diff options
authorJason A. Donenfeld <Jason@zx2c4.com>2018-09-16 02:40:08 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2018-12-28 06:01:19 +0100
commit3116e786948cae99bd0704b568bb682f71ba9262 (patch)
parentnet: WireGuard secure network tunnel (diff)
[DO NOT UPSTREAM] integration tree maintainer scriptsjd/with-cryptoapi-port
People have been asking me how I'm keeping track of the 00/XX cover letter and syncing changes between the out-of-tree module repo and this repo, and how I deal with so many rebases. So this commit shows the scripts to do it. It obviously shouldn't find its way upstream. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
13 files changed, 232 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
index 97ba6b79834c..7e1adc24a648 100644
--- a/.gitignore
+++ b/.gitignore
@@ -132,3 +132,5 @@ all.config
# Kdevelop4
diff --git a/changelog.txt b/changelog.txt
new file mode 100644
index 000000000000..3e1fdaf3ad62
--- /dev/null
+++ b/changelog.txt
@@ -0,0 +1,29 @@
+Changes v8->v9, along with who suggested it.
+- [EVERYBODY] Zinc no longer ships generated assembly code. Rather, we now
+ bundle in the original perlasm generator for it. This is ongoing joint work
+ with Andy Polyakov upstream, so that the same .pl files can live in our tree
+ as well as in the CRYPTOGAMS tree.
+- [Eric Biggers] In Zinc introductory commit, add more details on what Zinc is
+ for and what the inclusion criteria are, as well as some notes on API.
+- Clarify the peer removal logic and make lifetimes more precise.
+- [Jann Horn] Use READ_ONCE for is_valid and is_dead.
+- [Jann Horn] No need to use atomic when the recounter is mutex protected.
+- [Andrew Lunn] Fix up macros and annotations in allowedips.
+- [Andrew Lunn] Increment drop counter when staged packets are dropped.
+- Use static constants instead of enums for 64-bit values in selftest.
+- Mark large constants as ULL in poly1305-donna64.
+- Fix sparse warnings in allowedips debugging code.
+- Do not use wg_peer_get_maybe_zero in timer callbacks, since we now can
+ carefully control the lifetime of these functions and ensure they never
+ execute after dropping the last reference.
+- Cleanup hashing in ratelimiter.
+- Do not guard timer removals, since del_timer is always okay.
+- [Theodore Ts'o, Andrew Lunn, Sultan Alsawaf] We now check for PM_AUTOSLEEP,
+ which makes the clear-on-suspend decision a bit more general.
+- Set csum_level to ~0, since the poly1305 authenticator certainly means
+ that no data was modified in transit.
+- [Andrejs Hanins] Use CHECKSUM_PARTIAL check for skb_checksum_help instead
+ of skb_checksum_setup check.
+- [Ard Biesheuvel] Enable the selftests by default, and leave it to
+ small-system builders to disable this.
diff --git a/diff-all.sh b/diff-all.sh
new file mode 100755
index 000000000000..a986dcd6dbb7
--- /dev/null
+++ b/diff-all.sh
@@ -0,0 +1,27 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+diff_it() {
+ local base="$1"
+ local foreign="$2"
+ local file="$3"
+ file="${file#"$base"}"
+ [[ -f $base/$file && -f $foreign/$file ]] && git --no-pager diff --color=always --no-index "$base/$file" "$foreign/$file"
+for i in "$WG/src"/*.c "$WG/src"/*.h; do
+ diff_it "$WG/src" "$IT/drivers/net/wireguard" "$i"
+for i in $(find "$WG/src/selftest" -type f); do
+ diff_it "$WG/src/selftest" "$IT/drivers/net/wireguard/selftest" "$i"
+for i in $(find "$WG/src/crypto/zinc" -type f); do
+ diff_it "$WG/src/crypto/zinc" "$IT/lib/zinc" "$i"
+for i in $(find "$WG/src/crypto/include/zinc" -type f); do
+ diff_it "$WG/src/crypto/include/zinc" "$IT/include/zinc" "$i"
+diff_it "$WG/src/tests" "$IT/tools/testing/selftests/wireguard" "netns.sh"
diff --git a/make-series.sh b/make-series.sh
new file mode 100755
index 000000000000..659fcaf953f0
--- /dev/null
+++ b/make-series.sh
@@ -0,0 +1,12 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+cd "${SELF%/*}"
+set -ex
+[[ $1 =~ ^v[0-9]+$ ]] || { echo "ERROR: pass the version directory as an argument" >&2; exit 1; }
+mkdir -p "$1"
+rm -fv "$1"/*.patch
+git format-patch -o "$1" --notes --cover-letter --subject-prefix="PATCH net-next $1" net-next/master..master~
+sed 's/\*\*\* SUBJECT HERE \*\*\*/WireGuard: Secure Network Tunnel/' "$1/0000-cover-letter.patch" | head -n 8 > "$1/0000-cover-letter.patch.tmp"
+cat "$1/0000-cover-letter.patch.tmp" "changelog.txt" "zero-zero-text.txt" > "$1/0000-cover-letter.patch"
+rm -f "$1/0000-cover-letter.patch.tmp"
diff --git a/merge-latest.sh b/merge-latest.sh
new file mode 100755
index 000000000000..239da02c13c8
--- /dev/null
+++ b/merge-latest.sh
@@ -0,0 +1,13 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+set -x
+git -C "$WG" diff where-we-left-off..master "$WG/src"/*.c "$WG/src"/*.h "$WG/src/selftest/" | patch -d "$IT/drivers/net/wireguard" -p2
+git -C "$WG" diff where-we-left-off..master "$WG/src/uapi" | patch -d "$IT/include/uapi/linux" -p3
+git -C "$WG" diff where-we-left-off..master "$WG/src/crypto/zinc" | patch -d "$IT/lib/zinc" -p4
+git -C "$WG" diff where-we-left-off..master "$WG/src/crypto/include/zinc" | patch -d "$IT/include/zinc" -p5
+cp "$WG/src/tests/netns.sh" "$IT/tools/testing/selftests/wireguard/netns.sh"
+git -C "$WG" tag -f where-we-left-off
diff --git a/rebase-notes.sh b/rebase-notes.sh
new file mode 100755
index 000000000000..c9ac23cc4f05
--- /dev/null
+++ b/rebase-notes.sh
@@ -0,0 +1,10 @@
+while read -r note_ref obj_ref; do
+ subject="$(git log --pretty=format:%s --max-count=1 "$obj_ref")"
+ new_obj_ref="$(git log --pretty=format:%H --max-count=1 --grep="$subject")"
+ [[ -n $new_obj_ref ]] || continue
+ [[ $new_obj_ref != "$obj_ref" ]] || continue
+ git notes copy "$obj_ref" "$new_obj_ref"
+ git notes remove "$obj_ref"
+done < <(git notes)
diff --git a/rebase-on-net-next.sh b/rebase-on-net-next.sh
new file mode 100755
index 000000000000..a730a2bed229
--- /dev/null
+++ b/rebase-on-net-next.sh
@@ -0,0 +1,6 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+cd "${SELF%/*}"
+set -ex
+git fetch net-next
+git rebase FETCH_HEAD
diff --git a/retag-and-push.sh b/retag-and-push.sh
new file mode 100755
index 000000000000..3db86dfc245a
--- /dev/null
+++ b/retag-and-push.sh
@@ -0,0 +1,9 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+cd "${SELF%/*}"
+set -ex
+git tag -f wireguard $(git log --grep="net: WireGuard" --max-count=1 --pretty=format:%H)
+git tag -f zinc $(git log --grep="zinc: introduce" --max-count=1 --pretty=format:%H)
+git tag -f simd $(git log --grep="asm: simd" --max-count=1 --pretty=format:%H)
+git tag -f big_key_rewrite $(git log --grep="security/keys: rewrite" --max-count=1 --pretty=format:%H)
+git push -f origin master:jd/wireguard wireguard zinc simd big_key_rewrite
diff --git a/run-in-harness.sh b/run-in-harness.sh
new file mode 100755
index 000000000000..6c6094bea100
--- /dev/null
+++ b/run-in-harness.sh
@@ -0,0 +1,9 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+set -ex
+export GIT_URI_integration="$IT"
+export KERNEL_VERSION=integration-git-debug
+make -C "$WG/src/tests/qemu" -j$(nproc)
diff --git a/run-me/run.sh b/run-me/run.sh
new file mode 100755
index 000000000000..d0d7c4ae2ee0
--- /dev/null
+++ b/run-me/run.sh
@@ -0,0 +1,6 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+cd "${SELF%/*}"
+set -ex
+make -C .. O=$(pwd) -j9 "$@"
+exec qemu-system-x86_64 -nodefaults -nographic -smp 4 -m 128M -serial stdio -no-reboot -monitor none -cpu host -machine q35,accel=kvm -kernel arch/x86/boot/bzImage
diff --git a/todo-for-next.txt b/todo-for-next.txt
new file mode 100644
index 000000000000..03374873178b
--- /dev/null
+++ b/todo-for-next.txt
@@ -0,0 +1,2 @@
+- Maybe add netdev_dbg_ratelimited function. [Andrew]
+- More documentation on what zinc is for and isnt for.
diff --git a/zero-zero-text.txt b/zero-zero-text.txt
new file mode 100644
index 000000000000..ec102b549e35
--- /dev/null
+++ b/zero-zero-text.txt
@@ -0,0 +1,82 @@
+This patchset is available on git.kernel.org in this branch, where it may be
+pulled directly for inclusion into net-next:
+ * https://git.kernel.org/pub/scm/linux/kernel/git/zx2c4/linux.git/log/?h=jd/wireguard
+WireGuard is a secure network tunnel written especially for Linux, which
+has faced around three years of serious development, deployment, and
+scrutiny. It delivers excellent performance and is extremely easy to
+use and configure. It has been designed with the primary goal of being
+both easy to audit by virtue of being small and highly secure from a
+cryptography and systems security perspective. WireGuard is used by some
+massive companies pushing enormous amounts of traffic, and likely
+already today you've consumed bytes that at some point transited through
+a WireGuard tunnel. Even as an out-of-tree module, WireGuard has been
+integrated into various userspace tools, Linux distributions, mobile
+phones, and data centers. There are ports in several languages to
+several operating systems, and even commercial hardware and services
+sold integrating WireGuard. It is time, therefore, for WireGuard to be
+properly integrated into Linux.
+Ample information, including documentation, installation instructions,
+and project details, is available at:
+ * https://www.wireguard.com/
+ * https://www.wireguard.com/papers/wireguard.pdf
+As it is currently an out-of-tree module, it lives in its own git repo
+and has its own mailing list, and every commit for the module is tested
+against every stable kernel since 3.10 on a variety of architectures
+using an extensive test suite:
+ * https://git.zx2c4.com/WireGuard
+ https://git.kernel.org/pub/scm/linux/kernel/git/zx2c4/WireGuard.git/
+ * https://lists.zx2c4.com/mailman/listinfo/wireguard
+ * https://www.wireguard.com/build-status/
+The project has been broadly discussed at conferences, and was presented
+to the Netdev developers in Seoul last November, where a paper was
+released detailing some interesting aspects of the project. Dave asked
+me after the talk if I would consider sending in a v1 "sooner rather
+than later", hence this patchset. Zinc was presented at Kernel Recipes
+in September, and a video is available online. Both Zinc and WireGuard
+will be presented at the conference in Vancouver in November.
+ * https://www.wireguard.com/presentations/
+ * https://www.wireguard.com/papers/wireguard-netdev22.pdf
+ * Zinc talk: https://www.youtube.com/watch?v=bFhdln8aJ_U
+ * Netdev talk: https://www.youtube.com/watch?v=54orFwtQ1XY
+The cryptography in the protocol itself has been formally verified by
+several independent academic teams with positive results, and I know of
+two additional efforts on their way to further corroborate those
+findings. The version 1 protocol is "complete", and so the purpose of
+this review is to assess the implementation of the protocol. However, it
+still may be of interest to know that the thing you're reviewing uses a
+protocol with various nice security properties:
+ * https://www.wireguard.com/formal-verification/
+This patchset is divided into four segments. The first introduces a very
+simple helper for working with the FPU state for the purposes of amortizing
+SIMD operations. The second segment is a small collection of cryptographic
+primitives, split up into several commits by primitive and by hardware. The
+third shows usage of Zinc within the existing crypto API and as a replacement
+to the existing crypto API. The last is WireGuard itself, presented as an
+unintrusive and self-contained virtual network driver.
+It is intended that this entire patch series enter the kernel through
+DaveM's net-next tree. Subsequently, WireGuard patches will go through
+DaveM's net-next tree, while Zinc patches will go through Greg KH's tree in
+cases when an entire development cycle has no relationships with existing code
+in crypto/; however, if there are any relationships with code in crypto/, then
+pull requests will be sent to Herbert instead in case there are merge
diff --git a/zip-up-changed-files.sh b/zip-up-changed-files.sh
new file mode 100755
index 000000000000..d2461fc9b77a
--- /dev/null
+++ b/zip-up-changed-files.sh
@@ -0,0 +1,25 @@
+SELF="$(readlink -f "${BASH_SOURCE[0]}")"
+cd "${SELF%/*}"
+set -ex
+COMMITS=( $(git log net-next/master..master --pretty=format:%H) )
+declare -A FILES
+for commit in "${COMMITS[@]}"; do
+ for file in $(git diff-tree --no-commit-id --name-only -r "$commit"); do
+ if [[ -n ${FILES["$file"]} ]]; then
+ FILES["$file"]="_"
+ else
+ FILES["$file"]="$commit"
+ fi
+ done
+while read -r status file; do
+ [[ $status == M || $status == D || $status == A ]] || continue
+ commit="${FILES["$file"]}"
+ [[ -n $commit && $commit != _ ]] || continue
+ git commit --fixup="$commit" "$file"
+done < <(git status --porcelain -uno)
+GIT_SEQUENCE_EDITOR=true git rebase -i --autosquash net-next/master