
Cc: Sabrina Dubroca
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index cdc347be68f2..dfcb1e9d2ab2 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net
rted the recent MIPS
changes that give it a separate IRQ stack, so that I could experience
some worst-case situations. I found that limiting it to 24 layers deep
yielded a good stack usage with room for safety, as well as being much
deeper than any driver actually ever creates.
Signed-off-by: Ja
On Mon, May 15, 2017 at 3:11 PM, David Howells wrote:
> skb_to_sgvec() can return -EMSGSIZE in some circumstances. You shouldn't
> return -ENOMEM here in such a case.
Noted. I'll fix this up for the next round.
On Mon, May 15, 2017 at 3:12 PM, David Howells wrote:
> Is there a reason you moved skb_to_sgvec() in the file rather than just moving
> the comment to it (since you moved the comment anyway)?
1) Because it's easier to understand skb_to_sgvec_nomark as a variant
of skb_to_sgvec, so I'd rather skb
On Thu, May 11, 2017 at 6:22 PM, Florian Fainelli wrote:
> What you are looking for can be done using ipset-dns from Jason:
>
> https://git.zx2c4.com/ipset-dns/about/
Funny to see this project coming up. I actually ported this
functionality into dnsmasq directly a few weeks after writing
ipset-dn
Signed-off-by: Jason A. Donenfeld
Cc: "Michael S. Tsirkin"
Cc: Jason Wang
---
drivers/net/virtio_net.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index 9320d96a1632..13fbe4b349c2 100644
--- a/d
rted the recent MIPS
changes that give it a separate IRQ stack, so that I could experience
some worst-case situations. I found that limiting it to 24 layers deep
yielded a good stack usage with room for safety, as well as being much
deeper than any driver actually ever creates.
Signed-off-by: Ja
Signed-off-by: Jason A. Donenfeld
Cc: David Howells
---
net/rxrpc/rxkad.c | 13 ++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/net/rxrpc/rxkad.c b/net/rxrpc/rxkad.c
index 1bb9b2ccc267..ecab9334e3c1 100644
--- a/net/rxrpc/rxkad.c
+++ b/net/rxrpc/rxkad.c
@@ -227,7
Signed-off-by: Jason A. Donenfeld
Cc: Sabrina Dubroca
---
drivers/net/macsec.c | 13 +++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index cdc347be68f2..dfcb1e9d2ab2 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net
Signed-off-by: Jason A. Donenfeld
Cc: Steffen Klassert
Cc: Herbert Xu
Cc: "David S. Miller"
---
net/ipv4/ah4.c | 8 ++--
net/ipv4/esp4.c | 20 +---
net/ipv6/ah6.c | 8 ++--
net/ipv6/esp6.c | 20 +---
4 files changed, 38 insertions(+), 18
ck annotation.
- Rebased against latest upstream ipsec changes.
Jason A. Donenfeld (5):
skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
ipsec: check return value of skb_to_sgvec always
rxrpc: check return value of skb_to_sgvec always
macsec: check return value of skb_to_sgvec always
401 - 500 of 938 matches
Mail list logo