From: Jason Gunthorpe <jgg@ziepe.ca>
To: Kees Cook <keescook@chromium.org>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>,
Konstantin Ryabitsev <konstantin@linuxfoundation.org>,
tools@linux.kernel.org, users@linux.kernel.org
Subject: Re: merging pull requests
Date: Fri, 1 Oct 2021 08:59:48 -0300 [thread overview]
Message-ID: <20211001115948.GK3544071@ziepe.ca> (raw)
In-Reply-To: <202109301630.C2646F8B5@keescook>
On Thu, Sep 30, 2021 at 04:42:58PM -0700, Kees Cook wrote:
> The only "hole" I see with the integrity checking is that since only tags
> or mbox headers are signed, and those aren't part of the merge, there
> isn't a easy way that I see to follow the integrity chain for a given
> resulting tree. (Which is technically different from the "trust" chain.)
The git tag and signature are part of the merge commit:
$ git show --show-signature v5.15-rc3-151-g78c56e53821a7e
commit 78c56e53821a7ec3462ce448c1fe6a8d44358831
merged tag 'for-linus'
gpg: Signature made Wed 29 Sep 2021 09:57:42 PM ADT
gpg: using RSA key 7C1EC530B87EF10C4BFBA8B7386DF7157E209B1A
gpg: Good signature from "Jason Gunthorpe <jgg@nvidia.com>" [ultimate]
gpg: aka "Jason Gunthorpe <jgg@mellanox.com>" [ultimate]
gpg: aka "Jason Gunthorpe <jgg@ziepe.ca>" [ultimate]
gpg: aka "Jason Gunthorpe <jgunthorpe@obsidianresearch.com>" [ultimate]
gpg: aka "Jason Gunthorpe <jgunthorpe@gmail.com>" [ultimate]
gpg: aka "Jason Gunthorpe <jgg@kernel.org>" [ultimate]
Merge: 02d5e016800d08 e671f0ecfece14
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Thu Sep 30 12:00:46 2021 -0700
[..]
You can see the raw data like this:
$ git cat-file commit v5.15-rc3-151-g78c56e53821a7e
tree cc120d95622f6363c42b7ee9a759aefb11c4f11a
parent 02d5e016800d082058b3d3b7c3ede136cdc6ddcb
parent e671f0ecfece14940a9bb81981098910ea278cf7
author Linus Torvalds <torvalds@linux-foundation.org> 1633028446 -0700
committer Linus Torvalds <torvalds@linux-foundation.org> 1633028446 -0700
mergetag object e671f0ecfece14940a9bb81981098910ea278cf7
type commit
tag for-linus
tagger Jason Gunthorpe <jgg@nvidia.com> 1632963221 -0300
RDMA v5.15 first rc pull request
Several core bugs and a batch of driver bug fixes:
- Fix compilation problems in qib and hfi1
- Do not corrupt the joined multicast group state when using SEND_ONLY
- Several CMA bugs, a reference leak for listening and two syzkaller
crashers
- Various bug fixes for irdma
- Fix a Sleeping while atomic bug in usnic
- Properly sanitize kernel pointers in dmesg
- Two bugs in the 64b CQE support for hns
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEfB7FMLh+8QxL+6i3OG33FX4gmxoFAmFVC4YACgkQOG33FX4g
mxrBuw//XpgZqcXtAd/p70Qp0pgMULb44p6BNCh0HixyFnBFybsxvy3jsjAI5qkb
+BszhjWRBdkWxwae/LgbIE30TlTu+mFqWhRgBcATa8HujgPiNFDPOxB/oaNpI4Qb
SUASou2IcMfTBnxu0T1gZ3v6UVOHhD0RzZJsA86vweVmeReGUNITXzso8QmZtz5Y
7j5x1mWYbmGY3fQx8sur7iKasMIN4i8fPg3ntj84kDOcNTeSg0ir/sVaAX8iSkHB
LoF2iXZ6B/2OM0rU238qZVC1bzs3ZXFsfvpRqXs+gR48VH4kKnnWunYeDV5qKLAs
V/YRvwZ/fdz/qZ8wLBnYjaEL7pOprvR/zHNx1Bj66/pvBADKcpVs+DlBZ4hfTh6T
Qx//LooadcSU3YW3owSXJy2o2orYQlXuD21kdWx3+RTgOlZxDPcMrn6vQe9eEeaB
tMt7ueUAch1Dz56ZuxYEPy3RbzHeTeWVQro0j7SEb9vImW8pOnURRSV9WuPn+IeJ
8tMPbBD+vKv7QxnN161fn4i+WbhMiEUmyu4eEjrZgtXZ4Xq0B7QbhsPpPujpNw/I
fPs6IHWmRKctMOwBpG337yWpbVQbMJcD8P18A9+rrUHdMvS4q2W/U8mJfApWhF9R
PuE5W8wL/tWTrbqEcp6hzHWqMMVWd6iTcYU/iF6RwFstjrndHFU=
=PE1D
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma
Pull rdma fixes from Jason Gunthorpe:
"Not much too exciting here, although two syzkaller bugs that seem to
have 9 lives may have finally been squashed.
Several core bugs and a batch of driver bug fixes:
- Fix compilation problems in qib and hfi1
- Do not corrupt the joined multicast group state when using
SEND_ONLY
- Several CMA bugs, a reference leak for listening and two syzkaller
crashers
- Various bug fixes for irdma
- Fix a Sleeping while atomic bug in usnic
- Properly sanitize kernel pointers in dmesg
- Two bugs in the 64b CQE support for hns"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
RDMA/hns: Add the check of the CQE size of the user space
RDMA/hns: Fix the size setting error when copying CQE in clean_cq()
RDMA/hfi1: Fix kernel pointer leak
RDMA/usnic: Lock VF with mutex instead of spinlock
RDMA/hns: Work around broken constant propagation in gcc 8
RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests
RDMA/cma: Do not change route.addr.src_addr.ss_family
RDMA/irdma: Report correct WC error when there are MW bind errors
RDMA/irdma: Report correct WC error when transport retry counter is exceeded
RDMA/irdma: Validate number of CQ entries on create CQ
RDMA/irdma: Skip CQP ring during a reset
MAINTAINERS: Update Broadcom RDMA maintainers
RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
IB/cma: Do not send IGMP leaves for sendonly Multicast groups
IB/qib: Fix clang confusion of NULL pointer comparison
Jason
next prev parent reply other threads:[~2021-10-01 11:59 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-30 17:33 merging pull requests Kees Cook
2021-09-30 20:00 ` Konstantin Ryabitsev
2021-09-30 23:09 ` Kees Cook
2021-09-30 23:22 ` Stephen Rothwell
2021-09-30 23:29 ` Kees Cook
2021-09-30 23:29 ` Stephen Rothwell
2021-09-30 23:42 ` Kees Cook
2021-10-01 11:59 ` Jason Gunthorpe [this message]
2021-10-02 0:15 ` Kees Cook
2021-10-01 17:01 ` Steven Rostedt
2021-10-01 17:07 ` James Bottomley
2021-10-02 0:17 ` Kees Cook
2021-10-01 17:19 ` Konstantin Ryabitsev
2021-10-02 2:35 ` Kees Cook
2021-09-30 23:31 ` Olof Johansson
2021-10-01 0:09 ` Kees Cook
2021-10-01 0:27 ` Olof Johansson
2021-10-01 17:05 ` Steven Rostedt
2021-10-02 0:12 ` Kees Cook
2021-10-01 18:26 ` Konstantin Ryabitsev
2021-10-01 18:47 ` Linus Torvalds
2021-10-01 19:30 ` Konstantin Ryabitsev
2021-10-02 0:08 ` Kees Cook
2021-10-02 6:22 ` Willy Tarreau
2021-10-02 0:11 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211001115948.GK3544071@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=keescook@chromium.org \
--cc=konstantin@linuxfoundation.org \
--cc=sfr@canb.auug.org.au \
--cc=tools@linux.kernel.org \
--cc=users@linux.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.