- 26 2月, 2014 2 次提交
-
-
由 Jan Beulich 提交于
According to Documentation/Changes, make 3.80 is still being supported for building the kernel, hence make files must not make (unconditional) use of features introduced only in newer versions. Commit 8779657d ("stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG") however introduced an "else ifdef" construct which make 3.80 doesn't understand. Also correct a warning message still referencing the old config option name. Apart from that I question the use of "ifdef" here (but it was used that way already prior to said commit): ifeq (,y) would seem more to the point. Signed-off-by: NJan Beulich <jbeulich@suse.com> Acked-by: NKees Cook <keescook@chromium.org> Cc: Ingo Molnar <mingo@kernel.org> Cc: Michal Marek <mmarek@suse.cz> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Fathi Boudra 提交于
An extra parenthesis typo introduced in 19952a92 ("stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures") is causing the following error when CONFIG_CC_STACKPROTECTOR_REGULAR is enabled: Makefile:608: Cannot use CONFIG_CC_STACKPROTECTOR: -fstack-protector not supported by compiler Makefile:608: *** missing separator. Stop. Signed-off-by: NFathi Boudra <fathi.boudra@linaro.org> Acked-by: NKees Cook <keescook@chromium.org> Cc: <stable@vger.kernel.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 24 2月, 2014 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 17 2月, 2014 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 10 2月, 2014 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 03 2月, 2014 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 28 1月, 2014 2 次提交
-
-
由 Josh Triplett 提交于
GCC 4.9 and newer have a new warning -Wdate-time, which warns on any use of __DATE__, __TIME__, or __TIMESTAMP__, which would make the build non-deterministic. Now that the kernel does not use any of those macros, turn on -Werror=date-time if available, to keep it that way. The kernel already (optionally) records this information at build time in a single place; other kernel code should not duplicate that. Signed-off-by: NJosh Triplett <josh@joshtriplett.org> Signed-off-by: NMichal Marek <mmarek@suse.cz>
-
由 Geoff Levand 提交于
Change the debuging info generation flag in KBUILD_AFLAGS from '-gdwarf-2' to '-Wa,--gdwarf-2'. This will properly generate the debugging info for .S files when CONFIG_DEBUG_INFO=y. It seems current gcc does not pass a '--gdwarf-2' option on to the assembler when '-gdwarf-2' is on its command line (note the differece in the gcc and as flags). This change provides the correct assembler flag to gcc, and so does not rely on gcc to emit a flag for the assembler. Signed-off-by: Geoff Levand <geoff@infradead.org> for Huawei, Linaro Signed-off-by: NMichal Marek <mmarek@suse.cz>
-
- 20 1月, 2014 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 12 1月, 2014 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 06 1月, 2014 1 次提交
-
-
由 Emil Medve 提交于
make-4 changed the way/order it presents the command line options into MAKEFLAGS In make-3.8x, '-s' would always be first into a group of options with the '-'/hyphen removed $ make -p -s 2>/dev/null | grep ^MAKEFLAGS MAKEFLAGS = sp In make-4, '-s' seems to always be last into a group of options with the '-'/hyphen removed $ make -s -p 2>/dev/null | grep ^MAKEFLAGS MAKEFLAGS = ps Signed-off-by: NEmil Medve <Emilian.Medve@Freescale.com> Signed-off-by: NMichal Marek <mmarek@suse.cz>
-
- 05 1月, 2014 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 30 12月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 23 12月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 21 12月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
Commit 1bf49dd4 ("./Makefile: export initial ramdisk compression config option") started setting the INITRD_COMPRESS environment variable depending on which decompression models the kernel had available. That is completely broken. For example, we by default have CONFIG_RD_LZ4 enabled, and are able to decompress such an initrd, but the user tools to *create* such an initrd may not be availble. So trying to tell dracut to generate an lz4-compressed image just because we can decode such an image is completely inappropriate. Cc: J P <ppandit@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Jan Beulich <JBeulich@suse.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 20 12月, 2013 2 次提交
-
-
由 Kees Cook 提交于
This changes the stack protector config option into a choice of "None", "Regular", and "Strong": CONFIG_CC_STACKPROTECTOR_NONE CONFIG_CC_STACKPROTECTOR_REGULAR CONFIG_CC_STACKPROTECTOR_STRONG "Regular" means the old CONFIG_CC_STACKPROTECTOR=y option. "Strong" is a new mode introduced by this patch. With "Strong" the kernel is built with -fstack-protector-strong (available in gcc 4.9 and later). This option increases the coverage of the stack protector without the heavy performance hit of -fstack-protector-all. For reference, the stack protector options available in gcc are: -fstack-protector-all: Adds the stack-canary saving prefix and stack-canary checking suffix to _all_ function entry and exit. Results in substantial use of stack space for saving the canary for deep stack users (e.g. historically xfs), and measurable (though shockingly still low) performance hit due to all the saving/checking. Really not suitable for sane systems, and was entirely removed as an option from the kernel many years ago. -fstack-protector: Adds the canary save/check to functions that define an 8 (--param=ssp-buffer-size=N, N=8 by default) or more byte local char array. Traditionally, stack overflows happened with string-based manipulations, so this was a way to find those functions. Very few total functions actually get the canary; no measurable performance or size overhead. -fstack-protector-strong Adds the canary for a wider set of functions, since it's not just those with strings that have ultimately been vulnerable to stack-busting. With this superset, more functions end up with a canary, but it still remains small compared to all functions with only a small change in performance. Based on the original design document, a function gets the canary when it contains any of: - local variable's address used as part of the right hand side of an assignment or function argument - local variable is an array (or union containing an array), regardless of array type or length - uses register local variables https://docs.google.com/a/google.com/document/d/1xXBH6rRZue4f296vGt9YQcuLVQHeE516stHwt8M9xyU Find below a comparison of "size" and "objdump" output when built with gcc-4.9 in three configurations: - defconfig 11430641 kernel text size 36110 function bodies - defconfig + CONFIG_CC_STACKPROTECTOR_REGULAR 11468490 kernel text size (+0.33%) 1015 of 36110 functions are stack-protected (2.81%) - defconfig + CONFIG_CC_STACKPROTECTOR_STRONG via this patch 11692790 kernel text size (+2.24%) 7401 of 36110 functions are stack-protected (20.5%) With -strong, ARM's compressed boot code now triggers stack protection, so a static guard was added. Since this is only used during decompression and was never used before, the exposure here is very small. Once it switches to the full kernel, the stack guard is back to normal. Chrome OS has been using -fstack-protector-strong for its kernel builds for the last 8 months with no problems. Signed-off-by: NKees Cook <keescook@chromium.org> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Michal Marek <mmarek@suse.cz> Cc: Russell King <linux@arm.linux.org.uk> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Paul Mundt <lethal@linux-sh.org> Cc: James Hogan <james.hogan@imgtec.com> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Shawn Guo <shawn.guo@linaro.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: linux-arm-kernel@lists.infradead.org Cc: linux-mips@linux-mips.org Cc: linux-arch@vger.kernel.org Link: http://lkml.kernel.org/r/1387481759-14535-3-git-send-email-keescook@chromium.org [ Improved the changelog and descriptions some more. ] Signed-off-by: NIngo Molnar <mingo@kernel.org>
-
由 Kees Cook 提交于
Instead of duplicating the CC_STACKPROTECTOR Kconfig and Makefile logic in each architecture, switch to using HAVE_CC_STACKPROTECTOR and keep everything in one place. This retains the x86-specific bug verification scripts. Signed-off-by: NKees Cook <keescook@chromium.org> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Michal Marek <mmarek@suse.cz> Cc: Russell King <linux@arm.linux.org.uk> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Paul Mundt <lethal@linux-sh.org> Cc: James Hogan <james.hogan@imgtec.com> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Shawn Guo <shawn.guo@linaro.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-arm-kernel@lists.infradead.org Cc: linux-mips@linux-mips.org Cc: linux-arch@vger.kernel.org Link: http://lkml.kernel.org/r/1387481759-14535-2-git-send-email-keescook@chromium.orgSigned-off-by: NIngo Molnar <mingo@kernel.org>
-
- 19 12月, 2013 1 次提交
-
-
由 Jan Beulich 提交于
According to Documentation/Changes, make 3.80 is still being supported for building the kernel, hence make files must not make (unconditional) use of features introduced only in newer versions. Commit 1bf49dd4 ("./Makefile: export initial ramdisk compression config option") however introduced "else ifeq" constructs which make 3.80 doesn't understand. Replace the logic there with more conventional (in the kernel build infrastructure) list constructs (except that the list here is intentionally limited to exactly one element). Signed-off-by: NJan Beulich <jbeulich@suse.com> Cc: P J P <ppandit@redhat.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 16 12月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 07 12月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 30 11月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 23 11月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 13 11月, 2013 1 次提交
-
-
由 P J P 提交于
Make menuconfig allows one to choose compression format of an initial ramdisk image. But this choice does not result in duly compressed ramdisk image. Because - $ make install - does not pass on the selected compression choice to the dracut(8) tool, which creates the initramfs file. dracut(8) generates the image with the default compression, ie. gzip(1). This patch exports the selected compression option to a sub-shell environment, so that it could be used by dracut(8) tool to generate appropriately compressed initramfs images. There isn't a straightforward way to pass on options to dracut(8) via positional parameters. Because it is indirectly invoked at the end of a $ make install sequence. # make install -> arch/$arch/boot/Makefile -> arch/$arch/boot/install.sh -> /sbing/installkernel ... -> /sbin/new-kernel-pkg ... -> /sbin/dracut ... Signed-off-by: NP J P <ppandit@redhat.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 12 11月, 2013 1 次提交
-
-
由 Borislav Petkov 提交于
When building the kernel in a shell which defines GREP_OPTIONS so that grep behavior is modified, we can break the generation of the syscalls table like so: __SYSCALL_COMMON(^[[01;31m^[[K0^[[m^[[K, sys_read, sys_read) __SYSCALL_COMMON(^[[01;31m^[[K1^[[m^[[K, sys_write, sys_write) __SYSCALL_COMMON(^[[01;31m^[[K1^[[m^[[K0, sys_mprotect, sys_mprotect) ... This is just the initial breakage, later we barf when generating modules. In this case, GREP_OPTIONS contains "--color=always" which adds the shell colors markup and completely fudges the headers under ...generated/asm/. Fix that by unexporting the GREP_OPTIONS variable for the whole kernel build as we tend to use grep at a bunch of places. Signed-off-by: NBorislav Petkov <bp@suse.de> Signed-off-by: NMichal Marek <mmarek@suse.cz>
-
- 04 11月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 28 10月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 23 10月, 2013 1 次提交
-
-
由 Sergei Trofimovich 提交于
The common error found in forward-ported/backported patches is missing headers. One recent example (files and function names are mangled): void foo(){} EXPORT_SYMBOL(foo); gave only warning foo.c:12345678:5: warning: function declaration isn't a prototype [-Wstrict-prototypes] void foo(){} ^ foo.c:12345679:5: warning: data definition has no type or storage class [enabled by default] EXPORT_SYMBOL(foo); foo.c:12345679:5: warning: type defaults to 'int' in declaration of 'EXORT_SYMBOL' [-Werror=implicit-int] Now it's a fatal error. Tested on x86_64 allyesconfig. [akpm@linux-foundation.org: fix typos in comments] Signed-off-by: NSergei Trofimovich <slyfox@gentoo.org> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NMichal Marek <mmarek@suse.cz>
-
- 20 10月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 14 10月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 07 10月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 30 9月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 24 9月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 17 9月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 12 9月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
This reverts the Linux for Workgroups thing. And no, before somebody asks, we're not doing Linux95. Not for a few years, at least. Sure, the flag added some color to the logo, and could have remained as a testament to my leet gimp skills. But no. And I'll do this early, to avoid the chance of forgetting when I'm doing the actual rc1 release on the road. Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 03 9月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 28 8月, 2013 1 次提交
-
-
由 Michal Marek 提交于
Use filechk to detect if the content changed or not. Signed-off-by: NMichal Marek <mmarek@suse.cz>
-
- 26 8月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 19 8月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 12 8月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-
- 05 8月, 2013 1 次提交
-
-
由 Linus Torvalds 提交于
-