Re: [Skiboot] [RFC PATCH] powerpc/powernv: report error messages from opal

On Fri, Jul 7, 2017 at 10:28 AM, Stewart Smith wrote: > Michael Ellerman writes: >> Stewart Smith writes: >>> Oliver O'Halloran writes: diff --git a/arch/powerpc/include/asm/opal-api.h

Re: [Skiboot] [RFC PATCH] powerpc/powernv: report error messages from opal

On Thu, Jul 6, 2017 at 8:20 PM, Michael Ellerman wrote: > Stewart Smith writes: >> Oliver O'Halloran writes: >>> diff --git a/arch/powerpc/include/asm/opal-api.h >>> b/arch/powerpc/include/asm/opal-api.h >>> index

Re: [Skiboot] [RFC PATCH] powerpc/powernv: report error messages from opal

Michael Ellerman writes: > Stewart Smith writes: >> Oliver O'Halloran writes: >>> diff --git a/arch/powerpc/include/asm/opal-api.h >>> b/arch/powerpc/include/asm/opal-api.h >>> index 0e2e57bcab50..cb9c0e6afb33 100644 >>> ---

[PATCH v3 7/7] ima: Support module-style appended signatures for appraisal

This patch introduces the modsig keyword to the IMA policy syntax to specify that a given hook should expect the file to have the IMA signature appended to it. Here is how it can be used in a rule: appraise func=KEXEC_KERNEL_CHECK appraise_type=modsig|imasig With this rule, IMA will accept

[PATCH v3 6/7] ima: Store measurement after appraisal

When module-style signatures appended at the end of files are supported for IMA appraisal, the code will fallback to the xattr signature if the appended one fails to verify. The problem is that we don't know whether we need to fallback to the xattr signature until the appraise step, and by then

[PATCH v3 5/7] integrity: Select CONFIG_KEYS instead of depending on it

This avoids a dependency cycle in CONFIG_IMA_APPRAISE_MODSIG (introduced by a later patch in this series): it will select CONFIG_MODULE_SIG_FORMAT which in turn selects CONFIG_KEYS. Kconfig then complains that CONFIG_INTEGRITY_SIGNATURE depends on CONFIG_KEYS. Signed-off-by: Thiago Jung Bauermann

[PATCH v3 4/7] integrity: Introduce integrity_keyring_from_id

IMA will need to obtain the keyring used to verify file signatures so that it can verify the module-style signature appended to files. Signed-off-by: Thiago Jung Bauermann --- security/integrity/digsig.c| 28 +++-

[PATCH v3 3/7] PKCS#7: Introduce verify_pkcs7_message_sig

Add function verify_pkcs7_message_signature which takes a struct pkcs7_message for verification isntead of the raw bytes that verify_pkcs7_signature takes. This will be used by IMA to verify files with module-style appended signatures. Signed-off-by: Thiago Jung Bauermann

[PATCH v3 2/7] MODSIGN: Export module signature definitions.

IMA will use the module_signature format for append signatures, so export the relevant definitions and factor out the code which verifies that the appended signature trailer is valid. Also, create a CONFIG_MODULE_SIG_FORMAT option so that IMA can select it and be able to use

[PATCH v3 1/7] integrity: Introduce struct evm_hmac_xattr

Even though struct evm_ima_xattr_data includes a fixed-size array to hold a SHA1 digest, most of the code ignores the array and uses the struct to mean "type indicator followed by data of unspecified size" and tracks the real size of what the struct represents in a separate length variable. The

[PATCH v3 0/7] Appended signatures support for IMA appraisal

Hello, The main change in this version is that the process of first trying to verify a modsig and then trying an xattr sig if the former fails is now done in ima_appraise_measurement instead of process_measurement. As a result, the changes needed in the latter are small. This is possible because

Re: [PATCH 4/4] powerpc: machine check interrupt is a non-maskable interrupt

Hi Nicholas, [auto build test ERROR on powerpc/next] [also build test ERROR on v4.12 next-20170706] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Nicholas-Piggin/machine-check-handling

Re: [PATCH 1/4] powerpc/powernv: handle the platform error reboot in ppc_md.restart

On Wed, 5 Jul 2017 14:04:19 +1000 Nicholas Piggin wrote: > Unrecovered MCE and HMI errors are sent through a special restart > OPAL call to log the platform error. The downside is that they don't > go through normal crash paths, so they don't give much information > to the

Re: [PATCH 5/5] powernv:idle: Disable LOSE_FULL_CONTEXT states when stop-api fails.

On Wed, 5 Jul 2017 22:08:16 +0530 "Gautham R. Shenoy" wrote: > From: "Gautham R. Shenoy" > > Currently, we use the opal call opal_slw_set_reg() to inform the that > the Sleep-Winkle Engine (SLW) to restore the contents of some of the >

Re: [PATCH 4/5] powernv:idle: Move initialization of sibling pacas to pnv_alloc_idle_core_states

On Wed, 5 Jul 2017 22:08:15 +0530 "Gautham R. Shenoy" wrote: > From: "Gautham R. Shenoy" > > On POWER9 DD1, in order to get around a hardware issue, we store in > every CPU thread's paca the paca pointers of all its siblings. > > Move this

Re: [PATCH 3/5] powernv:idle: Define idle init function for power8

On Wed, 5 Jul 2017 22:08:14 +0530 "Gautham R. Shenoy" wrote: > From: "Gautham R. Shenoy" > > In this patch we define a new function named pnv_power8_idle_init(). > > We move the following code from pnv_init_idle_states() into this newly >

Re: [PATCH 2/5] powernv:idle: Change return type of pnv_probe_idle_states to int

On Wed, 5 Jul 2017 22:08:13 +0530 "Gautham R. Shenoy" wrote: > From: "Gautham R. Shenoy" > > In the current idle initialization code, if there are failures in > pnv_probe_idle_states, then no platform idle state is > enabled. However, since

Re: [PATCH 1/5] powernv:idle: Move device-tree parsing to one place.

On Wed, 5 Jul 2017 22:08:12 +0530 "Gautham R. Shenoy" wrote: > From: "Gautham R. Shenoy" > > The details of the platform idle state are exposed by the firmware to > the kernel via device tree. > > In the current code, we parse the device tree

Re: [PATCH v12 03/10] powerpc/powernv: Detect supported IMC units and its events

Hi Maddy/Anju, Comments inline ... Anju T Sudhakar writes: > From: Madhavan Srinivasan > > Parse device tree to detect IMC units. Traverse through each IMC unit > node to find supported events and corresponding unit/scale files (if any). > >

Re: [PATCH] cxl: Fix is_page_fault() for POWER9

Christophe Lombard writes: > This patches removes this restriction and all page faults, whatever the > reason, will be handled. In this case, the interruption is always > acknowledged. This can also be done with adding call to cxl_ack_ae(ctx) at the end of

[PATCH] powerpc/powernv: Fix local TLB flush for boot and MCE on POWER9

There are two cases outside the normal address space management where a CPU's local TLB is to be flushed: 1. Host boot; in case something has left stale entries in the TLB (e.g., kexec). 2. Machine check; to clean corrupted TLB entries. CPU state restore from deep idle states also

Re: [Skiboot] [RFC PATCH] powerpc/powernv: report error messages from opal

Stewart Smith writes: > Oliver O'Halloran writes: >> diff --git a/arch/powerpc/include/asm/opal-api.h >> b/arch/powerpc/include/asm/opal-api.h >> index 0e2e57bcab50..cb9c0e6afb33 100644 >> --- a/arch/powerpc/include/asm/opal-api.h >> +++

[PATCH] powerpc/asm: Mark cr0 as clobbered in mftb()

The workaround for the CELL timebase bug does not correctly mark cr0 as being clobbered. This can result in GCC making some poor^W completely broken optimisations. Signed-off-by: Oliver O'Halloran --- arch/powerpc/include/asm/reg.h | 2 +- 1 file changed, 1 insertion(+), 1