summaryrefslogtreecommitdiffstats
path: root/Makefile (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Linux 4.5-rc4v4.5-rc4Linus Torvalds2016-02-141-1/+1
|
* Linux 4.5-rc3v4.5-rc3Linus Torvalds2016-02-081-1/+1
|
* Linux 4.5-rc2v4.5-rc2Linus Torvalds2016-02-011-1/+1
|
* Linux 4.5-rc1v4.5-rc1Linus Torvalds2016-01-241-2/+2
|
* UBSAN: run-time undefined behavior sanity checkerAndrey Ryabinin2016-01-211-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | UBSAN uses compile-time instrumentation to catch undefined behavior (UB). Compiler inserts code that perform certain kinds of checks before operations that could cause UB. If check fails (i.e. UB detected) __ubsan_handle_* function called to print error message. So the most of the work is done by compiler. This patch just implements ubsan handlers printing errors. GCC has this capability since 4.9.x [1] (see -fsanitize=undefined option and its suboptions). However GCC 5.x has more checkers implemented [2]. Article [3] has a bit more details about UBSAN in the GCC. [1] - https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Debugging-Options.html [2] - https://gcc.gnu.org/onlinedocs/gcc/Debugging-Options.html [3] - http://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/ Issues which UBSAN has found thus far are: Found bugs: * out-of-bounds access - 97840cb67ff5 ("netfilter: nfnetlink: fix insufficient validation in nfnetlink_bind") undefined shifts: * d48458d4a768 ("jbd2: use a better hash function for the revoke table") * 10632008b9e1 ("clockevents: Prevent shift out of bounds") * 'x << -1' shift in ext4 - http://lkml.kernel.org/r/<5444EF21.8020501@samsung.com> * undefined rol32(0) - http://lkml.kernel.org/r/<1449198241-20654-1-git-send-email-sasha.levin@oracle.com> * undefined dirty_ratelimit calculation - http://lkml.kernel.org/r/<566594E2.3050306@odin.com> * undefined roundown_pow_of_two(0) - http://lkml.kernel.org/r/<1449156616-11474-1-git-send-email-sasha.levin@oracle.com> * [WONTFIX] undefined shift in __bpf_prog_run - http://lkml.kernel.org/r/<CACT4Y+ZxoR3UjLgcNdUm4fECLMx2VdtfrENMtRRCdgHB2n0bJA@mail.gmail.com> WONTFIX here because it should be fixed in bpf program, not in kernel. signed overflows: * 32a8df4e0b33f ("sched: Fix odd values in effective_load() calculations") * mul overflow in ntp - http://lkml.kernel.org/r/<1449175608-1146-1-git-send-email-sasha.levin@oracle.com> * incorrect conversion into rtc_time in rtc_time64_to_tm() - http://lkml.kernel.org/r/<1449187944-11730-1-git-send-email-sasha.levin@oracle.com> * unvalidated timespec in io_getevents() - http://lkml.kernel.org/r/<CACT4Y+bBxVYLQ6LtOKrKtnLthqLHcw-BMp3aqP3mjdAvr9FULQ@mail.gmail.com> * [NOTABUG] signed overflow in ktime_add_safe() - http://lkml.kernel.org/r/<CACT4Y+aJ4muRnWxsUe1CMnA6P8nooO33kwG-c8YZg=0Xc8rJqw@mail.gmail.com> [akpm@linux-foundation.org: fix unused local warning] [akpm@linux-foundation.org: fix __int128 build woes] Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Sasha Levin <sasha.levin@oracle.com> Cc: Randy Dunlap <rdunlap@infradead.org> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Michal Marek <mmarek@suse.cz> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Yury Gribov <y.gribov@samsung.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Cc: Kostya Serebryany <kcc@google.com> Cc: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Merge branch 'kbuild' of ↵Linus Torvalds2016-01-201-1/+7
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild updates from Michal Marek: - Make <modname>-m in makefiles work like <modname>-y and fix the fallout - Minor genksyms fix - Fix race with make -j install modules_install - Move -Wsign-compare from make W=1 to W=2 - Other minor fixes * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: kbuild: Demote 'sign-compare' warning to W=2 Makefile: revert "Makefile: Document ability to make file.lst and file.S" partially kbuild: Do not run modules_install and install in paralel genksyms: Handle string literals with spaces in reference files fixdep: constify strrcmp arguments ath10k: Fix build with CONFIG_THERMAL=m Revert "drm: Hack around CONFIG_AGP=m build failures" kbuild: Allow to specify composite modules with modname-m staging/ad7606: Actually build the interface modules
| * Makefile: revert "Makefile: Document ability to make file.lst and file.S" ↵Wang YanQing2015-12-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | partially Commit 627189797807 ("Makefile: Document ability to make file.lst and file.S") document ability to make file.S, but there isn't such ability in kbuild, so revert it. Signed-off-by: Wang YanQing <udknight@gmail.com> Signed-off-by: Michal Marek <mmarek@suse.com>
| * kbuild: Do not run modules_install and install in paralelMichal Marek2015-12-101-0/+6
| | | | | | | | | | | | | | | | | | Based on a x86-only patch by Andy Lutomirski <luto@amacapital.net> With modular kernels, 'make install' is going to need the installed modules at some point to generate the initramfs. Signed-off-by: Michal Marek <mmarek@suse.cz>
* | Linux 4.4v4.4Linus Torvalds2016-01-111-1/+1
| |
* | Linux 4.4-rc8v4.4-rc8Linus Torvalds2016-01-041-1/+1
| |
* | Linux 4.4-rc7v4.4-rc7Linus Torvalds2015-12-281-1/+1
| |
* | Linux 4.4-rc6v4.4-rc6Linus Torvalds2015-12-211-1/+1
| |
* | Linux 4.4-rc5v4.4-rc5Linus Torvalds2015-12-141-1/+1
| |
* | Linux 4.4-rc4v4.4-rc4Linus Torvalds2015-12-071-1/+1
| |
* | Linux 4.4-rc3v4.4-rc3Linus Torvalds2015-11-301-1/+1
| |
* | Linux 4.4-rc2v4.4-rc2Linus Torvalds2015-11-231-1/+1
|/
* Linux 4.4-rc1v4.4-rc1Linus Torvalds2015-11-161-2/+2
|
* Merge branch 'kbuild' of ↵Linus Torvalds2015-11-111-0/+4
|\ | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild update from Michal Marek: "The kbuild branch for v4.4-rc1 only has one commit: A new make kselftest-clean target cleans tools/testing/selftests" * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: kselftest: add kselftest-clean rule
| * kselftest: add kselftest-clean ruleWang Long2015-10-081-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We use $make TARGETS="size timers" kselftest to build and run selftests. but there is no rule for us to clean the kselftest generated files. This patch add the rules, for example: $ make TARGETS="size timers" kselftest-clean can clean all kselftest generated files. Signed-off-by: Wang Long <long.wanglong@huawei.com> Acked-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Michal Marek <mmarek@suse.com>
* | Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds2015-11-061-4/+6
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull KVM updates from Paolo Bonzini: "First batch of KVM changes for 4.4. s390: A bunch of fixes and optimizations for interrupt and time handling. PPC: Mostly bug fixes. ARM: No big features, but many small fixes and prerequisites including: - a number of fixes for the arch-timer - introducing proper level-triggered semantics for the arch-timers - a series of patches to synchronously halt a guest (prerequisite for IRQ forwarding) - some tracepoint improvements - a tweak for the EL2 panic handlers - some more VGIC cleanups getting rid of redundant state x86: Quite a few changes: - support for VT-d posted interrupts (i.e. PCI devices can inject interrupts directly into vCPUs). This introduces a new component (in virt/lib/) that connects VFIO and KVM together. The same infrastructure will be used for ARM interrupt forwarding as well. - more Hyper-V features, though the main one Hyper-V synthetic interrupt controller will have to wait for 4.5. These will let KVM expose Hyper-V devices. - nested virtualization now supports VPID (same as PCID but for vCPUs) which makes it quite a bit faster - for future hardware that supports NVDIMM, there is support for clflushopt, clwb, pcommit - support for "split irqchip", i.e. LAPIC in kernel + IOAPIC/PIC/PIT in userspace, which reduces the attack surface of the hypervisor - obligatory smattering of SMM fixes - on the guest side, stable scheduler clock support was rewritten to not require help from the hypervisor" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (123 commits) KVM: VMX: Fix commit which broke PML KVM: x86: obey KVM_X86_QUIRK_CD_NW_CLEARED in kvm_set_cr0() KVM: x86: allow RSM from 64-bit mode KVM: VMX: fix SMEP and SMAP without EPT KVM: x86: move kvm_set_irq_inatomic to legacy device assignment KVM: device assignment: remove pointless #ifdefs KVM: x86: merge kvm_arch_set_irq with kvm_set_msi_inatomic KVM: x86: zero apic_arb_prio on reset drivers/hv: share Hyper-V SynIC constants with userspace KVM: x86: handle SMBASE as physical address in RSM KVM: x86: add read_phys to x86_emulate_ops KVM: x86: removing unused variable KVM: don't pointlessly leave KVM_COMPAT=y in non-KVM configs KVM: arm/arm64: Merge vgic_set_lr() and vgic_sync_lr_elrsr() KVM: arm/arm64: Clean up vgic_retire_lr() and surroundings KVM: arm/arm64: Optimize away redundant LR tracking KVM: s390: use simple switch statement as multiplexer KVM: s390: drop useless newline in debugging data KVM: s390: SCA must not cross page boundaries KVM: arm: Do not indent the arguments of DECLARE_BITMAP ...
| * | virt: Add virt directory to the top MakefileFeng Wu2015-10-011-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | We need to build files in virt/lib/, which are now used by KVM and VFIO, so add virt directory to the top Makefile. Signed-off-by: Feng Wu <feng.wu@intel.com> Acked-by: Michal Marek <mmarek@suse.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | | Merge tag 'docs-for-linus' of git://git.lwn.net/linuxLinus Torvalds2015-11-061-1/+1
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull documentation update from Jon Corbet: "There is a nice new document from Neil on how pathname lookups work and some new CAN driver documentation. Beyond that, we have kernel-doc fixes, a bit more work to support reproducible builds, and the usual collection of small fixes" * tag 'docs-for-linus' of git://git.lwn.net/linux: (34 commits) Documentation: add new description of path-name lookup. Documentation/vm/slub.txt: document slabinfo-gnuplot.sh Doc: ABI/stable: Fix typo in ABI/stable doc: Clarify that nmi_watchdog param is for hardlockups Typo correction for description in gpio document. DocBook: Fix kernel-doc to be case-insensitive for private: kernel-docs.txt: update kernelnewbies reference Doc:kvm: Fix typo in Doc/virtual/kvm Documentation/Changes: Add bc in "Current Minimal Requirements" section Documentation/email-clients.txt: remove trailing whitespace DocBook: Use a fixed encoding for output MAINTAINERS: The docs tree has moved Docs/kernel-parameters: Add earlycon devicetree usage SubmittingPatches: make Subject examples match the de facto standard Documentation: gpio: mention that <function>-gpio has been deprecated Documentation: cgroups: just fix a few typos Documentation: Update kselftest.txt Documentation: DMA API: Be more explicit that nents is always the same Documentation: Update the default value of crashkernel low zram: update documentation ...
| * | | DocBook: Use a fixed encoding for outputBen Hutchings2015-09-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the encoding of documents generated by DocBook depends on the current locale. Make the output reproducible independently of the locale, by setting the encoding to UTF-8 (LC_CTYPE=C.UTF-8) by preference, or ASCII (LC_CTYPE=C) as a fallback. LC_CTYPE can normally be overridden by LC_ALL, but the top-level Makefile unsets that. Signed-off-by: Ben Hutchings <ben@decadent.org.uk> [jc: added check-lc_ctype to .gitignore] Signed-off-by: Jonathan Corbet <corbet@lwn.net>
* | | | Linux 4.3v4.3Linus Torvalds2015-11-021-1/+1
| | | |
* | | | Linux 4.3-rc7v4.3-rc7Linus Torvalds2015-10-251-1/+1
| | | |
* | | | Linux 4.3-rc6v4.3-rc6Linus Torvalds2015-10-191-1/+1
| | | |
* | | | Linux 4.3-rc5v4.3-rc5Linus Torvalds2015-10-111-2/+2
| | | |
* | | | Linux 4.3-rc4v4.3-rc4Linus Torvalds2015-10-041-1/+1
| |/ / |/| |
* | | Linux 4.3-rc3v4.3-rc3Linus Torvalds2015-09-271-1/+1
|/ /
* / Linux 4.3-rc2v4.3-rc2Linus Torvalds2015-09-201-1/+1
|/
* Linux 4.3-rc1v4.3-rc1Linus Torvalds2015-09-131-2/+2
|
* Merge branch 'misc' of ↵Linus Torvalds2015-09-081-0/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull misc kbuild updates from Michal Marek: - deb-pkg: + module signing fix + dtb files are added to the package + do not require `hostname -f` to work during build + make deb-pkg generates a source package, bindeb-pkg has been added to only generate the binary package - rpm-pkg packages /lib/modules as well - new coccinelle patch and updates to existing ones - new stackusage & stackdelta script to collect and compare stack usage info (using gcc's -fstack-usage) - make tags understands trace_*_rcuidle() macros - .gitignore updates, misc cleanups * 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: (27 commits) deb-pkg: add source package package/Makefile: move source tar creation to a function scripts: add stackdelta script kbuild: remove *.su files generated by -fstack-usage .gitignore: add *.su pattern scripts: add stackusage script kbuild: avoid listing /lib/modules in kernel spec file fallback to hostname in scripts/package/builddeb coccinelle: api: extend spatch for dropping unnecessary owner deb-pkg: simplify directory creation scripts/tags.sh: Include trace_*_rcuidle() in tags scripts/package/Makefile: rpmbuild is needed for rpm targets Kbuild: Add ID files to .gitignore gitignore: Add MIPS vmlinux.32 to the list coccinelle: simple_return: Add a blank line coccinelle: irqf_oneshot.cocci: Improve the generated commit log coccinelle: api: add vma_pages.cocci scripts/coccinelle/misc/irqf_oneshot.cocci: Fix grammar scripts/coccinelle/misc/semicolon.cocci: Use imperative mood coccinelle: simple_open: Use imperative mood ...
| * kbuild: remove *.su files generated by -fstack-usageRasmus Villemoes2015-08-281-0/+1
| | | | | | | | | | | | | | | | Make sure 'make clean' removes *.su files generated by the gcc option -fstack-usage. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Signed-off-by: Michal Marek <mmarek@suse.com>
* | Merge branch 'kbuild' of ↵Linus Torvalds2015-09-081-8/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull core kbuild updates from Michal Marek: - modpost portability fix - linker script fix - genksyms segfault fix - fixdep cleanup - fix for clang detection * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: kbuild: Fix clang detection kbuild: fixdep: drop meaningless hash table initialization kbuild: fixdep: optimize code slightly genksyms: Regenerate parser genksyms: Duplicate function pointer type definitions segfault kbuild: Fix .text.unlikely placement Avoid conflict with host definitions when cross-compiling
| * | kbuild: Fix clang detectionMichal Marek2015-09-041-8/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We cannot detect clang before including the arch Makefile, because that can set the default cross compiler. We also cannot detect clang after including the arch Makefile, because powerpc wants to know about clang. Solve this by using an deferred variable. This costs us a few shell invocations, but this is only a constant number. Reported-by: Behan Webster <behanw@converseincode.com> Reported-by: Anton Blanchard <anton@samba.org> Signed-off-by: Michal Marek <mmarek@suse.com>
* | | Merge branch 'next' of ↵Linus Torvalds2015-09-081-7/+6
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security subsystem updates from James Morris: "Highlights: - PKCS#7 support added to support signed kexec, also utilized for module signing. See comments in 3f1e1bea. ** NOTE: this requires linking against the OpenSSL library, which must be installed, e.g. the openssl-devel on Fedora ** - Smack - add IPv6 host labeling; ignore labels on kernel threads - support smack labeling mounts which use binary mount data - SELinux: - add ioctl whitelisting (see http://kernsec.org/files/lss2015/vanderstoep.pdf) - fix mprotect PROT_EXEC regression caused by mm change - Seccomp: - add ptrace options for suspend/resume" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (57 commits) PKCS#7: Add OIDs for sha224, sha284 and sha512 hash algos and use them Documentation/Changes: Now need OpenSSL devel packages for module signing scripts: add extract-cert and sign-file to .gitignore modsign: Handle signing key in source tree modsign: Use if_changed rule for extracting cert from module signing key Move certificate handling to its own directory sign-file: Fix warning about BIO_reset() return value PKCS#7: Add MODULE_LICENSE() to test module Smack - Fix build error with bringup unconfigured sign-file: Document dependency on OpenSSL devel libraries PKCS#7: Appropriately restrict authenticated attributes and content type KEYS: Add a name for PKEY_ID_PKCS7 PKCS#7: Improve and export the X.509 ASN.1 time object decoder modsign: Use extract-cert to process CONFIG_SYSTEM_TRUSTED_KEYS extract-cert: Cope with multiple X.509 certificates in a single file sign-file: Generate CMS message as signature instead of PKCS#7 PKCS#7: Support CMS messages also [RFC5652] X.509: Change recorded SKID & AKID to not include Subject or Issuer PKCS#7: Check content type and versions MAINTAINERS: The keyrings mailing list has moved ...
| * | | modsign: Handle signing key in source treeDavid Woodhouse2015-08-141-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since commit 1329e8cc69 ("modsign: Extract signing cert from CONFIG_MODULE_SIG_KEY if needed"), the build system has carefully coped with the signing key being specified as a relative path in either the source or or the build trees. However, the actual signing of modules has not worked if the filename is relative to the source tree. Fix that by moving the config_filename helper into scripts/Kbuild.include so that it can be used from elsewhere, and then using it in the top-level Makefile to find the signing key file. Kill the intermediate $(MODPUBKEY) and $(MODSECKEY) variables too, while we're at it. There's no need for them. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com>
| * | | Move certificate handling to its own directoryDavid Howells2015-08-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move certificate handling out of the kernel/ directory and into a certs/ directory to get all the weird stuff in one place and move the generated signing keys into this directory. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
| * | | modsign: Use single PEM file for autogenerated keyDavid Woodhouse2015-08-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current rule for generating signing_key.priv and signing_key.x509 is a classic example of a bad rule which has a tendency to break parallel make. When invoked to create *either* target, it generates the other target as a side-effect that make didn't predict. So let's switch to using a single file signing_key.pem which contains both key and certificate. That matches what we do in the case of an external key specified by CONFIG_MODULE_SIG_KEY anyway, so it's also slightly cleaner. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com>
| * | | modsign: Allow external signing key to be specifiedDavid Woodhouse2015-08-071-1/+1
| | | | | | | | | | | | | | | | | | | | Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com>
| * | | MODSIGN: Use PKCS#7 messages as module signaturesDavid Howells2015-08-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move to using PKCS#7 messages as module signatures because: (1) We have to be able to support the use of X.509 certificates that don't have a subjKeyId set. We're currently relying on this to look up the X.509 certificate in the trusted keyring list. (2) PKCS#7 message signed information blocks have a field that supplies the data required to match with the X.509 certificate that signed it. (3) The PKCS#7 certificate carries fields that specify the digest algorithm used to generate the signature in a standardised way and the X.509 certificates specify the public key algorithm in a standardised way - so we don't need our own methods of specifying these. (4) We now have PKCS#7 message support in the kernel for signed kexec purposes and we can make use of this. To make this work, the old sign-file script has been replaced with a program that needs compiling in a previous patch. The rules to build it are added here. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Vivek Goyal <vgoyal@redhat.com>
* | | | Linux 4.2v4.2Linus Torvalds2015-08-301-1/+1
| | | |
* | | | Linux 4.2-rc8v4.2-rc8Linus Torvalds2015-08-241-1/+1
| | | |
* | | | Linux 4.2-rc7v4.2-rc7Linus Torvalds2015-08-171-1/+1
| | | |
* | | | Linux 4.2-rc6v4.2-rc6Linus Torvalds2015-08-091-1/+1
| | | |
* | | | Merge branch 'rc-fixes' of ↵Linus Torvalds2015-08-041-2/+7
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild fixes from Michal Marek: "Two fixes for kbuild: - The new ARCH_{CPP,A,C}FLAGS variables are reset before including the arch Makefile - Fix calling make modules_install twice when module compression is enabled" * 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: Makefile: Force gzip and xz on module install kbuild: Do not pick up ARCH_{CPP,A,C}FLAGS from the environment
| * | | | Makefile: Force gzip and xz on module installJason A. Donenfeld2015-07-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Running `make modules_install` ordinarily will overwrite existing modules. This is the desired behavior, and is how pretty much every other `make install` target works. However, if CONFIG_MODULE_COMPRESS is enabled, modules are passed through gzip and xz which then do the file writing. Both gzip and xz will error out if the file already exists, unless -f is passed. This patch adds -f so that the behavior is uniform. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Michal Marek <mmarek@suse.com>
| * | | | kbuild: Do not pick up ARCH_{CPP,A,C}FLAGS from the environmentMichal Marek2015-07-221-0/+5
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Initialize the ARCH_* overrides before including the arch Makefile, to avoid picking up the values from the environment. The variables can still be overriden on the make command line, but this won't happen by accident. Signed-off-by: Michal Marek <mmarek@suse.com>
* | | | Linux 4.2-rc5v4.2-rc5Linus Torvalds2015-08-031-1/+1
| | | |
* | | | Linux 4.2-rc4v4.2-rc4Linus Torvalds2015-07-261-1/+1
| |/ / |/| |