Commit Graph

882 Commits

Author SHA1 Message Date
Linus Torvalds ad3ab302fd Merge branch 'core-stackprotector-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull strong stackprotector support from Ingo Molnar:
 "This tree adds a CONFIG_CC_STACKPROTECTOR_STRONG=y, a new, stronger
  stack canary checking method supported by the newest GCC versions (4.9
  and later).

  Here's the 'intensity comparison' between the various protection
  modes:

      - defconfig
        11430641 kernel text size
        36110 function bodies

      - defconfig + CONFIG_CC_STACKPROTECTOR_REGULAR
        11468490 kernel text size (+0.33%)
        1015 of 36110 functions are stack-protected (2.81%)

      - defconfig + CONFIG_CC_STACKPROTECTOR_STRONG via this patch
        11692790 kernel text size (+2.24%)
        7401 of 36110 functions are stack-protected (20.5%)

  the strong model comes with non-trivial costs, which is why we
  preserved the 'regular' and 'none' models as well"

* 'core-stackprotector-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG
  stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures
2014-01-20 10:26:31 -08:00
Linus Torvalds d8ec26d7f8 Linux 3.13 2014-01-19 18:40:07 -08:00
Linus Torvalds 7e22e91102 Linux 3.13-rc8 2014-01-12 17:04:18 +07:00
Linus Torvalds d6e0a2dd12 Linux 3.13-rc7 2014-01-04 15:12:14 -08:00
Linus Torvalds 802eee95bd Linux 3.13-rc6 2013-12-29 16:01:33 -08:00
Linus Torvalds 413541dd66 Linux 3.13-rc5 2013-12-22 13:08:32 -08:00
Linus Torvalds b7000adef1 Don't set the INITRD_COMPRESS environment variable automatically
Commit 1bf49dd4be ("./Makefile: export initial ramdisk compression
config option") started setting the INITRD_COMPRESS environment variable
depending on which decompression models the kernel had available.

That is completely broken.

For example, we by default have CONFIG_RD_LZ4 enabled, and are able to
decompress such an initrd, but the user tools to *create* such an initrd
may not be availble.  So trying to tell dracut to generate an
lz4-compressed image just because we can decode such an image is
completely inappropriate.

Cc: J P <ppandit@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Jan Beulich <JBeulich@suse.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-12-20 16:52:45 -08:00
Kees Cook 8779657d29 stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG
This changes the stack protector config option into a choice of
"None", "Regular", and "Strong":

   CONFIG_CC_STACKPROTECTOR_NONE
   CONFIG_CC_STACKPROTECTOR_REGULAR
   CONFIG_CC_STACKPROTECTOR_STRONG

"Regular" means the old CONFIG_CC_STACKPROTECTOR=y option.

"Strong" is a new mode introduced by this patch. With "Strong" the
kernel is built with -fstack-protector-strong (available in
gcc 4.9 and later). This option increases the coverage of the stack
protector without the heavy performance hit of -fstack-protector-all.

For reference, the stack protector options available in gcc are:

-fstack-protector-all:
  Adds the stack-canary saving prefix and stack-canary checking
  suffix to _all_ function entry and exit. Results in substantial
  use of stack space for saving the canary for deep stack users
  (e.g. historically xfs), and measurable (though shockingly still
  low) performance hit due to all the saving/checking. Really not
  suitable for sane systems, and was entirely removed as an option
  from the kernel many years ago.

-fstack-protector:
  Adds the canary save/check to functions that define an 8
  (--param=ssp-buffer-size=N, N=8 by default) or more byte local
  char array. Traditionally, stack overflows happened with
  string-based manipulations, so this was a way to find those
  functions. Very few total functions actually get the canary; no
  measurable performance or size overhead.

-fstack-protector-strong
  Adds the canary for a wider set of functions, since it's not
  just those with strings that have ultimately been vulnerable to
  stack-busting. With this superset, more functions end up with a
  canary, but it still remains small compared to all functions
  with only a small change in performance. Based on the original
  design document, a function gets the canary when it contains any
  of:

    - local variable's address used as part of the right hand side
      of an assignment or function argument
    - local variable is an array (or union containing an array),
      regardless of array type or length
    - uses register local variables

  https://docs.google.com/a/google.com/document/d/1xXBH6rRZue4f296vGt9YQcuLVQHeE516stHwt8M9xyU

Find below a comparison of "size" and "objdump" output when built with
gcc-4.9 in three configurations:

  - defconfig
	11430641 kernel text size
	36110 function bodies

  - defconfig + CONFIG_CC_STACKPROTECTOR_REGULAR
	11468490 kernel text size (+0.33%)
	1015 of 36110 functions are stack-protected (2.81%)

  - defconfig + CONFIG_CC_STACKPROTECTOR_STRONG via this patch
	11692790 kernel text size (+2.24%)
	7401 of 36110 functions are stack-protected (20.5%)

With -strong, ARM's compressed boot code now triggers stack
protection, so a static guard was added. Since this is only used
during decompression and was never used before, the exposure
here is very small. Once it switches to the full kernel, the
stack guard is back to normal.

Chrome OS has been using -fstack-protector-strong for its kernel
builds for the last 8 months with no problems.

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Shawn Guo <shawn.guo@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-mips@linux-mips.org
Cc: linux-arch@vger.kernel.org
Link: http://lkml.kernel.org/r/1387481759-14535-3-git-send-email-keescook@chromium.org
[ Improved the changelog and descriptions some more. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-12-20 09:38:40 +01:00
Kees Cook 19952a9203 stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures
Instead of duplicating the CC_STACKPROTECTOR Kconfig and
Makefile logic in each architecture, switch to using
HAVE_CC_STACKPROTECTOR and keep everything in one place. This
retains the x86-specific bug verification scripts.

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Arjan van de Ven <arjan@linux.intel.com>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paul Mundt <lethal@linux-sh.org>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: Shawn Guo <shawn.guo@linaro.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-mips@linux-mips.org
Cc: linux-arch@vger.kernel.org
Link: http://lkml.kernel.org/r/1387481759-14535-2-git-send-email-keescook@chromium.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-12-20 09:38:40 +01:00
Jan Beulich 7ac1815683 fix build with make 3.80
According to Documentation/Changes, make 3.80 is still being supported
for building the kernel, hence make files must not make (unconditional)
use of features introduced only in newer versions.

Commit 1bf49dd4be ("./Makefile: export initial ramdisk compression
config option") however introduced "else ifeq" constructs which make
3.80 doesn't understand.  Replace the logic there with more conventional
(in the kernel build infrastructure) list constructs (except that the
list here is intentionally limited to exactly one element).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: P J P <ppandit@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-12-18 19:04:52 -08:00
Linus Torvalds 319e2e3f63 Linux 3.13-rc4 2013-12-15 12:31:33 -08:00
Linus Torvalds 374b105797 Linux 3.13-rc3 2013-12-06 09:34:04 -08:00
Linus Torvalds dc1ccc4815 Linux 3.13-rc2 2013-11-29 12:57:14 -08:00
Linus Torvalds 6ce4eac1f6 Linux 3.13-rc1 2013-11-22 11:30:55 -08:00
Linus Torvalds 762fb1ddd5 Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Pull kbuild changes from Michal Marek:
 - LTO fixes, but the kallsyms part had to be reverted
 - Pass -Werror=implicit-int and -Werror=strict-prototypes to the
   compiler by default
 - snprintf fix in modpost
 - remove GREP_OPTIONS from the environment to be immune against exotic
   grep option settings

* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  kallsyms: Revert back to 128 max symbol length
  Kbuild: Ignore GREP_OPTIONS env variable
  scripts: kallsyms: Use %zu to print 'size_t'
  scripts/bloat-o-meter: use .startswith rather than fragile slicing
  scripts/bloat-o-meter: ignore changes in the size of linux_banner
  kbuild: replace unbounded sprintf call in modpost
  kbuild, bloat-o-meter: fix static detection
  Kbuild: Handle longer symbols in kallsyms.c
  kbuild: Increase kallsyms max symbol length
  Makefile: enable -Werror=implicit-int and -Werror=strict-prototypes by default
2013-11-15 14:06:38 -08:00
P J P 1bf49dd4be ./Makefile: export initial ramdisk compression config option
Make menuconfig allows one to choose compression format of an initial
ramdisk image.  But this choice does not result in duly compressed ramdisk
image.  Because - $ make install - does not pass on the selected
compression choice to the dracut(8) tool, which creates the initramfs
file.  dracut(8) generates the image with the default compression, ie.
gzip(1).

This patch exports the selected compression option to a sub-shell
environment, so that it could be used by dracut(8) tool to generate
appropriately compressed initramfs images.

There isn't a straightforward way to pass on options to dracut(8) via
positional parameters.  Because it is indirectly invoked at the end of a $
make install sequence.

 # make install
   -> arch/$arch/boot/Makefile
    -> arch/$arch/boot/install.sh
     -> /sbing/installkernel ...
      -> /sbin/new-kernel-pkg ...
       -> /sbin/dracut ...

Signed-off-by: P J P <ppandit@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-11-13 12:09:36 +09:00
Borislav Petkov ab7474ea53 Kbuild: Ignore GREP_OPTIONS env variable
When building the kernel in a shell which defines GREP_OPTIONS so that
grep behavior is modified, we can break the generation of the syscalls
table like so:

__SYSCALL_COMMON(^[[01;31m^[[K0^[[m^[[K, sys_read, sys_read)
__SYSCALL_COMMON(^[[01;31m^[[K1^[[m^[[K, sys_write, sys_write)
__SYSCALL_COMMON(^[[01;31m^[[K1^[[m^[[K0, sys_mprotect, sys_mprotect) ...

This is just the initial breakage, later we barf when generating
modules.

In this case, GREP_OPTIONS contains "--color=always" which adds the shell
colors markup and completely fudges the headers under ...generated/asm/.

Fix that by unexporting the GREP_OPTIONS variable for the whole kernel
build as we tend to use grep at a bunch of places.

Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-11-11 17:56:43 +01:00
Linus Torvalds 5e01dc7b26 Linux 3.12 2013-11-03 15:41:51 -08:00
Linus Torvalds 959f58544b Linux 3.12-rc7 2013-10-27 16:12:03 -07:00
Sergei Trofimovich 8097047217 Makefile: enable -Werror=implicit-int and -Werror=strict-prototypes by default
The common error found in forward-ported/backported patches is missing
headers.  One recent example (files and function names are mangled):

    void foo(){}
    EXPORT_SYMBOL(foo);

gave only warning

    foo.c:12345678:5: warning: function declaration isn't a prototype [-Wstrict-prototypes]
    void foo(){}
         ^

    foo.c:12345679:5: warning: data definition has no type or storage class [enabled by default]
    EXPORT_SYMBOL(foo);
    foo.c:12345679:5: warning: type defaults to 'int' in declaration of 'EXORT_SYMBOL' [-Werror=implicit-int]

Now it's a fatal error. Tested on x86_64 allyesconfig.

[akpm@linux-foundation.org: fix typos in comments]
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-10-23 16:36:57 +02:00
Linus Torvalds 31d141e3a6 Linux 3.12-rc6 2013-10-19 12:28:15 -07:00
Linus Torvalds 61e6cfa80d Linux 3.12-rc5 2013-10-13 15:41:28 -07:00
Linus Torvalds d0e639c9e0 Linux 3.12-rc4 2013-10-06 14:00:20 -07:00
Linus Torvalds 15c03dd485 Linux 3.12-rc3 2013-09-29 15:02:38 -07:00
Linus Torvalds 4a10c2ac2f Linux 3.12-rc2 2013-09-23 15:41:09 -07:00
Linus Torvalds 272b98c645 Linux 3.12-rc1 2013-09-16 16:17:51 -04:00
Linus Torvalds d5d04bb48f Bye, bye, WfW flag
This reverts the Linux for Workgroups thing.  And no, before somebody
asks, we're not doing Linux95.  Not for a few years, at least.

Sure, the flag added some color to the logo, and could have remained as
a testament to my leet gimp skills.  But no.  And I'll do this early, to
avoid the chance of forgetting when I'm doing the actual rc1 release on
the road.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-09-11 19:55:12 -07:00
Linus Torvalds 1ff5e37e72 Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Pull kbuild update from Michal Marek:
 "Only these two commits are in the kbuild branch this time:
   - Using filechk for include/config/kernel.release
   - Cleanup in scripts/sortextable.c"

* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  kbuild: Do not overwrite include/config/kernel.release needlessly
  scripts: remove unused function in sortextable.c
2013-09-07 19:46:50 -07:00
Linus Torvalds 6e4664525b Linux 3.11 2013-09-02 13:46:10 -07:00
Michal Marek 0d0e7718a9 kbuild: Do not overwrite include/config/kernel.release needlessly
Use filechk to detect if the content changed or not.

Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-08-28 17:09:54 +02:00
Linus Torvalds d8dfad3876 Linux 3.11-rc7 2013-08-25 17:43:22 -07:00
Linus Torvalds b36f4be3de Linux 3.11-rc6 2013-08-18 14:36:53 -07:00
Linus Torvalds d4e4ab86bc Linux 3.11-rc5 2013-08-11 18:04:20 -07:00
Linus Torvalds c095ba7224 Linux 3.11-rc4 2013-08-04 13:46:46 -07:00
Linus Torvalds 5ae90d8e46 Linux 3.11-rc3 2013-07-28 20:53:33 -07:00
Linus Torvalds 3b2f64d00c Linux 3.11-rc2 2013-07-21 12:05:29 -07:00
Linus Torvalds ad81f0545e Linux 3.11-rc1 2013-07-14 15:18:27 -07:00
Linus Torvalds 6d128e1e72 Revert "Makefile: Fix install error with make -j option"
This reverts commit d2aae8477c.

It is completely and utterly broken.  Module install should not build
any files, and adding broken dependencies to "help" it build files is
complete and utter sh*t.

The kernel should not be built by root, and "make install" and "make
module_install" (that for obvious reasons need to be run as root)
absolutely must not build any files.  They should only ever copy the
already-built files over.

So having dependencies for the install targets is wrong, wrong, wrong.

If you try to install a kernel without building it first, you *should*
get errors. The build system shouldn't try to help root build the files.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-07-10 19:02:51 -07:00
Linus Torvalds cb63fc2662 Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Pull kbuild updates from Michal Marek:
 - fix for make headers_install argv explosion with too long path
 - scripts/setlocalversion does not call git update-index needlessly
 - fix for the src.rpm produced by make rpm-pkg.  The new make
   image_name can be useful also for other packaging tools.
 - scripts/mod/devicetable-offsets.o is not rebuilt during each make run
 - make modules_install dependency fix
 - scripts/sortextable portability fix
 - fix for kbuild to generate the output directory for all object files
   in subdirs.
 - a couple of minor fixes

* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  kbuild: create directory for dir/file.o
  tools/include: use stdint types for user-space byteshift headers
  Makefile: Fix install error with make -j option
  Fix a build warning in scripts/mod/file2alias.c
  improve modalias building
  scripts/mod: Spelling s/DEVICEVTABLE/DEVICETABLE/
  kbuild: fix error when building from src rpm
  scripts/setlocalversion on write-protected source tree
  Makefile.lib: align DTB quiet_cmd
  kbuild: fix make headers_install when path is too long
2013-07-10 16:05:40 -07:00
Linus Torvalds 80cc38b163 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
Pull trivial tree updates from Jiri Kosina:
 "The usual stuff from trivial tree"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (34 commits)
  treewide: relase -> release
  Documentation/cgroups/memory.txt: fix stat file documentation
  sysctl/net.txt: delete reference to obsolete 2.4.x kernel
  spinlock_api_smp.h: fix preprocessor comments
  treewide: Fix typo in printk
  doc: device tree: clarify stuff in usage-model.txt.
  open firmware: "/aliasas" -> "/aliases"
  md: bcache: Fixed a typo with the word 'arithmetic'
  irq/generic-chip: fix a few kernel-doc entries
  frv: Convert use of typedef ctl_table to struct ctl_table
  sgi: xpc: Convert use of typedef ctl_table to struct ctl_table
  doc: clk: Fix incorrect wording
  Documentation/arm/IXP4xx fix a typo
  Documentation/networking/ieee802154 fix a typo
  Documentation/DocBook/media/v4l fix a typo
  Documentation/video4linux/si476x.txt fix a typo
  Documentation/virtual/kvm/api.txt fix a typo
  Documentation/early-userspace/README fix a typo
  Documentation/video4linux/soc-camera.txt fix a typo
  lguest: fix CONFIG_PAE -> CONFIG_x86_PAE in comment
  ...
2013-07-04 11:40:58 -07:00
Robert Richter d2aae8477c Makefile: Fix install error with make -j option
Make modules_install fails with -j option:

   DEPMOD
 Usage: .../.source/linux/scripts/depmod.sh /sbin/depmod <kernelrelease>
 make[1]: *** [_modinst_post] Error 1

Adding kernelrelease dependency to fix this.

Signed-off-by: Robert Richter <robert.richter@calxeda.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-07-03 14:58:13 +02:00
Linus Torvalds 8bb495e3f0 Linux 3.10 2013-06-30 15:13:29 -07:00
Geert Uytterhoeven 83a35e3604 treewide: relase -> release
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-06-28 14:34:33 +02:00
Mike Marciniszyn c398ff00f5 kbuild: fix error when building from src rpm
The following issue can be reproduced with Linus' tree on
an x86_64 server.

>+ cp /home/user/rpmbuild-test/BUILDROOT/kernel-3.9.2.x86_64/boot/vmlinuz-3.9.2
>cp: missing destination file operand after
>/home/user/rpmbuild-test/BUILDROOT/kernel-3.9.2-1.x86_64/boot/vmlinuz-3.9.2'
>Try `cp --help' for more information.
>error: Bad exit status from /var/tmp/rpm-tmp.R4o0iI (%install)

Here are the commands to reproduce:

make defconfig
make rpm-pkg

Use the resulting src rpm to build as follows:

mkdir ~/rpmbuild-test
cd ~/rpmbuild-test
rpmbuild --rebuild --define "_topdir `pwd`" -vv ~/rpmbuild/SRPMS/kernel-3.10.0_rc1+-1.src.rpm

The issue is because the %install script uses $KBUILD_IMAGE and it hasn't
been set since it is only available in the kbuild system and not in the
%install script.

This patch adds a Makefile target to emit the image_name that can be used
and modifies the mkspec to use the dynamic name in %install.

Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-06-24 15:26:14 +02:00
Linus Torvalds 9e895ace5d Linux 3.10-rc7 2013-06-22 09:47:31 -10:00
Linus Torvalds 7d13205581 Linux 3.10-rc6 2013-06-15 11:51:07 -10:00
Linus Torvalds 317ddd256b Linux 3.10-rc5 2013-06-08 17:41:04 -07:00
Linus Torvalds d683b96b07 Linux 3.10-rc4 2013-06-02 17:11:17 +09:00
Linus Torvalds e4aa937ec7 Linux 3.10-rc3 2013-05-26 16:00:47 -07:00
Linus Torvalds c7788792a5 Linux 3.10-rc2 2013-05-20 14:37:38 -07:00