We use

    $make TARGETS="size timers" kselftest

to build and run selftests. but there is no rule
for us to clean the kselftest generated files.

This patch add the rules, for example:

	$ make TARGETS="size timers" kselftest-clean

can clean all kselftest generated files.
Signed-off-by: NWang Long <long.wanglong@huawei.com>
Acked-by: NMichael Ellerman <mpe@ellerman.id.au>
Signed-off-by: NMichal Marek <mmarek@suse.com>

We need to build files in virt/lib/, which are now used by
KVM and VFIO, so add virt directory to the top Makefile.
Signed-off-by: NFeng Wu <feng.wu@intel.com>
Acked-by: NMichal Marek <mmarek@suse.com>
Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>

Currently the encoding of documents generated by DocBook depends on
the current locale.  Make the output reproducible independently of
the locale, by setting the encoding to UTF-8 (LC_CTYPE=C.UTF-8) by
preference, or ASCII (LC_CTYPE=C) as a fallback.

LC_CTYPE can normally be overridden by LC_ALL, but the top-level
Makefile unsets that.
Signed-off-by: NBen Hutchings <ben@decadent.org.uk>
[jc: added check-lc_ctype to .gitignore]
Signed-off-by: NJonathan Corbet <corbet@lwn.net>

We cannot detect clang before including the arch Makefile, because that
can set the default cross compiler. We also cannot detect clang after
including the arch Makefile, because powerpc wants to know about clang.
Solve this by using an deferred variable. This costs us a few shell
invocations, but this is only a constant number.
Reported-by: NBehan Webster <behanw@converseincode.com>
Reported-by: NAnton Blanchard <anton@samba.org>
Signed-off-by: NMichal Marek <mmarek@suse.com>

Make sure 'make clean' removes *.su files generated by the gcc option
-fstack-usage.
Signed-off-by: NRasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: NMichal Marek <mmarek@suse.com>

Since commit 1329e8cc ("modsign: Extract signing cert from
CONFIG_MODULE_SIG_KEY if needed"), the build system has carefully coped
with the signing key being specified as a relative path in either the
source or or the build trees.

However, the actual signing of modules has not worked if the filename
is relative to the source tree.

Fix that by moving the config_filename helper into scripts/Kbuild.include
so that it can be used from elsewhere, and then using it in the top-level
Makefile to find the signing key file.

Kill the intermediate $(MODPUBKEY) and $(MODSECKEY) variables too, while
we're at it. There's no need for them.
Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>

Move certificate handling out of the kernel/ directory and into a certs/
directory to get all the weird stuff in one place and move the generated
signing keys into this directory.
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Reviewed-by: NDavid Woodhouse <David.Woodhouse@intel.com>

The current rule for generating signing_key.priv and signing_key.x509 is
a classic example of a bad rule which has a tendency to break parallel
make. When invoked to create *either* target, it generates the other
target as a side-effect that make didn't predict.

So let's switch to using a single file signing_key.pem which contains
both key and certificate. That matches what we do in the case of an
external key specified by CONFIG_MODULE_SIG_KEY anyway, so it's also
slightly cleaner.
Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>

Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>

Move to using PKCS#7 messages as module signatures because:

 (1) We have to be able to support the use of X.509 certificates that don't
     have a subjKeyId set.  We're currently relying on this to look up the
     X.509 certificate in the trusted keyring list.

 (2) PKCS#7 message signed information blocks have a field that supplies the
     data required to match with the X.509 certificate that signed it.

 (3) The PKCS#7 certificate carries fields that specify the digest algorithm
     used to generate the signature in a standardised way and the X.509
     certificates specify the public key algorithm in a standardised way - so
     we don't need our own methods of specifying these.

 (4) We now have PKCS#7 message support in the kernel for signed kexec purposes
     and we can make use of this.

To make this work, the old sign-file script has been replaced with a program
that needs compiling in a previous patch.  The rules to build it are added
here.
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Tested-by: NVivek Goyal <vgoyal@redhat.com>

Running `make modules_install` ordinarily will overwrite existing
modules. This is the desired behavior, and is how pretty much every
other `make install` target works.

However, if CONFIG_MODULE_COMPRESS is enabled, modules are passed
through gzip and xz which then do the file writing. Both gzip and xz
will error out if the file already exists, unless -f is passed.

This patch adds -f so that the behavior is uniform.
Signed-off-by: NJason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: NMichal Marek <mmarek@suse.com>

Initialize the ARCH_* overrides before including the arch Makefile, to
avoid picking up the values from the environment. The variables can
still be overriden on the make command line, but this won't happen
by accident.
Signed-off-by: NMichal Marek <mmarek@suse.com>

Since commit a1c48bb1 (Makefile: Fix unrecognized cross-compiler command
line options), the arch Makefile is included earlier by the main
Makefile, preventing the arc architecture to set its -O3 compiler
option. Since there might be more use cases for an arch Makefile to
fine-tune the options, add support for ARCH_CPPFLAGS, ARCH_AFLAGS and
ARCH_CFLAGS variables that are appended to the respective kbuild
variables. The user still has the final say via the KCPPFLAGS, KAFLAGS
and KCFLAGS variables.
Reported-by: NVineet Gupta <Vineet.Gupta1@synopsys.com>
Cc: stable@vger.kernel.org # 3.16+
Signed-off-by: NMichal Marek <mmarek@suse.com>