Skip to content

K
Kernel

openeuler / Kernel
1 年多 前同步成功

通知 8
Star 0
Fork 0
K
Kernel
切换分支/标签
  1. 11 9月, 2015 4 次提交
  3. 09 9月, 2015 1 次提交
  5. 05 9月, 2015 6 次提交
  7. 04 9月, 2015 3 次提交
  9. 28 8月, 2015 2 次提交
    • R
      scripts: add stackdelta script · 5bbb9f75
      Rasmus Villemoes 提交于 
      This adds a simple perl script for reading two files as produced by
the stackusage script and computing the changes in stack usage. For
example:

$ scripts/stackusage -o /tmp/old.su CC=gcc-4.7 -j8 fs/ext4/
$ scripts/stackusage -o /tmp/new.su CC=gcc-5.0 -j8 fs/ext4/
$ scripts/stackdelta /tmp/{old,new}.su | sort -k5,5g

shows that gcc 5.0 generally produces less stack-hungry code than gcc
4.7. Obviously, the script can also be used for measuring the effect
of commits, .config tweaks or whatnot.
Signed-off-by: NRasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: NMichal Marek <mmarek@suse.com>
      5bbb9f75
    • R
      scripts: add stackusage script · 56d4a381
      Rasmus Villemoes 提交于 
      The current checkstack.pl script has a few problems, stemming from the
overly simplistic attempt at parsing objdump output with regular
expressions: For example, on x86_64 it doesn't take the push
instruction into account, making it consistently underestimate the
real stack use, and it also doesn't capture stack pointer adjustments
of exactly 128 bytes [1].

Since newer gcc (>= 4.6) knows about -fstack-usage, we might as well
take the information straight from the horse's mouth. This patch
introduces scripts/stackusage, which is a simple wrapper for running
make with KCFLAGS set to -fstack-usage. Example use is

scripts/stackusage -o out.su -j8 lib/

The script understands "-o foo" for writing to 'foo' and -h for a
trivial help text; anything else is passed to make.

Afterwards, we find all newly created .su files, massage them a
little, sort by stack use and write the result to a single output
file.

Note that the function names printed by (at least) gcc 4.7 are
sometimes useless. For example, the first three lines of out.su
generated above are

./lib/decompress_bunzip2.c:155  get_next_block  448     static
./lib/decompress_unlzma.c:537   unlzma  336     static
./lib/vsprintf.c:616    8       304     static

That function '8' is really the static symbol_string(), but it has
been subject to 'interprocedural scalar replacement of aggregates', so
its name in the object file is 'symbol_string.isra.8'. gcc 5.0 doesn't
have this problem; it uses the full name as seen in the object file.

[1] Since gcc encodes that by

48 83 c4 80             add    $0xffffffffffffff80,%rsp

and not

48 81 ec 80 00 00 00    sub    $0x80,%rsp

since -128 fits in an imm8.
Signed-off-by: NRasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: NMichal Marek <mmarek@suse.com>
      56d4a381
  11. 27 8月, 2015 1 次提交
  13. 26 8月, 2015 1 次提交
  15. 24 8月, 2015 3 次提交
  17. 20 8月, 2015 5 次提交
    • M
      genksyms: Regenerate parser · 5b733fac
      Michal Marek 提交于 
      Rebuild the parser after commit 1c722503 (genksyms: Duplicate
function pointer type definitions segfault), using bison 2.7.
Signed-off-by: NMichal Marek <mmarek@suse.com>
      5b733fac
    • R
      genksyms: Duplicate function pointer type definitions segfault · 1c722503
      Richard Yao 提交于 
      I noticed that genksyms will segfault when it sees duplicate function
pointer type declaration when I placed the same function pointer
definition in two separate headers in a local branch as an intermediate
step of some refactoring. This can be reproduced by piping the following
minimal test case into `genksyms -r /dev/null` or alternatively, putting
it into a C file attempting a build:

typedef int (*f)();
typedef int (*f)();

Attaching gdb to genksyms to understand this failure is useless without
changing CFLAGS to emit debuginfo. Once you have debuginfo, you will
find that the failure is that `char *s` was NULL and the program
executed `while(*s)`. At which point, further debugging requires
familiarity with compiler front end / parser development.

What happens is that flex identifies the first instance of the token "f"
as IDENT and the yacc parser adds it to the symbol table. On the second
instance, flex will identify "f" as TYPE, which triggers an error case
in the yacc parser. Given that TYPE would have been IDENT had it not
been in the symbol table, the the segmentaion fault could be avoided by
treating TYPE as IDENT in the affected rule.

Some might consider placing identical function pointer type declarations
in different headers to be poor style might consider a failure to be
beneficial. However, failing through a segmentation fault makes the
cause non-obvious and can waste the time of anyone who encounters it.
Signed-off-by: NRichard Yao <richard.yao@clusterhq.com>
Acked-by: NMadhuri Yechuri <madhuriyechuri@clusterhq.com>
Signed-off-by: NMichal Marek <mmarek@suse.com>
      1c722503
    • P
      Avoid conflict with host definitions when cross-compiling · 3c0561e0
      Pavel Fedin 提交于 
      Certain platforms (e. g. BSD-based ones) define some ELF constants
according to host. This patch fixes problems with cross-building
Linux kernel on these platforms (e. g. building ARM 32-bit version
on x86-64 host).
Signed-off-by: NPavel Fedin <p.fedin@samsung.com>
Signed-off-by: NMichal Marek <mmarek@suse.com>
      3c0561e0
    • S
      merge_config.sh: exit on missing input files · 78a6854e
      Sam Bobroff 提交于 
      Add a check for the existence of input files and exit (with failure)
if they are missing.

Without this additional check, missing files produce error messages
but still result in an output file being generated and a successful
exit code.
Signed-off-by: NSam Bobroff <sam.bobroff@au1.ibm.com>
Signed-off-by: NMichal Marek <mmarek@suse.com>
      78a6854e
    • C
      fallback to hostname in scripts/package/builddeb · bea107b1
      Christian Kujau 提交于 
      I happened to build a kernel with "make deb-pkg" on a machine with no
network connectivity, but this failed with:

[...]
  INSTALL debian/headertmp/usr/include/asm/ (65 files)
hostname: Name or service not known
../scripts/package/Makefile:90: recipe for target 'deb-pkg' failed
make[2]: *** [deb-pkg] Error 1

In scripts/package/builddeb it tries to construct an email address (that
can be queried in /proc/version later on) but with no network,
the "hostname -f" fails. The following patch falls back to just use the
shortname if we cannot determine our FQDN.
Signed-off-by: NChristian Kujau <lists@nerdbynature.de>
Signed-off-by: NMichal Marek <mmarek@suse.cz>
      bea107b1
  19. 19 8月, 2015 6 次提交
  21. 17 8月, 2015 1 次提交
    • D
      scripts/kernel-doc: Adding cross-reference links to html documentation. · 5699f871
      Danilo Cesar Lemes de Paula 提交于 
      Functions, Structs and Parameters definitions on kernel documentation
are pure cosmetic, it only highlights the element.

To ease the navigation in the documentation we should use <links> inside
those tags so readers can easily jump between methods directly.

This was discussed in 2014[1] and is implemented by getting a list
of <refentries> from the DocBook XML to generate a database. Then it looks
for <function>,<structnames> and <paramdef> tags that matches the ones in
the database. As it only links existent references, no broken links are
added.

[1] - lists.freedesktop.org/archives/dri-devel/2014-August/065404.html
Signed-off-by: NDanilo Cesar Lemes de Paula <danilo.cesar@collabora.co.uk>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Stephan Mueller <smueller@chronox.de>
Cc: Michal Marek <mmarek@suse.cz>
Cc: intel-gfx <intel-gfx@lists.freedesktop.org>
Cc: dri-devel <dri-devel@lists.freedesktop.org>
Signed-off-by: NJonathan Corbet <corbet@lwn.net>
      5699f871
  23. 14 8月, 2015 1 次提交
    • D
      modsign: Handle signing key in source tree · 3ee550f1
      David Woodhouse 提交于 
      Since commit 1329e8cc ("modsign: Extract signing cert from
CONFIG_MODULE_SIG_KEY if needed"), the build system has carefully coped
with the signing key being specified as a relative path in either the
source or or the build trees.

However, the actual signing of modules has not worked if the filename
is relative to the source tree.

Fix that by moving the config_filename helper into scripts/Kbuild.include
so that it can be used from elsewhere, and then using it in the top-level
Makefile to find the signing key file.

Kill the intermediate $(MODPUBKEY) and $(MODSECKEY) variables too, while
we're at it. There's no need for them.
Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>
      3ee550f1
  25. 13 8月, 2015 5 次提交
    • D
      sign-file: Fix warning about BIO_reset() return value · e9a5e8cc
      David Howells 提交于 
      Fix the following warning:

	scripts/sign-file.c: In function ‘main’:
	scripts/sign-file.c:188: warning: value computed is not used

whereby the result of BIO_ctrl() is cast inside of BIO_reset() to an
integer of a different size - which we're not checking but probably should.
Reported-by: NJames Morris <jmorris@namei.org>
Signed-off-by: NDavid Howells <dhowells@redhat.com>
      e9a5e8cc
    • D
      PKCS#7: Appropriately restrict authenticated attributes and content type · 99db4435
      David Howells 提交于 
      A PKCS#7 or CMS message can have per-signature authenticated attributes
that are digested as a lump and signed by the authorising key for that
signature.  If such attributes exist, the content digest isn't itself
signed, but rather it is included in a special authattr which then
contributes to the signature.

Further, we already require the master message content type to be
pkcs7_signedData - but there's also a separate content type for the data
itself within the SignedData object and this must be repeated inside the
authattrs for each signer [RFC2315 9.2, RFC5652 11.1].

We should really validate the authattrs if they exist or forbid them
entirely as appropriate.  To this end:

 (1) Alter the PKCS#7 parser to reject any message that has more than one
     signature where at least one signature has authattrs and at least one
     that does not.

 (2) Validate authattrs if they are present and strongly restrict them.
     Only the following authattrs are permitted and all others are
     rejected:

     (a) contentType.  This is checked to be an OID that matches the
     	 content type in the SignedData object.

     (b) messageDigest.  This must match the crypto digest of the data.

     (c) signingTime.  If present, we check that this is a valid, parseable
     	 UTCTime or GeneralTime and that the date it encodes fits within
     	 the validity window of the matching X.509 cert.

     (d) S/MIME capabilities.  We don't check the contents.

     (e) Authenticode SP Opus Info.  We don't check the contents.

     (f) Authenticode Statement Type.  We don't check the contents.

     The message is rejected if (a) or (b) are missing.  If the message is
     an Authenticode type, the message is rejected if (e) is missing; if
     not Authenticode, the message is rejected if (d) - (f) are present.

     The S/MIME capabilities authattr (d) unfortunately has to be allowed
     to support kernels already signed by the pesign program.  This only
     affects kexec.  sign-file suppresses them (CMS_NOSMIMECAP).

     The message is also rejected if an authattr is given more than once or
     if it contains more than one element in its set of values.

 (3) Add a parameter to pkcs7_verify() to select one of the following
     restrictions and pass in the appropriate option from the callers:

     (*) VERIFYING_MODULE_SIGNATURE

	 This requires that the SignedData content type be pkcs7-data and
	 forbids authattrs.  sign-file sets CMS_NOATTR.  We could be more
	 flexible and permit authattrs optionally, but only permit minimal
	 content.

     (*) VERIFYING_FIRMWARE_SIGNATURE

	 This requires that the SignedData content type be pkcs7-data and
	 requires authattrs.  In future, this will require an attribute
	 holding the target firmware name in addition to the minimal set.

     (*) VERIFYING_UNSPECIFIED_SIGNATURE

	 This requires that the SignedData content type be pkcs7-data but
	 allows either no authattrs or only permits the minimal set.

     (*) VERIFYING_KEXEC_PE_SIGNATURE

	 This only supports the Authenticode SPC_INDIRECT_DATA content type
	 and requires at least an SpcSpOpusInfo authattr in addition to the
	 minimal set.  It also permits an SPC_STATEMENT_TYPE authattr (and
	 an S/MIME capabilities authattr because the pesign program doesn't
	 remove these).

     (*) VERIFYING_KEY_SIGNATURE
     (*) VERIFYING_KEY_SELF_SIGNATURE

	 These are invalid in this context but are included for later use
	 when limiting the use of X.509 certs.

 (4) The pkcs7_test key type is given a module parameter to select between
     the above options for testing purposes.  For example:

	echo 1 >/sys/module/pkcs7_test_key/parameters/usage
	keyctl padd pkcs7_test foo @s </tmp/stuff.pkcs7

     will attempt to check the signature on stuff.pkcs7 as if it contains a
     firmware blob (1 being VERIFYING_FIRMWARE_SIGNATURE).
Suggested-by: NAndy Lutomirski <luto@kernel.org>
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Reviewed-by: NMarcel Holtmann <marcel@holtmann.org>
Reviewed-by: NDavid Woodhouse <David.Woodhouse@intel.com>
      99db4435
    • D
      modsign: Use extract-cert to process CONFIG_SYSTEM_TRUSTED_KEYS · 770f2b98
      David Woodhouse 提交于 
      Fix up the dependencies somewhat too, while we're at it.
Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>
      770f2b98
    • D
      extract-cert: Cope with multiple X.509 certificates in a single file · 84706caa
      David Woodhouse 提交于 
      This is not required for the module signing key, although it doesn't do any
harm — it just means that any additional certs in the PEM file are also
trusted by the kernel.

But it does allow us to use the extract-cert tool for processing the extra
certs from CONFIG_SYSTEM_TRUSTED_KEYS, instead of that horrid awk|base64
hack.

Also cope with being invoked with no input file, creating an empty output
file as a result.
Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: NDavid Howells <dhowells@redhat.com>
      84706caa
    • D
      sign-file: Generate CMS message as signature instead of PKCS#7 · ed8c2076
      David Howells 提交于 
      Make sign-file use the OpenSSL CMS routines to generate a message to be
used as the signature blob instead of the PKCS#7 routines.  This allows us
to change how the matching X.509 certificate is selected.  With PKCS#7 the
only option is to match on the serial number and issuer fields of an X.509
certificate; with CMS, we also have the option of matching by subjectKeyId
extension.  The new behaviour is selected with the "-k" flag.

Without the -k flag specified, the output is pretty much identical to the
PKCS#7 output.

Whilst we're at it, don't include the S/MIME capability list in the message
as it's irrelevant to us.
Signed-off-by: NDavid Howells <dhowells@redhat.com>
Reviewed-By: David Woodhouse <David.Woodhouse@intel.com
      ed8c2076
  27. 12 8月, 2015 1 次提交