Pull misc kbuild updates from Michal Marek:
- deb-pkg:
+ module signing fix
+ dtb files are added to the package
+ do not require `hostname -f` to work during build
+ make deb-pkg generates a source package, bindeb-pkg has been
added to only generate the binary package
- rpm-pkg packages /lib/modules as well
- new coccinelle patch and updates to existing ones
- new stackusage & stackdelta script to collect and compare stack usage
info (using gcc's -fstack-usage)
- make tags understands trace_*_rcuidle() macros
- .gitignore updates, misc cleanups
* 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: (27 commits)
deb-pkg: add source package
package/Makefile: move source tar creation to a function
scripts: add stackdelta script
kbuild: remove *.su files generated by -fstack-usage
.gitignore: add *.su pattern
scripts: add stackusage script
kbuild: avoid listing /lib/modules in kernel spec file
fallback to hostname in scripts/package/builddeb
coccinelle: api: extend spatch for dropping unnecessary owner
deb-pkg: simplify directory creation
scripts/tags.sh: Include trace_*_rcuidle() in tags
scripts/package/Makefile: rpmbuild is needed for rpm targets
Kbuild: Add ID files to .gitignore
gitignore: Add MIPS vmlinux.32 to the list
coccinelle: simple_return: Add a blank line
coccinelle: irqf_oneshot.cocci: Improve the generated commit log
coccinelle: api: add vma_pages.cocci
scripts/coccinelle/misc/irqf_oneshot.cocci: Fix grammar
scripts/coccinelle/misc/semicolon.cocci: Use imperative mood
coccinelle: simple_open: Use imperative mood
...
Pull security subsystem updates from James Morris:
"Highlights:
- PKCS#7 support added to support signed kexec, also utilized for
module signing. See comments in 3f1e1bea.
** NOTE: this requires linking against the OpenSSL library, which
must be installed, e.g. the openssl-devel on Fedora **
- Smack
- add IPv6 host labeling; ignore labels on kernel threads
- support smack labeling mounts which use binary mount data
- SELinux:
- add ioctl whitelisting (see
http://kernsec.org/files/lss2015/vanderstoep.pdf)
- fix mprotect PROT_EXEC regression caused by mm change
- Seccomp:
- add ptrace options for suspend/resume"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (57 commits)
PKCS#7: Add OIDs for sha224, sha284 and sha512 hash algos and use them
Documentation/Changes: Now need OpenSSL devel packages for module signing
scripts: add extract-cert and sign-file to .gitignore
modsign: Handle signing key in source tree
modsign: Use if_changed rule for extracting cert from module signing key
Move certificate handling to its own directory
sign-file: Fix warning about BIO_reset() return value
PKCS#7: Add MODULE_LICENSE() to test module
Smack - Fix build error with bringup unconfigured
sign-file: Document dependency on OpenSSL devel libraries
PKCS#7: Appropriately restrict authenticated attributes and content type
KEYS: Add a name for PKEY_ID_PKCS7
PKCS#7: Improve and export the X.509 ASN.1 time object decoder
modsign: Use extract-cert to process CONFIG_SYSTEM_TRUSTED_KEYS
extract-cert: Cope with multiple X.509 certificates in a single file
sign-file: Generate CMS message as signature instead of PKCS#7
PKCS#7: Support CMS messages also [RFC5652]
X.509: Change recorded SKID & AKID to not include Subject or Issuer
PKCS#7: Check content type and versions
MAINTAINERS: The keyrings mailing list has moved
...
We cannot detect clang before including the arch Makefile, because that
can set the default cross compiler. We also cannot detect clang after
including the arch Makefile, because powerpc wants to know about clang.
Solve this by using an deferred variable. This costs us a few shell
invocations, but this is only a constant number.
Reported-by: Behan Webster <behanw@converseincode.com>
Reported-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Michal Marek <mmarek@suse.com>
Make sure 'make clean' removes *.su files generated by the gcc option
-fstack-usage.
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Michal Marek <mmarek@suse.com>
Since commit 1329e8cc69 ("modsign: Extract signing cert from
CONFIG_MODULE_SIG_KEY if needed"), the build system has carefully coped
with the signing key being specified as a relative path in either the
source or or the build trees.
However, the actual signing of modules has not worked if the filename
is relative to the source tree.
Fix that by moving the config_filename helper into scripts/Kbuild.include
so that it can be used from elsewhere, and then using it in the top-level
Makefile to find the signing key file.
Kill the intermediate $(MODPUBKEY) and $(MODSECKEY) variables too, while
we're at it. There's no need for them.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Move certificate handling out of the kernel/ directory and into a certs/
directory to get all the weird stuff in one place and move the generated
signing keys into this directory.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
The current rule for generating signing_key.priv and signing_key.x509 is
a classic example of a bad rule which has a tendency to break parallel
make. When invoked to create *either* target, it generates the other
target as a side-effect that make didn't predict.
So let's switch to using a single file signing_key.pem which contains
both key and certificate. That matches what we do in the case of an
external key specified by CONFIG_MODULE_SIG_KEY anyway, so it's also
slightly cleaner.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Move to using PKCS#7 messages as module signatures because:
(1) We have to be able to support the use of X.509 certificates that don't
have a subjKeyId set. We're currently relying on this to look up the
X.509 certificate in the trusted keyring list.
(2) PKCS#7 message signed information blocks have a field that supplies the
data required to match with the X.509 certificate that signed it.
(3) The PKCS#7 certificate carries fields that specify the digest algorithm
used to generate the signature in a standardised way and the X.509
certificates specify the public key algorithm in a standardised way - so
we don't need our own methods of specifying these.
(4) We now have PKCS#7 message support in the kernel for signed kexec purposes
and we can make use of this.
To make this work, the old sign-file script has been replaced with a program
that needs compiling in a previous patch. The rules to build it are added
here.
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Vivek Goyal <vgoyal@redhat.com>
Pull kbuild fixes from Michal Marek:
"Two fixes for kbuild:
- The new ARCH_{CPP,A,C}FLAGS variables are reset before including
the arch Makefile
- Fix calling make modules_install twice when module compression is
enabled"
* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
Makefile: Force gzip and xz on module install
kbuild: Do not pick up ARCH_{CPP,A,C}FLAGS from the environment
Running `make modules_install` ordinarily will overwrite existing
modules. This is the desired behavior, and is how pretty much every
other `make install` target works.
However, if CONFIG_MODULE_COMPRESS is enabled, modules are passed
through gzip and xz which then do the file writing. Both gzip and xz
will error out if the file already exists, unless -f is passed.
This patch adds -f so that the behavior is uniform.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
Initialize the ARCH_* overrides before including the arch Makefile, to
avoid picking up the values from the environment. The variables can
still be overriden on the make command line, but this won't happen
by accident.
Signed-off-by: Michal Marek <mmarek@suse.com>
- Makefile changes (top-level+ARC) reinstates -O3 builds (regression since 3.16)
- IDU intc related fixes, IRQ affinity
- patch to make bitops safer for ARC
- perf fix from Alexey to remove signed PC braino
- Futex backend gets llock/scond support
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVpgqZAAoJEGnX8d3iisJeSEgP/1HCS3kv/E/c+7pfPN1zZTMU
Miqyw/uu1R/691UA41mtN/+SfJEn49A5ti0xaw2LkxJYsInb+5EWL7SHWiiwB1lk
3tuuTYbz/15qss7c0kH/e+aukJx/8l+ahIHLTFQsTZCton8+vKQsEU5pRrVAFdzN
ksvfNYBg/6Hx2b20CpjAKWHXbBq4973txmlyQiEAi+3fSYVzFWoczCBrCE/4CMFg
GeItAQTQct5H8QvXzEj7VfadpMhqy2cG+AtaCT2B9CqlJnAPT4DGjWg25rXxOCr9
/zvjGwqrbq9hr89l83HoErhoOU2Hy0yEKNSh8qSFayRgERdHAAbh22TS7gaKLyAm
eOGZgVOeDrHpsyk58WnUmD18ePKy8tq9Z0ffNhqC+6USppwJxEHP2l9F8Ylf2/5F
t+6qhn3h430QYKE99Z3NXGdTccgWBK/IB3Ac3XiLuFhTJdpJnYLxaOrPtvKjXB39
AlWhIhy1BmyquCejyy8sH6i4/gnjY+9hgrrN/+k5N5+lWr7dR4Duje+zuzAiSrPv
62LmTK/dvkoW6BAAOD/IdUrepXvY3tN0laTLAOGmsvSQqM/oYv+f0kPnEuGRZldB
XaOtM0g7B+1a34jEoRw++xBx5FCOg1P4K3yLGbVpP9fJzguUJ5S/ENeNQgDjDWhh
9j7J1tz5zSaZEsEjfsHO
=CWXf
-----END PGP SIGNATURE-----
Merge tag 'arc-v4.2-rc3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc
Pull ARC fixes from Vineet Gupta:
- Makefile changes (top-level+ARC) reinstates -O3 builds (regression
since 3.16)
- IDU intc related fixes, IRQ affinity
- patch to make bitops safer for ARC
- perf fix from Alexey to remove signed PC braino
- Futex backend gets llock/scond support
* tag 'arc-v4.2-rc3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
ARCv2: support HS38 releases
ARC: make sure instruction_pointer() returns unsigned value
ARC: slightly refactor macros for boot logging
ARC: Add llock/scond to futex backend
arc:irqchip: prepare for drivers/irqchip/irqchip.h removal
ARC: Make ARC bitops "safer" (add anti-optimization)
ARCv2: [axs103] bump CPU frequency from 75 to 90 MHZ
ARCv2: intc: IDU: Fix potential race in installing a chained IRQ handler
ARCv2: intc: IDU: support irq affinity
ARC: fix unused var wanring
ARC: Don't memzero twice in dma_alloc_coherent for __GFP_ZERO
ARC: Override toplevel default -O2 with -O3
kbuild: Allow arch Makefiles to override {cpp,ld,c}flags
ARCv2: guard SLC DMA ops with spinlock
ARC: Kconfig: better way to disable ARC_HAS_LLSC for ARC_CPU_750D
Since commit a1c48bb1 (Makefile: Fix unrecognized cross-compiler command
line options), the arch Makefile is included earlier by the main
Makefile, preventing the arc architecture to set its -O3 compiler
option. Since there might be more use cases for an arch Makefile to
fine-tune the options, add support for ARCH_CPPFLAGS, ARCH_AFLAGS and
ARCH_CFLAGS variables that are appended to the respective kbuild
variables. The user still has the final say via the KCPPFLAGS, KAFLAGS
and KCFLAGS variables.
Reported-by: Vineet Gupta <Vineet.Gupta1@synopsys.com>
Cc: stable@vger.kernel.org # 3.16+
Signed-off-by: Michal Marek <mmarek@suse.com>
Pull kbuild updates from Michal Marek:
"Just a few kbuild core commits this time:
- kallsyms fix for CONFIG_XIP_KERNEL
- bashisms in scripts/link-vmlinux.sh fixed
- workaround to make DEBUG_INFO_REDUCED more useful yet still space
efficient
- clang is not wrongly detected when cross-compiling"
* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
kbuild: include core debug info when DEBUG_INFO_REDUCED
scripts: link-vmlinux: Don't pass page offset to kallsyms if XIP Kernel
scripts: fix link-vmlinux.sh bash-ism
Makefile: Fix detection of clang when cross-compiling
Pull perf updates from Ingo Molnar:
"Kernel side changes mostly consist of work on x86 PMU drivers:
- x86 Intel PT (hardware CPU tracer) improvements (Alexander
Shishkin)
- x86 Intel CQM (cache quality monitoring) improvements (Thomas
Gleixner)
- x86 Intel PEBSv3 support (Peter Zijlstra)
- x86 Intel PEBS interrupt batching support for lower overhead
sampling (Zheng Yan, Kan Liang)
- x86 PMU scheduler fixes and improvements (Peter Zijlstra)
There's too many tooling improvements to list them all - here are a
few select highlights:
'perf bench':
- Introduce new 'perf bench futex' benchmark: 'wake-parallel', to
measure parallel waker threads generating contention for kernel
locks (hb->lock). (Davidlohr Bueso)
'perf top', 'perf report':
- Allow disabling/enabling events dynamicaly in 'perf top':
a 'perf top' session can instantly become a 'perf report'
one, i.e. going from dynamic analysis to a static one,
returning to a dynamic one is possible, to toogle the
modes, just press 'f' to 'freeze/unfreeze' the sampling. (Arnaldo Carvalho de Melo)
- Make Ctrl-C stop processing on TUI, allowing interrupting the load of big
perf.data files (Namhyung Kim)
'perf probe': (Masami Hiramatsu)
- Support glob wildcards for function name
- Support $params special probe argument: Collect all function arguments
- Make --line checks validate C-style function name.
- Add --no-inlines option to avoid searching inline functions
- Greatly speed up 'perf probe --list' by caching debuginfo.
- Improve --filter support for 'perf probe', allowing using its arguments
on other commands, as --add, --del, etc.
'perf sched':
- Add option in 'perf sched' to merge like comms to lat output (Josef Bacik)
Plus tons of infrastructure work - in particular preparation for
upcoming threaded perf report support, but also lots of other work -
and fixes and other improvements. See (much) more details in the
shortlog and in the git log"
* 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (305 commits)
perf tools: Configurable per thread proc map processing time out
perf tools: Add time out to force stop proc map processing
perf report: Fix sort__sym_cmp to also compare end of symbol
perf hists browser: React to unassigned hotkey pressing
perf top: Tell the user how to unfreeze events after pressing 'f'
perf hists browser: Honour the help line provided by builtin-{top,report}.c
perf hists browser: Do not exit when 'f' is pressed in 'report' mode
perf top: Replace CTRL+z with 'f' as hotkey for enable/disable events
perf annotate: Rename source_line_percent to source_line_samples
perf annotate: Display total number of samples with --show-total-period
perf tools: Ensure thread-stack is flushed
perf top: Allow disabling/enabling events dynamicly
perf evlist: Add toggle_enable() method
perf trace: Fix race condition at the end of started workloads
perf probe: Speed up perf probe --list by caching debuginfo
perf probe: Show usage even if the last event is skipped
perf tools: Move libtraceevent dynamic list to separated LDFLAGS variable
perf tools: Fix a problem when opening old perf.data with different byte order
perf tools: Ignore .config-detected in .gitignore
perf probe: Fix to return error if no probe is added
...
User visible:
- Improve --filter support for 'perf probe', allowing using its arguments
on other commands, as --add, --del, etc (Masami Hiramatsu)
- Show warning when running 'perf kmem stat' on a unsuitable perf.data file,
i.e. one with events that are not the ones required for the stat variant
used (Namhyung Kim).
Infrastructure:
- Auxtrace support patches, paving the way to support Intel PT and BTS (Adrian Hunter)
- hists browser (top, report) refactorings (Namhyung Kim)
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJVSTWtAAoJENZQFvNTUqpA7zoP/3PDUfiFkhg5wUMIsCiVlI22
t05ptMRt82X0/FoleEYBfLIwJcnBbOmmSTFkoQzMj9ETHkwKB1QpH5HgeRrKe5un
+rhoxWlcBs3/KgBNk4sIrg2FrzM//LXy4NrLc3TuyCQJfuWxfCCs8L/pIpT3it9m
cc9GgbMXV7164KggSSG+3+IY9sbnQXQNQdhZoVbd4GAumX15JQO83eSYXZaIWleO
Wra3aHP4tOEJmdPBhDhpGdTn0zpvTHLV5qPU6/3W1BvQt6O/6Gqe4ujjg7Ga2bLR
pnGnoRwFM1Z7CacHVFoETeA8unqOUKEeIJvpbq0SsHfiT12RRjx//iy6Q6MaEx59
DL4tVWxZyIzZizQ9cSXTe+uXQn5LUO2Tj2PC4wcVVAyClI94tjF20XtKxX6Ptyl2
KVe0lv9CyxcB/OlwbxVo/xLYVdlbrIh2uGhpwsfIB7UNAdGi5G9SXiiEBD7gUUp1
k1sRbEMKcUYYx/ezN5wkIQIAaEVMNWl6VJF9qLA63Ti15XiBXHdJE2tMleLWz1oi
z70NTDdwFTquYocTgSnOo0nbb71m55YCfHyAr6VN6ZB08i4Lo7bF9HaI7ODgBFUk
3FHb4gJxsytC5xwp8R/VJVLPqfC1+HFy2CDZZbr9DkNycIvHqUJratz+EhcCHO2Y
RJ1CflbTUfJKBPO6TrXH
=oEm1
-----END PGP SIGNATURE-----
Merge tag 'perf-core-for-mingo-3' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/core
Pull perf/core improvements and fixes from Arnaldo Carvalho de Melo:
User visible changes:
- Improve --filter support for 'perf probe', allowing using its arguments
on other commands, as --add, --del, etc (Masami Hiramatsu)
- Show warning when running 'perf kmem stat' on a unsuitable perf.data file,
i.e. one with events that are not the ones required for the stat variant
used (Namhyung Kim).
Infrastructure changes:
- Auxtrace support patches, paving the way to support Intel PT and BTS (Adrian Hunter)
- hists browser (top, report) refactorings (Namhyung Kim)
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Several fixes were needed to allow following builds:
$ make tools/tmon
$ make -C <kernelsrc> tools/perf
$ make -C <kernelsrc>/tools perf
- some of the tools (perf) use same make variables as in
kernel build, unsetting srctree and objtree
- using original $(O) for O variable
- perf build does not follow the descend function setup
invoking it via it's own make rule
I tried the rest of the tools/Makefile targets and they
seem to work now.
Reported-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Cc: Borislav Petkov <bp@suse.de>
Cc: Brian Norris <computersforpeace@gmail.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: linux-kbuild@vger.kernel.org
Link: http://lkml.kernel.org/r/1429389280-18720-3-git-send-email-jolsa@kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
When the host's C compiler is clang, and when attempting to
cross-compile Linux e.g. to MIPS with mipsel-linux-gcc, the Makefile
would incorrectly detect the use of clang, which resulted in
clang-specific flags being passed to mipsel-linux-gcc.
This can be verified under Debian by installing the "clang" package,
and then using it as the default compiler with:
sudo update-alternatives --config cc
This patch moves the detection of clang after the $(CC) variable is
initialized to the name of the cross-compiler, so that the check applies
to the cross-compiler and not the host's C compiler.
v2: Move the detection of clang after the inclusion of the
arch/*/Makefile (as they might set $(CROSS_COMPILE))
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Pull kbuild updates from Michal Marek:
"Here is the first round of kbuild changes for v4.1-rc1:
- kallsyms fix for ARM and cleanup
- make dep(end) removed (developers have no sense of nostalgia these
days...)
- include Makefiles by relative path
- stop useless rebuilds of asm-offsets.h and bounds.h"
* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
Kbuild: kallsyms: drop special handling of pre-3.0 GCC symbols
Kbuild: kallsyms: ignore veneers emitted by the ARM linker
kbuild: ia64: use $(src)/Makefile.gate rather than particular path
kbuild: include $(src)/Makefile rather than $(obj)/Makefile
kbuild: use relative path more to include Makefile
kbuild: use relative path to include Makefile
kbuild: do not add $(bounds-file) and $(offsets-file) to targets
kbuild: remove warning about "make depend"
kbuild: Don't reset timestamps in include/generated if not needed
Pull core locking changes from Ingo Molnar:
"Main changes:
- jump label asm preparatory work for PowerPC (Anton Blanchard)
- rwsem optimizations and cleanups (Davidlohr Bueso)
- mutex optimizations and cleanups (Jason Low)
- futex fix (Oleg Nesterov)
- remove broken atomicity checks from {READ,WRITE}_ONCE() (Peter
Zijlstra)"
* 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
powerpc, jump_label: Include linux/jump_label.h to get HAVE_JUMP_LABEL define
jump_label: Allow jump labels to be used in assembly
jump_label: Allow asm/jump_label.h to be included in assembly
locking/mutex: Further simplify mutex_spin_on_owner()
locking: Remove atomicy checks from {READ,WRITE}_ONCE
locking/rtmutex: Rename argument in the rt_mutex_adjust_prio_chain() documentation as well
locking/rwsem: Fix lock optimistic spinning when owner is not running
locking: Remove ACCESS_ONCE() usage
locking/rwsem: Check for active lock before bailing on spinning
locking/rwsem: Avoid deceiving lock spinners
locking/rwsem: Set lock ownership ASAP
locking/rwsem: Document barrier need when waking tasks
locking/futex: Check PF_KTHREAD rather than !p->mm to filter out kthreads
locking/mutex: Refactor mutex_spin_on_owner()
locking/mutex: In mutex_spin_on_owner(), return true when owner changes