| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Fix the stack decoder for the ARM architecture.
An ARM stack is designed as :
[ 81.547704] [<c023eb04>] (bucket_find_contain) from [<c023ec88>] (check_sync+0x40/0x4f8)
[ 81.559668] [<c023ec88>] (check_sync) from [<c023f8c4>] (debug_dma_sync_sg_for_cpu+0x128/0x194)
[ 81.571583] [<c023f8c4>] (debug_dma_sync_sg_for_cpu) from [<c0327dec>] (__videobuf_s
The current script doesn't expect the symbols to be bound by
parenthesis, and triggers the following errors :
awk: cmd. line:1: error: Unmatched ( or \(: / (check_sync$/
[ 81.547704] (bucket_find_contain) from (check_sync+0x40/0x4f8)
Fix it by chopping starting and ending parenthesis from the each symbol
name.
As a side note, this probably comes from the function
dump_backtrace_entry(), which is implemented differently for each
architecture. That makes a single decoding script a bit a challenge.
Signed-off-by: Robert Jarzmik <[email protected]>
Cc: Sasha Levin <[email protected]>
Cc: Russell King <[email protected]>
Cc: Michal Marek <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
If indent is not found, bail out immediately instead of spitting random
shell script error messages.
Signed-off-by: Jean Delvare <[email protected]>
Cc: Joe Perches <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Editors like emacs and vi recognize a number of error message formats.
The format used by the kerneldoc tool is not recognized by emacs.
Change the kerneldoc error message format to the GNU style such that the
emacs prev-error and next-error commands can be used to navigate through
kerneldoc error messages. For more information about the GNU error
message format, see also
https://www.gnu.org/prep/standards/html_node/Errors.html.
This patch has been generated via the following sed command:
sed -i.orig 's/Error(\${file}:\$.):/\${file}:\$.: error:/g;s/Warning(\${file}:\$.):/\${file}:\$.: warning:/g;s/Warning(\${file}):/\${file}:1: warning:/g;s/Info(\${file}:\$.):/\${file}:\$.: info:/g' scripts/kernel-doc
Signed-off-by: Bart Van Assche <[email protected]>
Cc: Johannes Berg <[email protected]>
Acked-by: Randy Dunlap <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
I just did a spelling mistake of uninitialized and wrote that as
unintialized. Fortunately I noticed it in my final review.
Signed-off-by: Sudip Mukherjee <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
misspelled words for check:-
chcek
chck
cehck
I myself did these spell mistakes in changelog for patches, Thus
suggesting to add in spelling.txt, so that checkpatch.pl warns it
earlier. References:-
./arch/powerpc/kernel/exceptions-64e.S:456: . . . make sure you chcek
https://lkml.org/lkml/2015/6/25/289
./arch/x86/mm/pageattr.c:1368: * No need to cehck in that case
[[email protected]: add whcih->which, whcih I always get wrong]
Signed-off-by: Maninder Singh <[email protected]>
Acked-by: Kees Cook <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
We cannot detect clang before including the arch Makefile, because that
can set the default cross compiler. We also cannot detect clang after
including the arch Makefile, because powerpc wants to know about clang.
Solve this by using an deferred variable. This costs us a few shell
invocations, but this is only a constant number.
Reported-by: Behan Webster <[email protected]>
Reported-by: Anton Blanchard <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
Make deb-pkg build both source and binary package like make rpm-pkg does.
For people who only need binary kernel package, there is now bindeb-pkg
target, same target also used to build the .deb files if built from the
source package using dpkg-buildpackage.
Generated source package will build the same kernel .config than what
was available for make deb-pkg. The name of the source package can
be set with KDEB_SOURCENAME enviroment variable.
The source package is useful for GPL compliance, or for feeding to a
automated debian package builder.
Cc: Chris J Arges <[email protected]>
Reviewed-by: maximilian attems <[email protected]>
Reviewed-by: Ben Hutchings <[email protected]>
Signed-off-by: Riku Voipio <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
Split source tarball creation from rpm-pkg target
so it can be used from deb-pkg target as well. As
added bonus, we can now pretty print TAR the name of
tarball created in quiet mode
This patch prepares the groundwork for deb-pkg source
package adding bit.
Signed-off-by: Riku Voipio <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull locking and atomic updates from Ingo Molnar:
"Main changes in this cycle are:
- Extend atomic primitives with coherent logic op primitives
(atomic_{or,and,xor}()) and deprecate the old partial APIs
(atomic_{set,clear}_mask())
The old ops were incoherent with incompatible signatures across
architectures and with incomplete support. Now every architecture
supports the primitives consistently (by Peter Zijlstra)
- Generic support for 'relaxed atomics':
- _acquire/release/relaxed() flavours of xchg(), cmpxchg() and {add,sub}_return()
- atomic_read_acquire()
- atomic_set_release()
This came out of porting qwrlock code to arm64 (by Will Deacon)
- Clean up the fragile static_key APIs that were causing repeat bugs,
by introducing a new one:
DEFINE_STATIC_KEY_TRUE(name);
DEFINE_STATIC_KEY_FALSE(name);
which define a key of different types with an initial true/false
value.
Then allow:
static_branch_likely()
static_branch_unlikely()
to take a key of either type and emit the right instruction for the
case. To be able to know the 'type' of the static key we encode it
in the jump entry (by Peter Zijlstra)
- Static key self-tests (by Jason Baron)
- qrwlock optimizations (by Waiman Long)
- small futex enhancements (by Davidlohr Bueso)
- ... and misc other changes"
* 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (63 commits)
jump_label/x86: Work around asm build bug on older/backported GCCs
locking, ARM, atomics: Define our SMP atomics in terms of _relaxed() operations
locking, include/llist: Use linux/atomic.h instead of asm/cmpxchg.h
locking/qrwlock: Make use of _{acquire|release|relaxed}() atomics
locking/qrwlock: Implement queue_write_unlock() using smp_store_release()
locking/lockref: Remove homebrew cmpxchg64_relaxed() macro definition
locking, asm-generic: Add _{relaxed|acquire|release}() variants for 'atomic_long_t'
locking, asm-generic: Rework atomic-long.h to avoid bulk code duplication
locking/atomics: Add _{acquire|release|relaxed}() variants of some atomic operations
locking, compiler.h: Cast away attributes in the WRITE_ONCE() magic
locking/static_keys: Make verify_keys() static
jump label, locking/static_keys: Update docs
locking/static_keys: Provide a selftest
jump_label: Provide a self-test
s390/uaccess, locking/static_keys: employ static_branch_likely()
x86, tsc, locking/static_keys: Employ static_branch_likely()
locking/static_keys: Add selftest
locking/static_keys: Add a new static_key interface
locking/static_keys: Rework update logic
locking/static_keys: Add static_key_{en,dis}able() helpers
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull RCU updates from Ingo Molnar:
"The main RCU changes in this cycle are:
- the combination of tree geometry-initialization simplifications and
OS-jitter-reduction changes to expedited grace periods. These two
are stacked due to the large number of conflicts that would
otherwise result.
- privatize smp_mb__after_unlock_lock().
This commit moves the definition of smp_mb__after_unlock_lock() to
kernel/rcu/tree.h, in recognition of the fact that RCU is the only
thing using this, that nothing else is likely to use it, and that
it is likely to go away completely.
- documentation updates.
- torture-test updates.
- misc fixes"
* 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (60 commits)
rcu,locking: Privatize smp_mb__after_unlock_lock()
rcu: Silence lockdep false positive for expedited grace periods
rcu: Don't disable CPU hotplug during OOM notifiers
scripts: Make checkpatch.pl warn on expedited RCU grace periods
rcu: Update MAINTAINERS entry
rcu: Clarify CONFIG_RCU_EQS_DEBUG help text
rcu: Fix backwards RCU_LOCKDEP_WARN() in synchronize_rcu_tasks()
rcu: Rename rcu_lockdep_assert() to RCU_LOCKDEP_WARN()
rcu: Make rcu_is_watching() really notrace
cpu: Wait for RCU grace periods concurrently
rcu: Create a synchronize_rcu_mult()
rcu: Fix obsolete priority-boosting comment
rcu: Use WRITE_ONCE in RCU_INIT_POINTER
rcu: Hide RCU_NOCB_CPU behind RCU_EXPERT
rcu: Add RCU-sched flavors of get-state and cond-sync
rcu: Add fastpath bypassing funnel locking
rcu: Rename RCU_GP_DONE_FQS to RCU_GP_DOING_FQS
rcu: Pull out wait_event*() condition into helper function
documentation: Describe new expedited stall warnings
rcu: Add stall warnings to synchronize_sched_expedited()
...
|
|
Pull documentation updates from Jonathan Corbet:
"There's been a fair amount going on in the docs tree this time around,
including:
- Support for reproducible document builds, from Ben Hutchings and
company.
- The ability to automatically generate cross-reference links within
a single DocBook book and embedded descriptions for large
structures. From Danilo Cesar Lemes de Paula.
- A new document on how to add a system call from David Drysdale.
- Chameleon bus documentation from Johannes Thumshirn.
...plus the usual collection of improvements, typo fixes, and more"
* tag 'docs-for-linus' of git://git.lwn.net/linux-2.6: (39 commits)
Documentation, add kernel-parameters.txt entry for dis_ucode_ldr
Documentation/x86: Rename IRQSTACKSIZE to IRQ_STACK_SIZE
Documentation/Intel-IOMMU.txt: Modify definition of DRHD
docs: update HOWTO for 3.x -> 4.x versioning
kernel-doc: ignore unneeded attribute information
scripts/kernel-doc: Adding cross-reference links to html documentation.
DocBook: Fix non-determinstic installation of duplicate man pages
Documentation: minor typo fix in mailbox.txt
Documentation: describe how to add a system call
doc: Add more workqueue functions to the documentation
ARM: keystone: add documentation for SoCs and EVMs
scripts/kernel-doc Allow struct arguments documentation in struct body
SubmittingPatches: remove stray quote character
Revert "DocBook: Avoid building man pages repeatedly and inconsistently"
Documentation: Minor changes to men-chameleon-bus.txt
Doc: fix trivial typo in SubmittingPatches
MAINTAINERS: Direct Documentation/DocBook/media properly
Documentation: installed man pages don't need to be executable
fix Evolution submenu name in email-clients.txt
Documentation: Add MCB documentation
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc driver patches from Greg KH:
"Here's the "big" char/misc driver update for 4.3-rc1.
Not much really interesting here, just a number of little changes all
over the place, and some nice consolidation of the nvmem drivers to a
common framework. As usual, the mei drivers stand out as the largest
"churn" to handle new devices and features in their hardware.
All have been in linux-next for a while with no issues"
* tag 'char-misc-4.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (136 commits)
auxdisplay: ks0108: initialize local parport variable
extcon: palmas: Fix build break due to devm_gpiod_get_optional API change
extcon: palmas: Support GPIO based USB ID detection
extcon: Fix signedness bugs about break error handling
extcon: Drop owner assignment from i2c_driver
extcon: arizona: Simplify pdata symantics for micd_dbtime
extcon: arizona: Declare 3-pole jack if we detect open circuit on mic
extcon: Add exception handling to prevent the NULL pointer access
extcon: arizona: Ensure variables are set for headphone detection
extcon: arizona: Use gpiod inteface to handle micd_pol_gpio gpio
extcon: arizona: Add basic microphone detection DT/ACPI bindings
extcon: arizona: Update to use the new device properties API
extcon: palmas: Remove the mutually_exclusive array
extcon: Remove optional print_state() function pointer of struct extcon_dev
extcon: Remove duplicate header file in extcon.h
extcon: max77843: Clear IRQ bits state before request IRQ
toshiba laptop: replace ioremap_cache with ioremap
misc: eeprom: max6875: clean up max6875_read()
misc: eeprom: clean up eeprom_read()
misc: eeprom: 93xx46: clean up eeprom_93xx46_bin_read/write
...
|
|
This adds a simple perl script for reading two files as produced by
the stackusage script and computing the changes in stack usage. For
example:
$ scripts/stackusage -o /tmp/old.su CC=gcc-4.7 -j8 fs/ext4/
$ scripts/stackusage -o /tmp/new.su CC=gcc-5.0 -j8 fs/ext4/
$ scripts/stackdelta /tmp/{old,new}.su | sort -k5,5g
shows that gcc 5.0 generally produces less stack-hungry code than gcc
4.7. Obviously, the script can also be used for measuring the effect
of commits, .config tweaks or whatnot.
Signed-off-by: Rasmus Villemoes <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
The current checkstack.pl script has a few problems, stemming from the
overly simplistic attempt at parsing objdump output with regular
expressions: For example, on x86_64 it doesn't take the push
instruction into account, making it consistently underestimate the
real stack use, and it also doesn't capture stack pointer adjustments
of exactly 128 bytes [1].
Since newer gcc (>= 4.6) knows about -fstack-usage, we might as well
take the information straight from the horse's mouth. This patch
introduces scripts/stackusage, which is a simple wrapper for running
make with KCFLAGS set to -fstack-usage. Example use is
scripts/stackusage -o out.su -j8 lib/
The script understands "-o foo" for writing to 'foo' and -h for a
trivial help text; anything else is passed to make.
Afterwards, we find all newly created .su files, massage them a
little, sort by stack use and write the result to a single output
file.
Note that the function names printed by (at least) gcc 4.7 are
sometimes useless. For example, the first three lines of out.su
generated above are
./lib/decompress_bunzip2.c:155 get_next_block 448 static
./lib/decompress_unlzma.c:537 unlzma 336 static
./lib/vsprintf.c:616 8 304 static
That function '8' is really the static symbol_string(), but it has
been subject to 'interprocedural scalar replacement of aggregates', so
its name in the object file is 'symbol_string.isra.8'. gcc 5.0 doesn't
have this problem; it uses the full name as seen in the object file.
[1] Since gcc encodes that by
48 83 c4 80 add $0xffffffffffffff80,%rsp
and not
48 81 ec 80 00 00 00 sub $0x80,%rsp
since -128 fits in an imm8.
Signed-off-by: Rasmus Villemoes <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
...so "git status" doesn't nag us about them.
Cc: David Woodhouse <[email protected]>
Signed-off-by: Paul Gortmaker <[email protected]>
Signed-off-by: David Howells <[email protected]>
Signed-off-by: James Morris <[email protected]>
|
|
This causes conflicts when using multiple kernels built
with this mechanism.
Reviewed-by: Dennis Dalessandro <[email protected]>
Signed-off-by: Mike Marciniszyn <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into ra-next
|
|
The clear_config() is called just once at the beginning of this
program, but the global variable hashtab[] is already zero-filled
at the start-up.
Signed-off-by: Masahiro Yamada <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
If the target string matches "CONFIG_", move the pointer p
forward. This saves several 7-chars adjustments.
Signed-off-by: Masahiro Yamada <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
The kernel-doc script gets confused by __attribute__(()) strings in
structures, so just clean the out. Also ignore the CRYPTO_MINALIGN_ATTR
macro used in the crypto subsystem.
Signed-off-by: Jonathan Corbet <[email protected]>
|
|
Rebuild the parser after commit 1c722503fa81 (genksyms: Duplicate
function pointer type definitions segfault), using bison 2.7.
Signed-off-by: Michal Marek <[email protected]>
|
|
I noticed that genksyms will segfault when it sees duplicate function
pointer type declaration when I placed the same function pointer
definition in two separate headers in a local branch as an intermediate
step of some refactoring. This can be reproduced by piping the following
minimal test case into `genksyms -r /dev/null` or alternatively, putting
it into a C file attempting a build:
typedef int (*f)();
typedef int (*f)();
Attaching gdb to genksyms to understand this failure is useless without
changing CFLAGS to emit debuginfo. Once you have debuginfo, you will
find that the failure is that `char *s` was NULL and the program
executed `while(*s)`. At which point, further debugging requires
familiarity with compiler front end / parser development.
What happens is that flex identifies the first instance of the token "f"
as IDENT and the yacc parser adds it to the symbol table. On the second
instance, flex will identify "f" as TYPE, which triggers an error case
in the yacc parser. Given that TYPE would have been IDENT had it not
been in the symbol table, the the segmentaion fault could be avoided by
treating TYPE as IDENT in the affected rule.
Some might consider placing identical function pointer type declarations
in different headers to be poor style might consider a failure to be
beneficial. However, failing through a segmentation fault makes the
cause non-obvious and can waste the time of anyone who encounters it.
Signed-off-by: Richard Yao <[email protected]>
Acked-by: Madhuri Yechuri <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
Certain platforms (e. g. BSD-based ones) define some ELF constants
according to host. This patch fixes problems with cross-building
Linux kernel on these platforms (e. g. building ARM 32-bit version
on x86-64 host).
Signed-off-by: Pavel Fedin <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
Add a check for the existence of input files and exit (with failure)
if they are missing.
Without this additional check, missing files produce error messages
but still result in an output file being generated and a successful
exit code.
Signed-off-by: Sam Bobroff <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
I happened to build a kernel with "make deb-pkg" on a machine with no
network connectivity, but this failed with:
[...]
INSTALL debian/headertmp/usr/include/asm/ (65 files)
hostname: Name or service not known
../scripts/package/Makefile:90: recipe for target 'deb-pkg' failed
make[2]: *** [deb-pkg] Error 1
In scripts/package/builddeb it tries to construct an email address (that
can be queried in /proc/version later on) but with no network,
the "hostname -f" fails. The following patch falls back to just use the
shortname if we cannot determine our FQDN.
Signed-off-by: Christian Kujau <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
i2c_add_driver (through i2c_register_driver) sets the owner field so we
can drop it also from i2c drivers, just like from platform drivers.
Signed-off-by: Krzysztof Kozlowski <[email protected]>
Acked-by: Julia Lawall <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
Update the shipped files generated by flex and gperf to support the
explicit use of "---help---" and to emit warnings for unsupported
characters on COMMAND tokens.
As I could not find out which flex/gperf version was used to generate
the previous version, I used flex 2.5.35 and gperf 3.0.4 from
Ubuntu 14.04 - this also leads to the big number of changed lines
in this patch.
Signed-off-by: Andreas Ruprecht <[email protected]>
Reviewed-by: Ulf Magnusson <[email protected]>
Tested-by: Ulf Magnusson <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
In Kconfig, definitions of options take the following form:
"<COMMAND> <PARAM> <PARAM> ...". COMMANDs and PARAMs are treated
slightly different by the underlying parser.
While commit 2e0d737fc76f ("kconfig: don't silently ignore unhandled
characters") introduced a warning for unsupported characters around
PARAMs, it does not cover situations where a COMMAND has additional
characters before it.
This change makes Kconfig emit a warning if superfluous characters
are found before COMMANDs. As the 'help' statement sometimes is
written as '---help---', the '-' character would now also be regarded
as unhandled and generate a warning. To avoid that, '-' is added to
the list of allowed characters, and the token '---help---' is included
in the zconf.gperf file.
Reported-by: Valentin Rothberg <[email protected]>
Signed-off-by: Andreas Ruprecht <[email protected]>
Reviewed-by: Ulf Magnusson <[email protected]>
Tested-by: Ulf Magnusson <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
The sym_calc_value() function tests whether its argument is NULL and then
returns immediately. Thus the test around the call is not needed.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
Every package needs /usr/share/doc/$package_name and
DEBIAN directory, so create them as part of create_package
function.
Signed-off-by: Riku Voipio <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
Every tracepoint creates two functions, the usual one 'trace_*()'
and the rcuidle one 'trace_*_rcuidle()'. Add regex for the
rcuidle variant so that we can jump to the tracepoints that use
rcuidle.
Cc: Steven Rostedt <[email protected]>
Signed-off-by: Stephen Boyd <[email protected]>
Signed-off-by: Michal Marek <[email protected]>
|
|
Functions, Structs and Parameters definitions on kernel documentation
are pure cosmetic, it only highlights the element.
To ease the navigation in the documentation we should use <links> inside
those tags so readers can easily jump between methods directly.
This was discussed in 2014[1] and is implemented by getting a list
of <refentries> from the DocBook XML to generate a database. Then it looks
for <function>,<structnames> and <paramdef> tags that matches the ones in
the database. As it only links existent references, no broken links are
added.
[1] - lists.freedesktop.org/archives/dri-devel/2014-August/065404.html
Signed-off-by: Danilo Cesar Lemes de Paula <[email protected]>
Cc: Randy Dunlap <[email protected]>
Cc: Daniel Vetter <[email protected]>
Cc: Laurent Pinchart <[email protected]>
Cc: Herbert Xu <[email protected]>
Cc: Stephan Mueller <[email protected]>
Cc: Michal Marek <[email protected]>
Cc: intel-gfx <[email protected]>
Cc: dri-devel <[email protected]>
Signed-off-by: Jonathan Corbet <[email protected]>
|
|
|
|
Since commit 1329e8cc69 ("modsign: Extract signing cert from
CONFIG_MODULE_SIG_KEY if needed"), the build system has carefully coped
with the signing key being specified as a relative path in either the
source or or the build trees.
However, the actual signing of modules has not worked if the filename
is relative to the source tree.
Fix that by moving the config_filename helper into scripts/Kbuild.include
so that it can be used from elsewhere, and then using it in the top-level
Makefile to find the signing key file.
Kill the intermediate $(MODPUBKEY) and $(MODSECKEY) variables too, while
we're at it. There's no need for them.
Signed-off-by: David Woodhouse <[email protected]>
Signed-off-by: David Howells <[email protected]>
|
|
Fix the following warning:
scripts/sign-file.c: In function ‘main’:
scripts/sign-file.c:188: warning: value computed is not used
whereby the result of BIO_ctrl() is cast inside of BIO_reset() to an
integer of a different size - which we're not checking but probably should.
Reported-by: James Morris <[email protected]>
Signed-off-by: David Howells <[email protected]>
|
|
A PKCS#7 or CMS message can have per-signature authenticated attributes
that are digested as a lump and signed by the authorising key for that
signature. If such attributes exist, the content digest isn't itself
signed, but rather it is included in a special authattr which then
contributes to the signature.
Further, we already require the master message content type to be
pkcs7_signedData - but there's also a separate content type for the data
itself within the SignedData object and this must be repeated inside the
authattrs for each signer [RFC2315 9.2, RFC5652 11.1].
We should really validate the authattrs if they exist or forbid them
entirely as appropriate. To this end:
(1) Alter the PKCS#7 parser to reject any message that has more than one
signature where at least one signature has authattrs and at least one
that does not.
(2) Validate authattrs if they are present and strongly restrict them.
Only the following authattrs are permitted and all others are
rejected:
(a) contentType. This is checked to be an OID that matches the
content type in the SignedData object.
(b) messageDigest. This must match the crypto digest of the data.
(c) signingTime. If present, we check that this is a valid, parseable
UTCTime or GeneralTime and that the date it encodes fits within
the validity window of the matching X.509 cert.
(d) S/MIME capabilities. We don't check the contents.
(e) Authenticode SP Opus Info. We don't check the contents.
(f) Authenticode Statement Type. We don't check the contents.
The message is rejected if (a) or (b) are missing. If the message is
an Authenticode type, the message is rejected if (e) is missing; if
not Authenticode, the message is rejected if (d) - (f) are present.
The S/MIME capabilities authattr (d) unfortunately has to be allowed
to support kernels already signed by the pesign program. This only
affects kexec. sign-file suppresses them (CMS_NOSMIMECAP).
The message is also rejected if an authattr is given more than once or
if it contains more than one element in its set of values.
(3) Add a parameter to pkcs7_verify() to select one of the following
restrictions and pass in the appropriate option from the callers:
(*) VERIFYING_MODULE_SIGNATURE
This requires that the SignedData content type be pkcs7-data and
forbids authattrs. sign-file sets CMS_NOATTR. We could be more
flexible and permit authattrs optionally, but only permit minimal
content.
(*) VERIFYING_FIRMWARE_SIGNATURE
This requires that the SignedData content type be pkcs7-data and
requires authattrs. In future, this will require an attribute
holding the target firmware name in addition to the minimal set.
(*) VERIFYING_UNSPECIFIED_SIGNATURE
This requires that the SignedData content type be pkcs7-data but
allows either no authattrs or only permits the minimal set.
(*) VERIFYING_KEXEC_PE_SIGNATURE
This only supports the Authenticode SPC_INDIRECT_DATA content type
and requires at least an SpcSpOpusInfo authattr in addition to the
minimal set. It also permits an SPC_STATEMENT_TYPE authattr (and
an S/MIME capabilities authattr because the pesign program doesn't
remove these).
(*) VERIFYING_KEY_SIGNATURE
(*) VERIFYING_KEY_SELF_SIGNATURE
These are invalid in this context but are included for later use
when limiting the use of X.509 certs.
(4) The pkcs7_test key type is given a module parameter to select between
the above options for testing purposes. For example:
echo 1 >/sys/module/pkcs7_test_key/parameters/usage
keyctl padd pkcs7_test foo @s </tmp/stuff.pkcs7
will attempt to check the signature on stuff.pkcs7 as if it contains a
firmware blob (1 being VERIFYING_FIRMWARE_SIGNATURE).
Suggested-by: Andy Lutomirski <[email protected]>
Signed-off-by: David Howells <[email protected]>
Reviewed-by: Marcel Holtmann <[email protected]>
Reviewed-by: David Woodhouse <[email protected]>
|
|
Fix up the dependencies somewhat too, while we're at it.
Signed-off-by: David Woodhouse <[email protected]>
Signed-off-by: David Howells <[email protected]>
|
|
This is not required for the module signing key, although it doesn't do any
harm — it just means that any additional certs in the PEM file are also
trusted by the kernel.
But it does allow us to use the extract-cert tool for processing the extra
certs from CONFIG_SYSTEM_TRUSTED_KEYS, instead of that horrid awk|base64
hack.
Also cope with being invoked with no input file, creating an empty output
file as a result.
Signed-off-by: David Woodhouse <[email protected]>
Signed-off-by: David Howells <[email protected]>
|
|
Make sign-file use the OpenSSL CMS routines to generate a message to be
used as the signature blob instead of the PKCS#7 routines. This allows us
to change how the matching X.509 certificate is selected. With PKCS#7 the
only option is to match on the serial number and issuer fields of an X.509
certificate; with CMS, we also have the option of matching by subjectKeyId
extension. The new behaviour is selected with the "-k" flag.
Without the -k flag specified, the output is pretty much identical to the
PKCS#7 output.
Whilst we're at it, don't include the S/MIME capability list in the message
as it's irrelevant to us.
Signed-off-by: David Howells <[email protected]>
Reviewed-By: David Woodhouse <[email protected]
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into core/rcu
Pull RCU changes from Paul E. McKenney:
- The combination of tree geometry-initialization simplifications
and OS-jitter-reduction changes to expedited grace periods.
These two are stacked due to the large number of conflicts
that would otherwise result.
[ With one addition, a temporary commit to silence a lockdep false
positive. Additional changes to the expedited grace-period
primitives (queued for 4.4) remove the cause of this false
positive, and therefore include a revert of this temporary commit. ]
- Documentation updates.
- Torture-test updates.
- Miscellaneous fixes.
Signed-off-by: Ingo Molnar <[email protected]>
|
|
In kbuild it is allowed to define objects in files named "Makefile"
and "Kbuild".
Currently localmodconfig reads objects only from "Makefile"s and misses
modules like nouveau.
Link: http://lkml.kernel.org/r/[email protected]
Cc: [email protected]
Reported-and-tested-by: Leonidas Spyropoulos <[email protected]>
Signed-off-by: Richard Weinberger <[email protected]>
Signed-off-by: Steven Rostedt <[email protected]>
|
|
Module symbols have a limited length, but currently the build system
allows the build finishing even if the driver code contains a too long
symbol name, which eventually overflows the modversion_info[] item.
The compiler may catch at compiling *.mod.c like
CC xxx.mod.o
xxx.mod.c:18:16: warning: initializer-string for array of chars is too long
but it's merely a warning.
This patch adds the check of the symbol length in modpost and stops
the build properly.
Currently MODULE_NAME_LEN is defined in modpost.c instead of referring
to the definition in kernel header because including linux/module.h is
messy and we must cover cross-compilation.
Signed-off-by: Takashi Iwai <[email protected]>
Signed-off-by: Rusty Russell <[email protected]>
|
|
Where an external PEM file or PKCS#11 URI is given, we can get the cert
from it for ourselves instead of making the user drop signing_key.x509
in place for us.
Signed-off-by: David Woodhouse <[email protected]>
Signed-off-by: David Howells <[email protected]>
|
|
This is only the key; the corresponding *cert* still needs to be in
$(topdir)/signing_key.x509. And there's no way to actually use this
from the build system yet.
Signed-off-by: David Woodhouse <[email protected]>
Signed-off-by: David Howells <[email protected]>
|
|
We don't want this in the Kconfig since it might then get exposed in
/proc/config.gz. So make it a parameter to Kbuild instead. This also
means we don't have to jump through hoops to strip quotes from it, as
we would if it was a config option.
Signed-off-by: David Woodhouse <[email protected]>
Signed-off-by: David Howells <[email protected]>
Reviewed-by: Mimi Zohar <[email protected]>
|
|
Signed-off-by: David Woodhouse <[email protected]>
Signed-off-by: David Howells <[email protected]>
|
|
Make the -d option (which currently isn't actually wired to anything) write
out the PKCS#7 message as per the -p option and then exit without either
modifying the source or writing out a compound file of the source, signature
and metadata.
This will be useful when firmware signature support is added
upstream as firmware will be left intact, and we'll only require
the signature file. The descriptor is implicit by file extension
and the file's own size.
Signed-off-by: Luis R. Rodriguez <[email protected]>
Signed-off-by: David Howells <[email protected]>
|
|
Move to using PKCS#7 messages as module signatures because:
(1) We have to be able to support the use of X.509 certificates that don't
have a subjKeyId set. We're currently relying on this to look up the
X.509 certificate in the trusted keyring list.
(2) PKCS#7 message signed information blocks have a field that supplies the
data required to match with the X.509 certificate that signed it.
(3) The PKCS#7 certificate carries fields that specify the digest algorithm
used to generate the signature in a standardised way and the X.509
certificates specify the public key algorithm in a standardised way - so
we don't need our own methods of specifying these.
(4) We now have PKCS#7 message support in the kernel for signed kexec purposes
and we can make use of this.
To make this work, the old sign-file script has been replaced with a program
that needs compiling in a previous patch. The rules to build it are added
here.
Signed-off-by: David Howells <[email protected]>
Tested-by: Vivek Goyal <[email protected]>
|
|
Provide a utility that:
(1) Digests a module using the specified hash algorithm (typically sha256).
[The digest can be dumped into a file by passing the '-d' flag]
(2) Generates a PKCS#7 message that:
(a) Has detached data (ie. the module content).
(b) Is signed with the specified private key.
(c) Refers to the specified X.509 certificate.
(d) Has an empty X.509 certificate list.
[The PKCS#7 message can be dumped into a file by passing the '-p' flag]
(3) Generates a signed module by concatenating the old module, the PKCS#7
message, a descriptor and a magic string. The descriptor contains the
size of the PKCS#7 message and indicates the id_type as PKEY_ID_PKCS7.
(4) Either writes the signed module to the specified destination or renames
it over the source module.
This allows module signing to reuse the PKCS#7 handling code that was added
for PE file parsing for signed kexec.
Note that the utility is written in C and must be linked against the OpenSSL
crypto library.
Note further that I have temporarily dropped support for handling externally
created signatures until we can work out the best way to do those. Hopefully,
whoever creates the signature can give me a PKCS#7 certificate.
Signed-off-by: David Howells <[email protected]>
Tested-by: Vivek Goyal <[email protected]>
|
|
Copy string names to tokens in ASN.1 compiler rather than storing a pointer
into the source text. This means we don't have to use "%*.*s" all over the
place.
Signed-off-by: David Howells <[email protected]>
Reviewed-by: David Woodhouse <[email protected]>
|