PKCS#7 validation requires access to the serial number and the raw names in an
X.509 certificate.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/x509.asn1 |2 +-
crypto/asymmetric_keys/x509_cert_parser.c | 17 +
crypto/asymmetric_keys
to
these.
Whilst we're at it, export both x509_check_signature() and the new
x509_get_sig_params().
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/x509_cert_parser.c | 30 ++
crypto/asymmetric_keys/x509_parser.h | 14 +++--
crypto/asymmetric_keys
Digest the data in a PKCS#7 signed-data message and attach to the
public_key_signature struct contained in the pkcs7_message struct.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/Makefile |3 +
crypto/asymmetric_keys/pkcs7_verify.c | 130
Find the appropriate key in the PKCS#7 key list and verify the signature with
it. There may be several keys in there forming a chain. Any link in that
chain or the root of that chain may be in our keyrings.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys
Provide some PE binary structural and constant definitions as taken from the
pesign package sources.
Signed-off-by: David Howells dhowe...@redhat.com
---
include/linux/pe.h | 448
1 file changed, 448 insertions(+)
create mode 100644 include
The certificate data block in a PE binary has a wrapper around the PKCS#7
signature we actually want to get at. Strip this off and check that we've got
something that appears to be a PKCS#7 signature.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/pefile_parser.c
Store public key algo ID in public_key struct for reference purposes. This
allows it to be removed from the x509_certificate struct and used to find a
default in public_key_verify_signature().
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/x509_cert_parser.c |5
also.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/public_key.c | 38 --
crypto/asymmetric_keys/public_key.h |6 +
crypto/asymmetric_keys/x509_public_key.c |2 +-
3 files changed, 37 insertions(+), 9 deletions
Parse a PE binary to find a key and a signature contained therein. Later
patches will check the signature and add the key if the signature checks out.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/Kconfig | 10 ++
crypto/asymmetric_keys/Makefile
Parse the content of the certificate blob, presuming it to be PKCS#7 format.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/pefile_parser.c | 18 +-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/crypto/asymmetric_keys
Implement a parser for a PKCS#7 signed-data message as described in part of
RFC 2315.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/Kconfig|9 +
crypto/asymmetric_keys/Makefile | 13 +
crypto/asymmetric_keys/pkcs7.asn1 | 127
Verify certificate chain in the X.509 certificates contained within the PKCS#7
message as far as possible. If any signature that we should be able to verify
fails, we reject the whole lot.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/pkcs7_verify.c | 67
Find the intersection between the X.509 certificate chain contained in a PKCS#7
message and a set of keys that we already know and trust.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/Makefile|1
crypto/asymmetric_keys/pefile_parser.c |6 +
crypto
.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/pefile_parser.c | 11 ++-
crypto/asymmetric_keys/x509_parser.h |3 +++
crypto/asymmetric_keys/x509_public_key.c |2 +-
3 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/crypto
.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/pefile_parser.c |2 +-
crypto/asymmetric_keys/pkcs7_parser.h |3 ++-
crypto/asymmetric_keys/pkcs7_trust.c |6 +-
include/linux/key-type.h |1 +
include/linux/key.h
The PKCS#7 certificate should contain a Microsoft individual code signing
data blob as its signed content. This blob contains a digest of the signed
content of the PE binary and the OID of the digest algorithm used (typically
SHA256).
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto
Digest the signed parts of the PE binary, canonicalising the section table
before we need it, and then compare the the resulting digest to the one in the
PKCS#7 signed content.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/pefile_parser.c | 198
Export certificate parse and free functions for use by modules.
Signed-off-by: David Howells dhowe...@redhat.com
---
crypto/asymmetric_keys/x509_cert_parser.c |3 +++
1 file changed, 3 insertions(+)
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c
b/crypto/asymmetric_keys
Store public key algorithm ID in public_key_signature struct for reference
purposes. This allows a public_key_signature struct to be embedded in
struct x509_certificate and struct pkcs7_message more easily.
Signed-off-by: David Howells dhowe...@redhat.com
---
include/crypto/public_key.h |1
/x86_64-redhat-linux/4.7.2 -lgcc
pekey.o: pekey.c Makefile
$(CC) $(CPPFLAGS) $(CFLAGS) -c $ -o $@
David
---
David Howells (23):
KEYS: Add a 'trusted' flag and a 'trusted only' flag
PEFILE: Load the contained key if we consider the container to be validly
signed
Kees Cook keesc...@chromium.org wrote:
This multiplication can push the cursor out of bounds. (n_data_dirents
is unverified).
...
Both of these cases of n_sections multiplications can wrap.
Ultimately, you can end up with cursor close to zero, but n_sections
being giant.
Good points. I
Kees Cook keesc...@chromium.org wrote:
+ memcpy(wrapper, prep-data + ctx-sig_offset, 8);
Instead of the literal 8, sizeof(wrapper)?
Reasonable. It was originally an array of bytes until I found out that it had
structure. Even so, I should probably have used sizeof() then.
+
Kees Cook keesc...@chromium.org wrote:
Which means this loop will walk past the end of the memory (loop is
bounded by n_sections, so secs[loop] can go past datalen). While
data_addr and raw_data_size will stay bounded, the read of sec-name
can be out of bounds.
Assuming n_sections is
Ingo Molnar mi...@kernel.org wrote:
Just wanted to inquire about the current status of it, as I'd
rather not pull anything that introduces breakages and is still
work in progress. Once it's all sorted out I'll have a look.
Should I pull the x86 disintegration and perf fixes onto a tree
)
FRV fixes for 3.7
Al Viro (2):
frv: switch to saner kernel_execve() semantics
frv: fix the broken preempt
David Howells (5):
FRV: Add missing linux/export.h #inclusions
FRV: Don't
)
(from the branch description for modsign-post-KS local branch)
post Kernel-Summit module signing
David Howells (26):
KEYS: Add payload preparsing opportunity prior to key instantiate or
update
David Howells dhowe...@redhat.com wrote:
Note, this implementation of the X.509 certificate parser uses a couple of
patterns to drive a reusable ASN.1 decoder. I do, however, have a direct
in-line decoder implementation also that can only decode X.509 certs. The
stack space usage is greater
The X.509 certificate has a pair of times in it that delineate the valid
period of the cert, and I'm checking that the system clock is within the
bounds they define before permitting you to use the cert. I've been setting
the expiry date to be 100 years in the future - by which time hopefully I
Alan Cox a...@lxorguk.ukuu.org.uk wrote:
Generate a certificate that is valid from a few minutes before the
wallclock time. It's a certificate policy question not a kernel hackery
one.
That doesn't seem to be possible with openssl req. What would you recommend?
David
--
To unsubscribe from
Kasatkin, Dmitry dmitry.kasat...@intel.com wrote:
Just one question about key description...
request_asymmetric_key uses format for key description: signer: key-id.
Preparsing code creates description from those values.
I see that key id is not 8 bytes anymore but full hash size of 20 bytes.
Tomas Mraz tm...@redhat.com wrote:
You can use openssl ca that allows to set arbitrary start date to
generate selfsigned certs as well (-selfsign option).
That seems to require some stuff I don't have installed:
warthogopenssl ca -in signing_key.priv -extensions v3_ca -out newcert.pem
Using
How about the attached? I knew perl had to be good for something...
David
---
#!/usr/bin/perl -w
#
# Generate an X.509 certificate from a public key.
#
# Format:
#
# gen-x509-cert private-key \
# [C=country] [O=org] [CN=cn] [Email=email] \
# [--from=secs-before-now]
Rusty Russell ru...@rustcorp.com.au wrote:
We do a very simple search for a particular string appended to the module
(which is cache-hot and about to be SHA'd anyway). There's both a config
option and a boot parameter which control whether we accept (and taint) or
fail with unsigned modules.
)
(from the branch description for modsign-post-KS local branch)
post Kernel-Summit module signing
David Howells (24):
KEYS: Add payload preparsing opportunity prior to key instantiate or
update
MPILIB: Provide
of simplifying the logic.
(2) Break apart some cpp conditionals that got added with the arm64 arch that
are of the form:
defined(__KERNEL__) defined(X)
Splitting these into two separate nested conditionals makes scripting
easier.
David
---
David Howells (2):
UAPI: Split
Split compound conditionals containing __KERNEL__ in Arm64 where possible to
make it easier for the UAPI disintegration scripts to handle them.
Signed-off-by: David Howells dhowe...@redhat.com
Acked-by: Catalin Marinas catalin.mari...@arm.com
---
arch/arm64/include/asm/hwcap.h |4
(__SYSCALL)
include/asm-generic/unistd.h:#if !defined(_ASM_GENERIC_UNISTD_H) ||
defined(__SYSCALL)
On the assumption that the guards' ineffectiveness has passed unnoticed, just
remove these guards entirely.
Signed-off-by: David Howells dhowe...@redhat.com
Acked-by: Arnd Bergmann a...@arndb.de
Linus Torvalds torva...@linux-foundation.org wrote:
Ok, as usual I actually wanted to do the merge myself despite the
annoying conflicts (this *really* is the last time I will ever accept
any header file cleanups - they simply aren't worth the pain).
There was a reason I asked you to pull the
David Howells dhowe...@redhat.com wrote:
Linus Torvalds torva...@linux-foundation.org wrote:
Ok, as usual I actually wanted to do the merge myself despite the
annoying conflicts (this *really* is the last time I will ever accept
any header file cleanups - they simply aren't worth
Geert Uytterhoeven ge...@linux-m68k.org wrote:
include/linux/libfdt.h | 4 +-
So what happened here?
-#include ../../scripts/dtc/libfdt/fdt.h
-#include ../../scripts/dtc/libfdt/libfdt.h
+#include
+#include
I didn't expect 'system' header files to be
-headers.git
disintegrate-asm-generic
for you to fetch changes up to 8a1ab3155c2ac7fbe5f2038d6e26efeb607a1498:
UAPI: (Scripted) Disintegrate include/asm-generic (2012-10-04 18:20:15 +0100)
David Howells (5):
UAPI: Fix
-headers.git disintegrate-arm64
for you to fetch changes up to ae4f6c65798014d5d7a88d03e58faba53c0a92e1:
UAPI: (Scripted) Disintegrate arch/arm64/include/asm (2012-10-04 18:20:24
+0100)
David Howells (6):
UAPI: Fix the guards
-headers.git disintegrate-hexagon
for you to fetch changes up to 0ee1d088b96a538a1c2572078283452ef39634fc:
UAPI: (Scripted) Disintegrate arch/hexagon/include/asm (2012-10-04 18:20:45
+0100)
David Howells (6):
UAPI: Fix the guards
-headers.git
disintegrate-microblaze
for you to fetch changes up to 7ca55698c6fdfabad768cd10f1a8a73bf2c705b6:
UAPI: (Scripted) Disintegrate arch/microblaze/include/asm (2012-10-04
18:21:00 +0100)
David Howells (6):
UAPI: Fix
-headers.git disintegrate-parisc
for you to fetch changes up to 36141239e2e08d847531d4d81d5e82c10835f2d5:
UAPI: (Scripted) Disintegrate arch/parisc/include/asm (2012-10-04 18:21:12
+0100)
David Howells (6):
UAPI: Fix the guards
-headers.git disintegrate-h8300
for you to fetch changes up to fba22e60df0124dfb2b5b434dfb70876a6dbec8a:
UAPI: (Scripted) Disintegrate arch/h8300/include/asm (2012-10-04 18:20:42
+0100)
David Howells (6):
UAPI: Fix the guards
-headers.git disintegrate-m32r
for you to fetch changes up to d82734fb090c049b7e8d20fd513b48a25184e476:
UAPI: (Scripted) Disintegrate arch/m32r/include/asm (2012-10-04 18:20:52
+0100)
David Howells (6):
UAPI: Fix the guards
-headers.git disintegrate-openrisc
for you to fetch changes up to 8c66ec929c6979b49006c1d56148609380612d34:
UAPI: (Scripted) Disintegrate arch/openrisc/include/asm (2012-10-04 18:21:09
+0100)
David Howells (6):
UAPI: Fix
-headers.git disintegrate-sparc
for you to fetch changes up to d4ae6a1549e06de45a1c8a4fb596a2874f5f83e5:
UAPI: (Scripted) Disintegrate arch/sparc/include/asm (2012-10-04 18:21:32
+0100)
David Howells (6):
UAPI: Fix the guards
-headers.git disintegrate-xtensa
for you to fetch changes up to 3d47e44c3c53cb397e38a459171348d9b501a66e:
UAPI: (Scripted) Disintegrate arch/xtensa/include/asm (2012-10-04 18:21:48
+0100)
David Howells (6):
UAPI: Fix the guards
-headers.git disintegrate-x86
for you to fetch changes up to c64630429a9d37a248c6b06a738fad838f2f5e37:
UAPI: (Scripted) Disintegrate arch/x86/include/asm (2012-10-04 18:21:45 +0100)
David Howells (6):
UAPI: Fix the guards on various
-headers.git disintegrate-tile
for you to fetch changes up to 103dc5f6e03fde83c912e779656b1276c661c3a7:
UAPI: (Scripted) Disintegrate arch/tile/include/asm (2012-10-04 18:21:37
+0100)
David Howells (7):
UAPI: Fix the guards
-headers.git disintegrate-sh
for you to fetch changes up to c7d4fbbc3985e65500dc73c241284a19e968fc04:
UAPI: (Scripted) Disintegrate arch/sh/include/asm (2012-10-04 18:21:28 +0100)
David Howells (6):
UAPI: Fix the guards on various asm
-headers.git disintegrate-powerpc
for you to fetch changes up to d4b1059feb6486ae0800e936b9dd5fd4e05b9d0c:
UAPI: (Scripted) Disintegrate arch/powerpc/include/asm (2012-10-04 18:21:17
+0100)
David Howells (6):
UAPI: Fix the guards
-headers.git disintegrate-mips
for you to fetch changes up to 49c611211de4006faefba4ea9a4219ed97f71707:
UAPI: (Scripted) Disintegrate arch/mips/include/asm (2012-10-04 18:21:03
+0100)
David Howells (6):
UAPI: Fix the guards
-headers.git
disintegrate-unicore32
for you to fetch changes up to 865a0cb9fdb8a38eea9aa5d8c9ebb9ce2c49d6ba:
UAPI: (Scripted) Disintegrate arch/unicore32/include/asm (2012-10-04 18:21:39
+0100)
David Howells (6):
UAPI: Fix
-headers.git disintegrate-alpha
for you to fetch changes up to d83954c803730c2eed1a099dbd2fcf053cdd4b07:
UAPI: (Scripted) Disintegrate arch/alpha/include/asm (2012-10-04 18:20:19
+0100)
David Howells (6):
UAPI: Fix the guards
-headers.git disintegrate-c6x
for you to fetch changes up to aba4895a9a323c89d70cd219356414cf93371348:
UAPI: (Scripted) Disintegrate arch/c6x/include/asm (2012-10-04 18:20:30 +0100)
David Howells (6):
UAPI: Fix the guards on various
-headers.git disintegrate-arm
for you to fetch changes up to 4d192d7a0633e8eb4952996dc12af3832968e43a:
UAPI: (Scripted) Disintegrate arch/arm/include/asm (2012-10-04 18:20:22 +0100)
David Howells (6):
UAPI: Fix the guards on various
-headers.git disintegrate-score
for you to fetch changes up to 4120c854c24a10e928db23d65395c4c6dac168b6:
UAPI: (Scripted) Disintegrate arch/score/include/asm (2012-10-04 18:21:25
+0100)
David Howells (6):
UAPI: Fix the guards
-headers.git disintegrate-m68k
for you to fetch changes up to b039235da939b28c539b3e1b4566107a9bdbdef8:
UAPI: (Scripted) Disintegrate arch/m68k/include/asm (2012-10-04 18:20:56
+0100)
David Howells (6):
UAPI: Fix the guards
-headers.git disintegrate-blackfin
for you to fetch changes up to d65fee76eb053476a6eddd870d067469874c1ddf:
UAPI: (Scripted) Disintegrate arch/blackfin/include/asm (2012-10-04 18:20:29
+0100)
David Howells (6):
UAPI: Fix
-headers.git disintegrate-cris
for you to fetch changes up to 4816d1b7a51526bc4722731d5516c295a9c72a1c:
UAPI: (Scripted) Disintegrate arch/cris/include/asm (2012-10-04 18:20:35
+0100)
David Howells (8):
UAPI: Fix the guards
-headers.git disintegrate-avr32
for you to fetch changes up to b1118be90af0ea0a847d38416304d9596f9ea0f0:
UAPI: (Scripted) Disintegrate arch/avr32/include/asm (2012-10-04 18:20:27
+0100)
David Howells (6):
UAPI: Fix the guards
-headers.git disintegrate-ia64
for you to fetch changes up to f68301fee71510300140990c4e7a2769801fbd70:
UAPI: (Scripted) Disintegrate arch/ia64/include/asm (2012-10-04 18:20:49
+0100)
David Howells (6):
UAPI: Fix the guards
-headers.git disintegrate-s390
for you to fetch changes up to e06141872cc97d8b8cafc1d02d325f7e0f752ce4:
UAPI: (Scripted) Disintegrate arch/s390/include/asm (2012-10-04 18:21:21
+0100)
David Howells (6):
UAPI: Fix the guards
David Miller da...@davemloft.net wrote:
When I pull the sparc branch, I get c6x and arm64 commits too.
37d11ab8b478ccb7aa227003ca2e5ac4c11d
1c1e436269fe840cdbecfaf397b21778dd276f26
I don't want that going in via the sparc tree, it really
doesn't belong there.
They're at the base of
)
(from the branch description for uapi-prep local branch)
clone of master
David Howells (4):
UAPI: Fix the guards on various asm/unistd.h files
UAPI: Split compound
Geert Uytterhoeven ge...@linux-m68k.org wrote:
I assume these c6x and asm-generic changes are the ones you just asked Linus
to pull?
Yes.
Doesn't it make more sense to ask us (the individual arch maintainers) to
pull our parts after Linus has pulled the generic part?
I suppose so.
Do you
H. Peter Anvin h...@zytor.com wrote:
That branch does have generic patches which are not yet in upstream. I
presume that is intentional.
Yeah. It works better if the generic patches are there first. I thought that
as long as everyone pulls the same disintegrate-asm-generic branch at the
header file.
Signed-off-by: David Howells dhowe...@redhat.com
---
The following changes since commit 612a9aab56a93533e76e3ad91642db7033e03b69:
Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux
(2012-10-03 23:29:23 -0700)
are available in the git repository at:
git
Jonas Bonn jo...@southpole.se wrote:
I gave this a try and it all looks good for OpenRISC. I'll be happy, in
principle, to push this for 3.7... but it's a bit disconcerting that
there's a bunch of stuff here that shouldn't be going via the OpenRISC
tree. Any chance you could give a heads-up
applied (2012-11-05
21:16:51 +)
perf fixes 2012-11-05
David Howells (5):
x86: Export asm/{svm.h,vmx.h,perf_regs.h}
UAPI: Export and disintegrate linux
David Howells dhowe...@redhat.com wrote:
I've posted a revised version of my perf patches to my UAPI disintegration GIT
tree.
Hmmm... It seems to break some things according to Fengguang's kbuild test
robot.
David
--
To unsubscribe from this list: send the line unsubscribe linux-kernel
David Howells dhowe...@redhat.com wrote:
David Howells dhowe...@redhat.com wrote:
I've posted a revised version of my perf patches to my UAPI disintegration
GIT tree.
Hmmm... It seems to break some things according to Fengguang's kbuild test
robot.
Okay. I've fixed that. Revised
Takashi Iwai ti...@suse.de wrote:
this is a patch series to add the support for firmware signature
check. At this time, the kernel checks extra signature file (*.sig)
for each firmware, instead of embedded signature.
It's just a quick hack using the existing module signing mechanism,
thus
David Howells dhowe...@redhat.com wrote:
Takashi Iwai ti...@suse.de wrote:
this is a patch series to add the support for firmware signature
check. At this time, the kernel checks extra signature file (*.sig)
for each firmware, instead of embedded signature.
It's just a quick hack
Namhyung Kim namhy...@kernel.org wrote:
I've tested your branch and it seems that it conflicts with Jiri's
latest perf test patchset which merged into Arnaldo's perf/core branch.
Simple fix will be adding '-Iutil -I.' right after '-I$(OUTPUT)util' in
BASIC_CFLAGS.
Should I be developing my
Vineet Gupta vineet.gup...@synopsys.com wrote:
I'm planning to submit ARC Linux kernel port (from Synopsys) for review
on lkml and arch mailing lists. I already have a a 3.7-rc3 based kernel
(modulo the arch UAPI split). What would be the best way to get the UAPI
split done.
Do you want the
David Howells (6):
x86: Export asm/{svm.h,vmx.h,perf_regs.h}
UAPI: Merge pre-disintegration bits for x86
UAPI: Export and disintegrate linux/hw_breakpoint.h
tools: Define a Makefile function to do subdir processing
tools: Honour the O
Vineet Gupta vineet.gup...@synopsys.com wrote:
git://github.com/organizations/foss-for-synopsys-dwc-arc-processors/linux.git
That seems to be wrong. I think you mean:
git://github.com/foss-for-synopsys-dwc-arc-processors/linux.git
David
--
To unsubscribe from this list: send the line
Vineet Gupta vineet.gup...@synopsys.com wrote:
I'm planning to submit ARC Linux kernel port (from Synopsys) for review
on lkml and arch mailing lists. I already have a a 3.7-rc3 based kernel
(modulo the arch UAPI split). What would be the best way to get the UAPI
split done.
Can you point
Rusty Russell ru...@rustcorp.com.au wrote:
(Side note: I hope people realize that the random key is generated
with a 100-year lifespan. So if you build a kernel today, you do
potentially have a year-2112 problem. I'm not horribly worried, but
I *am* a bit worried about 32-bit time_t
Stephen Rothwell s...@canb.auug.org.au wrote:
So, this still generates the keys during the normal build, right? That
would be a problem for build servers that have limited randomness
available to them, I think.
openssl uses /dev/urandom (unlike gpg), so that's less of a problem.
David
--
To
Ingo Molnar mi...@kernel.org wrote:
What we want in .c files are not ../.. inclusions but the
'seemless' linux/abc.h inclusions. Which is the overwhelming
majority, gladly. Do we want to make that the 100% majority?
I think this is going to be necessary for when x86 gets merged. x86's
and vector code to userspace
suggests that at least the first two should be - though since it didn't modify
Kbuild, this was not effective.
I haven't tried building perf for other arches at this time.
David
---
David Howells (5):
x86: UAPI Disintegrate asm/perf_regs.h
x86: Disintegrate
Define a Makefile function that can be called with $(call ...) to wrap the
subdir make invocations in tools/Makefile.
This will allow us in the next patch to insert bits in there to honour O=
flags when called from the top-level Makefile.
Signed-off-by: David Howells dhowe...@redhat.com
.
Signed-off-by: David Howells dhowe...@redhat.com
---
Makefile |6 --
tools/scripts/Makefile.include | 12 +---
2 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/Makefile b/Makefile
index 366d0ab..e93ac4d 100644
--- a/Makefile
+++ b/Makefile
) The __KERNEL__ guards are erased.
After this, perf no longer needs the -Iarch/foo/include flag and can just
manage with the uapi -I flags.
If these actually want posting to userspace, then they will need a headers-y
line adding to the uapi Kbuild file.
Signed-off-by: David Howells dhowe...@redhat.com
-by: David Howells dhowe...@redhat.com
---
arch/x86/include/asm/perf_regs.h| 33 ---
arch/x86/include/uapi/asm/perf_regs.h | 33 +++
tools/perf/arch/x86/include/perf_regs.h |2 +-
3 files changed, 34 insertions(+), 34 deletions
not for x86. I wonder if the bits outside of the __KERNEL__ guards
*should* be transferred there.
I note also that perf seems to do its dependency handling manually by listing
all the header files it might want to use in LIB_H in the Makefile. Can this
be changed to use -MD?
Signed-off-by: David
Turn sign-file into perl and merge in x509keyid. The latter doesn't need to be
a separate script as it doesn't actually need to work out the SHA1 sum of the
X.509 certificate itself, since it can get that from the X.509 certificate.
Signed-off-by: David Howells dhowe...@redhat.com
---
Makefile
The module build process no longer creates intermediate files for module
signing, so remove them from .gitignore.
Signed-off-by: David Howells dhowe...@redhat.com
---
.gitignore |6 --
1 file changed, 6 deletions(-)
diff --git a/.gitignore b/.gitignore
index 0f2f40f..92bd0e4 100644
David Howells dhowe...@redhat.com wrote:
-mod_sign_cmd = sh $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY)
$(srctree)/scripts/x509keyid
+mod_sign_cmd = sh $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY)
Hmmm... That's not quite right. That needs to be 'perl' not 'sh'.
David
Turn sign-file into perl and merge in x509keyid. The latter doesn't need to be
a separate script as it doesn't actually need to work out the SHA1 sum of the
X.509 certificate itself, since it can get that from the X.509 certificate.
Signed-off-by: David Howells dhowe...@redhat.com
---
Makefile
The module build process no longer creates intermediate files for module
signing, so remove them from .gitignore.
Signed-off-by: David Howells dhowe...@redhat.com
---
.gitignore |6 --
1 file changed, 6 deletions(-)
diff --git a/.gitignore b/.gitignore
index 0f2f40f..92bd0e4 100644
David Howells dhowe...@redhat.com wrote:
+ printk(Check for sig\n);
+
...
+ printk(Found sig\n);
...
+#define DEBUG
And I also forgot to remove the debugging. Sigh.
David
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body
Turn sign-file into perl and merge in x509keyid. The latter doesn't need to be
a separate script as it doesn't actually need to work out the SHA1 sum of the
X.509 certificate itself, since it can get that from the X.509 certificate.
Signed-off-by: David Howells dhowe...@redhat.com
---
Makefile
The module build process no longer creates intermediate files for module
signing, so remove them from .gitignore.
Signed-off-by: David Howells dhowe...@redhat.com
---
.gitignore |6 --
1 file changed, 6 deletions(-)
diff --git a/.gitignore b/.gitignore
index 0f2f40f..92bd0e4 100644
-off-by: David Howells dhowe...@redhat.com
---
kernel/module-internal.h |3 +--
kernel/module.c | 26 +-
kernel/module_signing.c | 24 +++-
scripts/sign-file|6 +++---
4 files changed, 28 insertions(+), 31 deletions(-)
diff
501 - 600 of 13793 matches
Mail list logo
