summaryrefslogtreecommitdiffstats
path: root/Makefile
AgeCommit message (Collapse)AuthorFilesLines
2022-05-24Merge tag 'kernel-hardening-v5.19-rc1' of ↵Linus Torvalds1-0/+1
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull kernel hardening updates from Kees Cook: - usercopy hardening expanded to check other allocation types (Matthew Wilcox, Yuanzheng Song) - arm64 stackleak behavioral improvements (Mark Rutland) - arm64 CFI code gen improvement (Sami Tolvanen) - LoadPin LSM block dev API adjustment (Christoph Hellwig) - Clang randstruct support (Bill Wendling, Kees Cook) * tag 'kernel-hardening-v5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (34 commits) loadpin: stop using bdevname mm: usercopy: move the virt_addr_valid() below the is_vmalloc_addr() gcc-plugins: randstruct: Remove cast exception handling af_unix: Silence randstruct GCC plugin warning niu: Silence randstruct warnings big_keys: Use struct for internal payload gcc-plugins: Change all version strings match kernel randomize_kstack: Improve docs on requirements/rationale lkdtm/stackleak: fix CONFIG_GCC_PLUGIN_STACKLEAK=n arm64: entry: use stackleak_erase_on_task_stack() stackleak: add on/off stack variants lkdtm/stackleak: check stack boundaries lkdtm/stackleak: prevent unexpected stack usage lkdtm/stackleak: rework boundary management lkdtm/stackleak: avoid spurious failure stackleak: rework poison scanning stackleak: rework stack high bound handling stackleak: clarify variable names stackleak: rework stack low bound handling stackleak: remove redundant check ...
2022-05-24Merge tag 'objtool-core-2022-05-23' of ↵Linus Torvalds1-1/+1
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull objtool updates from Ingo Molnar: - Comprehensive interface overhaul: ================================= Objtool's interface has some issues: - Several features are done unconditionally, without any way to turn them off. Some of them might be surprising. This makes objtool tricky to use, and prevents porting individual features to other arches. - The config dependencies are too coarse-grained. Objtool enablement is tied to CONFIG_STACK_VALIDATION, but it has several other features independent of that. - The objtool subcmds ("check" and "orc") are clumsy: "check" is really a subset of "orc", so it has all the same options. The subcmd model has never really worked for objtool, as it only has a single purpose: "do some combination of things on an object file". - The '--lto' and '--vmlinux' options are nonsensical and have surprising behavior. Overhaul the interface: - get rid of subcmds - make all features individually selectable - remove and/or clarify confusing/obsolete options - update the documentation - fix some bugs found along the way - Fix x32 regression - Fix Kbuild cleanup bugs - Add scripts/objdump-func helper script to disassemble a single function from an object file. - Rewrite scripts/faddr2line to be section-aware, by basing it on 'readelf', moving it away from 'nm', which doesn't handle multiple sections well, which can result in decoding failure. - Rewrite & fix symbol handling - which had a number of bugs wrt. object files that don't have global symbols - which is rare but possible. Also fix a bunch of symbol handling bugs found along the way. * tag 'objtool-core-2022-05-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (23 commits) objtool: Fix objtool regression on x32 systems objtool: Fix symbol creation scripts/faddr2line: Fix overlapping text section failures scripts: Create objdump-func helper script objtool: Remove libsubcmd.a when make clean objtool: Remove inat-tables.c when make clean objtool: Update documentation objtool: Remove --lto and --vmlinux in favor of --link objtool: Add HAVE_NOINSTR_VALIDATION objtool: Rename "VMLINUX_VALIDATION" -> "NOINSTR_VALIDATION" objtool: Make noinstr hacks optional objtool: Make jump label hack optional objtool: Make static call annotation optional objtool: Make stack validation frame-pointer-specific objtool: Add CONFIG_OBJTOOL objtool: Extricate sls from stack validation objtool: Rework ibt and extricate from stack validation objtool: Make stack validation optional objtool: Add option to print section addresses objtool: Don't print parentheses in function addresses ...
2022-05-22Linux 5.18v5.18Linus Torvalds1-1/+1
2022-05-15Linux 5.18-rc7v5.18-rc7Linus Torvalds1-1/+1
2022-05-08Linux 5.18-rc6v5.18-rc6Linus Torvalds1-1/+1
2022-05-08randstruct: Split randstruct Makefile and CFLAGSKees Cook1-0/+1
To enable the new Clang randstruct implementation[1], move randstruct into its own Makefile and split the CFLAGS from GCC_PLUGINS_CFLAGS into RANDSTRUCT_CFLAGS. [1] https://reviews.llvm.org/D121556 Cc: linux-hardening@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220503205503.3054173-5-keescook@chromium.org
2022-05-01Linux 5.18-rc5v5.18-rc5Linus Torvalds1-1/+1
2022-04-24Linux 5.18-rc4v5.18-rc4Linus Torvalds1-1/+1
2022-04-22objtool: Add CONFIG_OBJTOOLJosh Poimboeuf1-1/+1
Now that stack validation is an optional feature of objtool, add CONFIG_OBJTOOL and replace most usages of CONFIG_STACK_VALIDATION with it. CONFIG_STACK_VALIDATION can now be considered to be frame-pointer specific. CONFIG_UNWINDER_ORC is already inherently valid for live patching, so no need to "validate" it. Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Reviewed-by: Miroslav Benes <mbenes@suse.cz> Link: https://lkml.kernel.org/r/939bf3d85604b2a126412bf11af6e3bd3b872bcb.1650300597.git.jpoimboe@redhat.com
2022-04-17Linux 5.18-rc3v5.18-rc3Linus Torvalds1-1/+1
2022-04-10Linux 5.18-rc2v5.18-rc2Linus Torvalds1-1/+1
2022-04-03Linux 5.18-rc1v5.18-rc1Linus Torvalds1-2/+2
2022-04-02kbuild: Remove '-mno-global-merge'Nathan Chancellor1-4/+0
This flag is specific to clang, where it is only used by the 32-bit and 64-bit ARM backends. In certain situations, the presence of this flag will cause a warning, as shown by commit 6580c5c18fb3 ("um: clang: Strip out -mno-global-merge from USER_CFLAGS"). Since commit 61163efae020 ("kbuild: LLVMLinux: Add Kbuild support for building kernel with Clang") that added this flag back in 2014, there have been quite a few changes to the GlobalMerge pass in LLVM. Building several different ARCH=arm and ARCH=arm64 configurations with LLVM 11 (minimum) and 15 (current main version) with this flag removed (i.e., with the default of '-mglobal-merge') reveals no modpost warnings, so it is likely that the issue noted in the comment is no longer relevant due to changes in LLVM or modpost, meaning this flag can be removed. If any new warnings show up that are a result of the removal of this flag, it can be added back under arch/arm{,64}/Makefile to avoid warnings on other architectures. Signed-off-by: Nathan Chancellor <nathan@kernel.org> Tested-by: David Gow <davidgow@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Tested-by: Sedat Dilek <sedat.dilek@gmail.com> Reviewed-by: Sedat Dilek <sedat.dilek@gmail.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2022-03-31Merge tag 'kbuild-v5.18-v2' of ↵Linus Torvalds1-19/+27
git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild updates from Masahiro Yamada: - Add new environment variables, USERCFLAGS and USERLDFLAGS to allow additional flags to be passed to user-space programs. - Fix missing fflush() bugs in Kconfig and fixdep - Fix a minor bug in the comment format of the .config file - Make kallsyms ignore llvm's local labels, .L* - Fix UAPI compile-test for cross-compiling with Clang - Extend the LLVM= syntax to support LLVM=<suffix> form for using a particular version of LLVm, and LLVM=<prefix> form for using custom LLVM in a particular directory path. - Clean up Makefiles * tag 'kbuild-v5.18-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kbuild: Make $(LLVM) more flexible kbuild: add --target to correctly cross-compile UAPI headers with Clang fixdep: use fflush() and ferror() to ensure successful write to files arch: syscalls: simplify uapi/kapi directory creation usr/include: replace extra-y with always-y certs: simplify empty certs creation in certs/Makefile certs: include certs/signing_key.x509 unconditionally kallsyms: ignore all local labels prefixed by '.L' kconfig: fix missing '# end of' for empty menu kconfig: add fflush() before ferror() check kbuild: replace $(if A,A,B) with $(or A,B) kbuild: Add environment variables for userprogs flags kbuild: unify cmd_copy and cmd_shipped
2022-03-31kbuild: Make $(LLVM) more flexibleNathan Chancellor1-10/+16
The LLVM make variable allows a developer to quickly switch between the GNU and LLVM tools. However, it does not handle versioned binaries, such as the ones shipped by Debian, as LLVM=1 just defines the tool variables with the unversioned binaries. There was some discussion during the review of the patch that introduces LLVM=1 around versioned binaries, ultimately coming to the conclusion that developers can just add the folder that contains the unversioned binaries to their PATH, as Debian's versioned suffixed binaries are really just symlinks to the unversioned binaries in /usr/lib/llvm-#/bin: $ realpath /usr/bin/clang-14 /usr/lib/llvm-14/bin/clang $ PATH=/usr/lib/llvm-14/bin:$PATH make ... LLVM=1 However, that can be cumbersome to developers who are constantly testing series with different toolchains and versions. It is simple enough to support these versioned binaries directly in the Kbuild system by allowing the developer to specify the version suffix with LLVM=, which is shorter than the above suggestion: $ make ... LLVM=-14 It does not change the meaning of LLVM=1 (which will continue to use unversioned binaries) and it does not add too much additional complexity to the existing $(LLVM) code, while allowing developers to quickly test their series with different versions of the whole LLVM suite of tools. Some developers may build LLVM from source but not add the binaries to their PATH, as they may not want to use that toolchain systemwide. Support those developers by allowing them to supply the directory that the LLVM tools are available in, as it is no more complex to support than the version suffix change above. $ make ... LLVM=/path/to/llvm/ Update and reorder the documentation to reflect these new additions. At the same time, notate that LLVM=0 is not the same as just omitting it altogether, which has confused people in the past. Link: https://lore.kernel.org/r/20200317215515.226917-1-ndesaulniers@google.com/ Link: https://lore.kernel.org/r/20220224151322.072632223@infradead.org/ Suggested-by: Masahiro Yamada <masahiroy@kernel.org> Suggested-by: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Nathan Chancellor <nathan@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2022-03-26Merge tag 'array-bounds-v5.18-rc1' of ↵Linus Torvalds1-2/+0
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull array-bounds updates from Kees Cook: "This enables -Warray-bounds and -Wzero-length-bounds, now that the many bug fixes have landed all over the place in the kernel, and in GCC itself[1]. A couple fixes[2] for known corner-case issues currently live in my "pending-fixes" tree which I'm expecting to send next week if other maintainers still haven't picked them up. I'm also expecting we can enable -Wstringop-overflow next cycle, as there are only a few stragglers[3], but it might even be possible for this release" [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578 [2] https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/pending-fixes&id=2d253138910eec553fc706379914243d71de9b85 [3] https://github.com/KSPP/linux/issues/181 * tag 'array-bounds-v5.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: Makefile: Enable -Wzero-length-bounds Makefile: Enable -Warray-bounds
2022-03-25Merge tag 'kbuild-gnu11-v5.18' of ↵Linus Torvalds1-3/+4
git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild update for C11 language base from Masahiro Yamada: "Kbuild -std=gnu11 updates for v5.18 Linus pointed out the benefits of C99 some years ago, especially variable declarations in loops [1]. At that time, we were not ready for the migration due to old compilers. Recently, Jakob Koschel reported a bug in list_for_each_entry(), which leaks the invalid pointer out of the loop [2]. In the discussion, we agreed that the time had come. Now that GCC 5.1 is the minimum compiler version, there is nothing to prevent us from going to -std=gnu99, or even straight to -std=gnu11. Discussions for a better list iterator implementation are ongoing, but this patch set must land first" [1] https://lore.kernel.org/all/CAHk-=wgr12JkKmRd21qh-se-_Gs69kbPgR9x4C+Es-yJV2GLkA@mail.gmail.com/ [2] https://lore.kernel.org/lkml/86C4CE7D-6D93-456B-AA82-F8ADEACA40B7@gmail.com/ * tag 'kbuild-gnu11-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: Kbuild: use -std=gnu11 for KBUILD_USERCFLAGS Kbuild: move to -std=gnu11 Kbuild: use -Wdeclaration-after-statement Kbuild: add -Wno-shift-negative-value where -Wextra is used
2022-03-20Linux 5.17v5.17Linus Torvalds1-1/+1
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-03-13Linux 5.17-rc8v5.17-rc8Linus Torvalds1-1/+1
2022-03-13Kbuild: use -std=gnu11 for KBUILD_USERCFLAGSArnd Bergmann1-1/+1
As we change the C language standard for the kernel from gnu89 to gnu11, it makes sense to also update the version for user space compilation. Some users have older native compilers than what they use for kernel builds, so I considered using gnu99 as the default version for wider compatibility with gcc-4.6 and earlier. However, testing with older compilers showed that we already require HOSTCC version 5.1 as well because a lot of host tools include linux/compiler.h that uses __has_attribute(): CC tools/objtool/exec-cmd.o In file included from tools/include/linux/compiler_types.h:36:0, from tools/include/linux/compiler.h:5, from exec-cmd.c:2: tools/include/linux/compiler-gcc.h:19:5: error: "__has_attribute" is not defined [-Werror=undef] Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Nathan Chancellor <nathan@kernel.org> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Tested-by: Sedat Dilek <sedat.dilek@gmail.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2022-03-13Kbuild: move to -std=gnu11Arnd Bergmann1-2/+2
During a patch discussion, Linus brought up the option of changing the C standard version from gnu89 to gnu99, which allows using variable declaration inside of a for() loop. While the C99, C11 and later standards introduce many other features, most of these are already available in gnu89 as GNU extensions as well. An earlier attempt to do this when gcc-5 started defaulting to -std=gnu11 failed because at the time that caused warnings about designated initializers with older compilers. Now that gcc-5.1 is the minimum compiler version used for building kernels, that is no longer a concern. Similarly, the behavior of 'inline' functions changes between gnu89 using gnu_inline behavior and gnu11 using standard c99+ behavior, but this was taken care of by defining 'inline' to include __attribute__((gnu_inline)) in order to allow building with clang a while ago. Nathan Chancellor reported a new -Wdeclaration-after-statement warning that appears in a system header on arm, this still needs a workaround. The differences between gnu99, gnu11, gnu1x and gnu17 are fairly minimal and mainly impact warnings at the -Wpedantic level that the kernel never enables. Between these, gnu11 is the newest version that is supported by all supported compiler versions, though it is only the default on gcc-5, while all other supported versions of gcc or clang default to gnu1x/gnu17. Link: https://lore.kernel.org/lkml/CAHk-=wiyCH7xeHcmiFJ-YgXUy2Jaj7pnkdKpcovt8fYbVFW3TA@mail.gmail.com/ Link: https://github.com/ClangBuiltLinux/linux/issues/1603 Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Acked-by: Marco Elver <elver@google.com> Acked-by: Jani Nikula <jani.nikula@intel.com> Acked-by: David Sterba <dsterba@suse.com> Tested-by: Sedat Dilek <sedat.dilek@gmail.com> Reviewed-by: Alex Shi <alexs@kernel.org> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Reviewed-by: Miguel Ojeda <ojeda@kernel.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2022-03-13Kbuild: use -Wdeclaration-after-statementMark Rutland1-1/+2
The kernel is moving from using `-std=gnu89` to `-std=gnu11`, permitting the use of additional C11 features such as for-loop initial declarations. One contentious aspect of C99 is that it permits mixed declarations and code, and for now at least, it seems preferable to enforce that declarations must come first. These warnings were already enabled in the kernel itself, but not for KBUILD_USERCFLAGS or the compat VDSO on arch/arm64, which uses a separate set of CFLAGS. This patch fixes an existing violation in modpost.c, which is not reported because of the missing flag in KBUILD_USERCFLAGS: | scripts/mod/modpost.c: In function ‘match’: | scripts/mod/modpost.c:837:3: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] | 837 | const char *endp = p + strlen(p) - 1; | | ^~~~~ Signed-off-by: Mark Rutland <mark.rutland@arm.com> [arnd: don't add a duplicate flag to the default set, update changelog] Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Nathan Chancellor <nathan@kernel.org> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Tested-by: Sedat Dilek <sedat.dilek@gmail.com> # LLVM/Clang v13.0.0 (x86-64) Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2022-03-06Linux 5.17-rc7v5.17-rc7Linus Torvalds1-1/+1
2022-02-27Linux 5.17-rc6v5.17-rc6Linus Torvalds1-1/+1
2022-02-20Linux 5.17-rc5v5.17-rc5Linus Torvalds1-1/+1
2022-02-15kbuild: replace $(if A,A,B) with $(or A,B)Masahiro Yamada1-4/+4
$(or ...) is available since GNU Make 3.81, and useful to shorten the code in some places. Covert as follows: $(if A,A,B) --> $(or A,B) This patch also converts: $(if A, A, B) --> $(or A, B) Strictly speaking, the latter is not an equivalent conversion because GNU Make keeps spaces after commas; if A is not empty, $(if A, A, B) expands to " A", while $(or A, B) expands to "A". Anyway, preceding spaces are not significant in the code hunks I touched. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Nicolas Schier <nicolas@fjasle.eu>
2022-02-14kbuild: Add environment variables for userprogs flagsElliot Berman1-4/+6
Allow additional arguments be passed to userprogs compilation. Reproducible clang builds need to provide a sysroot and gcc path to ensure the same toolchain is used across hosts. KCFLAGS is not currently used for any user programs compilation, so add new USERCFLAGS and USERLDFLAGS which serves similar purpose as HOSTCFLAGS/HOSTLDFLAGS. Clang might detect GCC installation on hosts which have it installed to a default location in /. With addition of these environment variables, you can specify flags such as: $ make USERCFLAGS=--sysroot=/path/to/sysroot This can also be used to specify different sysroots such as musl or bionic which may be installed on the host in paths that the compiler may not search by default. Signed-off-by: Elliot Berman <quic_eberman@quicinc.com> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Reviewed-by: Fangrui Song <maskray@google.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2022-02-13Makefile: Enable -Wzero-length-boundsKees Cook1-1/+0
With all known internal zero-length accesses fixed, it is possible to enable -Wzero-length-bounds globally. Since this is included by default in -Warray-bounds, we just need to stop disabling it. Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Masahiro Yamada <masahiroy@kernel.org> Cc: linux-kbuild@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Link: https://lore.kernel.org/lkml/CAKwvOd=bcs5W6eEDXGn5ROR2EuMiSp_2e6sLFxak=KK6yLWcvA@mail.gmail.com
2022-02-13Makefile: Enable -Warray-boundsKees Cook1-1/+0
With the recent fixes for flexible arrays and expanded FORTIFY_SOURCE coverage, it is now possible to enable -Warray-bounds. Since both GCC and Clang include -Warray-bounds in -Wall, adjust the Makefile to just stop disabling it. Note that this option can be conservative in its warnings (which is done at casting time rather than access time), but this is reasonable since the cast variables may be accessed out of a scope where the true size of the original object can't be evaluated. These handful of false positives (which are arguably bad casts and can be easily avoided), are worth dealing with because of the many places where this option has helped identify missed bounds checks and even accesses done against cases where a NULL pointer could be reached. https://github.com/KSPP/linux/issues/109 https://github.com/KSPP/linux/issues/151 Cc: Arnd Bergmann <arnd@arndb.de> Cc: Masahiro Yamada <masahiroy@kernel.org> Cc: linux-kbuild@vger.kernel.org Co-developed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org>
2022-02-13Linux 5.17-rc4v5.17-rc4Linus Torvalds1-2/+2
2022-02-06Linux 5.17-rc3v5.17-rc3Linus Torvalds1-1/+1
2022-01-30Linux 5.17-rc2v5.17-rc2Linus Torvalds1-1/+1
2022-01-23Linux 5.17-rc1v5.17-rc1Linus Torvalds1-2/+2
2022-01-23Revert "Makefile: Do not quote value for CONFIG_CC_IMPLICIT_FALLTHROUGH"Masahiro Yamada1-1/+1
This reverts commit cd8c917a56f20f48748dd43d9ae3caff51d5b987. Commit 129ab0d2d9f3 ("kbuild: do not quote string values in include/config/auto.conf") provided the final solution. Now reverting the temporary workaround. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2022-01-19Merge tag 'kbuild-v5.17' of ↵Linus Torvalds1-12/+3
git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild Pull Kbuild updates from Masahiro Yamada: - Add new kconfig target 'make mod2noconfig', which will be useful to speed up the build and test iteration. - Raise the minimum supported version of LLVM to 11.0.0 - Refactor certs/Makefile - Change the format of include/config/auto.conf to stop double-quoting string type CONFIG options. - Fix ARCH=sh builds in dash - Separate compression macros for general purposes (cmd_bzip2 etc.) and the ones for decompressors (cmd_bzip2_with_size etc.) - Misc Makefile cleanups * tag 'kbuild-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (34 commits) kbuild: add cmd_file_size arch: decompressor: remove useless vmlinux.bin.all-y kbuild: rename cmd_{bzip2,lzma,lzo,lz4,xzkern,zstd22} kbuild: drop $(size_append) from cmd_zstd sh: rename suffix-y to suffix_y doc: kbuild: fix default in `imply` table microblaze: use built-in function to get CPU_{MAJOR,MINOR,REV} certs: move scripts/extract-cert to certs/ kbuild: do not quote string values in include/config/auto.conf kbuild: do not include include/config/auto.conf from shell scripts certs: simplify $(srctree)/ handling and remove config_filename macro kbuild: stop using config_filename in scripts/Makefile.modsign certs: remove misleading comments about GCC PR certs: refactor file cleaning certs: remove unneeded -I$(srctree) option for system_certificates.o certs: unify duplicated cmd_extract_certs and improve the log certs: use $< and $@ to simplify the key generation rule kbuild: remove headers_check stub kbuild: move headers_check.pl to usr/include/ certs: use if_changed to re-generate the key when the key type is changed ...
2022-01-12Merge tag 'x86_core_for_v5.17_rc1' of ↵Linus Torvalds1-11/+0
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 core updates from Borislav Petkov: - Get rid of all the .fixup sections because this generates misleading/wrong stacktraces and confuse RELIABLE_STACKTRACE and LIVEPATCH as the backtrace misses the function which is being fixed up. - Add Straight Line Speculation mitigation support which uses a new compiler switch -mharden-sls= which sticks an INT3 after a RET or an indirect branch in order to block speculation after them. Reportedly, CPUs do speculate behind such insns. - The usual set of cleanups and improvements * tag 'x86_core_for_v5.17_rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (32 commits) x86/entry_32: Fix segment exceptions objtool: Remove .fixup handling x86: Remove .fixup section x86/word-at-a-time: Remove .fixup usage x86/usercopy: Remove .fixup usage x86/usercopy_32: Simplify __copy_user_intel_nocache() x86/sgx: Remove .fixup usage x86/checksum_32: Remove .fixup usage x86/vmx: Remove .fixup usage x86/kvm: Remove .fixup usage x86/segment: Remove .fixup usage x86/fpu: Remove .fixup usage x86/xen: Remove .fixup usage x86/uaccess: Remove .fixup usage x86/futex: Remove .fixup usage x86/msr: Remove .fixup usage x86/extable: Extend extable functionality x86/entry_32: Remove .fixup usage x86/entry_64: Remove .fixup usage x86/copy_mc_64: Remove .fixup usage ...
2022-01-11Merge tag 'Wcast-function-type-5.17-rc1' of ↵Linus Torvalds1-0/+5
git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux Pull cast-function-type warning addition from Gustavo A. R. Silva: "This globally enables -Wcast-function-type. We need to make sure new function cast mismatches are not introduced in the kernel in order to avoid tripping CFI checking" * tag 'Wcast-function-type-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux: Makefile: Enable -Wcast-function-type
2022-01-09Linux 5.16v5.16Linus Torvalds1-1/+1
2022-01-08kbuild: do not quote string values in include/config/auto.confMasahiro Yamada1-2/+2
The previous commit fixed up all shell scripts to not include include/config/auto.conf. Now that include/config/auto.conf is only included by Makefiles, we can change it into a more Make-friendly form. Previously, Kconfig output string values enclosed with double-quotes (both in the .config and include/config/auto.conf): CONFIG_X="foo bar" Unlike shell, Make handles double-quotes (and single-quotes as well) verbatim. We must rip them off when used. There are some patterns: [1] $(patsubst "%",%,$(CONFIG_X)) [2] $(CONFIG_X:"%"=%) [3] $(subst ",,$(CONFIG_X)) [4] $(shell echo $(CONFIG_X)) These are not only ugly, but also fragile. [1] and [2] do not work if the value contains spaces, like CONFIG_X=" foo bar " [3] does not work correctly if the value contains double-quotes like CONFIG_X="foo\"bar" [4] seems to work better, but has a cost of forking a process. Anyway, quoted strings were always PITA for our Makefiles. This commit changes Kconfig to stop quoting in include/config/auto.conf. These are the string type symbols referenced in Makefiles or scripts: ACPI_CUSTOM_DSDT_FILE ARC_BUILTIN_DTB_NAME ARC_TUNE_MCPU BUILTIN_DTB_SOURCE CC_IMPLICIT_FALLTHROUGH CC_VERSION_TEXT CFG80211_EXTRA_REGDB_KEYDIR EXTRA_FIRMWARE EXTRA_FIRMWARE_DIR EXTRA_TARGETS H8300_BUILTIN_DTB INITRAMFS_SOURCE LOCALVERSION MODULE_SIG_HASH MODULE_SIG_KEY NDS32_BUILTIN_DTB NIOS2_DTB_SOURCE OPENRISC_BUILTIN_DTB SOC_CANAAN_K210_DTB_SOURCE SYSTEM_BLACKLIST_HASH_LIST SYSTEM_REVOCATION_KEYS SYSTEM_TRUSTED_KEYS TARGET_CPU UNUSED_KSYMS_WHITELIST XILINX_MICROBLAZE0_FAMILY XILINX_MICROBLAZE0_HW_VER XTENSA_VARIANT_NAME I checked them one by one, and fixed up the code where necessary. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
2022-01-08certs: refactor file cleaningMasahiro Yamada1-1/+1
'make clean' removes files listed in 'targets'. It is redundant to specify both 'targets' and 'clean-files'. Move 'targets' assignments out of the ifeq-conditionals so scripts/Makefile.clean can see them. One effective change is that certs/certs/signing_key.x509 is now deleted by 'make clean' instead of 'make mrproper. This certificate is embedded in the kernel. It is not used in any way by external module builds. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Nicolas Schier <n.schier@avm.de>
2022-01-08kbuild: remove headers_check stubMasahiro Yamada1-9/+0
Linux 5.15 is out. Remove this stub now. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
2022-01-02Linux 5.16-rc8v5.16-rc8Linus Torvalds1-1/+1
2021-12-26Linux 5.16-rc7v5.16-rc7Linus Torvalds1-1/+1
2021-12-19Linux 5.16-rc6v5.16-rc6Linus Torvalds1-1/+1
2021-12-12Linux 5.16-rc5v5.16-rc5Linus Torvalds1-1/+1
2021-12-11Merge tag 'devicetree-fixes-for-5.16-2' of ↵Linus Torvalds1-5/+5
git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux Pull devicetree fixes from Rob Herring: - Revert schema checks on %.dtb targets. This was problematic for some external build tools. - A few DT binding example fixes - Add back dropped 'enet-phy-lane-no-swap' Ethernet PHY property - Drop erroneous if/then schema in nxp,imx7-mipi-csi2 - Add a quirk to fix some interrupt controllers use of 'interrupt-map' * tag 'devicetree-fixes-for-5.16-2' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: Revert "kbuild: Enable DT schema checks for %.dtb targets" dt-bindings: bq25980: Fixup the example dt-bindings: input: gpio-keys: Fix interrupts in example dt-bindings: net: Reintroduce PHY no lane swap binding dt-bindings: media: nxp,imx7-mipi-csi2: Drop bad if/then schema of/irq: Add a quirk for controllers with their own definition of interrupt-map dt-bindings: iio: adc: exynos-adc: Fix node name in example
2021-12-08Revert "kbuild: Enable DT schema checks for %.dtb targets"Rob Herring1-5/+5
This reverts commit 53182e81f47d4ea0c727c49ad23cb782173ab849. This added tool dependencies on various build systems using %.dtb targets. Validation will need to be controlled by a kconfig or make variable instead, but for now let's just revert it. Signed-off-by: Rob Herring <robh@kernel.org>
2021-12-08x86: Move RETPOLINE*_CFLAGS to arch MakefilePeter Zijlstra1-11/+0
Currently, RETPOLINE*_CFLAGS are defined in the top-level Makefile but only x86 makes use of them. Move them there. If ever another architecture finds the need, it can be reconsidered. [ bp: Massage a bit. ] Suggested-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Link: https://lkml.kernel.org/r/20211119165630.219152765@infradead.org
2021-12-06Makefile: Do not quote value for CONFIG_CC_IMPLICIT_FALLTHROUGHSalvatore Bonaccorso1-1/+1
Andreas reported that a specific build environment for an external module, being a bit broken, does pass CC_IMPLICIT_FALLTHROUGH quoted as argument to gcc, causing an error gcc-11: error: "-Wimplicit-fallthrough=5": linker input file not found: No such file or directory Until this is more generally fixed as outlined in [1], by fixing scripts/link-vmlinux.sh, scripts/gen_autoksyms.sh, etc to not directly include the include/config/auto.conf, and in a second step, change Kconfig to generate the auto.conf without "", workaround the issue by explicitly unquoting CC_IMPLICIT_FALLTHROUGH. Reported-by: Andreas Beckmann <anbe@debian.org> Link: https://bugs.debian.org/1001083 Link: https://lore.kernel.org/linux-kbuild/CAK7LNAR-VXwHFEJqCcrFDZj+_4+Xd6oynbj_0eS8N504_ydmyw@mail.gmail.com/ [1] Signed-off-by: Salvatore Bonaccorso <carnil@debian.org> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2021-12-05Linux 5.16-rc4v5.16-rc4Linus Torvalds1-1/+1