summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* slab: make kmem_cache_create{_usercopy} description proper kernel-docMike Rapoport2018-12-201-4/+31
| | | | | | | | | Add the description for kmem_cache_create, fixup the return value paragraph and make both kmem_cache_create and add the second '*' to the comment opening. Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* doc:process: add links where missingFederico Vaga2018-12-0612-26/+42
| | | | | | | | | | | Some documents are refering to others without links. With this patch I add those missing links. This patch affects only documents under process/ and labels where necessary. Signed-off-by: Federico Vaga <federico.vaga@vaga.pv.it> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* docs/core-api: make mm-api.rst more structuredMike Rapoport2018-12-061-9/+20
| | | | | | | | | | | | | | The mm-api.rst covers variety of memory management APIs under "More Memory Management Functions" section. The descriptions included there are in a random order there are quite a few of them which makes the section too long. Regrouping the documentation by subject and splitting the long "More Memory Management Functions" section into several smaller sections makes the generated html more usable. Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* x86, boot: documentation whitespace fixupMichael S. Tsirkin2018-12-061-1/+1
| | | | | | | | Fix an extra space that sneaked in with commit 09c205afd "(x86, boot: Define the 2.12 bzImage boot protocol"). Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Documentation: devres: note checking needs when convertingNicholas Mc Guire2018-12-061-0/+7
| | | | | | | | | | | | There are a number of cases where conversions to devm_* API have been done but developers forgot that this conversion may imply that return values need to be checked for failure of internal resource handling like allocation. While this should be clear, it does seem to be a relatively common issue with API conversions or maybe "managed" is being misunderstood ? So add a note to make the scope of "managed" clear. Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* doc:it: add some process/* translationsFederico Vaga2018-12-068-20/+2651
| | | | | | | | | | | | | | | | Translated documents: - 2.Process - 3.Early-stage - 4.Coding - 5.Posting - 6.Followthrough - 7.AdvancedTopics - 8.Conclusion - adding-syscalls Signed-off-by: Federico Vaga <federico.vaga@vaga.pv.it> Signed-off-by: Alessia Mantegazza <amantegazza@vaga.pv.it> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* doc:it: fixes in process/1.IntroFederico Vaga2018-12-061-27/+27
| | | | | | | | - fix broken links and some - fix some grammar errors Signed-off-by: Federico Vaga <federico.vaga@vaga.pv.it> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Documentation: convert path-lookup from markdown to resturctured textNeilBrown2018-12-062-436/+464
| | | | | | | | | | | | | | | This allows the document to be integrated with the main documentation tree. Changes include: - rename from .md to .rst - use `` for code, not single ` - use correct sub-section marking - fix indented blocks, both code and non-code - fix external-link markup Signed-off-by: NeilBrown <neilb@suse.com> [jc: changed the toctree organization a bit] Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Documentation/admin-guide: update admin-guide index.rstAlexey Budankov2018-12-061-0/+1
| | | | | | | | Extend index.rst index file at admin-guide root directory with the reference to perf-security.rst file being introduced. Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Documentation/admin-guide: introduce perf-security.rst fileAlexey Budankov2018-12-061-0/+97
| | | | | | | | | | Implement initial version of perf-security.rst documentation file covering security concerns of perf_event_paranoid settings. Suggested-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Alexey Budankov <alexey.budankov@linux.intel.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* scripts/kernel-doc: Fix struct and struct field attribute processingSakari Ailus2018-11-251-3/+4
| | | | | | | | | | | | | | | | | | | The kernel-doc attempts to clear the struct and struct member attributes from the API documentation it produces. It falls short of the job in the following respects: - extra whitespaces are left where __attribute__((...)) was removed, - only a single attribute is removed per struct, - attributes (such as aligned) containing numbers were not removed, - attributes are only cleared from struct fields, not structs themselves. This patch addresses these issues by removing the attributes. Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Documentation: dev-tools: Fix typos in index.rstShreyans Devendra Doshi2018-11-251-2/+2
| | | | | | | Fixes a spelling error and removes an extra whitespace character. Signed-off-by: Shreyans Devendra Doshi <0xinfosect0r@gmail.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Correct gen_init_cpio tool's documentationAndrzej Bednarski2018-11-251-1/+1
| | | | | | | | | | The documentation for gen_init_cpio mentions to invoke the tool with '--help' flag for showing directive file format information. However, only the short name variant '-h' is implemented. Invoking the tool with the long name returns invalid option message and sets an error code. Signed-off-by: Andrzej Bednarski <andrzej.bednarski@gmail.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Document /proc/pid PID reuse behaviorDaniel Colascione2018-11-201-0/+7
| | | | | | | | | | | | State explicitly that holding a /proc/pid file descriptor open does not reserve the PID. Also note that in the event of PID reuse, these open file descriptors refer to the old, now-dead process, and not the new one that happens to be named the same numeric PID. Signed-off-by: Daniel Colascione <dancol@google.com> Acked-by: Michal Hocko <mhocko@suse.com> Reviewed-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Documentation: update path-lookup.md for parallel lookupsNeilBrown2018-11-201-19/+66
| | | | | | | | | | | | Since this document was written, i_mutex has been replace with i_rwsem, and shared locks are utilized to allow lookups in the one directory to happen in parallel. So replace i_mutex with i_rwsem, and explain how this is used for parallel lookups. Signed-off-by: NeilBrown <neilb@suse.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Documentation: Use "while" instead of "whilst"Will Deacon2018-11-2033-56/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | Whilst making an unrelated change to some Documentation, Linus sayeth: | Afaik, even in Britain, "whilst" is unusual and considered more | formal, and "while" is the common word. | | [...] | | Can we just admit that we work with computers, and we don't need to | use þe eald Englisc spelling of words that most of the world never | uses? dictionary.com refers to the word as "Chiefly British", which is probably an undesirable attribute for technical documentation. Replace all occurrences under Documentation/ with "while". Cc: David Howells <dhowells@redhat.com> Cc: Liam Girdwood <lgirdwood@gmail.com> Cc: Chris Wilson <chris@chris-wilson.co.uk> Cc: Michael Halcrow <mhalcrow@google.com> Cc: Jonathan Corbet <corbet@lwn.net> Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* dmaengine: Add mailing list address to the documentationAndy Shevchenko2018-11-201-0/+4
| | | | | | | | | | | It's not the first time I've got a private email in regard to dmatest.c module. Motivate people, by adding a note, to send their questions to the mailing list instead Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* docs/admin-guide/mm/concepts.rst: grammar and style fixupsMike Rapoport2018-11-201-25/+26
| | | | | | Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> Reviewed-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Merge branch 'kmalloc' into docs-nextJonathan Corbet2018-11-201-28/+27
|\ | | | | | | jc: fixed conflict with willy's memory-allocation tag patch.
| * docs/mm: update kmalloc kernel-doc descriptionMike Rapoport2018-11-202-28/+29
| | | | | | | | | | | | | | | | | | | | | | Add references to GFP documentation and the memory-allocation.rst and remove GFP_USER, GFP_DMA and GFP_NOIO descriptions. While on it slightly change the formatting so that the list of GFP flags will be rendered as "description" in the generated html. Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* | Link the memory allocation guide from the MM docsMatthew Wilcox2018-11-202-1/+5
| | | | | | | | | | | | | | | | | | | | I just went looking for the memory allocation guide in the MM docs instead of in the core API. For the benefit of the next person who makes that mistake, link to it from the MM docs. Signed-off-by: Matthew Wilcox <willy@infradead.org> Acked-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* | doc:it_IT:doc-guide: fix reference to foobarFederico Vaga2018-11-201-1/+1
| | | | | | | | | | | | | | | | | | Replicate the following patch into italian translation 1bb37a35671c doc-guide:kernel-doc.rst: Reference to foobar Signed-off-by: Federico Vaga <federico.vaga@vaga.pv.it> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* | doc:it_IT: fix locking.rst section titleFederico Vaga2018-11-201-2/+2
| | | | | | | | | | | | | | This title was still in English. I just translated it Signed-off-by: Federico Vaga <federico.vaga@vaga.pv.it> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* | doc:it_IT: add some process/* translationsFederico Vaga2018-11-2039-1/+3154
|/ | | | | | | | | | | | | | | | | | | | | | | | | This patch does not translate entirely the subfolder "process/" but only part of it (to begin with). In order to avoid broken links, I included empty documents for those which are not yet translated. In order to be able to refer to all documents in "process/", I added a sphinx label to those which had not one. Translated documents: - howto - 1.Intro - clang-format - coding-style - kernel-driver-statement - magic-number - volatile-considered-harmful - development-process Signed-off-by: Federico Vaga <federico.vaga@vaga.pv.it> Signed-off-by: Alessia Mantegazza <amantegazza@vaga.pv.it> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* doc: tracing: Fix a number of typosAmir Livneh2018-11-071-7/+7
| | | | | | | | | Trivial fixes to spelling mistakes in ftrace.rst v2: tripple -> triple Signed-off-by: Amir Livneh <alivneh@fb.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Documentation/dev-tools: clean up kselftest.rstRandy Dunlap2018-11-071-6/+6
| | | | | | | | | | | This is a small cleanup to kselftest.rst: - Fix some language typos in the usage instructions. - Change one non-ASCII space to an ASCII space. Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Acked-by: Shuah Khan <shuah@kernel.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Documentation/ras: Typo s/use use/use/Geert Uytterhoeven2018-11-071-1/+1
| | | | | Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* kernel-doc: extend $type_param to match members referenced by pointerMike Rapoport2018-11-071-1/+1
| | | | | | | | | Currently, function parameter description can match '@type.member' expressions but fails to match '@type->member'. Extend the $type_param regex to allow matching both Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* kernel-doc: kill trailing whitespaceMike Rapoport2018-11-071-2/+2
| | | | | Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* doc-guide:kernel-doc.rst: Reference to foobarJoris Gutjahr2018-11-071-1/+1
| | | | | | | | | | | | | | | In the Function documentation Section of kernel-doc.rst there is a function_name() function as an example for how to make a comment about a function. But at the end of that example there is a reference to foobar instead of function_name. I think that should rather be function_name, because that was the placeholder the whole example was using. Signed-off-by: Joris Gutjahr <joris.gutjahr@gmail.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Documentation: fix spelling mistake, EACCESS -> EACCESColin Ian King2018-11-072-3/+3
| | | | | | | | Trivial fix to a spelling mistake of the error access name EACCESS, rename to EACCES Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Documentation/proc.txt: Add 2 missing fields for /proc/<pid>/statusWaiman Long2018-11-071-1/+5
| | | | | | | | | | | It was found that two of the fields in the /proc/<pid>/status file were missing - CapAmb & Speculation_Store_Bypass. They are now added to the proc.txt documentation file. v2: Update the example as well. Signed-off-by: Waiman Long <longman@redhat.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Documentation: dynamic-debug: fix wildcard descriptionRandy Dunlap2018-11-071-2/+2
| | | | | | | | | | | Fix grammar about wildcards and insert a space between sentences. Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: Jason Baron <jbaron@akamai.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: linux-doc@vger.kernel.org Cc: Will Korteland <will@korte.land> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Documentation: dynamic_debug: fix a couple of typosRandy Dunlap2018-11-071-2/+2
| | | | | | | | | | | | | Fix a few "typos" in dynamic-debug-howto.rst. s/dyndbg_query/ddebug_query/ s/sysfs/debugfs/ Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Cc: Jason Baron <jbaron@akamai.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: linux-doc@vger.kernel.org Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Docs/EDID: Calculate CRC while building the codeChristoph Niedermaier2018-11-068-17/+13
| | | | | | | | | | | | | The previous version made it necessary to first generate an EDID data set without correct CRC and then to fix the CRC in a second step. This patch adds the CRC calculation to the makefile in such a way that a correct EDID data set is generated in a single build step. Successfully tested with all existing and a couple of new data sets. Signed-off-by: Christoph Niedermaier <cniedermaier@dh-electronics.de> Reviewed-by: Carsten Emde <C.Emde@osadl.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Docs/EDID: Fixed erroneous bits of XOFFSET, XPULSE, YOFFSET and YPULSEChristoph Niedermaier2018-11-068-18/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | The problem was found when EDID data sets for displays other than the provided samples were generated. The patch has no effect on the provided samples that still match the data used in drivers/gpu/drm/drm_edid_load.c. The provided samples use small values for XOFFSET, XPULSE, YOFFSET and YPULSE, where the error doesn't occur. This fix corrects the use of that values in case of high values, because the most significant bits were treated incorrectly. So in edid.S msbs4 should use bit 8 and 9 of XOFFSET and XPULS. For YOFFSET and YPULSE msbs4 should use bit 4 and 5. lsbs2 was introduced for a better overview, without functional change. Removing also the useless value 63 of all files, because it is added in the *.S description files and then it is subtracted in edid.S. Signed-off-by: Christoph Niedermaier <cniedermaier@dh-electronics.de> Reviewed-by: Carsten Emde <C.Emde@osadl.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* Linux 4.20-rc1v4.20-rc1Linus Torvalds2018-11-041-2/+2
|
* Merge tag 'tags/upstream-4.20-rc1' of git://git.infradead.org/linux-ubifsLinus Torvalds2018-11-0425-292/+2418
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull UBIFS updates from Richard Weinberger: - Full filesystem authentication feature, UBIFS is now able to have the whole filesystem structure authenticated plus user data encrypted and authenticated. - Minor cleanups * tag 'tags/upstream-4.20-rc1' of git://git.infradead.org/linux-ubifs: (26 commits) ubifs: Remove unneeded semicolon Documentation: ubifs: Add authentication whitepaper ubifs: Enable authentication support ubifs: Do not update inode size in-place in authenticated mode ubifs: Add hashes and HMACs to default filesystem ubifs: authentication: Authenticate super block node ubifs: Create hash for default LPT ubfis: authentication: Authenticate master node ubifs: authentication: Authenticate LPT ubifs: Authenticate replayed journal ubifs: Add auth nodes to garbage collector journal head ubifs: Add authentication nodes to journal ubifs: authentication: Add hashes to index nodes ubifs: Add hashes to the tree node cache ubifs: Create functions to embed a HMAC in a node ubifs: Add helper functions for authentication support ubifs: Add separate functions to init/crc a node ubifs: Format changes for authentication support ubifs: Store read superblock node ubifs: Drop write_node ...
| * ubifs: Remove unneeded semicolonDing Xiang2018-10-231-1/+1
| | | | | | | | | | | | | | delete redundant semicolon Signed-off-by: Ding Xiang <dingxiang@cmss.chinamobile.com> Signed-off-by: Richard Weinberger <richard@nod.at>
| * Documentation: ubifs: Add authentication whitepaperSascha Hauer2018-10-231-0/+426
| | | | | | | | | | Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
| * ubifs: Enable authentication supportSascha Hauer2018-10-233-1/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | With the preparations all being done this patch now enables authentication support for UBIFS. Authentication is enabled when the newly introduced auth_key and auth_hash_name mount options are passed. auth_key provides the key which is used for authentication whereas auth_hash_name provides the hashing algorithm used for this FS. Passing these options make authentication mandatory and only UBIFS images that can be authenticated with the given key are allowed. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
| * ubifs: Do not update inode size in-place in authenticated modeSascha Hauer2018-10-233-38/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In authenticated mode we cannot fixup the inode sizes in-place during recovery as this would invalidate the hashes and HMACs we stored for this inode. Instead, we just write the updated inodes to the journal. We can only do this after ubifs_rcvry_gc_commit() is done though, so for authenticated mode call ubifs_recover_size() after ubifs_rcvry_gc_commit() and not vice versa as normally done. Calling ubifs_recover_size() after ubifs_rcvry_gc_commit() has the drawback that after a commit the size fixup information is gone, so when a powercut happens while recovering from another powercut we may lose some data written right before the first powercut. This is why we only do this in authenticated mode and leave the behaviour for unauthenticated mode untouched. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
| * ubifs: Add hashes and HMACs to default filesystemSascha Hauer2018-10-231-7/+27
| | | | | | | | | | | | | | | | | | This patch calculates the necessary hashes and HMACs for the default filesystem so that the dynamically created default fs can be authenticated. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
| * ubifs: authentication: Authenticate super block nodeSascha Hauer2018-10-231-1/+69
| | | | | | | | | | | | | | | | | | This adds a HMAC covering the super block node and adds the logic that decides if a filesystem shall be mounted unauthenticated or authenticated. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
| * ubifs: Create hash for default LPTSascha Hauer2018-10-233-3/+23
| | | | | | | | | | | | | | | | | | During creation of the default filesystem on an empty flash the default LPT is created. With this patch a hash over the default LPT is calculated which can be added to the default filesystems master node. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
| * ubfis: authentication: Authenticate master nodeSascha Hauer2018-10-233-10/+61
| | | | | | | | | | | | | | | | The master node contains hashes over the root index node and the LPT. This patch adds a HMAC to authenticate the master node itself. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
| * ubifs: authentication: Authenticate LPTSascha Hauer2018-10-233-0/+134
| | | | | | | | | | | | | | | | | | | | | | The LPT needs to be authenticated aswell. Since the LPT is only written during commit it is enough to authenticate the whole LPT with a single hash which is stored in the master node. Only the leaf nodes (pnodes) are hashed which makes the implementation much simpler than it would be to hash the complete LPT. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
| * ubifs: Authenticate replayed journalSascha Hauer2018-10-231-2/+144
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure that during replay all buds can be authenticated. To do this we calculate the hash chain until we find an authentication node and check the HMAC in that node against the current status of the hash chain. After a power cut it can happen that some nodes have been written, but not yet the authentication node for them. These nodes have to be discarded during replay. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
| * ubifs: Add auth nodes to garbage collector journal headSascha Hauer2018-10-231-3/+43
| | | | | | | | | | | | | | | | To be able to authenticate the garbage collector journal head add authentication nodes to the buds the garbage collector creates. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>
| * ubifs: Add authentication nodes to journalSascha Hauer2018-10-236-18/+153
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Nodes that are written to flash can only be authenticated through the index after the next commit. When a journal replay is necessary the nodes are not yet referenced by the index and thus can't be authenticated. This patch overcomes this situation by creating a hash over all nodes beginning from the commit start node over the reference node(s) and the buds themselves. From time to time we insert authentication nodes. Authentication nodes contain a HMAC from the current hash state, so that they can be used to authenticate a journal replay up to the point where the authentication node is. The hash is continued afterwards so that theoretically we would only have to check the HMAC of the last authentication node we find. Overall we get this picture: ,,,,,,,, ,......,........................................... ,. CS , hash1.----. hash2.----. ,. | , . |hmac . |hmac ,. v , . v . v ,.REF#0,-> bud -> bud -> bud.-> auth -> bud -> bud.-> auth ... ,..|...,........................................... , | , , | ,,,,,,,,,,,,,,, . | hash3,----. , | , |hmac , v , v , REF#1 -> bud -> bud,-> auth ... ,,,|,,,,,,,,,,,,,,,,,, v REF#2 -> ... | V ... Note how hash3 covers CS, REF#0 and REF#1 so that it is not possible to exchange or skip any reference nodes. Unlike the picture suggests the auth nodes themselves are not hashed. With this it is possible for an offline attacker to cut each journal head or to drop the last reference node(s), but not to skip any journal heads or to reorder any operations. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Richard Weinberger <richard@nod.at>