| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1432035900.4510.81.camel@linux.vnet.ibm.com> Date: Tue, 19 May 2015 07:45:00 -0400 From: Mimi Zohar <zohar@...ux.vnet.ibm.com> To: "Woodhouse, David" <david.woodhouse@...el.com> Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "mmarek@...e.cz" <mmarek@...e.cz>, "keyrings@...ux-nfs.org" <keyrings@...ux-nfs.org>, "seth.forshee@...onical.com" <seth.forshee@...onical.com>, "dmitry.kasatkin@...il.com" <dmitry.kasatkin@...il.com>, "rusty@...tcorp.com.au" <rusty@...tcorp.com.au>, "dhowells@...hat.com" <dhowells@...hat.com>, "linux-security-module@...r.kernel.org" <linux-security-module@...r.kernel.org>, "mcgrof@...e.com" <mcgrof@...e.com>, "mjg59@...f.ucam.org" <mjg59@...f.ucam.org> Subject: Re: [PATCH 1/4] modsign: Abort modules_install when signing fails On Tue, 2015-05-19 at 06:40 +0000, Woodhouse, David wrote: > On Mon, 2015-05-18 at 21:29 -0400, Mimi Zohar wrote: > > On Fri, 2015-05-15 at 17:52 +0100, David Woodhouse wrote: > > > Signed-off-by: David Woodhouse <David.Woodhouse@...el.com> > > With this patch, as expected the modules_install aborted on failure. Is > > there any way to capture the reason for the failure? In my case, > > dropping the '-j <num>' option resolved the problem. My mistake the failure was there. > Hm, was there no output from sign-file when this happened? Remember that > with a parallel make the error which stops the build might not be the > last thing it printed. Can you show the full output? /bin/sh: line 1: 22771 Segmentation fault (core dumped) scripts/sign-file "sha256" "pkcs11:manufacturer=piv_II;id=%01" ./signing_key.x509 /lib/modules/4.1.0-rc1-test+/kernel/net/ipv6/netfilter/ip6table_filter.ko /home/zohar/src/kernel/linux-integrity/scripts/Makefile.modinst:35: recipe for target 'net/ipv6/netfilter/ip6table_filter.ko' failed make[2]: *** [net/ipv6/netfilter/ip6table_filter.ko] Error 139 make[2]: *** Waiting for unfinished jobs.... /bin/sh: line 1: 22842 Segmentation fault (core dumped) scripts/sign-file "sha256" "pkcs11:manufacturer=piv_II;id=%01" ./signing_key.x509 /lib/modules/4.1.0-rc1-test+/kernel/net/netfilter/nf_nat.ko /home/zohar/src/kernel/linux-integrity/scripts/Makefile.modinst:35: recipe for target 'net/netfilter/nf_nat.ko' failed make[2]: *** [net/netfilter/nf_nat.ko] Error 139 /home/zohar/src/kernel/linux-integrity/Makefile:1123: recipe for target '_modinst_' failed make[1]: *** [_modinst_] Error 2 make[1]: Leaving directory '/home/zohar/src/kernel/build/linux-test' Makefile:146: recipe for target 'sub-make' failed make: *** [sub-make] Error 2 > It's possible that there's a limit on the number of sessions you can > have open to the hardware token, and we are exceeding it with a parallel > build. I thought that pcscd was going to serialize the access and it > should work properly though. I can certainly do 'make -j > modules_install' with a Yubikey NEO here (although my test build only > has about 20 modules). > > Any better ideas on how to specify the key passphrase/PIN? Just put it > in a file in the top-level directory? Define a kbuild command parameter? Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists