1109 Commits

Author SHA1 Message Date
Behan Webster
61163efae0 kbuild: LLVMLinux: Add Kbuild support for building kernel with Clang
Add support to toplevel Makefile for compiling with clang, both for
HOSTCC and CC. Use cc-option to prevent gcc option from breaking clang, and
from clang options from breaking gcc.

Clang 3.4 semantics are the same as gcc semantics for unsupported flags. For
unsupported warnings clang 3.4 returns true but shows a warning and gcc shows
a warning and returns false.

Signed-off-by: Behan Webster <behanw@converseincode.com>
Signed-off-by: Jan-Simon Möller <dl9pf@gmx.de>
Signed-off-by: Mark Charlebois <charlebm@gmail.com>
Cc: PaX Team <pageexec@freemail.hu>
2014-04-09 13:44:34 -07:00
Jason Cooper
79192ca8eb scripts: objdiff: detect object code changes between two commits
objdiff is useful when doing large code cleanups.  For example, when
removing checkpatch warnings and errors from new drivers in the staging
tree.

objdiff can be used in conjunction with a git rebase to confirm that
each commit made no changes to the resulting object code.  It has the
same return values as diff(1).

This was written specifically to support adding the skein and threefish
cryto drivers to the staging tree.  I needed a programmatic way to
confirm that commits changing >90% of the lines didn't inadvertently
change the code.

Temporary files (objdump output) are stored in

  /path/to/linux/.tmp_objdiff

'make mrproper' will remove this directory.

Signed-off-by: Jason Cooper <jason@lakedaemon.net>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-04-08 16:41:44 +02:00
Linus Torvalds
b003d7706a Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Pull kbuild changes from Michal Marek:
 - cleanups in the main Makefiles and Documentation/DocBook/Makefile
 - make O=...  directory is automatically created if needed
 - mrproper/distclean removes the old include/linux/version.h to make
   life easier when bisecting across the commit that moved the version.h
   file

* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  kbuild: docbook: fix the include error when executing "make help"
  kbuild: create a build directory automatically for out-of-tree build
  kbuild: remove redundant '.*.cmd' pattern from make distclean
  kbuild: move "quote" to Kbuild.include to be consistent
  kbuild: docbook: use $(obj) and $(src) rather than specific path
  kbuild: unconditionally clobber include/linux/version.h on distclean
  kbuild: docbook: specify KERNELDOC dependency correctly
  kbuild: docbook: include cmd files more simply
  kbuild: specify build_docproc as a phony target
2014-04-07 17:52:31 -07:00
Linus Torvalds
b9f2b21a32 Devicetree changes for v3.15
Updates to devicetree core code. This branch contains the following notable changes:
 * Add reserved memory binding
 * Make struct device_node a kobject and remove legacy /proc/device-tree
 * ePAPR conformance fixes
 * Update in-kernel DTC copy to version v1.4.0
 * Preparation changes for dynamic device tree overlays
 * minor bug fixes and documentation changes
 
 The most significant change in this branch is the conversion of struct
 device_node to be a kobject that is exposed via sysfs and removal of the
 old /proc/device-tree code. This simplifies the device tree handling
 code and tightens up the lifecycle on device tree nodes.
 
 [updated: added fix for dangling select PROC_DEVICETREE]
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJTOyNwAAoJEMWQL496c2LNZY0QAIreUrpo3/hKRau61EDPXkOA
 UFRyPUHD0k/dNXWWDbTfvKH/nAfzdVwejhePqEWiODiFOFkq7JyQlMKPA+CZuZj0
 ygN4215A1yj/hDf6JRD5Zn4WGpawDt9InlbZSps6P5dd8voV5t5dz6uzz+Y7uqaK
 CAjTDlBSmxEen5vRHiHQgKv74au/+b9yfSURjPQVWg46+wl3WJwjsdzerphm4unW
 tpEr8zkIsm51mqqAx4penIuiovh7+L2J5v4BFeg8o+kaZEuZpVxLHJPOuBd5hdom
 zeqEIj3AqHTh5suYIHe4aAbZ2wMP3kYGgkPGwfWLnwLyULxalcCtGZeaCi9nwTFj
 Fdj+7f17ocrt5mif0f5Deufi1LqJsDjhY6G9p7HuV7Y9hsMILpJIUoGENPji+TWj
 BA4L45eaPmNYdKJytEtFD7F2WnXeHZ6fDtYho/39DWW+Bt16IFX85T199irhxGG4
 byN6LRaahk2UeycSXkQHAlWOQHqzBcJJAkQLN2iahzyYRr9Dy+VI2E9clm53m49O
 YQYcONdUlMYrtfRwJpbB9XHM0HgZUvg0LT5z/iHQs9uJtoo33Oj+zxFixyZLQ9Dq
 qyLqQWEpV9gFLAo9tpf56gffkLiJRsHkX4UJ6oTtj4DY1WWU9H81jjCvv/7flzp/
 8ZyyZzANQf1DZ9kqO2v+
 =lyA5
 -----END PGP SIGNATURE-----

Merge tag 'dt-for-linus' of git://git.secretlab.ca/git/linux

Pull devicetree changes from Grant Likely:
 "Updates to devicetree core code.  This branch contains the following
  notable changes:

   - add reserved memory binding
   - make struct device_node a kobject and remove legacy
     /proc/device-tree
   - ePAPR conformance fixes
   - update in-kernel DTC copy to version v1.4.0
   - preparatory changes for dynamic device tree overlays
   - minor bug fixes and documentation changes

  The most significant change in this branch is the conversion of struct
  device_node to be a kobject that is exposed via sysfs and removal of
  the old /proc/device-tree code.  This simplifies the device tree
  handling code and tightens up the lifecycle on device tree nodes.

  [updated: added fix for dangling select PROC_DEVICETREE]"

* tag 'dt-for-linus' of git://git.secretlab.ca/git/linux: (29 commits)
  dt: Remove dangling "select PROC_DEVICETREE"
  of: Add support for ePAPR "stdout-path" property
  of: device_node kobject lifecycle fixes
  of: only scan for reserved mem when fdt present
  powerpc: add support for reserved memory defined by device tree
  arm64: add support for reserved memory defined by device tree
  of: add missing major vendors
  of: add vendor prefix for SMSC
  of: remove /proc/device-tree
  of/selftest: Add self tests for manipulation of properties
  of: Make device nodes kobjects so they show up in sysfs
  arm: add support for reserved memory defined by device tree
  drivers: of: add support for custom reserved memory drivers
  drivers: of: add initialization code for dynamic reserved memory
  drivers: of: add initialization code for static reserved memory
  of: document bindings for reserved-memory nodes
  Revert "of: fix of_update_property()"
  kbuild: dtbs_install: new make target
  ARM: mvebu: Allows to get the SoC ID even without PCI enabled
  of: Allows to use the PCI translator without the PCI core
  ...
2014-04-02 14:27:15 -07:00
Masahiro Yamada
1c9e70a55b kbuild: create a build directory automatically for out-of-tree build
Kbuild supports saving output files in a separate directory.
But the build directory must be created beforehand. For example,

  $ mkdir -p dir/to/store/output/files
  $ make O=dir/to/store/output/files defconfig

Creating a build directory automatically would be useful.

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-03-31 22:47:16 +02:00
Masahiro Yamada
a03fcb50e8 kbuild: remove redundant '.*.cmd' pattern from make distclean
'.*.cmd' files are cleaned-up by "make clean".
The same pattern in "make distclean" is unnecessary.

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-03-31 22:36:11 +02:00
Grant Likely
d88cf7d7b4 Merge remote-tracking branch 'robh/for-next' into devicetree/next 2014-03-31 08:10:55 +01:00
Linus Torvalds
455c6fdbd2 Linux 3.14 2014-03-30 20:40:15 -07:00
Paul Gortmaker
9c8cdb7164 kbuild: unconditionally clobber include/linux/version.h on distclean
As of v3.7, the UAPI changes relocated headers around such that the
kernel version header lived in a new place.

If a person is bisecting and if you go back to pre-UAPI days,
you will create an include/linux/version.h  -- then if you checkout a
post-UAPI kernel, and even run "make distclean" it still won't delete
that old version file.  So you get a situation like this:

$ grep -R LINUX_VERSION_CODE include/
include/generated/uapi/linux/version.h:#define LINUX_VERSION_CODE 200192
include/linux/version.h:#define LINUX_VERSION_CODE 132646

The value in that second line is representative of a v2.6.38 version.
And it will be sourced/used, hence leading to strange behaviours, such
as drivers/staging content (which typically hasn't been purged of version
ifdefs) failing to build.

Since it is a subtle mode of failure, lets always clobber the old
file when doing a distclean.

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-03-29 20:58:18 +01:00
Linus Torvalds
b098d6726b Linux 3.14-rc8 2014-03-24 19:31:17 -07:00
Linus Torvalds
dcb99fd9b0 Linux 3.14-rc7 2014-03-16 18:51:24 -07:00
Linus Torvalds
fa389e2202 Linux 3.14-rc6 2014-03-09 19:41:57 -07:00
Grant Likely
dab2310d9d Linux 3.14-rc5
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJTE+9XAAoJEHm+PkMAQRiGrMQIAKI2V49Kj8WlnwGchFvsbGJB
 SLALwNi33T/IBKdZRhrfryBu02Zj7eVvZ2ML35dJEnmF88O+dJBDMTkKV1xalrip
 mtkBrjUnfAI04fq/daLQ1TsAy4qqlra5tSTuDCw8ILOnGPwT0VydIEHNdtmoUIfw
 xlZLxHzny1MslZ78d7uR/cUnV9ylKRRajWzfw1HT8hL51fCt8nRWY0sCvwvl+kMJ
 LsK+6I7mHDUuzA7QBmBI+dhzQgos5+JkkrnpmqHAqwmIh+AI3ksmjUCQ4dM7owrO
 IvEx+ZNDqxAdLcm1WAxATNfxddFXHc62JTvKuuKqTVWuaxVfK1Aqt8MjDMIPeAQ=
 =yV5u
 -----END PGP SIGNATURE-----

Merge tag 'v3.14-rc5' into HEAD

Linux 3.14-rc5
2014-03-04 16:44:10 +08:00
Linus Torvalds
0414855fdc Linux 3.14-rc5 2014-03-02 18:56:16 -08:00
Jan Beulich
6c15b327cc Makefile: fix build with make 3.80 again
According to Documentation/Changes, make 3.80 is still being supported
for building the kernel, hence make files must not make (unconditional)
use of features introduced only in newer versions.  Commit 8779657d29c0
("stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG") however
introduced an "else ifdef" construct which make 3.80 doesn't understand.

Also correct a warning message still referencing the old config option
name.

Apart from that I question the use of "ifdef" here (but it was used that
way already prior to said commit): ifeq (,y) would seem more to the
point.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Michal Marek <mmarek@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-02-25 15:25:47 -08:00
Fathi Boudra
27b2a49a14 Makefile: fix extra parenthesis typo when CC_STACKPROTECTOR_REGULAR is enabled
An extra parenthesis typo introduced in 19952a92037e ("stackprotector:
Unify the HAVE_CC_STACKPROTECTOR logic between architectures") is
causing the following error when CONFIG_CC_STACKPROTECTOR_REGULAR is
enabled:

  Makefile:608: Cannot use CONFIG_CC_STACKPROTECTOR: -fstack-protector not supported by compiler
  Makefile:608: *** missing separator.  Stop.

Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-02-25 15:25:45 -08:00
Linus Torvalds
cfbf8d4857 Linux 3.14-rc4 2014-02-23 17:40:03 -08:00
Jason Cooper
f4d4ffc03e kbuild: dtbs_install: new make target
Unlike other build products in the Linux kernel, there is no 'make
*install' mechanism to put devicetree blobs in a standard place.

This commit adds a new 'dtbs_install' make target which copies all of
the dtbs into the INSTALL_DTBS_PATH directory. INSTALL_DTBS_PATH can be
set before calling make to change the default install directory. If not
set then it defaults to:

	$INSTALL_PATH/dtbs/$KERNELRELEASE.

This is done to keep dtbs from different kernel versions separate until
things have settled down.  Once the dtbs are stable, and not so strongly
linked to the kernel version, the devicetree files will most likely move
to their own repo.  Users will need to upgrade install scripts at that
time.

v7: (reworked by Grant Likely)
- Moved rules from arch/arm/Makefile to arch/arm/boot/dts/Makefile so
  that each dtb install could have a separate target and be reported as
  part of the make output.
- Fixed dependency problem to ensure $KERNELRELEASE is calculated before
  attempting to install
- Removed option to call external script. Copying the files should be
  sufficient and a build system can post-process the install directory.
  Despite the fact an external script is used for installing the kernel,
  I don't think that is a pattern that should be encouraged. I would
  rather see buildroot type tools post process the install directory to
  rename or move dtb files after installing to a staging directory.
  - Plus it is easy to add a hook after the fact without blocking the
    rest of this feature.
- Move the helper targets into scripts/Makefile.lib with the rest of the
  common dtb rules

Signed-off-by: Jason Cooper <jason@lakedaemon.net>
Signed-off-by: Grant Likely <grant.likely@linaro.org>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Rob Herring <robh+dt@kernel.org>
2014-02-20 15:53:39 +00:00
Linus Torvalds
6d0abeca32 Linux 3.14-rc3 2014-02-16 13:30:25 -08:00
Linus Torvalds
b28a960c42 Linux 3.14-rc2 2014-02-09 18:15:47 -08:00
Prarit Bhargava
ae63b2d7bd scripts/tags.sh: Ignore *.mod.c
CONFIG_MODVERSIONS=y results in a .mod.c for every compiled file in the
kernel. Issuing a 'make cscope' on a compiled kernel tree results in
the cscope files containing *.mod.c files.

[prarit@prarit linux]# make cscope
[prarit@prarit linux]# cat cscope.files | grep mod.c | wc -l
4807

These files are not useful for cscope and should be ignored. For example,

   #   line  filename / context / line
   1    105  arch/x86/kvm/kvm-intel.mod.c <<GLOBAL>>
             { 0x618911fc, __VMLINUX_SYMBOL_STR(numa_node) },
   2    508  drivers/block/mtip32xx/mtip32xx.h <<GLOBAL>>
             int numa_node;
   3     55  drivers/block/mtip32xx/mtip32xx.mod.c <<GLOBAL>>
             { 0x618911fc, __VMLINUX_SYMBOL_STR(numa_node) },
   4     37  drivers/cpufreq/acpi-cpufreq.mod.c <<GLOBAL>>
             { 0x618911fc, __VMLINUX_SYMBOL_STR(numa_node) },
   <snip>

Add an export to RCS_FIND_IGNORE so it can be used in scripts/tags.sh
and add explicitly ignore *.mod.c files.

Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Kirill Tkhai <tkhai@yandex.ru>
Cc: Michael Opdenacker <michael.opdenacker@free-electrons.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-02-06 16:52:07 +01:00
Linus Torvalds
38dbfb59d1 Linus 3.14-rc1 2014-02-02 16:42:13 -08:00
Linus Torvalds
03c7287dd2 Merge branch 'drop-time' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Pull __TIME__/__DATE__ removal from Michal Marek:
 "This series by Josh finishes the removal of __DATE__ and __TIME__ from
  the kernel.  The last patch adds -Werror=date-time to KBUILD_CFLAGS to
  stop these from reappearing.

  Part of the series went through Greg's trees during this merge window,
  which is why this pull request is not based on v3.13-rc1"

* 'drop-time' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  Makefile: Build with -Werror=date-time if the compiler supports it
  x86: math-emu: Drop already-disabled print of build date
  net: wireless: brcm80211: Drop debug version with build date/time
  mtd: denali: Drop print of build date/time
2014-01-30 17:00:35 -08:00
Linus Torvalds
597690cd02 Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Pull kbuild changes from Michal Marek:
 - fix make -s detection with make-4.0
 - fix for scripts/setlocalversion when the kernel repository is a
   submodule
 - do not hardcode ';' in macros that expand to assembler code, as some
   architectures' assemblers use a different character for newline
 - Fix passing --gdwarf-2 to the assembler

* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  frv: Remove redundant debugging info flag
  mn10300: Remove redundant debugging info flag
  kbuild: Fix debugging info generation for .S files
  arch: use ASM_NL instead of ';' for assembler new line character in the macro
  kbuild: Fix silent builds with make-4
  Fix detectition of kernel git repository in setlocalversion script [take #2]
2014-01-30 16:58:05 -08:00
Josh Triplett
fe7c36c7bd Makefile: Build with -Werror=date-time if the compiler supports it
GCC 4.9 and newer have a new warning -Wdate-time, which warns on any use
of __DATE__, __TIME__, or __TIMESTAMP__, which would make the build
non-deterministic.  Now that the kernel does not use any of those
macros, turn on -Werror=date-time if available, to keep it that way.

The kernel already (optionally) records this information at build time
in a single place; other kernel code should not duplicate that.

Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-01-27 23:14:13 +01:00
Geoff Levand
7db436325d kbuild: Fix debugging info generation for .S files
Change the debuging info generation flag in KBUILD_AFLAGS from '-gdwarf-2' to
'-Wa,--gdwarf-2'.  This will properly generate the debugging info for .S files
when CONFIG_DEBUG_INFO=y.

It seems current gcc does not pass a '--gdwarf-2' option on to the assembler
when '-gdwarf-2' is on its command line (note the differece in the gcc and as
flags).  This change provides the correct assembler flag to gcc, and so does
not rely on gcc to emit a flag for the assembler.

Signed-off-by: Geoff Levand <geoff@infradead.org> for Huawei, Linaro
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-01-27 22:03:08 +01:00
Linus Torvalds
ad3ab302fd Merge branch 'core-stackprotector-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull strong stackprotector support from Ingo Molnar:
 "This tree adds a CONFIG_CC_STACKPROTECTOR_STRONG=y, a new, stronger
  stack canary checking method supported by the newest GCC versions (4.9
  and later).

  Here's the 'intensity comparison' between the various protection
  modes:

      - defconfig
        11430641 kernel text size
        36110 function bodies

      - defconfig + CONFIG_CC_STACKPROTECTOR_REGULAR
        11468490 kernel text size (+0.33%)
        1015 of 36110 functions are stack-protected (2.81%)

      - defconfig + CONFIG_CC_STACKPROTECTOR_STRONG via this patch
        11692790 kernel text size (+2.24%)
        7401 of 36110 functions are stack-protected (20.5%)

  the strong model comes with non-trivial costs, which is why we
  preserved the 'regular' and 'none' models as well"

* 'core-stackprotector-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG
  stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures
2014-01-20 10:26:31 -08:00
Linus Torvalds
d8ec26d7f8 Linux 3.13 2014-01-19 18:40:07 -08:00
Linus Torvalds
7e22e91102 Linux 3.13-rc8 2014-01-12 17:04:18 +07:00
Emil Medve
e36aaea289 kbuild: Fix silent builds with make-4
make-4 changed the way/order it presents the command line options
into MAKEFLAGS

In make-3.8x, '-s' would always be first into a group of options
with the '-'/hyphen removed

$ make -p -s 2>/dev/null | grep ^MAKEFLAGS
MAKEFLAGS = sp

In make-4, '-s' seems to always be last into a group of options
with the '-'/hyphen removed

$ make -s -p 2>/dev/null | grep ^MAKEFLAGS
MAKEFLAGS = ps

Signed-off-by: Emil Medve <Emilian.Medve@Freescale.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-01-06 13:27:49 +01:00
Linus Torvalds
d6e0a2dd12 Linux 3.13-rc7 2014-01-04 15:12:14 -08:00
Linus Torvalds
802eee95bd Linux 3.13-rc6 2013-12-29 16:01:33 -08:00
Linus Torvalds
413541dd66 Linux 3.13-rc5 2013-12-22 13:08:32 -08:00
Linus Torvalds
b7000adef1 Don't set the INITRD_COMPRESS environment variable automatically
Commit 1bf49dd4be0b ("./Makefile: export initial ramdisk compression
config option") started setting the INITRD_COMPRESS environment variable
depending on which decompression models the kernel had available.

That is completely broken.

For example, we by default have CONFIG_RD_LZ4 enabled, and are able to
decompress such an initrd, but the user tools to *create* such an initrd
may not be availble.  So trying to tell dracut to generate an
lz4-compressed image just because we can decode such an image is
completely inappropriate.

Cc: J P <ppandit@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Jan Beulich <JBeulich@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-12-20 16:52:45 -08:00
Kees Cook
8779657d29 stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG
This changes the stack protector config option into a choice of
"None", "Regular", and "Strong":

   CONFIG_CC_STACKPROTECTOR_NONE
   CONFIG_CC_STACKPROTECTOR_REGULAR
   CONFIG_CC_STACKPROTECTOR_STRONG

"Regular" means the old CONFIG_CC_STACKPROTECTOR=y option.

"Strong" is a new mode introduced by this patch. With "Strong" the
kernel is built with -fstack-protector-strong (available in
gcc 4.9 and later). This option increases the coverage of the stack
protector without the heavy performance hit of -fstack-protector-all.

For reference, the stack protector options available in gcc are:

-fstack-protector-all:
  Adds the stack-canary saving prefix and stack-canary checking
  suffix to _all_ function entry and exit. Results in substantial
  use of stack space for saving the canary for deep stack users
  (e.g. historically xfs), and measurable (though shockingly still
  low) performance hit due to all the saving/checking. Really not
  suitable for sane systems, and was entirely removed as an option
  from the kernel many years ago.

-fstack-protector:
  Adds the canary save/check to functions that define an 8
  (--param=ssp-buffer-size=N, N=8 by default) or more byte local
  char array. Traditionally, stack overflows happened with
  string-based manipulations, so this was a way to find those
  functions. Very few total functions actually get the canary; no
  measurable performance or size overhead.

-fstack-protector-strong
  Adds the canary for a wider set of functions, since it's not
  just those with strings that have ultimately been vulnerable to
  stack-busting. With this superset, more functions end up with a
  canary, but it still remains small compared to all functions
  with only a small change in performance. Based on the original
  design document, a function gets the canary when it contains any
  of:

    - local variable's address used as part of the right hand side
      of an assignment or function argument
    - local variable is an array (or union containing an array),
      regardless of array type or length
    - uses register local variables

  https://docs.google.com/a/google.com/document/d/1xXBH6rRZue4f296vGt9YQcuLVQHeE516stHwt8M9xyU

Find below a comparison of "size" and "objdump" output when built with
gcc-4.9 in three configurations:

  - defconfig
	11430641 kernel text size
	36110 function bodies

  - defconfig + CONFIG_CC_STACKPROTECTOR_REGULAR
	11468490 kernel text size (+0.33%)
	1015 of 36110 functions are stack-protected (2.81%)

  - defconfig + CONFIG_CC_STACKPROTECTOR_STRONG via this patch
	11692790 kernel text size (+2.24%)
	7401 of 36110 functions are stack-protected (20.5%)

With -strong, ARM's compressed boot code now triggers stack
protection, so a static guard was added. Since this is only used
during decompression and was never used before, the exposure
here is very small. Once it switches to the full kernel, the
stack guard is back to normal.

Chrome OS has been using -fstack-protector-strong for its kernel
builds for the last 8 months with no problems.

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Shawn Guo <shawn.guo@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-mips@linux-mips.org
Cc: linux-arch@vger.kernel.org
Link: http://lkml.kernel.org/r/1387481759-14535-3-git-send-email-keescook@chromium.org
[ Improved the changelog and descriptions some more. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-12-20 09:38:40 +01:00
Kees Cook
19952a9203 stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures
Instead of duplicating the CC_STACKPROTECTOR Kconfig and
Makefile logic in each architecture, switch to using
HAVE_CC_STACKPROTECTOR and keep everything in one place. This
retains the x86-specific bug verification scripts.

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Shawn Guo <shawn.guo@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-mips@linux-mips.org
Cc: linux-arch@vger.kernel.org
Link: http://lkml.kernel.org/r/1387481759-14535-2-git-send-email-keescook@chromium.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-12-20 09:38:40 +01:00
Jan Beulich
7ac1815683 fix build with make 3.80
According to Documentation/Changes, make 3.80 is still being supported
for building the kernel, hence make files must not make (unconditional)
use of features introduced only in newer versions.

Commit 1bf49dd4be0b ("./Makefile: export initial ramdisk compression
config option") however introduced "else ifeq" constructs which make
3.80 doesn't understand.  Replace the logic there with more conventional
(in the kernel build infrastructure) list constructs (except that the
list here is intentionally limited to exactly one element).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: P J P <ppandit@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-12-18 19:04:52 -08:00
Linus Torvalds
319e2e3f63 Linux 3.13-rc4 2013-12-15 12:31:33 -08:00
Linus Torvalds
374b105797 Linux 3.13-rc3 2013-12-06 09:34:04 -08:00
Linus Torvalds
dc1ccc4815 Linux 3.13-rc2 2013-11-29 12:57:14 -08:00
Linus Torvalds
6ce4eac1f6 Linux 3.13-rc1 2013-11-22 11:30:55 -08:00
Linus Torvalds
762fb1ddd5 Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Pull kbuild changes from Michal Marek:
 - LTO fixes, but the kallsyms part had to be reverted
 - Pass -Werror=implicit-int and -Werror=strict-prototypes to the
   compiler by default
 - snprintf fix in modpost
 - remove GREP_OPTIONS from the environment to be immune against exotic
   grep option settings

* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  kallsyms: Revert back to 128 max symbol length
  Kbuild: Ignore GREP_OPTIONS env variable
  scripts: kallsyms: Use %zu to print 'size_t'
  scripts/bloat-o-meter: use .startswith rather than fragile slicing
  scripts/bloat-o-meter: ignore changes in the size of linux_banner
  kbuild: replace unbounded sprintf call in modpost
  kbuild, bloat-o-meter: fix static detection
  Kbuild: Handle longer symbols in kallsyms.c
  kbuild: Increase kallsyms max symbol length
  Makefile: enable -Werror=implicit-int and -Werror=strict-prototypes by default
2013-11-15 14:06:38 -08:00
P J P
1bf49dd4be ./Makefile: export initial ramdisk compression config option
Make menuconfig allows one to choose compression format of an initial
ramdisk image.  But this choice does not result in duly compressed ramdisk
image.  Because - $ make install - does not pass on the selected
compression choice to the dracut(8) tool, which creates the initramfs
file.  dracut(8) generates the image with the default compression, ie.
gzip(1).

This patch exports the selected compression option to a sub-shell
environment, so that it could be used by dracut(8) tool to generate
appropriately compressed initramfs images.

There isn't a straightforward way to pass on options to dracut(8) via
positional parameters.  Because it is indirectly invoked at the end of a $
make install sequence.

 # make install
   -> arch/$arch/boot/Makefile
    -> arch/$arch/boot/install.sh
     -> /sbing/installkernel ...
      -> /sbin/new-kernel-pkg ...
       -> /sbin/dracut ...

Signed-off-by: P J P <ppandit@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-11-13 12:09:36 +09:00
Borislav Petkov
ab7474ea53 Kbuild: Ignore GREP_OPTIONS env variable
When building the kernel in a shell which defines GREP_OPTIONS so that
grep behavior is modified, we can break the generation of the syscalls
table like so:

__SYSCALL_COMMON(^[[01;31m^[[K0^[[m^[[K, sys_read, sys_read)
__SYSCALL_COMMON(^[[01;31m^[[K1^[[m^[[K, sys_write, sys_write)
__SYSCALL_COMMON(^[[01;31m^[[K1^[[m^[[K0, sys_mprotect, sys_mprotect) ...

This is just the initial breakage, later we barf when generating
modules.

In this case, GREP_OPTIONS contains "--color=always" which adds the shell
colors markup and completely fudges the headers under ...generated/asm/.

Fix that by unexporting the GREP_OPTIONS variable for the whole kernel
build as we tend to use grep at a bunch of places.

Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-11-11 17:56:43 +01:00
Linus Torvalds
5e01dc7b26 Linux 3.12 2013-11-03 15:41:51 -08:00
Linus Torvalds
959f58544b Linux 3.12-rc7 2013-10-27 16:12:03 -07:00
Sergei Trofimovich
8097047217 Makefile: enable -Werror=implicit-int and -Werror=strict-prototypes by default
The common error found in forward-ported/backported patches is missing
headers.  One recent example (files and function names are mangled):

    void foo(){}
    EXPORT_SYMBOL(foo);

gave only warning

    foo.c:12345678:5: warning: function declaration isn't a prototype [-Wstrict-prototypes]
    void foo(){}
         ^

    foo.c:12345679:5: warning: data definition has no type or storage class [enabled by default]
    EXPORT_SYMBOL(foo);
    foo.c:12345679:5: warning: type defaults to 'int' in declaration of 'EXORT_SYMBOL' [-Werror=implicit-int]

Now it's a fatal error. Tested on x86_64 allyesconfig.

[akpm@linux-foundation.org: fix typos in comments]
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-10-23 16:36:57 +02:00
Linus Torvalds
31d141e3a6 Linux 3.12-rc6 2013-10-19 12:28:15 -07:00
Linus Torvalds
61e6cfa80d Linux 3.12-rc5 2013-10-13 15:41:28 -07:00
Linus Torvalds
d0e639c9e0 Linux 3.12-rc4 2013-10-06 14:00:20 -07:00