From: Petr Tesarik <petrtesarik@huaweicloud.com>
To: Dave Hansen <dave.hansen@intel.com>
Cc: "Petr Tesařík" <petr@tesarici.cz>,
"Petr Tesarik" <petrtesarik@huaweicloud.com>,
"Jonathan Corbet" <corbet@lwn.net>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Dave Hansen" <dave.hansen@linux.intel.com>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
"Andy Lutomirski" <luto@kernel.org>,
"Oleg Nesterov" <oleg@redhat.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Xin Li" <xin3.li@intel.com>, "Arnd Bergmann" <arnd@arndb.de>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Rick Edgecombe" <rick.p.edgecombe@intel.com>,
"Kees Cook" <keescook@chromium.org>,
"Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
"Pengfei Xu" <pengfei.xu@intel.com>,
"Josh Poimboeuf" <jpoimboe@kernel.org>,
"Ze Gao" <zegao2021@gmail.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
"Kai Huang" <kai.huang@intel.com>,
"David Woodhouse" <dwmw@amazon.co.uk>,
"Brian Gerst" <brgerst@gmail.com>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
"Joerg Roedel" <jroedel@suse.de>,
"Mike Rapoport (IBM)" <rppt@kernel.org>,
"Tina Zhang" <tina.zhang@intel.com>,
"Jacob Pan" <jacob.jun.pan@linux.intel.com>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
"open list" <linux-kernel@vger.kernel.org>,
"Roberto Sassu" <roberto.sassu@huaweicloud.com>,
"David Howells" <dhowells@redhat.com>,
"Petr Tesarik" <petr.tesarik1@huawei-partners.com>
Subject: [RFC 6/8] KEYS: PGP data parser
Date: Fri, 16 Feb 2024 16:24:33 +0100 [thread overview]
Message-ID: <20240216152435.1575-7-petrtesarik@huaweicloud.com> (raw)
In-Reply-To: <20240216152435.1575-1-petrtesarik@huaweicloud.com>
From: David Howells <dhowells@redhat.com>
Implement a PGP data parser for the crypto key type to use when
instantiating a key.
This parser attempts to parse the instantiation data as a PGP packet
sequence (RFC 4880) and if it parses okay, attempts to extract a public-key
algorithm key or subkey from it.
If it finds such a key, it will set up a public_key subtype payload with
appropriate handler routines (RSA) and attach it to the key.
Thanks to Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> for pointing
out some errors.
Signed-off-by: David Howells <dhowells@redhat.com>
Co-developed-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
crypto/asymmetric_keys/Kconfig | 11 +
crypto/asymmetric_keys/Makefile | 4 +
crypto/asymmetric_keys/pgp_parser.h | 18 +
crypto/asymmetric_keys/pgp_public_key.c | 416 ++++++++++++++++++++++++
4 files changed, 449 insertions(+)
create mode 100644 crypto/asymmetric_keys/pgp_parser.h
create mode 100644 crypto/asymmetric_keys/pgp_public_key.c
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index ebe9dc88d975..ebde5ef5d65f 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -92,4 +92,15 @@ config PGP_LIBRARY
This option enables a library that provides a number of simple
utility functions for parsing PGP (RFC 4880) packet-based messages.
+config PGP_KEY_PARSER
+ tristate "PGP key parser"
+ depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select PGP_LIBRARY
+ select MD5 # V3 fingerprint generation
+ select SHA1 # V4 fingerprint generation
+ help
+ This option provides support for parsing PGP (RFC 4880) format blobs
+ for key data and provides the ability to instantiate a crypto key
+ from a public key packet found inside the blob.
+
endif # ASYMMETRIC_KEY_TYPE
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index f7e5ee59857f..36a27cf2daff 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -93,3 +93,7 @@ $(obj)/tpm.asn1.o: $(obj)/tpm.asn1.c $(obj)/tpm.asn1.h
# PGP handling
#
obj-$(CONFIG_PGP_LIBRARY) += pgp_library.o
+
+obj-$(CONFIG_PGP_KEY_PARSER) += pgp_key_parser.o
+pgp_key_parser-y := \
+ pgp_public_key.o
diff --git a/crypto/asymmetric_keys/pgp_parser.h b/crypto/asymmetric_keys/pgp_parser.h
new file mode 100644
index 000000000000..1a560ce32415
--- /dev/null
+++ b/crypto/asymmetric_keys/pgp_parser.h
@@ -0,0 +1,18 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/* PGP crypto data parser internal definitions
+ *
+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#include "pgplib.h"
+
+#define kenter(FMT, ...) \
+ pr_devel("==> %s("FMT")\n", __func__, ##__VA_ARGS__)
+#define kleave(FMT, ...) \
+ pr_devel("<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
+
+/*
+ * pgp_public_key.c
+ */
+extern const char *pgp_to_public_key_algo[PGP_PUBKEY__LAST];
diff --git a/crypto/asymmetric_keys/pgp_public_key.c b/crypto/asymmetric_keys/pgp_public_key.c
new file mode 100644
index 000000000000..0529c8ce2d43
--- /dev/null
+++ b/crypto/asymmetric_keys/pgp_public_key.c
@@ -0,0 +1,416 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Instantiate a public key crypto key from PGP format data [RFC 4880]
+ *
+ * Copyright (C) 2011 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#define pr_fmt(fmt) "PGP: "fmt
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/slab.h>
+#include <linux/mpi.h>
+#include <keys/asymmetric-subtype.h>
+#include <keys/asymmetric-parser.h>
+#include <crypto/hash.h>
+#include <crypto/public_key.h>
+
+#include "pgp_parser.h"
+
+#define MAX_MPI 5
+#define KEYCTL_SUPPORTS_ENCDEC \
+ (KEYCTL_SUPPORTS_ENCRYPT | KEYCTL_SUPPORTS_DECRYPT)
+#define KEYCTL_SUPPORTS_SIGVER (KEYCTL_SUPPORTS_SIGN | KEYCTL_SUPPORTS_VERIFY)
+
+MODULE_LICENSE("GPL");
+
+const char *pgp_to_public_key_algo[PGP_PUBKEY__LAST] = {
+ [PGP_PUBKEY_RSA_ENC_OR_SIG] = "rsa",
+ [PGP_PUBKEY_RSA_ENC_ONLY] = "rsa",
+ [PGP_PUBKEY_RSA_SIG_ONLY] = "rsa",
+ [PGP_PUBKEY_ELGAMAL] = NULL,
+ [PGP_PUBKEY_DSA] = NULL,
+};
+
+static const int pgp_key_algo_p_num_mpi[PGP_PUBKEY__LAST] = {
+ [PGP_PUBKEY_RSA_ENC_OR_SIG] = 2,
+ [PGP_PUBKEY_RSA_ENC_ONLY] = 2,
+ [PGP_PUBKEY_RSA_SIG_ONLY] = 2,
+ [PGP_PUBKEY_ELGAMAL] = 3,
+ [PGP_PUBKEY_DSA] = 4,
+};
+
+static const u8 pgp_public_key_capabilities[PGP_PUBKEY__LAST] = {
+ [PGP_PUBKEY_RSA_ENC_OR_SIG] = KEYCTL_SUPPORTS_ENCDEC |
+ KEYCTL_SUPPORTS_SIGVER,
+ [PGP_PUBKEY_RSA_ENC_ONLY] = KEYCTL_SUPPORTS_ENCDEC,
+ [PGP_PUBKEY_RSA_SIG_ONLY] = KEYCTL_SUPPORTS_SIGVER,
+ [PGP_PUBKEY_ELGAMAL] = 0,
+ [PGP_PUBKEY_DSA] = 0,
+};
+
+struct pgp_key_data_parse_context {
+ struct pgp_parse_context pgp;
+ u8 key[1024];
+ size_t keylen;
+ u8 keyid_buf[1024];
+ size_t keyid_buf_len;
+ char user_id[512];
+ size_t user_id_len;
+ const char *algo;
+ u8 raw_fingerprint[HASH_MAX_DIGESTSIZE];
+ size_t raw_fingerprint_len;
+ unsigned int version;
+};
+
+static inline void write_keyid_buf_char(struct pgp_key_data_parse_context *ctx,
+ uint8_t ch)
+{
+ memcpy(&ctx->keyid_buf[ctx->keyid_buf_len++], &ch, 1);
+}
+
+/*
+ * Build buffer to calculate the public key ID (RFC4880 12.2)
+ */
+static int pgp_build_pkey_keyid_buf(struct pgp_key_data_parse_context *ctx,
+ struct pgp_parse_pubkey *pgp)
+{
+ unsigned int nb[MAX_MPI];
+ unsigned int nn[MAX_MPI];
+ unsigned int n;
+ size_t keylen = ctx->keylen;
+ u8 *key_ptr = ctx->key;
+ u8 *pp[MAX_MPI];
+ u32 a32;
+ int npkey = pgp_key_algo_p_num_mpi[pgp->pubkey_algo];
+ int i, ret;
+
+ kenter("");
+
+ n = (pgp->version < PGP_KEY_VERSION_4) ? 8 : 6;
+ for (i = 0; i < npkey; i++) {
+ ret = mpi_key_length(key_ptr, keylen, nb + i, nn + i);
+ if (ret < 0) {
+ kleave(" = %d", ret);
+ return ret;
+ }
+
+ if (keylen < 2 + nn[i])
+ break;
+
+ pp[i] = key_ptr + 2;
+ key_ptr += 2 + nn[i];
+ keylen -= 2 + nn[i];
+ n += 2 + nn[i];
+ }
+
+ if (keylen != 0) {
+ pr_debug("excess %zu\n", keylen);
+ kleave(" = -EBADMSG");
+ return -EBADMSG;
+ }
+
+ write_keyid_buf_char(ctx, 0x99); /* ctb */
+ write_keyid_buf_char(ctx, n >> 8); /* 16-bit header length */
+ write_keyid_buf_char(ctx, n);
+
+ write_keyid_buf_char(ctx, pgp->version);
+
+ a32 = pgp->creation_time;
+ write_keyid_buf_char(ctx, a32 >> 24);
+ write_keyid_buf_char(ctx, a32 >> 16);
+ write_keyid_buf_char(ctx, a32 >> 8);
+ write_keyid_buf_char(ctx, a32 >> 0);
+
+ if (pgp->version < PGP_KEY_VERSION_4) {
+ u16 a16;
+
+ if (pgp->expires_at)
+ a16 = (pgp->expires_at - pgp->creation_time) / 86400UL;
+ else
+ a16 = 0;
+ write_keyid_buf_char(ctx, a16 >> 8);
+ write_keyid_buf_char(ctx, a16 >> 0);
+ }
+
+ write_keyid_buf_char(ctx, pgp->pubkey_algo);
+
+ for (i = 0; i < npkey; i++) {
+ write_keyid_buf_char(ctx, nb[i] >> 8);
+ write_keyid_buf_char(ctx, nb[i]);
+ memcpy(&ctx->keyid_buf[ctx->keyid_buf_len], pp[i], nn[i]);
+ ctx->keyid_buf_len += nn[i];
+ }
+
+ kleave(" = 0");
+ return 0;
+}
+
+/*
+ * Extract a public key or public subkey from the PGP stream.
+ */
+static int pgp_process_public_key(struct pgp_parse_context *context,
+ enum pgp_packet_tag type,
+ u8 headerlen,
+ const u8 *data,
+ size_t datalen)
+{
+ struct pgp_key_data_parse_context *ctx =
+ container_of(context, struct pgp_key_data_parse_context, pgp);
+ struct pgp_parse_pubkey pgp;
+ u8 capabilities;
+ int ret;
+
+ kenter(",%u,%u,,%zu", type, headerlen, datalen);
+
+ if (type == PGP_PKT_USER_ID) {
+ if (!ctx->user_id_len) {
+ if (ctx->user_id_len > sizeof(ctx->user_id)) {
+ kleave(" = -E2BIG");
+ return -E2BIG;
+ }
+
+ memcpy(ctx->user_id, data, datalen);
+ ctx->user_id_len = datalen;
+ }
+ kleave(" = 0 [user ID]");
+ return 0;
+ }
+
+ if (ctx->keyid_buf_len) {
+ kleave(" = -EBADMSG");
+ return -EBADMSG;
+ }
+
+ ret = pgp_parse_public_key(&data, &datalen, &pgp);
+ if (ret < 0) {
+ kleave(" = %d", ret);
+ return ret;
+ }
+
+ ctx->version = pgp.version;
+
+ if (pgp.pubkey_algo < PGP_PUBKEY__LAST)
+ ctx->algo = pgp_to_public_key_algo[pgp.pubkey_algo];
+
+ if (!ctx->algo) {
+ pr_debug("Unsupported public key algorithm %u\n",
+ pgp.pubkey_algo);
+ kleave(" = -ENOPKG");
+ return -ENOPKG;
+ }
+
+ /*
+ * It's the public half of a key, so that only gives us encrypt and
+ * verify capabilities.
+ */
+ capabilities = pgp_public_key_capabilities[pgp.pubkey_algo] &
+ (KEYCTL_SUPPORTS_ENCRYPT | KEYCTL_SUPPORTS_VERIFY);
+ /*
+ * Capabilities are not stored anymore in the public key, store only
+ * those that allow signature verification.
+ */
+ if (!(capabilities & KEYCTL_SUPPORTS_VERIFY)) {
+ pr_debug("Public key cannot be used for verification\n");
+ kleave(" = -ENOPKG");
+ return -ENOPKG;
+ }
+
+ if (datalen > sizeof(ctx->key)) {
+ kleave(" = -E2BIG");
+ return -E2BIG;
+ }
+
+ memcpy(ctx->key, data, datalen);
+ ctx->keylen = datalen;
+
+ ret = pgp_build_pkey_keyid_buf(ctx, &pgp);
+
+ kleave(" = %d", ret);
+ return ret;
+}
+
+/*
+ * Calculate the public key ID fingerprint
+ */
+static int pgp_generate_fingerprint(struct pgp_key_data_parse_context *ctx)
+{
+ struct crypto_shash *tfm;
+ struct shash_desc *digest;
+ char fingerprint[HASH_MAX_DIGESTSIZE * 2 + 1] = { 0 };
+ size_t offset;
+ int ret;
+
+ ret = -ENOMEM;
+ tfm = crypto_alloc_shash(ctx->version < PGP_KEY_VERSION_4 ?
+ "md5" : "sha1", 0, 0);
+ if (!tfm)
+ goto cleanup;
+
+ digest = kmalloc(sizeof(*digest) + crypto_shash_descsize(tfm),
+ GFP_KERNEL);
+ if (!digest)
+ goto cleanup_tfm;
+
+ digest->tfm = tfm;
+ crypto_shash_set_flags(digest->tfm, CRYPTO_TFM_REQ_MAY_SLEEP);
+ ret = crypto_shash_init(digest);
+ if (ret < 0)
+ goto cleanup_hash;
+
+ crypto_shash_update(digest, ctx->keyid_buf, ctx->keyid_buf_len);
+
+ ctx->raw_fingerprint_len = crypto_shash_digestsize(tfm);
+
+ ret = crypto_shash_final(digest, ctx->raw_fingerprint);
+ if (ret < 0)
+ goto cleanup_hash;
+
+ offset = ctx->raw_fingerprint_len - 8;
+ pr_debug("offset %lu/%lu\n", offset, ctx->raw_fingerprint_len);
+
+ bin2hex(fingerprint, ctx->raw_fingerprint, ctx->raw_fingerprint_len);
+ pr_debug("fingerprint %s\n", fingerprint);
+
+ ret = 0;
+cleanup_hash:
+ kfree(digest);
+cleanup_tfm:
+ crypto_free_shash(tfm);
+cleanup:
+ return ret;
+}
+
+static struct asymmetric_key_ids *pgp_key_generate_id(
+ struct pgp_key_data_parse_context *ctx)
+{
+ struct asymmetric_key_ids *kids;
+ struct asymmetric_key_id *kid;
+
+ kids = kzalloc(sizeof(struct asymmetric_key_ids), GFP_KERNEL);
+ if (!kids)
+ return kids;
+
+ kid = asymmetric_key_generate_id(ctx->raw_fingerprint,
+ ctx->raw_fingerprint_len, NULL, 0);
+ if (IS_ERR(kid))
+ goto error;
+
+ kids->id[0] = kid;
+ kids->id[1] = kmemdup(kid, sizeof(*kid) + ctx->raw_fingerprint_len,
+ GFP_KERNEL);
+ if (!kids->id[1])
+ goto error;
+
+ return kids;
+error:
+ kfree(kids->id[0]);
+ kfree(kids);
+
+ return NULL;
+}
+
+/*
+ * Attempt to parse the instantiation data blob for a key as a PGP packet
+ * message holding a key.
+ */
+static int pgp_key_parse(struct key_preparsed_payload *prep)
+{
+ struct pgp_key_data_parse_context *ctx;
+ struct public_key *pub = NULL;
+ int ret;
+
+ kenter("");
+
+ ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
+ if (!ctx) {
+ kleave(" = -ENOMEM");
+ return -ENOMEM;
+ }
+
+ ctx->pgp.types_of_interest = (1 << PGP_PKT_PUBLIC_KEY) |
+ (1 << PGP_PKT_USER_ID);
+ ctx->pgp.process_packet = pgp_process_public_key;
+
+ ret = pgp_parse_packets(prep->data, prep->datalen, &ctx->pgp);
+ if (ret < 0)
+ goto error;
+
+ ret = pgp_generate_fingerprint(ctx);
+ if (ret < 0)
+ goto error;
+
+ pub = kzalloc(sizeof(struct public_key), GFP_KERNEL);
+ if (!pub) {
+ ret = -ENOMEM;
+ goto error;
+ }
+
+ pub->key = kmemdup(ctx->key, ctx->keylen, GFP_KERNEL);
+ if (!pub->key) {
+ ret = -ENOMEM;
+ goto error;
+ }
+
+ pub->keylen = ctx->keylen;
+ pub->id_type = "PGP";
+ pub->pkey_algo = ctx->algo;
+
+ if (ctx->user_id && ctx->user_id_len > 0) {
+ /*
+ * Propose a description for the key (user ID without the
+ * comment).
+ */
+ size_t ulen = ctx->user_id_len;
+
+ if (ulen > 255 - 9)
+ ulen = 255 - 9;
+ prep->description = kmalloc(ulen + 1 + 8 + 1, GFP_KERNEL);
+ ret = -ENOMEM;
+ if (!prep->description)
+ goto error;
+ memcpy(prep->description, ctx->user_id, ulen);
+ prep->description[ulen] = ' ';
+ bin2hex(prep->description + ulen + 1,
+ ctx->raw_fingerprint + ctx->raw_fingerprint_len - 4, 4);
+ prep->description[ulen + 9] = '\0';
+ pr_debug("desc '%s'\n", prep->description);
+ }
+
+ /* We're pinning the module by being linked against it */
+ __module_get(public_key_subtype.owner);
+ prep->payload.data[asym_subtype] = &public_key_subtype;
+ prep->payload.data[asym_key_ids] = pgp_key_generate_id(ctx);
+ prep->payload.data[asym_crypto] = pub;
+ prep->quotalen = 100;
+ kfree(ctx);
+ return 0;
+
+error:
+ public_key_free(pub);
+ kfree(ctx);
+ kleave(" = %d", ret);
+ return ret;
+}
+
+static struct asymmetric_key_parser pgp_key_parser = {
+ .owner = THIS_MODULE,
+ .name = "pgp",
+ .parse = pgp_key_parse,
+};
+
+/*
+ * Module stuff
+ */
+static int __init pgp_key_init(void)
+{
+ return register_asymmetric_key_parser(&pgp_key_parser);
+}
+
+static void __exit pgp_key_exit(void)
+{
+ unregister_asymmetric_key_parser(&pgp_key_parser);
+}
+
+module_init(pgp_key_init);
+module_exit(pgp_key_exit);
--
2.34.1
next prev parent reply other threads:[~2024-02-16 15:26 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-14 11:35 [PATCH v1 0/8] x86_64 SandBox Mode arch hooks Petr Tesarik
2024-02-14 11:35 ` [PATCH v1 1/8] sbm: x86: page table " Petr Tesarik
2024-02-14 11:35 ` [PATCH v1 2/8] sbm: x86: execute target function on sandbox mode stack Petr Tesarik
2024-02-14 11:35 ` [PATCH v1 3/8] sbm: x86: map system data structures into the sandbox Petr Tesarik
2024-02-14 11:35 ` [PATCH v1 4/8] sbm: x86: allocate and map an exception stack Petr Tesarik
2024-02-14 11:35 ` [PATCH v1 5/8] sbm: x86: handle sandbox mode faults Petr Tesarik
2024-02-14 11:35 ` [PATCH v1 6/8] sbm: x86: switch to sandbox mode pages in arch_sbm_exec() Petr Tesarik
2024-02-14 11:35 ` [PATCH v1 7/8] sbm: documentation of the x86-64 SandBox Mode implementation Petr Tesarik
2024-02-14 18:37 ` Xin Li
2024-02-14 19:16 ` Petr Tesařík
2024-02-14 11:35 ` [PATCH v1 8/8] sbm: x86: lazy TLB flushing Petr Tesarik
2024-02-14 14:52 ` [PATCH v1 0/8] x86_64 SandBox Mode arch hooks Dave Hansen
2024-02-14 15:28 ` H. Peter Anvin
2024-02-14 16:41 ` Petr Tesařík
2024-02-14 17:29 ` H. Peter Anvin
2024-02-14 19:14 ` Petr Tesařík
2024-02-14 18:14 ` Edgecombe, Rick P
2024-02-14 18:32 ` Petr Tesařík
2024-02-14 19:19 ` Edgecombe, Rick P
2024-02-14 19:35 ` Petr Tesařík
2024-02-14 18:22 ` Petr Tesařík
2024-02-14 18:42 ` Dave Hansen
2024-02-14 19:33 ` Petr Tesařík
2024-02-14 20:16 ` Dave Hansen
2024-02-16 15:24 ` [RFC 0/8] PGP key parser using SandBox Mode Petr Tesarik
2024-02-16 15:24 ` [RFC 1/8] mpi: Introduce mpi_key_length() Petr Tesarik
2024-02-16 15:24 ` [RFC 2/8] rsa: add parser of raw format Petr Tesarik
2024-02-16 15:24 ` [RFC 3/8] PGPLIB: PGP definitions (RFC 4880) Petr Tesarik
2024-02-16 15:24 ` [RFC 4/8] PGPLIB: Basic packet parser Petr Tesarik
2024-02-16 15:24 ` [RFC 5/8] PGPLIB: Signature parser Petr Tesarik
2024-02-16 15:24 ` Petr Tesarik [this message]
2024-02-16 16:44 ` [RFC 6/8] KEYS: PGP data parser Matthew Wilcox
2024-02-16 16:53 ` Roberto Sassu
2024-02-16 17:08 ` H. Peter Anvin
2024-02-16 17:13 ` Roberto Sassu
2024-02-20 10:55 ` Petr Tesarik
2024-02-21 14:02 ` H. Peter Anvin
2024-02-22 7:53 ` Petr Tesařík
2024-02-16 18:44 ` Matthew Wilcox
2024-02-16 19:54 ` Roberto Sassu
2024-02-28 17:58 ` Roberto Sassu
2024-02-16 15:24 ` [RFC 7/8] KEYS: Run PGP key parser in a sandbox Petr Tesarik
2024-02-18 6:07 ` kernel test robot
2024-02-18 8:02 ` kernel test robot
2024-02-16 15:24 ` [RFC 8/8] KEYS: Add intentional fault injection Petr Tesarik
2024-02-16 15:38 ` [RFC 0/8] PGP key parser using SandBox Mode Dave Hansen
2024-02-16 16:08 ` Petr Tesařík
2024-02-16 17:21 ` Jonathan Corbet
2024-02-16 18:24 ` Roberto Sassu
2024-02-22 13:12 ` [RFC 0/5] PoC: convert AppArmor parser to " Petr Tesarik
2024-02-22 13:12 ` [RFC 1/5] sbm: x86: fix SBM error entry path Petr Tesarik
2024-02-22 13:12 ` [RFC 2/5] sbm: enhance buffer mapping API Petr Tesarik
2024-02-22 13:12 ` [RFC 3/5] sbm: x86: infrastructure to fix up sandbox faults Petr Tesarik
2024-02-22 13:12 ` [RFC 4/5] sbm: fix up calls to dynamic memory allocators Petr Tesarik
2024-02-22 15:51 ` Dave Hansen
2024-02-22 17:57 ` Petr Tesařík
2024-02-22 18:03 ` Dave Hansen
2024-02-22 13:12 ` [RFC 5/5] apparmor: parse profiles in sandbox mode Petr Tesarik
2024-02-14 18:52 ` [PATCH v1 0/8] x86_64 SandBox Mode arch hooks Xin Li
2024-02-15 6:59 ` Petr Tesařík
2024-02-15 8:16 ` H. Peter Anvin
2024-02-15 9:30 ` Petr Tesařík
2024-02-15 9:37 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240216152435.1575-7-petrtesarik@huaweicloud.com \
--to=petrtesarik@huaweicloud.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dhowells@redhat.com \
--cc=dwmw@amazon.co.uk \
--cc=hpa@zytor.com \
--cc=jacob.jun.pan@linux.intel.com \
--cc=jgg@ziepe.ca \
--cc=jpoimboe@kernel.org \
--cc=jroedel@suse.de \
--cc=kai.huang@intel.com \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=pengfei.xu@intel.com \
--cc=peterz@infradead.org \
--cc=petr.tesarik1@huawei-partners.com \
--cc=petr@tesarici.cz \
--cc=rick.p.edgecombe@intel.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=rppt@kernel.org \
--cc=tglx@linutronix.de \
--cc=tina.zhang@intel.com \
--cc=x86@kernel.org \
--cc=xin3.li@intel.com \
--cc=zegao2021@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.