summaryrefslogtreecommitdiff
path: root/Makefile
AgeCommit message (Collapse)Author
2014-01-20Merge branch 'core-stackprotector-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull strong stackprotector support from Ingo Molnar: "This tree adds a CONFIG_CC_STACKPROTECTOR_STRONG=y, a new, stronger stack canary checking method supported by the newest GCC versions (4.9 and later). Here's the 'intensity comparison' between the various protection modes: - defconfig 11430641 kernel text size 36110 function bodies - defconfig + CONFIG_CC_STACKPROTECTOR_REGULAR 11468490 kernel text size (+0.33%) 1015 of 36110 functions are stack-protected (2.81%) - defconfig + CONFIG_CC_STACKPROTECTOR_STRONG via this patch 11692790 kernel text size (+2.24%) 7401 of 36110 functions are stack-protected (20.5%) the strong model comes with non-trivial costs, which is why we preserved the 'regular' and 'none' models as well" * 'core-stackprotector-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures
2014-01-19Linux 3.13Linus Torvalds
2014-01-12Linux 3.13-rc8Linus Torvalds
2014-01-04Linux 3.13-rc7Linus Torvalds
2013-12-29Linux 3.13-rc6Linus Torvalds
2013-12-22Linux 3.13-rc5Linus Torvalds
2013-12-20Don't set the INITRD_COMPRESS environment variable automaticallyLinus Torvalds
Commit 1bf49dd4be0b ("./Makefile: export initial ramdisk compression config option") started setting the INITRD_COMPRESS environment variable depending on which decompression models the kernel had available. That is completely broken. For example, we by default have CONFIG_RD_LZ4 enabled, and are able to decompress such an initrd, but the user tools to *create* such an initrd may not be availble. So trying to tell dracut to generate an lz4-compressed image just because we can decode such an image is completely inappropriate. Cc: J P <ppandit@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Jan Beulich <JBeulich@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-12-20stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONGKees Cook
This changes the stack protector config option into a choice of "None", "Regular", and "Strong": CONFIG_CC_STACKPROTECTOR_NONE CONFIG_CC_STACKPROTECTOR_REGULAR CONFIG_CC_STACKPROTECTOR_STRONG "Regular" means the old CONFIG_CC_STACKPROTECTOR=y option. "Strong" is a new mode introduced by this patch. With "Strong" the kernel is built with -fstack-protector-strong (available in gcc 4.9 and later). This option increases the coverage of the stack protector without the heavy performance hit of -fstack-protector-all. For reference, the stack protector options available in gcc are: -fstack-protector-all: Adds the stack-canary saving prefix and stack-canary checking suffix to _all_ function entry and exit. Results in substantial use of stack space for saving the canary for deep stack users (e.g. historically xfs), and measurable (though shockingly still low) performance hit due to all the saving/checking. Really not suitable for sane systems, and was entirely removed as an option from the kernel many years ago. -fstack-protector: Adds the canary save/check to functions that define an 8 (--param=ssp-buffer-size=N, N=8 by default) or more byte local char array. Traditionally, stack overflows happened with string-based manipulations, so this was a way to find those functions. Very few total functions actually get the canary; no measurable performance or size overhead. -fstack-protector-strong Adds the canary for a wider set of functions, since it's not just those with strings that have ultimately been vulnerable to stack-busting. With this superset, more functions end up with a canary, but it still remains small compared to all functions with only a small change in performance. Based on the original design document, a function gets the canary when it contains any of: - local variable's address used as part of the right hand side of an assignment or function argument - local variable is an array (or union containing an array), regardless of array type or length - uses register local variables https://docs.google.com/a/google.com/document/d/1xXBH6rRZue4f296vGt9YQcuLVQHeE516stHwt8M9xyU Find below a comparison of "size" and "objdump" output when built with gcc-4.9 in three configurations: - defconfig 11430641 kernel text size 36110 function bodies - defconfig + CONFIG_CC_STACKPROTECTOR_REGULAR 11468490 kernel text size (+0.33%) 1015 of 36110 functions are stack-protected (2.81%) - defconfig + CONFIG_CC_STACKPROTECTOR_STRONG via this patch 11692790 kernel text size (+2.24%) 7401 of 36110 functions are stack-protected (20.5%) With -strong, ARM's compressed boot code now triggers stack protection, so a static guard was added. Since this is only used during decompression and was never used before, the exposure here is very small. Once it switches to the full kernel, the stack guard is back to normal. Chrome OS has been using -fstack-protector-strong for its kernel builds for the last 8 months with no problems. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Michal Marek <mmarek@suse.cz> Cc: Russell King <linux@arm.linux.org.uk> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Paul Mundt <lethal@linux-sh.org> Cc: James Hogan <james.hogan@imgtec.com> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Shawn Guo <shawn.guo@linaro.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: linux-arm-kernel@lists.infradead.org Cc: linux-mips@linux-mips.org Cc: linux-arch@vger.kernel.org Link: http://lkml.kernel.org/r/1387481759-14535-3-git-send-email-keescook@chromium.org [ Improved the changelog and descriptions some more. ] Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-12-20stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architecturesKees Cook
Instead of duplicating the CC_STACKPROTECTOR Kconfig and Makefile logic in each architecture, switch to using HAVE_CC_STACKPROTECTOR and keep everything in one place. This retains the x86-specific bug verification scripts. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Michal Marek <mmarek@suse.cz> Cc: Russell King <linux@arm.linux.org.uk> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Paul Mundt <lethal@linux-sh.org> Cc: James Hogan <james.hogan@imgtec.com> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Shawn Guo <shawn.guo@linaro.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-arm-kernel@lists.infradead.org Cc: linux-mips@linux-mips.org Cc: linux-arch@vger.kernel.org Link: http://lkml.kernel.org/r/1387481759-14535-2-git-send-email-keescook@chromium.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
2013-12-18fix build with make 3.80Jan Beulich
According to Documentation/Changes, make 3.80 is still being supported for building the kernel, hence make files must not make (unconditional) use of features introduced only in newer versions. Commit 1bf49dd4be0b ("./Makefile: export initial ramdisk compression config option") however introduced "else ifeq" constructs which make 3.80 doesn't understand. Replace the logic there with more conventional (in the kernel build infrastructure) list constructs (except that the list here is intentionally limited to exactly one element). Signed-off-by: Jan Beulich <jbeulich@suse.com> Cc: P J P <ppandit@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-12-15Linux 3.13-rc4Linus Torvalds
2013-12-06Linux 3.13-rc3Linus Torvalds
2013-11-29Linux 3.13-rc2Linus Torvalds
2013-11-22Linux 3.13-rc1Linus Torvalds
2013-11-15Merge branch 'kbuild' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild changes from Michal Marek: - LTO fixes, but the kallsyms part had to be reverted - Pass -Werror=implicit-int and -Werror=strict-prototypes to the compiler by default - snprintf fix in modpost - remove GREP_OPTIONS from the environment to be immune against exotic grep option settings * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: kallsyms: Revert back to 128 max symbol length Kbuild: Ignore GREP_OPTIONS env variable scripts: kallsyms: Use %zu to print 'size_t' scripts/bloat-o-meter: use .startswith rather than fragile slicing scripts/bloat-o-meter: ignore changes in the size of linux_banner kbuild: replace unbounded sprintf call in modpost kbuild, bloat-o-meter: fix static detection Kbuild: Handle longer symbols in kallsyms.c kbuild: Increase kallsyms max symbol length Makefile: enable -Werror=implicit-int and -Werror=strict-prototypes by default
2013-11-13./Makefile: export initial ramdisk compression config optionP J P
Make menuconfig allows one to choose compression format of an initial ramdisk image. But this choice does not result in duly compressed ramdisk image. Because - $ make install - does not pass on the selected compression choice to the dracut(8) tool, which creates the initramfs file. dracut(8) generates the image with the default compression, ie. gzip(1). This patch exports the selected compression option to a sub-shell environment, so that it could be used by dracut(8) tool to generate appropriately compressed initramfs images. There isn't a straightforward way to pass on options to dracut(8) via positional parameters. Because it is indirectly invoked at the end of a $ make install sequence. # make install -> arch/$arch/boot/Makefile -> arch/$arch/boot/install.sh -> /sbing/installkernel ... -> /sbin/new-kernel-pkg ... -> /sbin/dracut ... Signed-off-by: P J P <ppandit@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-11-11Kbuild: Ignore GREP_OPTIONS env variableBorislav Petkov
When building the kernel in a shell which defines GREP_OPTIONS so that grep behavior is modified, we can break the generation of the syscalls table like so: __SYSCALL_COMMON(^[[01;31m^[[K0^[[m^[[K, sys_read, sys_read) __SYSCALL_COMMON(^[[01;31m^[[K1^[[m^[[K, sys_write, sys_write) __SYSCALL_COMMON(^[[01;31m^[[K1^[[m^[[K0, sys_mprotect, sys_mprotect) ... This is just the initial breakage, later we barf when generating modules. In this case, GREP_OPTIONS contains "--color=always" which adds the shell colors markup and completely fudges the headers under ...generated/asm/. Fix that by unexporting the GREP_OPTIONS variable for the whole kernel build as we tend to use grep at a bunch of places. Signed-off-by: Borislav Petkov <bp@suse.de> Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-11-03Linux 3.12Linus Torvalds
2013-10-27Linux 3.12-rc7Linus Torvalds
2013-10-23Makefile: enable -Werror=implicit-int and -Werror=strict-prototypes by defaultSergei Trofimovich
The common error found in forward-ported/backported patches is missing headers. One recent example (files and function names are mangled): void foo(){} EXPORT_SYMBOL(foo); gave only warning foo.c:12345678:5: warning: function declaration isn't a prototype [-Wstrict-prototypes] void foo(){} ^ foo.c:12345679:5: warning: data definition has no type or storage class [enabled by default] EXPORT_SYMBOL(foo); foo.c:12345679:5: warning: type defaults to 'int' in declaration of 'EXORT_SYMBOL' [-Werror=implicit-int] Now it's a fatal error. Tested on x86_64 allyesconfig. [akpm@linux-foundation.org: fix typos in comments] Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-10-19Linux 3.12-rc6Linus Torvalds
2013-10-13Linux 3.12-rc5Linus Torvalds
2013-10-06Linux 3.12-rc4Linus Torvalds
2013-09-29Linux 3.12-rc3Linus Torvalds
2013-09-23Linux 3.12-rc2Linus Torvalds
2013-09-16Linux 3.12-rc1Linus Torvalds
2013-09-11Bye, bye, WfW flagLinus Torvalds
This reverts the Linux for Workgroups thing. And no, before somebody asks, we're not doing Linux95. Not for a few years, at least. Sure, the flag added some color to the logo, and could have remained as a testament to my leet gimp skills. But no. And I'll do this early, to avoid the chance of forgetting when I'm doing the actual rc1 release on the road. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-09-07Merge branch 'kbuild' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild update from Michal Marek: "Only these two commits are in the kbuild branch this time: - Using filechk for include/config/kernel.release - Cleanup in scripts/sortextable.c" * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: kbuild: Do not overwrite include/config/kernel.release needlessly scripts: remove unused function in sortextable.c
2013-09-02Linux 3.11Linus Torvalds
2013-08-28kbuild: Do not overwrite include/config/kernel.release needlesslyMichal Marek
Use filechk to detect if the content changed or not. Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-08-25Linux 3.11-rc7Linus Torvalds
2013-08-18Linux 3.11-rc6Linus Torvalds
2013-08-11Linux 3.11-rc5Linus Torvalds
2013-08-04Linux 3.11-rc4Linus Torvalds
2013-07-28Linux 3.11-rc3Linus Torvalds
2013-07-21Linux 3.11-rc2Linus Torvalds
2013-07-14Linux 3.11-rc1Linus Torvalds
2013-07-10Revert "Makefile: Fix install error with make -j option"Linus Torvalds
This reverts commit d2aae8477cd00325bb7c7c7e95be488088900c48. It is completely and utterly broken. Module install should not build any files, and adding broken dependencies to "help" it build files is complete and utter sh*t. The kernel should not be built by root, and "make install" and "make module_install" (that for obvious reasons need to be run as root) absolutely must not build any files. They should only ever copy the already-built files over. So having dependencies for the install targets is wrong, wrong, wrong. If you try to install a kernel without building it first, you *should* get errors. The build system shouldn't try to help root build the files. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2013-07-10Merge branch 'kbuild' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild updates from Michal Marek: - fix for make headers_install argv explosion with too long path - scripts/setlocalversion does not call git update-index needlessly - fix for the src.rpm produced by make rpm-pkg. The new make image_name can be useful also for other packaging tools. - scripts/mod/devicetable-offsets.o is not rebuilt during each make run - make modules_install dependency fix - scripts/sortextable portability fix - fix for kbuild to generate the output directory for all object files in subdirs. - a couple of minor fixes * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: kbuild: create directory for dir/file.o tools/include: use stdint types for user-space byteshift headers Makefile: Fix install error with make -j option Fix a build warning in scripts/mod/file2alias.c improve modalias building scripts/mod: Spelling s/DEVICEVTABLE/DEVICETABLE/ kbuild: fix error when building from src rpm scripts/setlocalversion on write-protected source tree Makefile.lib: align DTB quiet_cmd kbuild: fix make headers_install when path is too long
2013-07-04Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial Pull trivial tree updates from Jiri Kosina: "The usual stuff from trivial tree" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (34 commits) treewide: relase -> release Documentation/cgroups/memory.txt: fix stat file documentation sysctl/net.txt: delete reference to obsolete 2.4.x kernel spinlock_api_smp.h: fix preprocessor comments treewide: Fix typo in printk doc: device tree: clarify stuff in usage-model.txt. open firmware: "/aliasas" -> "/aliases" md: bcache: Fixed a typo with the word 'arithmetic' irq/generic-chip: fix a few kernel-doc entries frv: Convert use of typedef ctl_table to struct ctl_table sgi: xpc: Convert use of typedef ctl_table to struct ctl_table doc: clk: Fix incorrect wording Documentation/arm/IXP4xx fix a typo Documentation/networking/ieee802154 fix a typo Documentation/DocBook/media/v4l fix a typo Documentation/video4linux/si476x.txt fix a typo Documentation/virtual/kvm/api.txt fix a typo Documentation/early-userspace/README fix a typo Documentation/video4linux/soc-camera.txt fix a typo lguest: fix CONFIG_PAE -> CONFIG_x86_PAE in comment ...
2013-07-03Makefile: Fix install error with make -j optionRobert Richter
Make modules_install fails with -j option: DEPMOD Usage: .../.source/linux/scripts/depmod.sh /sbin/depmod <kernelrelease> make[1]: *** [_modinst_post] Error 1 Adding kernelrelease dependency to fix this. Signed-off-by: Robert Richter <robert.richter@calxeda.com> Cc: <stable@vger.kernel.org> Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-06-30Linux 3.10Linus Torvalds
2013-06-28treewide: relase -> releaseGeert Uytterhoeven
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2013-06-24kbuild: fix error when building from src rpmMike Marciniszyn
The following issue can be reproduced with Linus' tree on an x86_64 server. >+ cp /home/user/rpmbuild-test/BUILDROOT/kernel-3.9.2.x86_64/boot/vmlinuz-3.9.2 >cp: missing destination file operand after >/home/user/rpmbuild-test/BUILDROOT/kernel-3.9.2-1.x86_64/boot/vmlinuz-3.9.2' >Try `cp --help' for more information. >error: Bad exit status from /var/tmp/rpm-tmp.R4o0iI (%install) Here are the commands to reproduce: make defconfig make rpm-pkg Use the resulting src rpm to build as follows: mkdir ~/rpmbuild-test cd ~/rpmbuild-test rpmbuild --rebuild --define "_topdir `pwd`" -vv ~/rpmbuild/SRPMS/kernel-3.10.0_rc1+-1.src.rpm The issue is because the %install script uses $KBUILD_IMAGE and it hasn't been set since it is only available in the kbuild system and not in the %install script. This patch adds a Makefile target to emit the image_name that can be used and modifies the mkspec to use the dynamic name in %install. Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com> Signed-off-by: Michal Marek <mmarek@suse.cz>
2013-06-22Linux 3.10-rc7Linus Torvalds
2013-06-15Linux 3.10-rc6Linus Torvalds
2013-06-08Linux 3.10-rc5Linus Torvalds
2013-06-02Linux 3.10-rc4Linus Torvalds
2013-05-26Linux 3.10-rc3Linus Torvalds
2013-05-20Linux 3.10-rc2Linus Torvalds