The supplied script takes a signed module file and extracts the tailmost
signature (there could theoretically be more than one) and dumps all or
part of it or the unsigned file to stdout.
Call as:
scripts/extract-module-sig.pl -[0adnks] module-file >out
where the initial flag indicates which bit of the signed file you want dumping
to stdout:
(*) "-0". Dumps the unsigned data with the signature stripped.
(*) "-a". Dumps all of the signature data, including the magic number.
(*) "-d". Dumps the signature information block as a sequence of decimal
numbers in text form with spaces between (crypto algorithm type,
hash type, identifier type, signer's name length, key identifier
length and signature length).
(*) "-n". Dumps the signer's name contents.
(*) "-k". Dumps the key identifier contents.
(*) "-s". Dumps the cryptographic signature contents.
In the case that the signature is a PKCS#7 (or CMS) message, -n and -k will
print a warning to stderr and dump nothing to stdout, but will otherwise
complete okay; the entire PKCS#7/CMS message will be dumped by "-s"; and "-d"
will show "0 0 2 0 0 <pkcs#7-msg-len>".
Signed-off-by: David Howells <dhowells@redhat.com>
The supplied script takes a vmlinux file - and if necessary a System.map
file - locates the system certificates list and extracts it to the named
file.
Call as:
./scripts/extract-sys-certs vmlinux certs
if vmlinux contains symbols and:
./scripts/extract-sys-certs -s System.map vmlinux certs
if it does not.
It prints something like the following to stdout:
Have 27 sections
No symbols in vmlinux, trying System.map
Have 80088 symbols
Have 1346 bytes of certs at VMA 0xffffffff8201c540
Certificate list in section .init.data
Certificate list at file offset 0x141c540
If vmlinux contains symbols then that is used rather than System.map - even
if one is given.
Signed-off-by: David Howells <dhowells@redhat.com>
The sign-file.c program actually uses CMS rather than PKCS#7 to sign a file
since that allows the target X.509 certificate to be specified by
subjectKeyId rather than by issuer + serialNumber.
However, older versions of the OpenSSL crypto library (such as may be found
in CentOS 5.11) don't support CMS. Assume everything prior to
OpenSSL-1.0.0 doesn't support CMS and switch to using PKCS#7 in that case.
Further, the pre-1.0.0 OpenSSL only supports PKCS#7 signing with SHA1, so
give an error from the sign-file script if the caller requests anything
other than SHA1.
The compiler gives the following error with an OpenSSL crypto library
that's too old:
HOSTCC scripts/sign-file
scripts/sign-file.c:23:25: fatal error: openssl/cms.h: No such file or directory
#include <openssl/cms.h>
Reported-by: Vinson Lee <vlee@twopensource.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: David Woodhouse <David.Woodhouse@intel.com>
Remove headers #included unnecessarily from extract-cert.c lest they cause
compilation of the tool to fail against an older OpenSSL library.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: David Woodhouse <David.Woodhouse@intel.com>
The GPL does not permit us to link against the OpenSSL library. Use
LGPL for sign-file and extract-file instead.
[ The whole "openssl isn't compatible with gpl" is really just
fear-mongering, but there's no reason not to make modsign LGPL, so
nobody cares. - Linus ]
Reported-by: Julian Andres Klode <jak@jak-linux.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Julian Andres Klode <jak@jak-linux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix the following warning when compiling extract-cert:
scripts/extract-cert.c: In function `write_cert':
scripts/extract-cert.c:89:2: warning: format not a string literal and no format arguments [-Wformat-security]
ERR(!i2d_X509_bio(wb, x509), cert_dst);
^
whereby the ERR() macro is taking cert_dst as the format string. "%s"
should be used as the format string as the path could contain special
characters.
Signed-off-by: David Howells <dhowells@redhat.com>
Reported-by: Jim Davis <jim.epost@gmail.com>
Acked-by : David Woodhouse <david.woodhouse@intel.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
"CONST <comparison> variable" checks like:
if (NULL != foo)
and
while (0 < bar(...))
where a constant (or what appears to be a constant like an upper case
identifier) is on the left of a comparison are generally preferred to be
written using the constant on the right side like:
if (foo != NULL)
and
while (bar(...) > 0)
Add a test for this.
Add a --fix option too, but only do it when the code is immediately
surrounded by parentheses to avoid misfixing things like "(0 < bar() +
constant)"
Signed-off-by: Joe Perches <joe@perches.com>
Cc: Nicolas Morey Chaisemartin <nmorey@kalray.eu>
Cc: Viresh Kumar <viresh.kumar@linaro.org>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
commit 61031952f4 ("arch, x86: pmem api for ensuring durability of
persistent memory updates") added a new __pmem annotation for sparse
verification. Add __pmem to the $Sparse variable so checkpatch can
appropriately ignore uses of this attribute too.
Signed-off-by: Joe Perches <joe@perches.com>
Reviewed-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Acked-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Using checkpatch.pl with Perl 5.22.0 generates the following warning:
Unescaped left brace in regex is deprecated, passed through in regex;
This patch fixes the warnings by escaping occurrences of the left brace
inside the regular expression.
Signed-off-by: Eddie Kovsky <ewk@edkovsky.org>
Cc: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fixes: and Link: lines may exceed 75 chars in the commit log.
So too can stack dump and dmesg lines and lines that seem
like filenames.
And Fixes: lines don't need to have a "commit" prefix before the
commit id.
Add exceptions for these types of lines.
Signed-off-by: Joe Perches <joe@perches.com>
Reported-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Using 0x%d is wrong. Emit a message when it happens.
Miscellanea:
Improve the %Lu warning to match formats like %16Lu.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Some of the block comment tests that are used only for networking are
appropriate for all patches.
For example, these styles are not encouraged:
/*
block comment without introductory *
*/
and
/*
* block comment with line terminating */
Remove the networking specific test and add comments.
There are some infrequent false positives where code is lazily
commented out using /* and */ rather than using #if 0/#endif blocks
like:
/* case foo:
case bar: */
case baz:
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Sergey Senozhatsky has modified several destroy functions that can
now be called with NULL values.
- kmem_cache_destroy()
- mempool_destroy()
- dma_pool_destroy()
Update checkpatch to warn when those functions are preceded by an if.
Update checkpatch to --fix all the calls too only when the code style
form is using leading tabs.
from:
if (foo)
<func>(foo);
to:
<func>(foo);
Signed-off-by: Joe Perches <joe@perches.com>
Tested-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Some really long declaration macros exist.
For instance;
DEFINE_DMA_BUF_EXPORT_INFO(exp_info);
and
DECLARE_DM_KCOPYD_THROTTLE_WITH_MODULE_PARM(name, description)
Increase the limit from 2 words to 6 after DECLARE/DEFINE uses.
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Many lines exist like
if (foo)
bar;
where the tabbed indentation of the branch is not one more than the "if"
line above it.
checkpatch should emit a warning on those lines.
Miscellenea:
o Remove comments from branch blocks
o Skip blank lines in block
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Using BUG/BUG_ON crashes the kernel and is just unfriendly.
Enable code that emits a warning on BUG/BUG_ON use.
Make the code emit the message at WARNING level when scanning a patch and
at CHECK level when scanning files so that script users don't feel an
obligation to fix code that might be above their pay grade.
Signed-off-by: Joe Perches <joe@perches.com>
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Tested-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Merge second patch-bomb from Andrew Morton:
"Almost all of the rest of MM. There was an unusually large amount of
MM material this time"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>: (141 commits)
zpool: remove no-op module init/exit
mm: zbud: constify the zbud_ops
mm: zpool: constify the zpool_ops
mm: swap: zswap: maybe_preload & refactoring
zram: unify error reporting
zsmalloc: remove null check from destroy_handle_cache()
zsmalloc: do not take class lock in zs_shrinker_count()
zsmalloc: use class->pages_per_zspage
zsmalloc: consider ZS_ALMOST_FULL as migrate source
zsmalloc: partial page ordering within a fullness_list
zsmalloc: use shrinker to trigger auto-compaction
zsmalloc: account the number of compacted pages
zsmalloc/zram: introduce zs_pool_stats api
zsmalloc: cosmetic compaction code adjustments
zsmalloc: introduce zs_can_compact() function
zsmalloc: always keep per-class stats
zsmalloc: drop unused variable `nr_to_migrate'
mm/memblock.c: fix comment in __next_mem_range()
mm/page_alloc.c: fix type information of memoryless node
memory-hotplug: fix comments in zone_spanned_pages_in_node() and zone_spanned_pages_in_node()
...
Pull misc kbuild updates from Michal Marek:
- deb-pkg:
+ module signing fix
+ dtb files are added to the package
+ do not require `hostname -f` to work during build
+ make deb-pkg generates a source package, bindeb-pkg has been
added to only generate the binary package
- rpm-pkg packages /lib/modules as well
- new coccinelle patch and updates to existing ones
- new stackusage & stackdelta script to collect and compare stack usage
info (using gcc's -fstack-usage)
- make tags understands trace_*_rcuidle() macros
- .gitignore updates, misc cleanups
* 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: (27 commits)
deb-pkg: add source package
package/Makefile: move source tar creation to a function
scripts: add stackdelta script
kbuild: remove *.su files generated by -fstack-usage
.gitignore: add *.su pattern
scripts: add stackusage script
kbuild: avoid listing /lib/modules in kernel spec file
fallback to hostname in scripts/package/builddeb
coccinelle: api: extend spatch for dropping unnecessary owner
deb-pkg: simplify directory creation
scripts/tags.sh: Include trace_*_rcuidle() in tags
scripts/package/Makefile: rpmbuild is needed for rpm targets
Kbuild: Add ID files to .gitignore
gitignore: Add MIPS vmlinux.32 to the list
coccinelle: simple_return: Add a blank line
coccinelle: irqf_oneshot.cocci: Improve the generated commit log
coccinelle: api: add vma_pages.cocci
scripts/coccinelle/misc/irqf_oneshot.cocci: Fix grammar
scripts/coccinelle/misc/semicolon.cocci: Use imperative mood
coccinelle: simple_open: Use imperative mood
...
Pull kconfig updates from Michal Marek:
- kconfig warns about junk characters in Kconfig files
- merge_config.sh error handling
- small cleanup
* 'kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
merge_config.sh: exit on missing input files
kconfig: Regenerate shipped zconf.{hash,lex}.c files
kconfig: warn of unhandled characters in Kconfig commands
kconfig: Delete unnecessary checks before the function call "sym_calc_value"
Pull security subsystem updates from James Morris:
"Highlights:
- PKCS#7 support added to support signed kexec, also utilized for
module signing. See comments in 3f1e1bea.
** NOTE: this requires linking against the OpenSSL library, which
must be installed, e.g. the openssl-devel on Fedora **
- Smack
- add IPv6 host labeling; ignore labels on kernel threads
- support smack labeling mounts which use binary mount data
- SELinux:
- add ioctl whitelisting (see
http://kernsec.org/files/lss2015/vanderstoep.pdf)
- fix mprotect PROT_EXEC regression caused by mm change
- Seccomp:
- add ptrace options for suspend/resume"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (57 commits)
PKCS#7: Add OIDs for sha224, sha284 and sha512 hash algos and use them
Documentation/Changes: Now need OpenSSL devel packages for module signing
scripts: add extract-cert and sign-file to .gitignore
modsign: Handle signing key in source tree
modsign: Use if_changed rule for extracting cert from module signing key
Move certificate handling to its own directory
sign-file: Fix warning about BIO_reset() return value
PKCS#7: Add MODULE_LICENSE() to test module
Smack - Fix build error with bringup unconfigured
sign-file: Document dependency on OpenSSL devel libraries
PKCS#7: Appropriately restrict authenticated attributes and content type
KEYS: Add a name for PKEY_ID_PKCS7
PKCS#7: Improve and export the X.509 ASN.1 time object decoder
modsign: Use extract-cert to process CONFIG_SYSTEM_TRUSTED_KEYS
extract-cert: Cope with multiple X.509 certificates in a single file
sign-file: Generate CMS message as signature instead of PKCS#7
PKCS#7: Support CMS messages also [RFC5652]
X.509: Change recorded SKID & AKID to not include Subject or Issuer
PKCS#7: Check content type and versions
MAINTAINERS: The keyrings mailing list has moved
...
David Howells
David Woodhouse
Joe Perches
Eddie Kovsky
Linus Torvalds
Sean O. Stalley