All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jason Gunthorpe <jgg@ziepe.ca>
To: Kees Cook <keescook@chromium.org>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>,
	Konstantin Ryabitsev <konstantin@linuxfoundation.org>,
	tools@linux.kernel.org, users@linux.kernel.org
Subject: Re: merging pull requests
Date: Fri, 1 Oct 2021 08:59:48 -0300	[thread overview]
Message-ID: <20211001115948.GK3544071@ziepe.ca> (raw)
In-Reply-To: <202109301630.C2646F8B5@keescook>

On Thu, Sep 30, 2021 at 04:42:58PM -0700, Kees Cook wrote:

> The only "hole" I see with the integrity checking is that since only tags
> or mbox headers are signed, and those aren't part of the merge, there
> isn't a easy way that I see to follow the integrity chain for a given
> resulting tree. (Which is technically different from the "trust" chain.)

The git tag and signature are part of the merge commit:

$ git show --show-signature v5.15-rc3-151-g78c56e53821a7e
commit 78c56e53821a7ec3462ce448c1fe6a8d44358831
merged tag 'for-linus'
gpg: Signature made Wed 29 Sep 2021 09:57:42 PM ADT
gpg:                using RSA key 7C1EC530B87EF10C4BFBA8B7386DF7157E209B1A
gpg: Good signature from "Jason Gunthorpe <jgg@nvidia.com>" [ultimate]
gpg:                 aka "Jason Gunthorpe <jgg@mellanox.com>" [ultimate]
gpg:                 aka "Jason Gunthorpe <jgg@ziepe.ca>" [ultimate]
gpg:                 aka "Jason Gunthorpe <jgunthorpe@obsidianresearch.com>" [ultimate]
gpg:                 aka "Jason Gunthorpe <jgunthorpe@gmail.com>" [ultimate]
gpg:                 aka "Jason Gunthorpe <jgg@kernel.org>" [ultimate]
Merge: 02d5e016800d08 e671f0ecfece14
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date:   Thu Sep 30 12:00:46 2021 -0700
[..]

You can see the raw data like this:

$ git cat-file commit v5.15-rc3-151-g78c56e53821a7e
tree cc120d95622f6363c42b7ee9a759aefb11c4f11a
parent 02d5e016800d082058b3d3b7c3ede136cdc6ddcb
parent e671f0ecfece14940a9bb81981098910ea278cf7
author Linus Torvalds <torvalds@linux-foundation.org> 1633028446 -0700
committer Linus Torvalds <torvalds@linux-foundation.org> 1633028446 -0700
mergetag object e671f0ecfece14940a9bb81981098910ea278cf7
 type commit
 tag for-linus
 tagger Jason Gunthorpe <jgg@nvidia.com> 1632963221 -0300
 
 RDMA v5.15 first rc pull request
 
 Several core bugs and a batch of driver bug fixes:
 
 - Fix compilation problems in qib and hfi1
 
 - Do not corrupt the joined multicast group state when using SEND_ONLY
 
 - Several CMA bugs, a reference leak for listening and two syzkaller
   crashers
 
 - Various bug fixes for irdma
 
 - Fix a Sleeping while atomic bug in usnic
 
 - Properly sanitize kernel pointers in dmesg
 
 - Two bugs in the 64b CQE support for hns
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEfB7FMLh+8QxL+6i3OG33FX4gmxoFAmFVC4YACgkQOG33FX4g
 mxrBuw//XpgZqcXtAd/p70Qp0pgMULb44p6BNCh0HixyFnBFybsxvy3jsjAI5qkb
 +BszhjWRBdkWxwae/LgbIE30TlTu+mFqWhRgBcATa8HujgPiNFDPOxB/oaNpI4Qb
 SUASou2IcMfTBnxu0T1gZ3v6UVOHhD0RzZJsA86vweVmeReGUNITXzso8QmZtz5Y
 7j5x1mWYbmGY3fQx8sur7iKasMIN4i8fPg3ntj84kDOcNTeSg0ir/sVaAX8iSkHB
 LoF2iXZ6B/2OM0rU238qZVC1bzs3ZXFsfvpRqXs+gR48VH4kKnnWunYeDV5qKLAs
 V/YRvwZ/fdz/qZ8wLBnYjaEL7pOprvR/zHNx1Bj66/pvBADKcpVs+DlBZ4hfTh6T
 Qx//LooadcSU3YW3owSXJy2o2orYQlXuD21kdWx3+RTgOlZxDPcMrn6vQe9eEeaB
 tMt7ueUAch1Dz56ZuxYEPy3RbzHeTeWVQro0j7SEb9vImW8pOnURRSV9WuPn+IeJ
 8tMPbBD+vKv7QxnN161fn4i+WbhMiEUmyu4eEjrZgtXZ4Xq0B7QbhsPpPujpNw/I
 fPs6IHWmRKctMOwBpG337yWpbVQbMJcD8P18A9+rrUHdMvS4q2W/U8mJfApWhF9R
 PuE5W8wL/tWTrbqEcp6hzHWqMMVWd6iTcYU/iF6RwFstjrndHFU=
 =PE1D
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma

Pull rdma fixes from Jason Gunthorpe:
 "Not much too exciting here, although two syzkaller bugs that seem to
  have 9 lives may have finally been squashed.

  Several core bugs and a batch of driver bug fixes:

   - Fix compilation problems in qib and hfi1

   - Do not corrupt the joined multicast group state when using
     SEND_ONLY

   - Several CMA bugs, a reference leak for listening and two syzkaller
     crashers

   - Various bug fixes for irdma

   - Fix a Sleeping while atomic bug in usnic

   - Properly sanitize kernel pointers in dmesg

   - Two bugs in the 64b CQE support for hns"

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
  RDMA/hns: Add the check of the CQE size of the user space
  RDMA/hns: Fix the size setting error when copying CQE in clean_cq()
  RDMA/hfi1: Fix kernel pointer leak
  RDMA/usnic: Lock VF with mutex instead of spinlock
  RDMA/hns: Work around broken constant propagation in gcc 8
  RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests
  RDMA/cma: Do not change route.addr.src_addr.ss_family
  RDMA/irdma: Report correct WC error when there are MW bind errors
  RDMA/irdma: Report correct WC error when transport retry counter is exceeded
  RDMA/irdma: Validate number of CQ entries on create CQ
  RDMA/irdma: Skip CQP ring during a reset
  MAINTAINERS: Update Broadcom RDMA maintainers
  RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
  IB/cma: Do not send IGMP leaves for sendonly Multicast groups
  IB/qib: Fix clang confusion of NULL pointer comparison

Jason

  reply	other threads:[~2021-10-01 11:59 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-30 17:33 merging pull requests Kees Cook
2021-09-30 20:00 ` Konstantin Ryabitsev
2021-09-30 23:09   ` Kees Cook
2021-09-30 23:22     ` Stephen Rothwell
2021-09-30 23:29       ` Kees Cook
2021-09-30 23:29     ` Stephen Rothwell
2021-09-30 23:42       ` Kees Cook
2021-10-01 11:59         ` Jason Gunthorpe [this message]
2021-10-02  0:15           ` Kees Cook
2021-10-01 17:01         ` Steven Rostedt
2021-10-01 17:07         ` James Bottomley
2021-10-02  0:17           ` Kees Cook
2021-10-01 17:19         ` Konstantin Ryabitsev
2021-10-02  2:35           ` Kees Cook
2021-09-30 23:31     ` Olof Johansson
2021-10-01  0:09       ` Kees Cook
2021-10-01  0:27         ` Olof Johansson
2021-10-01 17:05           ` Steven Rostedt
2021-10-02  0:12             ` Kees Cook
2021-10-01 18:26     ` Konstantin Ryabitsev
2021-10-01 18:47       ` Linus Torvalds
2021-10-01 19:30         ` Konstantin Ryabitsev
2021-10-02  0:08           ` Kees Cook
2021-10-02  6:22         ` Willy Tarreau
2021-10-02  0:11       ` Kees Cook

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211001115948.GK3544071@ziepe.ca \
    --to=jgg@ziepe.ca \
    --cc=keescook@chromium.org \
    --cc=konstantin@linuxfoundation.org \
    --cc=sfr@canb.auug.org.au \
    --cc=tools@linux.kernel.org \
    --cc=users@linux.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.