Linux kernel documentation tree maintained by Jonathan Corbet http://mirrors.hust.edu.cn/git/lwn.git/atom?h=docs-5.8-2 2020-06-08T15:30:19+00:00 2020-06-08T15:30:19+00:00 Alexander A. Klimov grandmaster@al2klimov.de 2020-05-26T06:05:44+00:00 urn:sha1:93431e0607e58a3c997a134adc0fad4fdc147dab Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> Link: https://lore.kernel.org/r/20200526060544.25127-1-grandmaster@al2klimov.de Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2020-05-26T00:59:59+00:00 Casey Schaufler casey@schaufler-ca.com 2020-04-21T21:48:34+00:00 urn:sha1:e2d467de34228db978683dd1a20fe3fe23018e0c This is a first pass at updating the basic documentation on Linux Security Modules (LSM), which is frighteningly out of date. Remove untrue statements about the LSM framework. Replace them with true statements where it is convenient to do so. This is the beginnig of a larger effort to bring the LSM documentation up to date. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Link: https://lore.kernel.org/r/4c053d72-2d58-612f-6d6b-f04226d0181e@schaufler-ca.com Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2020-05-15T18:03:48+00:00 Mauro Carvalho Chehab mchehab+huawei@kernel.org 2020-05-01T15:37:53+00:00 urn:sha1:9184027f0aaf6c95856bb57d04d0fa0b16fd9981 Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> Link: https://lore.kernel.org/r/6af5365404c7bd9d008e7e3a77ba83587fd33012.1588345503.git.mchehab+huawei@kernel.org Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2020-03-20T23:01:29+00:00 Mauro Carvalho Chehab mchehab+huawei@kernel.org 2020-03-20T15:11:02+00:00 urn:sha1:c44166fe5f38f0559eff1138cca094f3460e2345 Changeset 58ad30cf91f0 ("docs: fix reference to core-api/namespaces.rst") enabled a new feature at Sphinx: it will now generate index for each document title, plus to each chapter inside it. There's a drawback, though: one document cannot have two sections with the same name anymore. A followup patch will change the logic of autosectionlabel to avoid most creating references for every single section title, but still we need to be able to reference the chapters inside a document. There are a few places where there are two chapters with the same name. This patch renames one of the chapters, in order to avoid symbol conflict within the same document. PS.: as I don't speach Chinese, I had some help from a friend (Wen Liu) at the Chinese translation for "publishing patches" for this document: Documentation/translations/zh_CN/process/5.Posting.rst Fixes: 58ad30cf91f0 ("docs: fix reference to core-api/namespaces.rst") Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> Link: https://lore.kernel.org/r/2bffb91e4a63d41bf5fae1c23e1e8b3bba0b8806.1584716446.git.mchehab+huawei@kernel.org Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2019-11-22T17:01:47+00:00 Daniel W. S. Almeida dwlsalmeida@gmail.com 2019-11-22T04:18:06+00:00 urn:sha1:402613f3ef4bdac0406d710c7b9dabac76a43679 Fix warnings due to missing markup, no change in content otherwise. Signed-off-by: Daniel W. S. Almeida <dwlsalmeida@gmail.com> Link: https://lore.kernel.org/r/20191122041806.68650-1-dwlsalmeida@gmail.com Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2019-10-01T12:47:37+00:00 Brendan Jackman bhenryj0117@gmail.com 2019-09-25T10:17:44+00:00 urn:sha1:6795b29c1ca04d5779885fbb5c971f14ec722d55 The reStructuredText syntax is wrong here; not sure how it was intended but we can just use the section header as an implicit hyperlink target, with a single "outward" underscore. Signed-off-by: Brendan Jackman <bhenryj0117@gmail.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net> 2019-09-28T02:37:27+00:00 Linus Torvalds torvalds@linux-foundation.org 2019-09-28T02:37:27+00:00 urn:sha1:f1f2f614d535564992f32e720739cb53cf03489f Pull integrity updates from Mimi Zohar: "The major feature in this time is IMA support for measuring and appraising appended file signatures. In addition are a couple of bug fixes and code cleanup to use struct_size(). In addition to the PE/COFF and IMA xattr signatures, the kexec kernel image may be signed with an appended signature, using the same scripts/sign-file tool that is used to sign kernel modules. Similarly, the initramfs may contain an appended signature. This contained a lot of refactoring of the existing appended signature verification code, so that IMA could retain the existing framework of calculating the file hash once, storing it in the IMA measurement list and extending the TPM, verifying the file's integrity based on a file hash or signature (eg. xattrs), and adding an audit record containing the file hash, all based on policy. (The IMA support for appended signatures patch set was posted and reviewed 11 times.) The support for appended signature paves the way for adding other signature verification methods, such as fs-verity, based on a single system-wide policy. The file hash used for verifying the signature and the signature, itself, can be included in the IMA measurement list" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: ima: ima_api: Use struct_size() in kzalloc() ima: use struct_size() in kzalloc() sefltest/ima: support appended signatures (modsig) ima: Fix use after free in ima_read_modsig() MODSIGN: make new include file self contained ima: fix freeing ongoing ahash_request ima: always return negative code for error ima: Store the measurement again when appraising a modsig ima: Define ima-modsig template ima: Collect modsig ima: Implement support for module-style appended signatures ima: Factor xattr_verify() out of ima_appraise_measurement() ima: Add modsig appraise_type option for module-style appended signatures integrity: Select CONFIG_KEYS instead of depending on it PKCS#7: Introduce pkcs7_get_digest() PKCS#7: Refactor verify_pkcs7_signature() MODSIGN: Export module signature definitions ima: initialize the "template" field with the default template 2019-09-17T23:22:26+00:00 Linus Torvalds torvalds@linux-foundation.org 2019-09-17T23:22:26+00:00 urn:sha1:7c672abc120a55f678e5571ae2ee93f06ca4d7f9 Pull documentation updates from Jonathan Corbet: "It's a somewhat calmer cycle for docs this time, as the churn of the mass RST conversion is happily mostly behind us. - A new document on reproducible builds. - We finally got around to zapping the documentation for hardware support that was removed in 2004; one doesn't want to rush these things. - The usual assortment of fixes, typo corrections, etc" * tag 'docs-5.4' of git://git.lwn.net/linux: (67 commits) Documentation: kbuild: Add document about reproducible builds docs: printk-formats: Stop encouraging use of unnecessary %h[xudi] and %hh[xudi] Documentation: Add "earlycon=sbi" to the admin guide doc:lock: remove reference to clever use of read-write lock devices.txt: improve entry for comedi (char major 98) docs: mtd: Update spi nor reference driver doc: arm64: fix grammar dtb placed in no attributes region Documentation: sysrq: don't recommend 'S' 'U' before 'B' mailmap: Update email address for Quentin Perret docs: ftrace: clarify when tracing is disabled by the trace file docs: process: fix broken link Documentation/arm/samsung-s3c24xx: Remove stray U+FEFF character to fix title Documentation/arm/sa1100/assabet: Fix 'make assabet_defconfig' command Documentation/arm/sa1100: Remove some obsolete documentation docs/zh_CN: update Chinese howto.rst for latexdocs making Documentation: virt: Fix broken reference to virt tree's index docs: Fix typo on pull requests guide kernel-doc: Allow anonymous enum Documentation: sphinx: Don't parse socket() as identifier reference Documentation: sphinx: Add missing comma to list of strings ... 2019-09-02T14:08:35+00:00 Sasha Levin sashal@kernel.org 2019-07-05T20:47:46+00:00 urn:sha1:e8bd417aab0c72bfb54465596b16085702ba0405 Documentation briefly the new fTPM driver running inside TEE. Signed-off-by: Sasha Levin <sashal@kernel.org> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> 2019-08-05T22:40:25+00:00 Thiago Jung Bauermann bauerman@linux.ibm.com 2019-06-28T02:19:32+00:00 urn:sha1:3878d505aa718bcc7b1eb4089ab9b9fb27dee957 Define new "d-modsig" template field which holds the digest that is expected to match the one contained in the modsig, and also new "modsig" template field which holds the appended file signature. Add a new "ima-modsig" defined template descriptor with the new fields as well as the ones from the "ima-sig" descriptor. Change ima_store_measurement() to accept a struct modsig * argument so that it can be passed along to the templates via struct ima_event_data. Suggested-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>