| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 25 Jun 2023 18:54:15 -0700
From: Eric Biggers <ebiggers@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: fsverity@...ts.linux.dev, linux-fsdevel@...r.kernel.org,
linux-ext4@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net,
linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org,
Theodore Ts'o <tytso@....edu>,
Alexander Larsson <alexl@...hat.com>
Subject: [GIT PULL] fsverity updates for 6.5
The following changes since commit f1fcbaa18b28dec10281551dfe6ed3a3ed80e3d6:
Linux 6.4-rc2 (2023-05-14 12:51:40 -0700)
are available in the Git repository at:
https://git.kernel.org/pub/scm/fs/fsverity/linux.git tags/fsverity-for-linus
for you to fetch changes up to 672d6ef4c775cfcd2e00172e23df34e77e495e85:
fsverity: improve documentation for builtin signature support (2023-06-20 22:47:55 -0700)
----------------------------------------------------------------
Several updates for fs/verity/:
- Do all hashing with the shash API instead of with the ahash API. This
simplifies the code and reduces API overhead. It should also make
things slightly easier for XFS's upcoming support for fsverity. It
does drop fsverity's support for off-CPU hash accelerators, but that
support was incomplete and not known to be used.
- Update and export fsverity_get_digest() so that it's ready for
overlayfs's upcoming support for fsverity checking of lowerdata.
- Improve the documentation for builtin signature support.
- Fix a bug in the large folio support.
----------------------------------------------------------------
Eric Biggers (6):
fsverity: use shash API instead of ahash API
fsverity: constify fsverity_hash_alg
fsverity: don't use bio_first_page_all() in fsverity_verify_bio()
fsverity: simplify error handling in verify_data_block()
fsverity: rework fsverity_get_digest() again
fsverity: improve documentation for builtin signature support
Documentation/filesystems/fsverity.rst | 192 +++++++++++++++++++++------------
fs/verity/Kconfig | 16 +--
fs/verity/enable.c | 21 ++--
fs/verity/fsverity_private.h | 23 ++--
fs/verity/hash_algs.c | 139 +++++-------------------
fs/verity/measure.c | 37 +++++--
fs/verity/open.c | 12 +--
fs/verity/read_metadata.c | 4 +-
fs/verity/signature.c | 8 ++
fs/verity/verify.c | 164 +++++++++++-----------------
include/linux/fsverity.h | 14 ++-
security/integrity/ima/ima_api.c | 31 +++---
12 files changed, 299 insertions(+), 362 deletions(-)
Powered by blists - more mailing lists