kernel/linux.git/scripts, branch v6.2-rc7

Merge tag 'kbuild-fixes-v6.2-4' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

2023-02-04T19:30:23+00:00

Pull Kbuild fixes from Masahiro Yamada: - Fix two bugs (for building and for signing) when MODULE_SIG_KEY contains a PKCS#11 URI * tag 'kbuild-fixes-v6.2-4' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kbuild: modinst: Fix build error when CONFIG_MODULE_SIG_KEY is a PKCS#11 URI certs: Fix build error when PKCS#11 URI contains semicolon

kbuild: modinst: Fix build error when CONFIG_MODULE_SIG_KEY is a PKCS#11 URI

2023-01-31T08:53:01+00:00

When CONFIG_MODULE_SIG_KEY is PKCS#11 URI (pkcs11:*), signing of modules fails: scripts/sign-file sha256 /.../linux/pkcs11:token=foo;object=bar;pin-value=1111 certs/signing_key.x509 /.../kernel/crypto/tcrypt.ko Usage: scripts/sign-file [-dp] [] scripts/sign-file -s [] First, we need to avoid adding the $(srctree)/ prefix to the URL. Second, since the kconfig string values no longer include quotes, we need to add them again when passing a PKCS#11 URI to sign-file. This avoids splitting by the shell if the URI contains semicolons. Fixes: 4db9c2e3d055 ("kbuild: stop using config_filename in scripts/Makefile.modsign") Fixes: 129ab0d2d9f3 ("kbuild: do not quote string values in include/config/auto.conf") Signed-off-by: Jan Luebbe Signed-off-by: Masahiro Yamada

Fix up more non-executable files marked executable

2023-01-28T19:17:57+00:00

Joe found another DT file that shouldn't be executable, and that frustrated me enough that I went hunting with this script: git ls-files -s | grep '^100755' | cut -f2 | xargs grep -L '^#!' and that found another file that shouldn't have been marked executable either, despite being in the scripts directory. Maybe these two are the last ones at least for now. But I'm sure we'll be back in a few years, fixing things up again. Fixes: 8c6789f4e2d4 ("ASoC: dt-bindings: Add Everest ES8326 audio CODEC") Fixes: 4d8e5cd233db ("locking/atomics: Fix scripts/atomic/ script permissions") Reported-by: Joe Perches Signed-off-by: Linus Torvalds

Merge tag 'hardening-v6.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

2023-01-28T00:09:12+00:00

Pull hardening fixes from Kees Cook: - Split slow memcpy tests into MEMCPY_SLOW_KUNIT_TEST - Reorganize gcc-plugin includes for GCC 13 - Silence bcache memcpy run-time false positive warnings * tag 'hardening-v6.2-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: bcache: Silence memcpy() run-time false positive warnings gcc-plugins: Reorganize gimple includes for GCC 13 kunit: memcpy: Split slow memcpy tests into MEMCPY_SLOW_KUNIT_TEST

gcc-plugins: Reorganize gimple includes for GCC 13

2023-01-25T20:24:48+00:00

The gimple-iterator.h header must be included before gimple-fold.h starting with GCC 13. Reorganize gimple headers to work for all GCC versions. Reported-by: Palmer Dabbelt Acked-by: Palmer Dabbelt Link: https://lore.kernel.org/all/20230113173033.4380-1-palmer@rivosinc.com/ Cc: linux-hardening@vger.kernel.org Signed-off-by: Kees Cook

ftrace/scripts: Update the instructions for ftrace-bisect.sh

2023-01-24T18:13:07+00:00

The instructions for the ftrace-bisect.sh script, which is used to find what function is being traced that is causing a kernel crash, and possibly a triple fault reboot, uses the old method. In 5.1, a new feature was added that let the user write in the index into available_filter_functions that maps to the function a user wants to set in set_ftrace_filter (or set_ftrace_notrace). This takes O(1) to set, as suppose to writing a function name, which takes O(n) (where n is the number of functions in available_filter_functions). The ftrace-bisect.sh requires setting half of the functions in available_filter_functions, which is O(n^2) using the name method to enable and can take several minutes to complete. The number method is O(n) which takes less than a second to complete. Using the number method for any kernel 5.1 and after is the proper way to do the bisect. Update the usage to reflect the new change, as well as using the /sys/kernel/tracing path instead of the obsolete debugfs path. Link: https://lkml.kernel.org/r/20230123112252.022003dd@gandalf.local.home Cc: stable@vger.kernel.org Cc: Masami Hiramatsu Acked-by: Mark Rutland Fixes: f79b3f338564e ("ftrace: Allow enabling of filters via index of available_filter_functions") Signed-off-by: Steven Rostedt (Google)

Merge tag 'kbuild-fixes-v6.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

2023-01-21T18:56:37+00:00

Pull Kbuild fixes from Masahiro Yamada: - Hide LDFLAGS_vmlinux from decompressor Makefiles to fix error messages when GNU Make 4.4 is used. - Fix 'make modules' build error when CONFIG_DEBUG_INFO_BTF_MODULES=y. - Fix warnings emitted by GNU Make 4.4 in scripts/kconfig/Makefile. - Support GNU Make 4.4 for scripts/jobserver-exec. - Show clearer error message when kernel/gen_kheaders.sh fails due to missing cpio. * tag 'kbuild-fixes-v6.2-3' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: kheaders: explicitly validate existence of cpio command scripts: support GNU make 4.4 in jobserver-exec kconfig: Update all declared targets scripts: rpm: make clear that mkspec script contains 4.13 feature init/Kconfig: fix LOCALVERSION_AUTO help text kbuild: fix 'make modules' error when CONFIG_DEBUG_INFO_BTF_MODULES=y kbuild: export top-level LDFLAGS_vmlinux only to scripts/Makefile.vmlinux init/version-timestamp.c: remove unneeded #include docs: kbuild: remove mention to dropped $(objtree) feature

scripts: support GNU make 4.4 in jobserver-exec

2023-01-16T11:15:20+00:00

Starting with GNU make 4.4, --jobserver-auth newly uses named pipe (fifo) instead of part of opened file descriptors: https://www.gnu.org/software/make/manual/html_node/POSIX-Jobserver.html Support also the new format. Signed-off-by: Martin Liska Signed-off-by: Masahiro Yamada

Merge tag 'hardening-v6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

2023-01-14T16:04:00+00:00

Pull kernel hardening fixes from Kees Cook: - Fix CFI hash randomization with KASAN (Sami Tolvanen) - Check size of coreboot table entry and use flex-array * tag 'hardening-v6.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: kbuild: Fix CFI hash randomization with KASAN firmware: coreboot: Check size of table entry and use flex-array

kbuild: Fix CFI hash randomization with KASAN

2023-01-13T23:22:03+00:00

Clang emits a asan.module_ctor constructor to each object file when KASAN is enabled, and these functions are indirectly called in do_ctors. With CONFIG_CFI_CLANG, the compiler also emits a CFI type hash before each address-taken global function so they can pass indirect call checks. However, in commit 0c3e806ec0f9 ("x86/cfi: Add boot time hash randomization"), x86 implemented boot time hash randomization, which relies on the .cfi_sites section generated by objtool. As objtool is run against vmlinux.o instead of individual object files with X86_KERNEL_IBT (enabled by default), CFI types in object files that are not part of vmlinux.o end up not being included in .cfi_sites, and thus won't get randomized and trip CFI when called. Only .vmlinux.export.o and init/version-timestamp.o are linked into vmlinux separately from vmlinux.o. As these files don't contain any functions, disable KASAN for both of them to avoid breaking hash randomization. Link: https://github.com/ClangBuiltLinux/linux/issues/1742 Fixes: 0c3e806ec0f9 ("x86/cfi: Add boot time hash randomization") Signed-off-by: Sami Tolvanen Acked-by: Peter Zijlstra (Intel) Signed-off-by: Kees Cook Link: https://lore.kernel.org/r/20230112224948.1479453-2-samitolvanen@google.com