diff options
authorJason A. Donenfeld <Jason@zx2c4.com>2018-09-16 02:40:08 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2018-09-18 05:49:59 +0200
commitced732c7a9fd056fb3cc254f3cc51e152bba205d (patch)
parentnet: WireGuard secure network tunnel (diff)
[DO NOT UPSTREAM] integration tree maintainer scripts
People have been asking me how I'm keeping track of the 00/XX cover letter and syncing changes between the out-of-tree module repo and this repo, and how I deal with so many rebases. So this commit shows the scripts to do it. It obviously shouldn't find its way upstream. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
11 files changed, 209 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
index 97ba6b79834c..7e1adc24a648 100644
--- a/.gitignore
+++ b/.gitignore
@@ -132,3 +132,5 @@ all.config
# Kdevelop4
diff --git a/changelog.txt b/changelog.txt
new file mode 100644
index 000000000000..f8817a16bf7f
--- /dev/null
+++ b/changelog.txt
@@ -0,0 +1,24 @@
+Changes v4->v5:
+ - Use fewer inlines, except when measured as necessary.
+ - Reduce size of scattergather array to fit within stack on
+ small systems.
+ - Account for larger stack frames with KASAN.
+ - The x86_64 implementations are selected according to input length.
+ - Avoid using simd for small blocks on x86_64.
+ - The simd_get/put API is now pass by reference, so that the user
+ can lazily use the context based on whether or not it's needed.
+ See the description again in the first commit for this.
+ - Add cycle counts for different sizes for x86_64 commit messages.
+ - Relax simd during chapoly sg loop.
+ - Replace -include with #if defined(...)
+ - Saner and simpler Kconfig.
+ - Split into separate modules instead of one monolithic zinc.
+ - The combination of these three last items means that there no
+ longer are any conditionals in our Makefile.
+ - Martin showed a performance regression using tcrypt in v4. This
+ has been triaged and fixed, and now the Zinc code runs faster
+ than the previous code.
+ - While I initially wasn't going to do this for the initial
+ patchset, it was just so simple to do: now there's a nosimd
+ module parameter that can be used to disable simd instructions
+ for debugging and testing, or on weird systems.
diff --git a/diff-all.sh b/diff-all.sh
new file mode 100755
index 000000000000..a986dcd6dbb7
--- /dev/null
+++ b/diff-all.sh
@@ -0,0 +1,27 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+diff_it() {
+ local base="$1"
+ local foreign="$2"
+ local file="$3"
+ file="${file#"$base"}"
+ [[ -f $base/$file && -f $foreign/$file ]] && git --no-pager diff --color=always --no-index "$base/$file" "$foreign/$file"
+for i in "$WG/src"/*.c "$WG/src"/*.h; do
+ diff_it "$WG/src" "$IT/drivers/net/wireguard" "$i"
+for i in $(find "$WG/src/selftest" -type f); do
+ diff_it "$WG/src/selftest" "$IT/drivers/net/wireguard/selftest" "$i"
+for i in $(find "$WG/src/crypto/zinc" -type f); do
+ diff_it "$WG/src/crypto/zinc" "$IT/lib/zinc" "$i"
+for i in $(find "$WG/src/crypto/include/zinc" -type f); do
+ diff_it "$WG/src/crypto/include/zinc" "$IT/include/zinc" "$i"
+diff_it "$WG/src/tests" "$IT/tools/testing/selftests/wireguard" "netns.sh"
diff --git a/make-series.sh b/make-series.sh
new file mode 100755
index 000000000000..fc88fc674277
--- /dev/null
+++ b/make-series.sh
@@ -0,0 +1,12 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+cd "${SELF%/*}"
+set -ex
+[[ $1 =~ ^v[0-9]+$ ]] || { echo "ERROR: pass the version directory as an argument" >&2; exit 1; }
+mkdir -p "$1"
+rm -fv "$1"/*.patch
+git format-patch -o "$1" --cover-letter --subject-prefix="PATCH net-next $1" net-next/master..master~
+sed 's/\*\*\* SUBJECT HERE \*\*\*/WireGuard: Secure Network Tunnel/' "$1/0000-cover-letter.patch" | head -n 8 > "$1/0000-cover-letter.patch.tmp"
+cat "$1/0000-cover-letter.patch.tmp" "changelog.txt" "zero-zero-text.txt" > "$1/0000-cover-letter.patch"
+rm -f "$1/0000-cover-letter.patch.tmp"
diff --git a/merge-latest.sh b/merge-latest.sh
new file mode 100755
index 000000000000..239da02c13c8
--- /dev/null
+++ b/merge-latest.sh
@@ -0,0 +1,13 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+set -x
+git -C "$WG" diff where-we-left-off..master "$WG/src"/*.c "$WG/src"/*.h "$WG/src/selftest/" | patch -d "$IT/drivers/net/wireguard" -p2
+git -C "$WG" diff where-we-left-off..master "$WG/src/uapi" | patch -d "$IT/include/uapi/linux" -p3
+git -C "$WG" diff where-we-left-off..master "$WG/src/crypto/zinc" | patch -d "$IT/lib/zinc" -p4
+git -C "$WG" diff where-we-left-off..master "$WG/src/crypto/include/zinc" | patch -d "$IT/include/zinc" -p5
+cp "$WG/src/tests/netns.sh" "$IT/tools/testing/selftests/wireguard/netns.sh"
+git -C "$WG" tag -f where-we-left-off
diff --git a/rebase-on-net-next.sh b/rebase-on-net-next.sh
new file mode 100755
index 000000000000..a730a2bed229
--- /dev/null
+++ b/rebase-on-net-next.sh
@@ -0,0 +1,6 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+cd "${SELF%/*}"
+set -ex
+git fetch net-next
+git rebase FETCH_HEAD
diff --git a/retag-and-push.sh b/retag-and-push.sh
new file mode 100755
index 000000000000..3db86dfc245a
--- /dev/null
+++ b/retag-and-push.sh
@@ -0,0 +1,9 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+cd "${SELF%/*}"
+set -ex
+git tag -f wireguard $(git log --grep="net: WireGuard" --max-count=1 --pretty=format:%H)
+git tag -f zinc $(git log --grep="zinc: introduce" --max-count=1 --pretty=format:%H)
+git tag -f simd $(git log --grep="asm: simd" --max-count=1 --pretty=format:%H)
+git tag -f big_key_rewrite $(git log --grep="security/keys: rewrite" --max-count=1 --pretty=format:%H)
+git push -f origin master:jd/wireguard wireguard zinc simd big_key_rewrite
diff --git a/run-in-harness.sh b/run-in-harness.sh
new file mode 100755
index 000000000000..6c6094bea100
--- /dev/null
+++ b/run-in-harness.sh
@@ -0,0 +1,9 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+set -ex
+export GIT_URI_integration="$IT"
+export KERNEL_VERSION=integration-git-debug
+make -C "$WG/src/tests/qemu" -j$(nproc)
diff --git a/run-me/run.sh b/run-me/run.sh
new file mode 100755
index 000000000000..d0d7c4ae2ee0
--- /dev/null
+++ b/run-me/run.sh
@@ -0,0 +1,6 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+cd "${SELF%/*}"
+set -ex
+make -C .. O=$(pwd) -j9 "$@"
+exec qemu-system-x86_64 -nodefaults -nographic -smp 4 -m 128M -serial stdio -no-reboot -monitor none -cpu host -machine q35,accel=kvm -kernel arch/x86/boot/bzImage
diff --git a/zero-zero-text.txt b/zero-zero-text.txt
new file mode 100644
index 000000000000..c17ca5857d81
--- /dev/null
+++ b/zero-zero-text.txt
@@ -0,0 +1,76 @@
+This patchset is available on git.kernel.org in this branch, where it may be
+pulled directly for inclusion into net-next:
+ * https://git.kernel.org/pub/scm/linux/kernel/git/zx2c4/linux.git/log/?h=jd/wireguard
+WireGuard is a secure network tunnel written especially for Linux, which
+has faced around three years of serious development, deployment, and
+scrutiny. It delivers excellent performance and is extremely easy to
+use and configure. It has been designed with the primary goal of being
+both easy to audit by virtue of being small and highly secure from a
+cryptography and systems security perspective. WireGuard is used by some
+massive companies pushing enormous amounts of traffic, and likely
+already today you've consumed bytes that at some point transited through
+a WireGuard tunnel. Even as an out-of-tree module, WireGuard has been
+integrated into various userspace tools, Linux distributions, mobile
+phones, and data centers. There are ports in several languages to
+several operating systems, and even commercial hardware and services
+sold integrating WireGuard. It is time, therefore, for WireGuard to be
+properly integrated into Linux.
+Ample information, including documentation, installation instructions,
+and project details, is available at:
+ * https://www.wireguard.com/
+ * https://www.wireguard.com/papers/wireguard.pdf
+As it is currently an out-of-tree module, it lives in its own git repo
+and has its own mailing list, and every commit for the module is tested
+against every stable kernel since 3.10 on a variety of architectures
+using an extensive test suite:
+ * https://git.zx2c4.com/WireGuard
+ https://git.kernel.org/pub/scm/linux/kernel/git/zx2c4/WireGuard.git/
+ * https://lists.zx2c4.com/mailman/listinfo/wireguard
+ * https://www.wireguard.com/build-status/
+The project has been broadly discussed at conferences, and was presented
+to the Netdev developers in Seoul last November, where a paper was
+released detailing some interesting aspects of the project. Dave asked
+me after the talk if I would consider sending in a v1 "sooner rather
+than later", hence this patchset. A decision is still waiting from the
+Linux Plumbers Conference, but an update on these topics may be presented
+in Vancouver in a few months. Prior presentations:
+ * https://www.wireguard.com/presentations/
+ * https://www.wireguard.com/papers/wireguard-netdev22.pdf
+The cryptography in the protocol itself has been formally verified by
+several independent academic teams with positive results, and I know of
+two additional efforts on their way to further corroborate those
+findings. The version 1 protocol is "complete", and so the purpose of
+this review is to assess the implementation of the protocol. However, it
+still may be of interest to know that the thing you're reviewing uses a
+protocol with various nice security properties:
+ * https://www.wireguard.com/formal-verification/
+This patchset is divided into four segments. The first introduces a very
+simple helper for working with the FPU state for the purposes of amortizing
+SIMD operations. The second segment is a small collection of cryptographic
+primitives, split up into several commits by primitive and by hardware. The
+third shows usage of Zinc within the existing crypto API and as a replacement
+to the existing crypto API. The last is WireGuard itself, presented as an
+unintrusive and self-contained virtual network driver.
+It is intended that this entire patch series enter the kernel through
+DaveM's net-next tree. Subsequently, WireGuard patches will go through
+DaveM's net-next tree, while Zinc patches will go through Greg KH's tree.
diff --git a/zip-up-changed-files.sh b/zip-up-changed-files.sh
new file mode 100755
index 000000000000..243c294889f0
--- /dev/null
+++ b/zip-up-changed-files.sh
@@ -0,0 +1,25 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+cd "${SELF%/*}"
+set -ex
+COMMITS=( $(git log net-next/master..master --pretty=format:%H) )
+declare -A FILES
+for commit in "${COMMITS[@]}"; do
+ for file in $(git diff-tree --no-commit-id --name-only -r "$commit"); do
+ if [[ -n ${FILES["$file"]} ]]; then
+ FILES["$file"]="_"
+ else
+ FILES["$file"]="$commit"
+ fi
+ done
+while read -r status file; do
+ [[ $status == M ]] || continue
+ commit="${FILES["$file"]}"
+ [[ -n $commit && $commit != _ ]] || continue
+ git commit --fixup="$commit" "$file"
+done < <(git status --porcelain -uno)
+GIT_SEQUENCE_EDITOR=true git rebase -i --autosquash net-next/master