Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v5.6.10 2020-02-01T18:01:52Z 2020-02-01T18:01:52Z Linus Torvalds torvalds@linux-foundation.org 2020-02-01T18:01:52Z urn:sha1:368d060bb497775e42e323b9f676c45e2011da27 Pull Kbuild updates from Masahiro Yamada: - detect missing include guard in UAPI headers - do not create orphan built-in.a or obj-y objects - generate modules.builtin more simply, and drop tristate.conf - simplify built-in initramfs creation - make linux-headers deb package thinner - optimize the deb package build script - misc cleanups * tag 'kbuild-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (34 commits) builddeb: split libc headers deployment out into a function builddeb: split kernel headers deployment out into a function builddeb: remove redundant make for ARCH=um builddeb: avoid invoking sub-shells where possible builddeb: remove redundant $objtree/ builddeb: match temporary directory name to the package name builddeb: remove unneeded files in hdrobjfiles for headers package kbuild: use -S instead of -E for precise cc-option test in Kconfig builddeb: allow selection of .deb compressor kbuild: remove 'Building modules, stage 2.' log kbuild: remove *.tmp file when filechk fails kbuild: remove PYTHON2 variable modpost: assume STT_SPARC_REGISTER is defined gen_initramfs.sh: remove intermediate cpio_list on errors initramfs: refactor the initramfs build rules gen_initramfs.sh: always output cpio even without -o option initramfs: add default_cpio_list, and delete -d option support initramfs: generate dependency list and cpio at the same time initramfs: specify $(src)/gen_initramfs.sh as a prerequisite in Makefile initramfs: make initramfs compression choice non-optional ... 2020-01-31T19:42:13Z Linus Torvalds torvalds@linux-foundation.org 2020-01-31T19:42:13Z urn:sha1:ddaefe8947b48b638f726cf89730ecc1000ebcc3 Pull module updates from Jessica Yu: "Summary of modules changes for the 5.6 merge window: - Add "MS" (SHF_MERGE|SHF_STRINGS) section flags to __ksymtab_strings to indicate to the linker that it can perform string deduplication (i.e., duplicate strings are reduced to a single copy in the string table). This means any repeated namespace string would be merged to just one entry in __ksymtab_strings. - Various code cleanups and small fixes (fix small memleak in error path, improve moduleparam docs, silence rcu warnings, improve error logging)" * tag 'modules-for-v5.6' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux: module.h: Annotate mod_kallsyms with __rcu module: avoid setting info->name early in case we can fall back to info->mod->name modsign: print module name along with error message kernel/module: Fix memleak in module_add_modinfo_attrs() export.h: reduce __ksymtab_strings string duplication by using "MS" section flags moduleparam: fix kerneldoc modules: lockdep: Suppress suspicious RCU usage warning 2020-01-23T17:19:48Z Madhuparna Bhowmik madhuparnabhowmik10@gmail.com 2020-01-22T17:04:47Z urn:sha1:6080d608eeff7cb5090a2ddbaf723bfb0ff133fc This patch fixes the following sparse errors: kernel/module.c:3623:9: error: incompatible types in comparison expression kernel/module.c:4060:41: error: incompatible types in comparison expression kernel/module.c:4203:28: error: incompatible types in comparison expression kernel/module.c:4225:41: error: incompatible types in comparison expression Signed-off-by: Madhuparna Bhowmik <madhuparnabhowmik10@gmail.com> Signed-off-by: Jessica Yu <jeyu@kernel.org> 2020-01-06T17:18:39Z Masahiro Yamada masahiroy@kernel.org 2019-12-19T08:33:29Z urn:sha1:8b41fc4454e36fbfdbb23f940d023d4dece2de29 Commit bc081dd6e9f6 ("kbuild: generate modules.builtin") added infrastructure to generate modules.builtin, the list of all builtin modules. Basically, it works like this: - Kconfig generates include/config/tristate.conf, the list of tristate CONFIG options with a value in a capital letter. - scripts/Makefile.modbuiltin makes Kbuild descend into directories to collect the information of builtin modules. I am not a big fan of it because Kbuild ends up with traversing the source tree twice. I am not sure how perfectly it should work, but this approach cannot avoid false positives; even if the relevant CONFIG option is tristate, some Makefiles forces obj-m to obj-y. Some examples are: arch/powerpc/platforms/powermac/Makefile: obj-$(CONFIG_NVRAM:m=y) += nvram.o net/ipv6/Makefile: obj-$(subst m,y,$(CONFIG_IPV6)) += inet6_hashtables.o net/netlabel/Makefile: obj-$(subst m,y,$(CONFIG_IPV6)) += netlabel_calipso.o Nobody has complained about (or noticed) it, so it is probably fine to have false positives in modules.builtin. This commit simplifies the implementation. Let's exploit the fact that every module has MODULE_LICENSE(). (modpost shows a warning if MODULE_LICENSE is missing. If so, 0-day bot would already have blocked such a module.) I added MODULE_FILE to <linux/module.h>. When the code is being compiled as builtin, it will be filled with the file path of the module, and collected into modules.builtin.info. Then, scripts/link-vmlinux.sh extracts the list of builtin modules out of it. This new approach fixes the false-positives above, but adds another type of false-positives; non-modular code may have MODULE_LICENSE() by mistake. This is not a big deal, it is just the code is always orphan. We can clean it up if we like. You can see cleanup examples by: $ git log --grep='make.* explicitly non-modular' To sum up, this commits deletes lots of code, but still produces almost equivalent results. Please note it does not increase the vmlinux size at all. As you can see in include/asm-generic/vmlinux.lds.h, the .modinfo section is discarded in the link stage. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> 2019-12-10T09:11:00Z Ingo Molnar mingo@kernel.org 2019-12-10T09:11:00Z urn:sha1:2040cf9f59037aa8aec749363e69ead165b67b43 Signed-off-by: Ingo Molnar <mingo@kernel.org> 2019-11-27T06:44:25Z Peter Zijlstra peterz@infradead.org 2019-10-15T19:07:31Z urn:sha1:958de668197651bbf2b4b9528f204ab5a0f1af65 Now that there are no users of set_all_modules_text_*() left, remove it. While it appears nds32 uses it, it does not have STRICT_MODULE_RWX and therefore ends up with the NOP stubs. Tested-by: Alexei Starovoitov <ast@kernel.org> Tested-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Alexei Starovoitov <ast@kernel.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: Greentime Hu <green.hu@gmail.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Jessica Yu <jeyu@kernel.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Vincent Chen <deanbo422@gmail.com> Link: https://lkml.kernel.org/r/20191111132458.284298307@infradead.org Signed-off-by: Ingo Molnar <mingo@kernel.org> 2019-11-14T03:36:53Z Masahiro Yamada yamada.masahiro@socionext.com 2019-10-18T04:50:53Z urn:sha1:bf49d9dd6fef688733e2ddbd55f7bcb57df194e4 Commit b24413180f56 ("License cleanup: add SPDX GPL-2.0 license identifier to files with no license") took care of a lot of files without any license information. These headers were not processed by the tool perhaps because they contain "GPL" in the code. I do not see any license boilerplate in them, so they fall back to GPL version 2 only, which is the project default. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Link: https://lore.kernel.org/r/20191018045053.8424-1-yamada.masahiro@socionext.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-09-28T02:37:27Z Linus Torvalds torvalds@linux-foundation.org 2019-09-28T02:37:27Z urn:sha1:f1f2f614d535564992f32e720739cb53cf03489f Pull integrity updates from Mimi Zohar: "The major feature in this time is IMA support for measuring and appraising appended file signatures. In addition are a couple of bug fixes and code cleanup to use struct_size(). In addition to the PE/COFF and IMA xattr signatures, the kexec kernel image may be signed with an appended signature, using the same scripts/sign-file tool that is used to sign kernel modules. Similarly, the initramfs may contain an appended signature. This contained a lot of refactoring of the existing appended signature verification code, so that IMA could retain the existing framework of calculating the file hash once, storing it in the IMA measurement list and extending the TPM, verifying the file's integrity based on a file hash or signature (eg. xattrs), and adding an audit record containing the file hash, all based on policy. (The IMA support for appended signatures patch set was posted and reviewed 11 times.) The support for appended signature paves the way for adding other signature verification methods, such as fs-verity, based on a single system-wide policy. The file hash used for verifying the signature and the signature, itself, can be included in the IMA measurement list" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: ima: ima_api: Use struct_size() in kzalloc() ima: use struct_size() in kzalloc() sefltest/ima: support appended signatures (modsig) ima: Fix use after free in ima_read_modsig() MODSIGN: make new include file self contained ima: fix freeing ongoing ahash_request ima: always return negative code for error ima: Store the measurement again when appraising a modsig ima: Define ima-modsig template ima: Collect modsig ima: Implement support for module-style appended signatures ima: Factor xattr_verify() out of ima_appraise_measurement() ima: Add modsig appraise_type option for module-style appended signatures integrity: Select CONFIG_KEYS instead of depending on it PKCS#7: Introduce pkcs7_get_digest() PKCS#7: Refactor verify_pkcs7_signature() MODSIGN: Export module signature definitions ima: initialize the "template" field with the default template 2019-09-22T18:15:14Z Linus Torvalds torvalds@linux-foundation.org 2019-09-22T18:15:14Z urn:sha1:3e4d890a26d5411d0b64e5e8ecfdcdb435c1d3f8 It's an unusual configuration, and was apparently never tested, and not caught in linux-next because of a combination of travels and it making it into the tree too late. The fix is to simply move the #define to outside the CONFIG_MODULE section, since MODULE_INFO() will do the right thing. Cc: Martijn Coenen <maco@android.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Matthias Maennich <maennich@google.com> Cc: Jessica Yu <jeyu@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2019-09-10T08:30:17Z Matthias Maennich maennich@google.com 2019-09-06T10:32:27Z urn:sha1:8651ec01daedad26290f76beeb4736f9d2da4b87 The EXPORT_SYMBOL_NS() and EXPORT_SYMBOL_NS_GPL() macros can be used to export a symbol to a specific namespace. There are no _GPL_FUTURE and _UNUSED variants because these are currently unused, and I'm not sure they are necessary. I didn't add EXPORT_SYMBOL_NS() for ASM exports; this patch sets the namespace of ASM exports to NULL by default. In case of relative references, it will be relocatable to NULL. If there's a need, this should be pretty easy to add. A module that wants to use a symbol exported to a namespace must add a MODULE_IMPORT_NS() statement to their module code; otherwise, modpost will complain when building the module, and the kernel module loader will emit an error and fail when loading the module. MODULE_IMPORT_NS() adds a modinfo tag 'import_ns' to the module. That tag can be observed by the modinfo command, modpost and kernel/module.c at the time of loading the module. The ELF symbols are renamed to include the namespace with an asm label; for example, symbol 'usb_stor_suspend' in namespace USB_STORAGE becomes 'usb_stor_suspend.USB_STORAGE'. This allows modpost to do namespace checking, without having to go through all the effort of parsing ELF and relocation records just to get to the struct kernel_symbols. On x86_64 I saw no difference in binary size (compression), but at runtime this will require a word of memory per export to hold the namespace. An alternative could be to store namespaced symbols in their own section and use a separate 'struct namespaced_kernel_symbol' for that section, at the cost of making the module loader more complex. Co-developed-by: Martijn Coenen <maco@android.com> Signed-off-by: Martijn Coenen <maco@android.com> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Matthias Maennich <maennich@google.com> Signed-off-by: Jessica Yu <jeyu@kernel.org>