summaryrefslogtreecommitdiffstats
path: root/Makefile
Commit message (Collapse)AuthorAgeFilesLines
...
| * kbuild: move extra gcc checks to scripts/Makefile.extrawarnMasahiro Yamada2014-04-161-4/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | W=... provides extra gcc checks. Having such code in scripts/Makefile.build results in the same flags being added to KBUILD_CFLAGS multiple times becuase scripts/Makefile.build is invoked every time Kbuild descends into the subdirectories. Since the top Makefile is already too cluttered, this commit moves all of extra gcc check stuff to a new file scripts/Makefile.extrawarn, which is included from the top Makefile. Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com> CC: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Michal Marek <mmarek@suse.cz>
* | Merge tag 'llvmlinux-for-v3.16' of ↵Linus Torvalds2014-06-081-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.linuxfoundation.org/llvmlinux/kernel Pull LLVM patches from Behan Webster: "Next set of patches to support compiling the kernel with clang. They've been soaking in linux-next since the last merge window. More still in the works for the next merge window..." * tag 'llvmlinux-for-v3.16' of git://git.linuxfoundation.org/llvmlinux/kernel: arm, unwind, LLVMLinux: Enable clang to be used for unwinding the stack ARM: LLVMLinux: Change "extern inline" to "static inline" in glue-cache.h all: LLVMLinux: Change DWARF flag to support gcc and clang net: netfilter: LLVMLinux: vlais-netfilter crypto: LLVMLinux: aligned-attribute.patch
| * | all: LLVMLinux: Change DWARF flag to support gcc and clangBehan Webster2014-06-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Both gcc (well, actually gnu as) and clang support the "-Wa,-gdwarf-2" option (though clang does not support "-Wa,--gdwarf-2"). Since these flags are equivalent in meaning, this patch uses the one which is better supported across compilers. Signed-off-by: Behan Webster <behanw@converseincode.com>
* | | Linux 3.15v3.15Linus Torvalds2014-06-081-1/+1
|/ /
* | Linux 3.15-rc8v3.15-rc8Linus Torvalds2014-06-011-1/+1
| |
* | Linux 3.15-rc7v3.15-rc7Linus Torvalds2014-05-251-1/+1
| |
* | Linux 3.15-rc6v3.15-rc6Linus Torvalds2014-05-221-1/+1
| |
* | Linux 3.15-rc5v3.15-rc5Linus Torvalds2014-05-091-1/+1
| |
* | Linux 3.15-rc4v3.15-rc4Linus Torvalds2014-05-041-1/+1
| |
* | Linux 3.15-rc3v3.15-rc3Linus Torvalds2014-04-271-1/+1
| |
* | Linux 3.15-rc2v3.15-rc2Linus Torvalds2014-04-201-1/+1
|/
* Linux 3.15-rc1v3.15-rc1Linus Torvalds2014-04-131-2/+2
|
* Merge branch 'misc' of ↵Linus Torvalds2014-04-121-3/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull misc kbuild changes from Michal Marek: "Here is the non-critical part of kbuild: - One bogus coccinelle check removed, one check fixed not to suggest the obsolete PTR_RET macro - scripts/tags.sh does not index the generated *.mod.c files - new objdiff tool to list differences between two versions of an object file - A fix for scripts/bootgraph.pl" * 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: scripts/coccinelle: Use PTR_ERR_OR_ZERO scripts/bootgraph.pl: Add graphic header scripts: objdiff: detect object code changes between two commits Coccicheck: Remove memcpy to struct assignment test scripts/tags.sh: Ignore *.mod.c
| * scripts: objdiff: detect object code changes between two commitsJason Cooper2014-04-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | objdiff is useful when doing large code cleanups. For example, when removing checkpatch warnings and errors from new drivers in the staging tree. objdiff can be used in conjunction with a git rebase to confirm that each commit made no changes to the resulting object code. It has the same return values as diff(1). This was written specifically to support adding the skein and threefish cryto drivers to the staging tree. I needed a programmatic way to confirm that commits changing >90% of the lines didn't inadvertently change the code. Temporary files (objdump output) are stored in /path/to/linux/.tmp_objdiff 'make mrproper' will remove this directory. Signed-off-by: Jason Cooper <jason@lakedaemon.net> Signed-off-by: Michal Marek <mmarek@suse.cz>
| * scripts/tags.sh: Ignore *.mod.cPrarit Bhargava2014-02-061-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CONFIG_MODVERSIONS=y results in a .mod.c for every compiled file in the kernel. Issuing a 'make cscope' on a compiled kernel tree results in the cscope files containing *.mod.c files. [prarit@prarit linux]# make cscope [prarit@prarit linux]# cat cscope.files | grep mod.c | wc -l 4807 These files are not useful for cscope and should be ignored. For example, # line filename / context / line 1 105 arch/x86/kvm/kvm-intel.mod.c <<GLOBAL>> { 0x618911fc, __VMLINUX_SYMBOL_STR(numa_node) }, 2 508 drivers/block/mtip32xx/mtip32xx.h <<GLOBAL>> int numa_node; 3 55 drivers/block/mtip32xx/mtip32xx.mod.c <<GLOBAL>> { 0x618911fc, __VMLINUX_SYMBOL_STR(numa_node) }, 4 37 drivers/cpufreq/acpi-cpufreq.mod.c <<GLOBAL>> { 0x618911fc, __VMLINUX_SYMBOL_STR(numa_node) }, <snip> Add an export to RCS_FIND_IGNORE so it can be used in scripts/tags.sh and add explicitly ignore *.mod.c files. Signed-off-by: Prarit Bhargava <prarit@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Kirill Tkhai <tkhai@yandex.ru> Cc: Michael Opdenacker <michael.opdenacker@free-electrons.com> Cc: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Michal Marek <mmarek@suse.cz>
* | kbuild: LLVMLinux: Add Kbuild support for building kernel with ClangBehan Webster2014-04-091-1/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support to toplevel Makefile for compiling with clang, both for HOSTCC and CC. Use cc-option to prevent gcc option from breaking clang, and from clang options from breaking gcc. Clang 3.4 semantics are the same as gcc semantics for unsupported flags. For unsupported warnings clang 3.4 returns true but shows a warning and gcc shows a warning and returns false. Signed-off-by: Behan Webster <behanw@converseincode.com> Signed-off-by: Jan-Simon Möller <dl9pf@gmx.de> Signed-off-by: Mark Charlebois <charlebm@gmail.com> Cc: PaX Team <pageexec@freemail.hu>
* | Merge branch 'kbuild' of ↵Linus Torvalds2014-04-071-5/+5
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild changes from Michal Marek: - cleanups in the main Makefiles and Documentation/DocBook/Makefile - make O=... directory is automatically created if needed - mrproper/distclean removes the old include/linux/version.h to make life easier when bisecting across the commit that moved the version.h file * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: kbuild: docbook: fix the include error when executing "make help" kbuild: create a build directory automatically for out-of-tree build kbuild: remove redundant '.*.cmd' pattern from make distclean kbuild: move "quote" to Kbuild.include to be consistent kbuild: docbook: use $(obj) and $(src) rather than specific path kbuild: unconditionally clobber include/linux/version.h on distclean kbuild: docbook: specify KERNELDOC dependency correctly kbuild: docbook: include cmd files more simply kbuild: specify build_docproc as a phony target
| * | kbuild: create a build directory automatically for out-of-tree buildMasahiro Yamada2014-03-311-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kbuild supports saving output files in a separate directory. But the build directory must be created beforehand. For example, $ mkdir -p dir/to/store/output/files $ make O=dir/to/store/output/files defconfig Creating a build directory automatically would be useful. Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com> Acked-by: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Michal Marek <mmarek@suse.cz>
| * | kbuild: remove redundant '.*.cmd' pattern from make distcleanMasahiro Yamada2014-03-311-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | '.*.cmd' files are cleaned-up by "make clean". The same pattern in "make distclean" is unnecessary. Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com> Signed-off-by: Michal Marek <mmarek@suse.cz>
| * | kbuild: unconditionally clobber include/linux/version.h on distcleanPaul Gortmaker2014-03-291-1/+1
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As of v3.7, the UAPI changes relocated headers around such that the kernel version header lived in a new place. If a person is bisecting and if you go back to pre-UAPI days, you will create an include/linux/version.h -- then if you checkout a post-UAPI kernel, and even run "make distclean" it still won't delete that old version file. So you get a situation like this: $ grep -R LINUX_VERSION_CODE include/ include/generated/uapi/linux/version.h:#define LINUX_VERSION_CODE 200192 include/linux/version.h:#define LINUX_VERSION_CODE 132646 The value in that second line is representative of a v2.6.38 version. And it will be sourced/used, hence leading to strange behaviours, such as drivers/staging content (which typically hasn't been purged of version ifdefs) failing to build. Since it is a subtle mode of failure, lets always clobber the old file when doing a distclean. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Michal Marek <mmarek@suse.cz>
* | Merge tag 'dt-for-linus' of git://git.secretlab.ca/git/linuxLinus Torvalds2014-04-021-0/+7
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull devicetree changes from Grant Likely: "Updates to devicetree core code. This branch contains the following notable changes: - add reserved memory binding - make struct device_node a kobject and remove legacy /proc/device-tree - ePAPR conformance fixes - update in-kernel DTC copy to version v1.4.0 - preparatory changes for dynamic device tree overlays - minor bug fixes and documentation changes The most significant change in this branch is the conversion of struct device_node to be a kobject that is exposed via sysfs and removal of the old /proc/device-tree code. This simplifies the device tree handling code and tightens up the lifecycle on device tree nodes. [updated: added fix for dangling select PROC_DEVICETREE]" * tag 'dt-for-linus' of git://git.secretlab.ca/git/linux: (29 commits) dt: Remove dangling "select PROC_DEVICETREE" of: Add support for ePAPR "stdout-path" property of: device_node kobject lifecycle fixes of: only scan for reserved mem when fdt present powerpc: add support for reserved memory defined by device tree arm64: add support for reserved memory defined by device tree of: add missing major vendors of: add vendor prefix for SMSC of: remove /proc/device-tree of/selftest: Add self tests for manipulation of properties of: Make device nodes kobjects so they show up in sysfs arm: add support for reserved memory defined by device tree drivers: of: add support for custom reserved memory drivers drivers: of: add initialization code for dynamic reserved memory drivers: of: add initialization code for static reserved memory of: document bindings for reserved-memory nodes Revert "of: fix of_update_property()" kbuild: dtbs_install: new make target ARM: mvebu: Allows to get the SoC ID even without PCI enabled of: Allows to use the PCI translator without the PCI core ...
| * \ Merge remote-tracking branch 'robh/for-next' into devicetree/nextGrant Likely2014-03-311-1/+1
| |\ \
| * \ \ Merge tag 'v3.14-rc5' into HEADGrant Likely2014-03-041-4/+6
| |\ \ \ | | | | | | | | | | | | | | | Linux 3.14-rc5
| * | | | kbuild: dtbs_install: new make targetJason Cooper2014-02-201-0/+7
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unlike other build products in the Linux kernel, there is no 'make *install' mechanism to put devicetree blobs in a standard place. This commit adds a new 'dtbs_install' make target which copies all of the dtbs into the INSTALL_DTBS_PATH directory. INSTALL_DTBS_PATH can be set before calling make to change the default install directory. If not set then it defaults to: $INSTALL_PATH/dtbs/$KERNELRELEASE. This is done to keep dtbs from different kernel versions separate until things have settled down. Once the dtbs are stable, and not so strongly linked to the kernel version, the devicetree files will most likely move to their own repo. Users will need to upgrade install scripts at that time. v7: (reworked by Grant Likely) - Moved rules from arch/arm/Makefile to arch/arm/boot/dts/Makefile so that each dtb install could have a separate target and be reported as part of the make output. - Fixed dependency problem to ensure $KERNELRELEASE is calculated before attempting to install - Removed option to call external script. Copying the files should be sufficient and a build system can post-process the install directory. Despite the fact an external script is used for installing the kernel, I don't think that is a pattern that should be encouraged. I would rather see buildroot type tools post process the install directory to rename or move dtb files after installing to a staging directory. - Plus it is easy to add a hook after the fact without blocking the rest of this feature. - Move the helper targets into scripts/Makefile.lib with the rest of the common dtb rules Signed-off-by: Jason Cooper <jason@lakedaemon.net> Signed-off-by: Grant Likely <grant.likely@linaro.org> Cc: Michal Marek <mmarek@suse.cz> Cc: Russell King <linux@arm.linux.org.uk> Cc: Rob Herring <robh+dt@kernel.org>
* | | | Linux 3.14v3.14Linus Torvalds2014-03-301-1/+1
| | | |
* | | | Linux 3.14-rc8v3.14-rc8Linus Torvalds2014-03-241-1/+1
| | | |
* | | | Linux 3.14-rc7v3.14-rc7Linus Torvalds2014-03-161-1/+1
| |_|/ |/| |
* | | Linux 3.14-rc6v3.14-rc6Linus Torvalds2014-03-091-1/+1
| |/ |/|
* | Linux 3.14-rc5v3.14-rc5Linus Torvalds2014-03-021-1/+1
| |
* | Makefile: fix build with make 3.80 againJan Beulich2014-02-251-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to Documentation/Changes, make 3.80 is still being supported for building the kernel, hence make files must not make (unconditional) use of features introduced only in newer versions. Commit 8779657d29c0 ("stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG") however introduced an "else ifdef" construct which make 3.80 doesn't understand. Also correct a warning message still referencing the old config option name. Apart from that I question the use of "ifdef" here (but it was used that way already prior to said commit): ifeq (,y) would seem more to the point. Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Kees Cook <keescook@chromium.org> Cc: Ingo Molnar <mingo@kernel.org> Cc: Michal Marek <mmarek@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Makefile: fix extra parenthesis typo when CC_STACKPROTECTOR_REGULAR is enabledFathi Boudra2014-02-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | An extra parenthesis typo introduced in 19952a92037e ("stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures") is causing the following error when CONFIG_CC_STACKPROTECTOR_REGULAR is enabled: Makefile:608: Cannot use CONFIG_CC_STACKPROTECTOR: -fstack-protector not supported by compiler Makefile:608: *** missing separator. Stop. Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Acked-by: Kees Cook <keescook@chromium.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Linux 3.14-rc4v3.14-rc4Linus Torvalds2014-02-231-1/+1
| |
* | Linux 3.14-rc3v3.14-rc3Linus Torvalds2014-02-161-1/+1
| |
* | Linux 3.14-rc2v3.14-rc2Linus Torvalds2014-02-091-1/+1
|/
* Linus 3.14-rc1v3.14-rc1Linus Torvalds2014-02-021-3/+3
|
* Merge branch 'drop-time' of ↵Linus Torvalds2014-01-301-0/+3
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull __TIME__/__DATE__ removal from Michal Marek: "This series by Josh finishes the removal of __DATE__ and __TIME__ from the kernel. The last patch adds -Werror=date-time to KBUILD_CFLAGS to stop these from reappearing. Part of the series went through Greg's trees during this merge window, which is why this pull request is not based on v3.13-rc1" * 'drop-time' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: Makefile: Build with -Werror=date-time if the compiler supports it x86: math-emu: Drop already-disabled print of build date net: wireless: brcm80211: Drop debug version with build date/time mtd: denali: Drop print of build date/time
| * Makefile: Build with -Werror=date-time if the compiler supports itJosh Triplett2014-01-271-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | GCC 4.9 and newer have a new warning -Wdate-time, which warns on any use of __DATE__, __TIME__, or __TIMESTAMP__, which would make the build non-deterministic. Now that the kernel does not use any of those macros, turn on -Werror=date-time if available, to keep it that way. The kernel already (optionally) records this information at build time in a single place; other kernel code should not duplicate that. Signed-off-by: Josh Triplett <josh@joshtriplett.org> Signed-off-by: Michal Marek <mmarek@suse.cz>
* | Merge branch 'kbuild' of ↵Linus Torvalds2014-01-301-1/+7
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild changes from Michal Marek: - fix make -s detection with make-4.0 - fix for scripts/setlocalversion when the kernel repository is a submodule - do not hardcode ';' in macros that expand to assembler code, as some architectures' assemblers use a different character for newline - Fix passing --gdwarf-2 to the assembler * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: frv: Remove redundant debugging info flag mn10300: Remove redundant debugging info flag kbuild: Fix debugging info generation for .S files arch: use ASM_NL instead of ';' for assembler new line character in the macro kbuild: Fix silent builds with make-4 Fix detectition of kernel git repository in setlocalversion script [take #2]
| * kbuild: Fix debugging info generation for .S filesGeoff Levand2014-01-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Change the debuging info generation flag in KBUILD_AFLAGS from '-gdwarf-2' to '-Wa,--gdwarf-2'. This will properly generate the debugging info for .S files when CONFIG_DEBUG_INFO=y. It seems current gcc does not pass a '--gdwarf-2' option on to the assembler when '-gdwarf-2' is on its command line (note the differece in the gcc and as flags). This change provides the correct assembler flag to gcc, and so does not rely on gcc to emit a flag for the assembler. Signed-off-by: Geoff Levand <geoff@infradead.org> for Huawei, Linaro Signed-off-by: Michal Marek <mmarek@suse.cz>
| * kbuild: Fix silent builds with make-4Emil Medve2014-01-061-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | make-4 changed the way/order it presents the command line options into MAKEFLAGS In make-3.8x, '-s' would always be first into a group of options with the '-'/hyphen removed $ make -p -s 2>/dev/null | grep ^MAKEFLAGS MAKEFLAGS = sp In make-4, '-s' seems to always be last into a group of options with the '-'/hyphen removed $ make -s -p 2>/dev/null | grep ^MAKEFLAGS MAKEFLAGS = ps Signed-off-by: Emil Medve <Emilian.Medve@Freescale.com> Signed-off-by: Michal Marek <mmarek@suse.cz>
* | Merge branch 'core-stackprotector-for-linus' of ↵Linus Torvalds2014-01-201-3/+17
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull strong stackprotector support from Ingo Molnar: "This tree adds a CONFIG_CC_STACKPROTECTOR_STRONG=y, a new, stronger stack canary checking method supported by the newest GCC versions (4.9 and later). Here's the 'intensity comparison' between the various protection modes: - defconfig 11430641 kernel text size 36110 function bodies - defconfig + CONFIG_CC_STACKPROTECTOR_REGULAR 11468490 kernel text size (+0.33%) 1015 of 36110 functions are stack-protected (2.81%) - defconfig + CONFIG_CC_STACKPROTECTOR_STRONG via this patch 11692790 kernel text size (+2.24%) 7401 of 36110 functions are stack-protected (20.5%) the strong model comes with non-trivial costs, which is why we preserved the 'regular' and 'none' models as well" * 'core-stackprotector-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures
| * | stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONGKees Cook2013-12-201-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes the stack protector config option into a choice of "None", "Regular", and "Strong": CONFIG_CC_STACKPROTECTOR_NONE CONFIG_CC_STACKPROTECTOR_REGULAR CONFIG_CC_STACKPROTECTOR_STRONG "Regular" means the old CONFIG_CC_STACKPROTECTOR=y option. "Strong" is a new mode introduced by this patch. With "Strong" the kernel is built with -fstack-protector-strong (available in gcc 4.9 and later). This option increases the coverage of the stack protector without the heavy performance hit of -fstack-protector-all. For reference, the stack protector options available in gcc are: -fstack-protector-all: Adds the stack-canary saving prefix and stack-canary checking suffix to _all_ function entry and exit. Results in substantial use of stack space for saving the canary for deep stack users (e.g. historically xfs), and measurable (though shockingly still low) performance hit due to all the saving/checking. Really not suitable for sane systems, and was entirely removed as an option from the kernel many years ago. -fstack-protector: Adds the canary save/check to functions that define an 8 (--param=ssp-buffer-size=N, N=8 by default) or more byte local char array. Traditionally, stack overflows happened with string-based manipulations, so this was a way to find those functions. Very few total functions actually get the canary; no measurable performance or size overhead. -fstack-protector-strong Adds the canary for a wider set of functions, since it's not just those with strings that have ultimately been vulnerable to stack-busting. With this superset, more functions end up with a canary, but it still remains small compared to all functions with only a small change in performance. Based on the original design document, a function gets the canary when it contains any of: - local variable's address used as part of the right hand side of an assignment or function argument - local variable is an array (or union containing an array), regardless of array type or length - uses register local variables https://docs.google.com/a/google.com/document/d/1xXBH6rRZue4f296vGt9YQcuLVQHeE516stHwt8M9xyU Find below a comparison of "size" and "objdump" output when built with gcc-4.9 in three configurations: - defconfig 11430641 kernel text size 36110 function bodies - defconfig + CONFIG_CC_STACKPROTECTOR_REGULAR 11468490 kernel text size (+0.33%) 1015 of 36110 functions are stack-protected (2.81%) - defconfig + CONFIG_CC_STACKPROTECTOR_STRONG via this patch 11692790 kernel text size (+2.24%) 7401 of 36110 functions are stack-protected (20.5%) With -strong, ARM's compressed boot code now triggers stack protection, so a static guard was added. Since this is only used during decompression and was never used before, the exposure here is very small. Once it switches to the full kernel, the stack guard is back to normal. Chrome OS has been using -fstack-protector-strong for its kernel builds for the last 8 months with no problems. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Michal Marek <mmarek@suse.cz> Cc: Russell King <linux@arm.linux.org.uk> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Paul Mundt <lethal@linux-sh.org> Cc: James Hogan <james.hogan@imgtec.com> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Shawn Guo <shawn.guo@linaro.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: linux-arm-kernel@lists.infradead.org Cc: linux-mips@linux-mips.org Cc: linux-arch@vger.kernel.org Link: http://lkml.kernel.org/r/1387481759-14535-3-git-send-email-keescook@chromium.org [ Improved the changelog and descriptions some more. ] Signed-off-by: Ingo Molnar <mingo@kernel.org>
| * | stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architecturesKees Cook2013-12-201-3/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of duplicating the CC_STACKPROTECTOR Kconfig and Makefile logic in each architecture, switch to using HAVE_CC_STACKPROTECTOR and keep everything in one place. This retains the x86-specific bug verification scripts. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Michal Marek <mmarek@suse.cz> Cc: Russell King <linux@arm.linux.org.uk> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Paul Mundt <lethal@linux-sh.org> Cc: James Hogan <james.hogan@imgtec.com> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Shawn Guo <shawn.guo@linaro.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-arm-kernel@lists.infradead.org Cc: linux-mips@linux-mips.org Cc: linux-arch@vger.kernel.org Link: http://lkml.kernel.org/r/1387481759-14535-2-git-send-email-keescook@chromium.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
* | | Linux 3.13v3.13Linus Torvalds2014-01-191-1/+1
| | |
* | | Linux 3.13-rc8v3.13-rc8Linus Torvalds2014-01-121-1/+1
| | |
* | | Linux 3.13-rc7v3.13-rc7Linus Torvalds2014-01-041-1/+1
| | |
* | | Linux 3.13-rc6v3.13-rc6Linus Torvalds2013-12-291-1/+1
| | |
* | | Linux 3.13-rc5v3.13-rc5Linus Torvalds2013-12-221-1/+1
| | |
* | | Don't set the INITRD_COMPRESS environment variable automaticallyLinus Torvalds2013-12-201-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 1bf49dd4be0b ("./Makefile: export initial ramdisk compression config option") started setting the INITRD_COMPRESS environment variable depending on which decompression models the kernel had available. That is completely broken. For example, we by default have CONFIG_RD_LZ4 enabled, and are able to decompress such an initrd, but the user tools to *create* such an initrd may not be availble. So trying to tell dracut to generate an lz4-compressed image just because we can decode such an image is completely inappropriate. Cc: J P <ppandit@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Jan Beulich <JBeulich@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | fix build with make 3.80Jan Beulich2013-12-181-13/+7
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to Documentation/Changes, make 3.80 is still being supported for building the kernel, hence make files must not make (unconditional) use of features introduced only in newer versions. Commit 1bf49dd4be0b ("./Makefile: export initial ramdisk compression config option") however introduced "else ifeq" constructs which make 3.80 doesn't understand. Replace the logic there with more conventional (in the kernel build infrastructure) list constructs (except that the list here is intentionally limited to exactly one element). Signed-off-by: Jan Beulich <jbeulich@suse.com> Cc: P J P <ppandit@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
OpenPOWER on IntegriCloud