From 9d1b38958b077f6c8d4bd196a115b643d7bd6717 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Tue, 11 Feb 2020 01:18:52 +0900 Subject: scripts/kallsyms: fix memory corruption caused by write over-run memcpy() writes one more byte than allocated. Fixes: 8d60526999aa ("scripts/kallsyms: change table to store (strcut sym_entry *)") Reported-by: youling257 Reported-by: Pavel Machek Signed-off-by: Masahiro Yamada Tested-by: Pavel Machek --- scripts/kallsyms.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/kallsyms.c b/scripts/kallsyms.c index a566d8201b56..0133dfaaf352 100644 --- a/scripts/kallsyms.c +++ b/scripts/kallsyms.c @@ -210,7 +210,7 @@ static struct sym_entry *read_symbol(FILE *in) len = strlen(name) + 1; - sym = malloc(sizeof(*sym) + len); + sym = malloc(sizeof(*sym) + len + 1); if (!sym) { fprintf(stderr, "kallsyms failure: " "unable to allocate required amount of memory\n"); @@ -219,7 +219,7 @@ static struct sym_entry *read_symbol(FILE *in) sym->addr = addr; sym->len = len; sym->sym[0] = type; - memcpy(sym_name(sym), name, len); + strcpy(sym_name(sym), name); sym->percpu_absolute = 0; return sym; -- cgit v1.2.3 From 083bc0e1ce91e2a65a1aecdf8d2c5045e5d46c55 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Tue, 11 Feb 2020 05:06:34 +0900 Subject: kbuild: fix mismatch between .version and include/generated/compile.h Since commit 56d589361572 ("kbuild: do not create orphan built-in.a or obj-y objects"), scripts/link-vmlinux.sh does nothing when descending into init/. Once the version number becomes out of sync between .version and include/generated/compile.h, it is not self-healing. [How to reproduce] $ echo 100 > .version $ make You will see the number in the .version is always bigger than that in compile.h by one. After this, every time you run 'make', the vmlinux is re-linked even when none of source files is updated. Fixes: 56d589361572 ("kbuild: do not create orphan built-in.a or obj-y objects") Signed-off-by: Masahiro Yamada --- scripts/link-vmlinux.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh index 1919c311c149..dd484e92752e 100755 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh @@ -239,7 +239,7 @@ else fi; # final build of init/ -${MAKE} -f "${srctree}/scripts/Makefile.build" obj=init +${MAKE} -f "${srctree}/scripts/Makefile.build" obj=init need-builtin=1 #link vmlinux.o info LD vmlinux.o -- cgit v1.2.3 From ff5cd9accbc724a793904c6e401040c85be89748 Mon Sep 17 00:00:00 2001 From: Alexander Kapshuk Date: Sun, 9 Feb 2020 16:00:57 +0200 Subject: ver_linux: Query ld cache for versions of libc/libcpp run-time Query ld cache for versions of both libc and libcpp run-time, instead of querying /proc/self/maps for libc run-time, and ld cache for libcpp run-time, thus reducing code size and complexity. Signed-off-by: Alexander Kapshuk Link: https://lore.kernel.org/r/20200209140057.20181-1-alexander.kapshuk@gmail.com Signed-off-by: Greg Kroah-Hartman --- scripts/ver_linux | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) (limited to 'scripts') diff --git a/scripts/ver_linux b/scripts/ver_linux index 85005d6b7f10..0968a3070eff 100755 --- a/scripts/ver_linux +++ b/scripts/ver_linux @@ -14,6 +14,8 @@ BEGIN { printf("\n") vernum = "[0-9]+([.]?[0-9]+)+" + libc = "libc[.]so[.][0-9]+$" + libcpp = "(libg|stdc)[+]+[.]so[.][0-9]+$" printversion("GNU C", version("gcc -dumpversion")) printversion("GNU Make", version("make --version")) @@ -35,26 +37,14 @@ BEGIN { printversion("Bison", version("bison --version")) printversion("Flex", version("flex --version")) - while (getline <"/proc/self/maps" > 0) { - if (/libc.*\.so$/) { - n = split($0, procmaps, "/") - if (match(procmaps[n], vernum)) { - ver = substr(procmaps[n], RSTART, RLENGTH) - printversion("Linux C Library", ver) - break - } - } + while ("ldconfig -p 2>/dev/null" | getline > 0) { + if ($NF ~ libc && !seen[ver = version("readlink " $NF)]++) + printversion("Linux C Library", ver) + else if ($NF ~ libcpp && !seen[ver = version("readlink " $NF)]++) + printversion("Linux C++ Library", ver) } printversion("Dynamic linker (ldd)", version("ldd --version")) - - while ("ldconfig -p 2>/dev/null" | getline > 0) { - if (/(libg|stdc)[+]+\.so/) { - libcpp = $NF - break - } - } - printversion("Linux C++ Library", version("readlink " libcpp)) printversion("Procps", version("ps --version")) printversion("Net-tools", version("ifconfig --version")) printversion("Kbd", version("loadkeys -V")) -- cgit v1.2.3 From ef0c08192ac09e29ddd676b3ca6c4a501f277f10 Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Thu, 20 Feb 2020 20:04:09 -0800 Subject: get_maintainer: remove uses of P: for maintainer name Commit 1ca84ed6425f ("MAINTAINERS: Reclaim the P: tag for Maintainer Entry Profile") changed the use of the "P:" tag from "Person" to "Profile (ie: special subsystem coding styles and characteristics)" Change how get_maintainer.pl parses the "P:" tag to match. Link: http://lkml.kernel.org/r/ca53823fc5d25c0be32ad937d0207a0589c08643.camel@perches.com Signed-off-by: Joe Perches Acked-by: Dan Williams Cc: Jonathan Corbet Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/get_maintainer.pl | 24 ------------------------ 1 file changed, 24 deletions(-) (limited to 'scripts') diff --git a/scripts/get_maintainer.pl b/scripts/get_maintainer.pl index 34085d146fa2..a00156855354 100755 --- a/scripts/get_maintainer.pl +++ b/scripts/get_maintainer.pl @@ -1341,35 +1341,11 @@ sub add_categories { } } } elsif ($ptype eq "M") { - my ($name, $address) = parse_email($pvalue); - if ($name eq "") { - if ($i > 0) { - my $tv = $typevalue[$i - 1]; - if ($tv =~ m/^([A-Z]):\s*(.*)/) { - if ($1 eq "P") { - $name = $2; - $pvalue = format_email($name, $address, $email_usename); - } - } - } - } if ($email_maintainer) { my $role = get_maintainer_role($i); push_email_addresses($pvalue, $role); } } elsif ($ptype eq "R") { - my ($name, $address) = parse_email($pvalue); - if ($name eq "") { - if ($i > 0) { - my $tv = $typevalue[$i - 1]; - if ($tv =~ m/^([A-Z]):\s*(.*)/) { - if ($1 eq "P") { - $name = $2; - $pvalue = format_email($name, $address, $email_usename); - } - } - } - } if ($email_reviewer) { my $subsystem = get_subsystem_name($i); push_email_addresses($pvalue, "reviewer:$subsystem"); -- cgit v1.2.3 From 0ef82fcefb99300ede6f4d38a8100845b2dc8e30 Mon Sep 17 00:00:00 2001 From: Douglas Anderson Date: Thu, 20 Feb 2020 20:04:12 -0800 Subject: scripts/get_maintainer.pl: deprioritize old Fixes: addresses Recently, I found that get_maintainer was causing me to send emails to the old addresses for maintainers. Since I usually just trust the output of get_maintainer to know the right email address, I didn't even look carefully and fired off two patch series that went to the wrong place. Oops. The problem was introduced recently when trying to add signatures from Fixes. The problem was that these email addresses were added too early in the process of compiling our list of places to send. Things added to the list earlier are considered more canonical and when we later added maintainer entries we ended up deduplicating to the old address. Here are two examples using mainline commits (to make it easier to replicate) for the two maintainers that I messed up recently: $ git format-patch d8549bcd0529~..d8549bcd0529 $ ./scripts/get_maintainer.pl 0001-clk-Add-clk_hw*.patch | grep Boyd Stephen Boyd ... $ git format-patch 6d1238aa3395~..6d1238aa3395 $ ./scripts/get_maintainer.pl 0001-arm64-dts-qcom-qcs404*.patch | grep Andy Andy Gross Let's move the adding of addresses from Fixes: to the end since the email addresses from these are much more likely to be older. After this patch the above examples get the right addresses for the two examples. Link: http://lkml.kernel.org/r/20200127095001.1.I41fba9f33590bfd92cd01960161d8384268c6569@changeid Fixes: 2f5bd343694e ("scripts/get_maintainer.pl: add signatures from Fixes: lines in commit message") Signed-off-by: Douglas Anderson Acked-by: Joe Perches Cc: Stephen Boyd Cc: Bjorn Andersson Cc: Andy Gross Cc: Kees Cook Cc: Dan Carpenter Cc: Greg Kroah-Hartman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/get_maintainer.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'scripts') diff --git a/scripts/get_maintainer.pl b/scripts/get_maintainer.pl index a00156855354..6cbcd1a3e113 100755 --- a/scripts/get_maintainer.pl +++ b/scripts/get_maintainer.pl @@ -932,10 +932,6 @@ sub get_maintainers { } } - foreach my $fix (@fixes) { - vcs_add_commit_signers($fix, "blamed_fixes"); - } - foreach my $email (@email_to, @list_to) { $email->[0] = deduplicate_email($email->[0]); } @@ -974,6 +970,10 @@ sub get_maintainers { } } + foreach my $fix (@fixes) { + vcs_add_commit_signers($fix, "blamed_fixes"); + } + my @to = (); if ($email || $email_list) { if ($email) { -- cgit v1.2.3 From 290d5388993eb40b9d5632aefb864cf1012a2bcc Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab Date: Sat, 22 Feb 2020 10:00:01 +0100 Subject: scripts: documentation-file-ref-check: improve :doc: handling There are some issues at the script with regards to :doc: tags: - It doesn't escape files under Documentation/sphinx, leading to false positives; - It doesn't handle root URLs, like :doc:`/x86/boot`; - It doesn't output the file with a bad reference. Address those things, in order to remove false positives from the list of problems. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Jonathan Corbet --- scripts/documentation-file-ref-check | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/documentation-file-ref-check b/scripts/documentation-file-ref-check index 7784c54aa38b..997202a18ddb 100755 --- a/scripts/documentation-file-ref-check +++ b/scripts/documentation-file-ref-check @@ -51,7 +51,9 @@ open IN, "git grep ':doc:\`' Documentation/|" or die "Failed to run git grep"; while () { next if (!m,^([^:]+):.*\:doc\:\`([^\`]+)\`,); + next if (m,sphinx/,); + my $file = $1; my $d = $1; my $doc_ref = $2; @@ -60,7 +62,12 @@ while () { $d =~ s,(.*/).*,$1,; $f =~ s,.*\<([^\>]+)\>,$1,; - $f ="$d$f.rst"; + if ($f =~ m,^/,) { + $f = "$f.rst"; + $f =~ s,^/,Documentation/,; + } else { + $f = "$d$f.rst"; + } next if (grep -e, glob("$f")); @@ -69,7 +76,7 @@ while () { } $doc_fix++; - print STDERR "$f: :doc:`$doc_ref`\n"; + print STDERR "$file: :doc:`$doc_ref`\n"; } close IN; -- cgit v1.2.3 From 021622df556b7213cffec1c0713f093fc7d045e3 Mon Sep 17 00:00:00 2001 From: Stephen Kitt Date: Wed, 19 Feb 2020 16:34:42 +0100 Subject: docs: add a script to check sysctl docs This script allows sysctl documentation to be checked against the kernel source code, to identify missing or obsolete entries. Running it against 5.5 shows for example that sysctl/kernel.rst has two obsolete entries and is missing 52 entries. Signed-off-by: Stephen Kitt Signed-off-by: Jonathan Corbet --- scripts/check-sysctl-docs | 181 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 181 insertions(+) create mode 100755 scripts/check-sysctl-docs (limited to 'scripts') diff --git a/scripts/check-sysctl-docs b/scripts/check-sysctl-docs new file mode 100755 index 000000000000..8bcb9e26c7bc --- /dev/null +++ b/scripts/check-sysctl-docs @@ -0,0 +1,181 @@ +#!/usr/bin/gawk -f +# SPDX-License-Identifier: GPL-2.0 + +# Script to check sysctl documentation against source files +# +# Copyright (c) 2020 Stephen Kitt + +# Example invocation: +# scripts/check-sysctl-docs -vtable="kernel" \ +# Documentation/admin-guide/sysctl/kernel.rst \ +# $(git grep -l register_sysctl_) +# +# Specify -vdebug=1 to see debugging information + +BEGIN { + if (!table) { + print "Please specify the table to look for using the table variable" > "/dev/stderr" + exit 1 + } +} + +# The following globals are used: +# children: maps ctl_table names and procnames to child ctl_table names +# documented: maps documented entries (each key is an entry) +# entries: maps ctl_table names and procnames to counts (so +# enumerating the subkeys for a given ctl_table lists its +# procnames) +# files: maps procnames to source file names +# paths: maps ctl_path names to paths +# curpath: the name of the current ctl_path struct +# curtable: the name of the current ctl_table struct +# curentry: the name of the current proc entry (procname when parsing +# a ctl_table, constructed path when parsing a ctl_path) + + +# Remove punctuation from the given value +function trimpunct(value) { + while (value ~ /^["&]/) { + value = substr(value, 2) + } + while (value ~ /[]["&,}]$/) { + value = substr(value, 1, length(value) - 1) + } + return value +} + +# Print the information for the given entry +function printentry(entry) { + seen[entry]++ + printf "* %s from %s", entry, file[entry] + if (documented[entry]) { + printf " (documented)" + } + print "" +} + + +# Stage 1: build the list of documented entries +FNR == NR && /^=+$/ { + if (prevline ~ /Documentation for/) { + # This is the main title + next + } + + # The previous line is a section title, parse it + $0 = prevline + if (debug) print "Parsing " $0 + inbrackets = 0 + for (i = 1; i <= NF; i++) { + if (length($i) == 0) { + continue + } + if (!inbrackets && substr($i, 1, 1) == "(") { + inbrackets = 1 + } + if (!inbrackets) { + token = trimpunct($i) + if (length(token) > 0 && token != "and") { + if (debug) print trimpunct($i) + documented[trimpunct($i)]++ + } + } + if (inbrackets && substr($i, length($i), 1) == ")") { + inbrackets = 0 + } + } +} + +FNR == NR { + prevline = $0 + next +} + + +# Stage 2: process each file and find all sysctl tables +BEGINFILE { + delete children + delete entries + delete paths + curpath = "" + curtable = "" + curentry = "" + if (debug) print "Processing file " FILENAME +} + +/^static struct ctl_path/ { + match($0, /static struct ctl_path ([^][]+)/, tables) + curpath = tables[1] + if (debug) print "Processing path " curpath +} + +/^static struct ctl_table/ { + match($0, /static struct ctl_table ([^][]+)/, tables) + curtable = tables[1] + if (debug) print "Processing table " curtable +} + +/^};$/ { + curpath = "" + curtable = "" + curentry = "" +} + +curpath && /\.procname[\t ]*=[\t ]*".+"/ { + match($0, /.procname[\t ]*=[\t ]*"([^"]+)"/, names) + if (curentry) { + curentry = curentry "/" names[1] + } else { + curentry = names[1] + } + if (debug) print "Setting path " curpath " to " curentry + paths[curpath] = curentry +} + +curtable && /\.procname[\t ]*=[\t ]*".+"/ { + match($0, /.procname[\t ]*=[\t ]*"([^"]+)"/, names) + curentry = names[1] + if (debug) print "Adding entry " curentry " to table " curtable + entries[curtable][curentry]++ + file[curentry] = FILENAME +} + +/\.child[\t ]*=/ { + child = trimpunct($NF) + if (debug) print "Linking child " child " to table " curtable " entry " curentry + children[curtable][curentry] = child +} + +/register_sysctl_table\(.*\)/ { + match($0, /register_sysctl_table\(([^)]+)\)/, tables) + if (debug) print "Registering table " tables[1] + if (children[tables[1]][table]) { + for (entry in entries[children[tables[1]][table]]) { + printentry(entry) + } + } +} + +/register_sysctl_paths\(.*\)/ { + match($0, /register_sysctl_paths\(([^)]+), ([^)]+)\)/, tables) + if (debug) print "Attaching table " tables[2] " to path " tables[1] + if (paths[tables[1]] == table) { + for (entry in entries[tables[2]]) { + printentry(entry) + } + } + split(paths[tables[1]], components, "/") + if (length(components) > 1 && components[1] == table) { + # Count the first subdirectory as seen + seen[components[2]]++ + } +} + + +END { + for (entry in documented) { + if (!seen[entry]) { + print "No implementation for " entry + } + } +} -- cgit v1.2.3 From 3cd046f182aab72b922e35461b204a2b52587946 Mon Sep 17 00:00:00 2001 From: Scott Branden Date: Tue, 25 Feb 2020 12:54:26 -0800 Subject: scripts/bpf: Switch to more portable python3 shebang Change "/usr/bin/python3" to "/usr/bin/env python3" for more portable solution in bpf_helpers_doc.py. Signed-off-by: Scott Branden Signed-off-by: Daniel Borkmann Acked-by: Song Liu Link: https://lore.kernel.org/bpf/20200225205426.6975-1-scott.branden@broadcom.com --- scripts/bpf_helpers_doc.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/bpf_helpers_doc.py b/scripts/bpf_helpers_doc.py index 90baf7d70911..cebed6fb5bbb 100755 --- a/scripts/bpf_helpers_doc.py +++ b/scripts/bpf_helpers_doc.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3 +#!/usr/bin/env python3 # SPDX-License-Identifier: GPL-2.0-only # # Copyright (C) 2018-2019 Netronome Systems, Inc. -- cgit v1.2.3 From 7a04960560640ac5b0b89461f7757322b57d0c7a Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Sun, 23 Feb 2020 04:04:31 +0900 Subject: kbuild: fix DT binding schema rule to detect command line changes This if_change_rule is not working properly; it cannot detect any command line change. The reason is because cmd-check in scripts/Kbuild.include compares $(cmd_$@) and $(cmd_$1), but cmd_dtc_dt_yaml does not exist here. For if_change_rule to work properly, the stem part of cmd_* and rule_* must match. Because this cmd_and_fixdep invokes cmd_dtc, this rule must be named rule_dtc. Fixes: 4f0e3a57d6eb ("kbuild: Add support for DT binding schema checks") Signed-off-by: Masahiro Yamada Acked-by: Rob Herring --- scripts/Makefile.lib | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index bae62549e3d2..64b938c10039 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -302,13 +302,13 @@ DT_TMP_SCHEMA := $(objtree)/$(DT_BINDING_DIR)/processed-schema.yaml quiet_cmd_dtb_check = CHECK $@ cmd_dtb_check = $(DT_CHECKER) -u $(srctree)/$(DT_BINDING_DIR) -p $(DT_TMP_SCHEMA) $@ ; -define rule_dtc_dt_yaml +define rule_dtc $(call cmd_and_fixdep,dtc,yaml) $(call cmd,dtb_check) endef $(obj)/%.dt.yaml: $(src)/%.dts $(DTC) $(DT_TMP_SCHEMA) FORCE - $(call if_changed_rule,dtc_dt_yaml) + $(call if_changed_rule,dtc) dtc-tmp = $(subst $(comma),_,$(dot-target).dts.tmp) -- cgit v1.2.3 From fd63fab48f143f73b534821408a303241ed174f9 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Sun, 23 Feb 2020 04:04:32 +0900 Subject: kbuild: remove unneeded semicolon at the end of cmd_dtb_check This trailing semicolon is unneeded. Signed-off-by: Masahiro Yamada Acked-by: Rob Herring --- scripts/Makefile.lib | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 64b938c10039..752ff0a225a9 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -300,7 +300,7 @@ DT_BINDING_DIR := Documentation/devicetree/bindings DT_TMP_SCHEMA := $(objtree)/$(DT_BINDING_DIR)/processed-schema.yaml quiet_cmd_dtb_check = CHECK $@ - cmd_dtb_check = $(DT_CHECKER) -u $(srctree)/$(DT_BINDING_DIR) -p $(DT_TMP_SCHEMA) $@ ; + cmd_dtb_check = $(DT_CHECKER) -u $(srctree)/$(DT_BINDING_DIR) -p $(DT_TMP_SCHEMA) $@ define rule_dtc $(call cmd_and_fixdep,dtc,yaml) -- cgit v1.2.3 From e3e0b582c321aefd72db0e7083a0adfe285e96b5 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Mon, 24 Feb 2020 11:10:23 -0500 Subject: selinux: remove unused initial SIDs and improve handling Remove initial SIDs that have never been used or are no longer used by the kernel from its string table, which is also used to generate the SECINITSID_* symbols referenced in code. Update the code to gracefully handle the fact that these can now be NULL. Stop treating it as an error if a policy defines additional initial SIDs unknown to the kernel. Do not load unused initial SID contexts into the sidtab. Fix the incorrect usage of the name from the ocontext in error messages when loading initial SIDs since these are not presently written to the kernel policy and are therefore always NULL. After this change, it is possible to safely reclaim and reuse some of the unused initial SIDs without compatibility issues. Specifically, unused initial SIDs that were being assigned the same context as the unlabeled initial SID in policies can be reclaimed and reused for another purpose, with existing policies still treating them as having the unlabeled context and future policies having the option of mapping them to a more specific context. For example, this could have been used when the infiniband labeling support was introduced to define initial SIDs for the default pkey and endport SIDs similar to the handling of port/netif/node SIDs rather than always using SECINITSID_UNLABELED as the default. The set of safely reclaimable unused initial SIDs across all known policies is igmp_packet (13), icmp_socket (14), tcp_socket (15), kmod (24), policy (25), and scmp_packet (26); these initial SIDs were assigned the same context as unlabeled in all known policies including mls. If only considering non-mls policies (i.e. assuming that mls users always upgrade policy with their kernels), the set of safely reclaimable unused initial SIDs further includes file_labels (6), init (7), sysctl_modprobe (16), and sysctl_fs (18) through sysctl_dev (23). Adding new initial SIDs beyond SECINITSID_NUM to policy unfortunately became a fatal error in commit 24ed7fdae669 ("selinux: use separate table for initial SID lookup") and even before that it could cause problems on a policy reload (collision between the new initial SID and one allocated at runtime) ever since commit 42596eafdd75 ("selinux: load the initial SIDs upon every policy load") so we cannot safely start adding new initial SIDs to policies beyond SECINITSID_NUM (27) until such a time as all such kernels do not need to be supported and only those that include this commit are relevant. That is not a big deal since we haven't added a new initial SID since 2004 (v2.6.7) and we have plenty of unused ones we can reclaim if we truly need one. If we want to avoid the wasted storage in initial_sid_to_string[] and/or sidtab->isids[] for the unused initial SIDs, we could introduce an indirection between the kernel initial SID values and the policy initial SID values and just map the policy SID values in the ocontexts to the kernel values during policy_load_isids(). Originally I thought we'd do this by preserving the initial SID names in the kernel policy and creating a mapping at load time like we do for the security classes and permissions but that would require a new kernel policy format version and associated changes to libsepol/checkpolicy and I'm not sure it is justified. Simpler approach is just to create a fixed mapping table in the kernel from the existing fixed policy values to the kernel values. Less flexible but probably sufficient. A separate selinux userspace change was applied in https://github.com/SELinuxProject/selinux/commit/8677ce5e8f592950ae6f14cea1b68a20ddc1ac25 to enable removal of most of the unused initial SID contexts from policies, but there is no dependency between that change and this one. That change permits removing all of the unused initial SID contexts from policy except for the fs and sysctl SID contexts. The initial SID declarations themselves would remain in policy to preserve the values of subsequent ones but the contexts can be dropped. If/when the kernel decides to reuse one of them, future policies can change the name and start assigning a context again without breaking compatibility. Here is how I would envision staging changes to the initial SIDs in a compatible manner after this commit is applied: 1. At any time after this commit is applied, the kernel could choose to reclaim one of the safely reclaimable unused initial SIDs listed above for a new purpose (i.e. replace its NULL entry in the initial_sid_to_string[] table with a new name and start using the newly generated SECINITSID_name symbol in code), and refpolicy could at that time rename its declaration of that initial SID to reflect its new purpose and start assigning it a context going forward. Existing/old policies would map the reclaimed initial SID to the unlabeled context, so that would be the initial default behavior until policies are updated. This doesn't depend on the selinux userspace change; it will work with existing policies and userspace. 2. In 6 months or so we'll have another SELinux userspace release that will include the libsepol/checkpolicy support for omitting unused initial SID contexts. 3. At any time after that release, refpolicy can make that release its minimum build requirement and drop the sid context statements (but not the sid declarations) for all of the unused initial SIDs except for fs and sysctl, which must remain for compatibility on policy reload with old kernels and for compatibility with kernels that were still using SECINITSID_SYSCTL (< 2.6.39). This doesn't depend on this kernel commit; it will work with previous kernels as well. 4. After N years for some value of N, refpolicy decides that it no longer cares about policy reload compatibility for kernels that predate this kernel commit, and refpolicy drops the fs and sysctl SID contexts from policy too (but retains the declarations). 5. After M years for some value of M, the kernel decides that it no longer cares about compatibility with refpolicies that predate step 4 (dropping the fs and sysctl SIDs), and those two SIDs also become safely reclaimable. This step is optional and need not ever occur unless we decide that the need to reclaim those two SIDs outweighs the compatibility cost. 6. After O years for some value of O, refpolicy decides that it no longer cares about policy load (not just reload) compatibility for kernels that predate this kernel commit, and both kernel and refpolicy can then start adding and using new initial SIDs beyond 27. This does not depend on the previous change (step 5) and can occur independent of it. Fixes: https://github.com/SELinuxProject/selinux-kernel/issues/12 Signed-off-by: Stephen Smalley Signed-off-by: Paul Moore --- scripts/selinux/genheaders/genheaders.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'scripts') diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c index 544ca126a8a8..f355b3e0e968 100644 --- a/scripts/selinux/genheaders/genheaders.c +++ b/scripts/selinux/genheaders/genheaders.c @@ -67,8 +67,12 @@ int main(int argc, char *argv[]) } isids_len = sizeof(initial_sid_to_string) / sizeof (char *); - for (i = 1; i < isids_len; i++) - initial_sid_to_string[i] = stoupperx(initial_sid_to_string[i]); + for (i = 1; i < isids_len; i++) { + const char *s = initial_sid_to_string[i]; + + if (s) + initial_sid_to_string[i] = stoupperx(s); + } fprintf(fout, "/* This file is automatically generated. Do not edit. */\n"); fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n"); @@ -82,7 +86,8 @@ int main(int argc, char *argv[]) for (i = 1; i < isids_len; i++) { const char *s = initial_sid_to_string[i]; - fprintf(fout, "#define SECINITSID_%-39s %2d\n", s, i); + if (s) + fprintf(fout, "#define SECINITSID_%-39s %2d\n", s, i); } fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1); fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n"); -- cgit v1.2.3 From 1ce589ad3933aa15c1a2abbb5b5e3ad5de330423 Mon Sep 17 00:00:00 2001 From: Boris Brezillon Date: Thu, 27 Feb 2020 12:31:08 +0100 Subject: i3c: Generate aliases for i3c modules This part was missing, thus preventing user space from loading modules automatically when MODALIAS uevents are received. Signed-off-by: Boris Brezillon Signed-off-by: Vitor Soares Link: https://lore.kernel.org/linux-i3c/79687073b915182e06fccfb18adcedfd0fadbc99.1582796652.git.vitor.soares@synopsys.com --- scripts/mod/devicetable-offsets.c | 7 +++++++ scripts/mod/file2alias.c | 19 +++++++++++++++++++ 2 files changed, 26 insertions(+) (limited to 'scripts') diff --git a/scripts/mod/devicetable-offsets.c b/scripts/mod/devicetable-offsets.c index 054405b90ba4..d3c237b9b7c0 100644 --- a/scripts/mod/devicetable-offsets.c +++ b/scripts/mod/devicetable-offsets.c @@ -145,6 +145,13 @@ int main(void) DEVID(i2c_device_id); DEVID_FIELD(i2c_device_id, name); + DEVID(i3c_device_id); + DEVID_FIELD(i3c_device_id, match_flags); + DEVID_FIELD(i3c_device_id, dcr); + DEVID_FIELD(i3c_device_id, manuf_id); + DEVID_FIELD(i3c_device_id, part_id); + DEVID_FIELD(i3c_device_id, extra_info); + DEVID(spi_device_id); DEVID_FIELD(spi_device_id, name); diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c index c91eba751804..f81cbe021a47 100644 --- a/scripts/mod/file2alias.c +++ b/scripts/mod/file2alias.c @@ -919,6 +919,24 @@ static int do_i2c_entry(const char *filename, void *symval, return 1; } +static int do_i3c_entry(const char *filename, void *symval, + char *alias) +{ + DEF_FIELD(symval, i3c_device_id, match_flags); + DEF_FIELD(symval, i3c_device_id, dcr); + DEF_FIELD(symval, i3c_device_id, manuf_id); + DEF_FIELD(symval, i3c_device_id, part_id); + DEF_FIELD(symval, i3c_device_id, extra_info); + + strcpy(alias, "i3c:"); + ADD(alias, "dcr", match_flags & I3C_MATCH_DCR, dcr); + ADD(alias, "manuf", match_flags & I3C_MATCH_MANUF, manuf_id); + ADD(alias, "part", match_flags & I3C_MATCH_PART, part_id); + ADD(alias, "ext", match_flags & I3C_MATCH_EXTRA_INFO, extra_info); + + return 1; +} + /* Looks like: spi:S */ static int do_spi_entry(const char *filename, void *symval, char *alias) @@ -1386,6 +1404,7 @@ static const struct devtable devtable[] = { {"vmbus", SIZE_hv_vmbus_device_id, do_vmbus_entry}, {"rpmsg", SIZE_rpmsg_device_id, do_rpmsg_entry}, {"i2c", SIZE_i2c_device_id, do_i2c_entry}, + {"i3c", SIZE_i3c_device_id, do_i3c_entry}, {"spi", SIZE_spi_device_id, do_spi_entry}, {"dmi", SIZE_dmi_system_id, do_dmi_entry}, {"platform", SIZE_platform_device_id, do_platform_entry}, -- cgit v1.2.3 From f84fdf8df1c15f1e66478340bf0da5449f30a0af Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Sat, 15 Feb 2020 16:50:20 +0900 Subject: kbuild: remove the owner check in mkcompile_h This reverts a very old commit, which dates back to the pre-git era: |commit 5d1cfb5b12f72145d30ba0f53c9f238144b122b8 |Author: Kai Germaschewski |Date: Sat Jul 27 02:53:19 2002 -0500 | | kbuild: Fix compiling/installing as different users | | "make bzImage && sudo make install" had the problem that during | the "sudo make install" the build system would notice that the information | in include/linux/compile.h is not accurate (it says "compiled by ", | but we are root), thus causing compile.h to be updated and leading to | some recompiles. | | We now only update "compile.h" if the current user is the owner of | include/linux/autoconf.h, i.e. the user who did the "make *config". So the | above sequence will correctly state "compiled by ". | |diff --git a/scripts/mkcompile_h b/scripts/mkcompile_h |index 6313db96172..cd956380978 100755 |--- a/scripts/mkcompile_h |+++ b/scripts/mkcompile_h |@@ -3,6 +3,17 @@ ARCH=$2 | SMP=$3 | CC=$4 | |+# If compile.h exists already and we don't own autoconf.h |+# (i.e. we're not the same user who did make *config), don't |+# modify compile.h |+# So "sudo make install" won't change the "compiled by " |+# do "compiled by root" |+ |+if [ -r $TARGET -a ! -O ../include/linux/autoconf.h ]; then |+ echo ' (not modified)' |+ exit 0 |+fi |+ | if [ -r ../.version ]; then | VERSION=`cat ../.version` | else The 'make bzImage && sudo make install' problem no longer happens because commit 1648e4f80506 ("x86, kbuild: make "make install" not depend on vmlinux") fixed the root cause. Commit 19514fc665ff ("arm, kbuild: make "make install" not depend on vmlinux") fixed the similar issue on ARM, with detailed explanation. So, the rule is that the installation targets should never trigger the builds of any build artifact. By following it, this check is unneeded. Signed-off-by: Masahiro Yamada --- scripts/mkcompile_h | 11 ----------- 1 file changed, 11 deletions(-) (limited to 'scripts') diff --git a/scripts/mkcompile_h b/scripts/mkcompile_h index 3a5a4b210c86..3ff26e5b2eac 100755 --- a/scripts/mkcompile_h +++ b/scripts/mkcompile_h @@ -10,17 +10,6 @@ CC=$6 vecho() { [ "${quiet}" = "silent_" ] || echo "$@" ; } -# If compile.h exists already and we don't own autoconf.h -# (i.e. we're not the same user who did make *config), don't -# modify compile.h -# So "sudo make install" won't change the "compiled by " -# do "compiled by root" - -if [ -r $TARGET -a ! -O include/generated/autoconf.h ]; then - vecho " SKIPPED $TARGET" - exit 0 -fi - # Do not expand names set -f -- cgit v1.2.3 From 87d660f08520ccde8569a2202ff346b376011663 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Tue, 18 Feb 2020 18:58:59 +0900 Subject: fixdep: remove unneeded code and comments about *.ver files This is probably stale code. In old days (~ Linux 2.5.59), Kbuild made genksyms generate include/linux/modules/*.ver files. The currenct Kbuild does not generate *.ver files at all. Signed-off-by: Masahiro Yamada --- scripts/basic/fixdep.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'scripts') diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c index 9ba47b0a47b9..ad2041817985 100644 --- a/scripts/basic/fixdep.c +++ b/scripts/basic/fixdep.c @@ -77,11 +77,6 @@ * dependencies on include/config/my/option.h for every * CONFIG_MY_OPTION encountered in any of the prerequisites. * - * It will also filter out all the dependencies on *.ver. We need - * to make sure that the generated version checksum are globally up - * to date before even starting the recursive build, so it's too late - * at this point anyway. - * * We don't even try to really parse the header files, but * merely grep, i.e. if CONFIG_FOO is mentioned in a comment, it will * be picked up as well. It's not a problem with respect to @@ -299,8 +294,7 @@ static void *read_file(const char *filename) static int is_ignored_file(const char *s, int len) { return str_ends_with(s, len, "include/generated/autoconf.h") || - str_ends_with(s, len, "include/generated/autoksyms.h") || - str_ends_with(s, len, ".ver"); + str_ends_with(s, len, "include/generated/autoksyms.h"); } /* -- cgit v1.2.3 From 3f9070a67a94a2765e99adf0913c30b683a1b840 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Tue, 18 Feb 2020 19:00:31 +0900 Subject: fixdep: remove redundant null character check If *q is '\0', the condition (isalnum(*q) || *q == '_') is false anyway. It is redundant to ensure non-zero *q. Signed-off-by: Masahiro Yamada --- scripts/basic/fixdep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c index ad2041817985..877ca2c88246 100644 --- a/scripts/basic/fixdep.c +++ b/scripts/basic/fixdep.c @@ -246,7 +246,7 @@ static void parse_config_file(const char *p) } p += 7; q = p; - while (*q && (isalnum(*q) || *q == '_')) + while (isalnum(*q) || *q == '_') q++; if (str_ends_with(p, q - p, "_MODULE")) r = q - 7; -- cgit v1.2.3 From c428cd52282dcc967b2a936d80f1eec4cb80d6d5 Mon Sep 17 00:00:00 2001 From: Tim Bird Date: Mon, 24 Feb 2020 18:34:41 -0700 Subject: scripts/sphinx-pre-install: add '-p python3' to virtualenv With Ubuntu 16.04 (and presumably Debian distros of the same age), the instructions for setting up a python virtual environment should do so with the python 3 interpreter. On these older distros, the default python (and virtualenv command) might be python2 based. Some of the packages that sphinx relies on are now only available for python3. If you don't specify the python3 interpreter for the virtualenv, you get errors when doing the pip installs for various packages Fix this by adding '-p python3' to the virtualenv recommendation line. Signed-off-by: Tim Bird Link: https://lore.kernel.org/r/1582594481-23221-1-git-send-email-tim.bird@sony.com Signed-off-by: Jonathan Corbet --- scripts/sphinx-pre-install | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/sphinx-pre-install b/scripts/sphinx-pre-install index a8f0c002a340..fa3fb05cd54b 100755 --- a/scripts/sphinx-pre-install +++ b/scripts/sphinx-pre-install @@ -701,11 +701,26 @@ sub check_needs() } else { my $rec_activate = "$virtenv_dir/bin/activate"; my $virtualenv = findprog("virtualenv-3"); + my $rec_python3 = ""; $virtualenv = findprog("virtualenv-3.5") if (!$virtualenv); $virtualenv = findprog("virtualenv") if (!$virtualenv); $virtualenv = "virtualenv" if (!$virtualenv); - printf "\t$virtualenv $virtenv_dir\n"; + my $rel = ""; + if (index($system_release, "Ubuntu") != -1) { + $rel = $1 if ($system_release =~ /Ubuntu\s+(\d+)[.]/); + if ($rel && $rel >= 16) { + $rec_python3 = " -p python3"; + } + } + if (index($system_release, "Debian") != -1) { + $rel = $1 if ($system_release =~ /Debian\s+(\d+)/); + if ($rel && $rel >= 7) { + $rec_python3 = " -p python3"; + } + } + + printf "\t$virtualenv$rec_python3 $virtenv_dir\n"; printf "\t. $rec_activate\n"; printf "\tpip install -r $requirement_file\n"; deactivate_help(); -- cgit v1.2.3 From 2a86f6612164a10a3cdb6a499bddf329c4d69f84 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Fri, 28 Feb 2020 12:46:40 +0900 Subject: kbuild: use KBUILD_DEFCONFIG as the fallback for DEFCONFIG_LIST Most of the Kconfig commands (except defconfig and all*config) read the .config file as a base set of CONFIG options. When it does not exist, the files in DEFCONFIG_LIST are searched in this order and loaded if found. I do not see much sense in the last two lines in DEFCONFIG_LIST. [1] ARCH_DEFCONFIG The entry for DEFCONFIG_LIST is guarded by 'depends on !UML'. So, the ARCH_DEFCONFIG definition in arch/x86/um/Kconfig is meaningless. arch/{sh,sparc,x86}/Kconfig define ARCH_DEFCONFIG depending on 32 or 64 bit variant symbols. This is a little bit strange; ARCH_DEFCONFIG should be a fixed string because the base config file is loaded before the symbol evaluation stage. Using KBUILD_DEFCONFIG makes more sense because it is fixed before Kconfig is invoked. Fortunately, arch/{sh,sparc,x86}/Makefile define it in the same way, and it works as expected. Hence, replace ARCH_DEFCONFIG with "arch/$(SRCARCH)/configs/$(KBUILD_DEFCONFIG)". [2] arch/$(ARCH)/defconfig This file path is no longer valid. The defconfig files are always located in the arch configs/ directories. $ find arch -name defconfig | sort arch/alpha/configs/defconfig arch/arm64/configs/defconfig arch/csky/configs/defconfig arch/nds32/configs/defconfig arch/riscv/configs/defconfig arch/s390/configs/defconfig arch/unicore32/configs/defconfig The path arch/*/configs/defconfig is already covered by "arch/$(SRCARCH)/configs/$(KBUILD_DEFCONFIG)". So, this file path is not necessary. I moved the default KBUILD_DEFCONFIG to the top Makefile. Otherwise, the 7 architectures listed above would end up with endless loop of syncconfig. Signed-off-by: Masahiro Yamada --- scripts/kconfig/Makefile | 4 ---- 1 file changed, 4 deletions(-) (limited to 'scripts') diff --git a/scripts/kconfig/Makefile b/scripts/kconfig/Makefile index 5887ceb6229e..c9d0a4a8efb3 100644 --- a/scripts/kconfig/Makefile +++ b/scripts/kconfig/Makefile @@ -12,10 +12,6 @@ else Kconfig := Kconfig endif -ifndef KBUILD_DEFCONFIG -KBUILD_DEFCONFIG := defconfig -endif - ifeq ($(quiet),silent_) silent := -s endif -- cgit v1.2.3 From 1518c633df78185f5cbd7322b52ef06358febac3 Mon Sep 17 00:00:00 2001 From: Quentin Perret Date: Fri, 28 Feb 2020 17:20:13 +0000 Subject: kbuild: allow symbol whitelisting with TRIM_UNUSED_KSYMS CONFIG_TRIM_UNUSED_KSYMS currently removes all unused exported symbols from ksymtab. This works really well when using in-tree drivers, but cannot be used in its current form if some of them are out-of-tree. Indeed, even if the list of symbols required by out-of-tree drivers is known at compile time, the only solution today to guarantee these don't get trimmed is to set CONFIG_TRIM_UNUSED_KSYMS=n. This not only wastes space, but also makes it difficult to control the ABI usable by vendor modules in distribution kernels such as Android. Being able to control the kernel ABI surface is particularly useful to ship a unique Generic Kernel Image (GKI) for all vendors, which is a first step in the direction of getting all vendors to contribute their code upstream. As such, attempt to improve the situation by enabling users to specify a symbol 'whitelist' at compile time. Any symbol specified in this whitelist will be kept exported when CONFIG_TRIM_UNUSED_KSYMS is set, even if it has no in-tree user. The whitelist is defined as a simple text file, listing symbols, one per line. Acked-by: Jessica Yu Acked-by: Nicolas Pitre Tested-by: Matthias Maennich Reviewed-by: Matthias Maennich Signed-off-by: Quentin Perret Signed-off-by: Masahiro Yamada --- scripts/adjust_autoksyms.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'scripts') diff --git a/scripts/adjust_autoksyms.sh b/scripts/adjust_autoksyms.sh index a904bf1f5e67..212ba45595d3 100755 --- a/scripts/adjust_autoksyms.sh +++ b/scripts/adjust_autoksyms.sh @@ -38,6 +38,17 @@ esac # We need access to CONFIG_ symbols . include/config/auto.conf +ksym_wl=/dev/null +if [ -n "$CONFIG_UNUSED_KSYMS_WHITELIST" ]; then + # Use 'eval' to expand the whitelist path and check if it is relative + eval ksym_wl="$CONFIG_UNUSED_KSYMS_WHITELIST" + [ "${ksym_wl}" != "${ksym_wl#/}" ] || ksym_wl="$abs_srctree/$ksym_wl" + if [ ! -f "$ksym_wl" ] || [ ! -r "$ksym_wl" ]; then + echo "ERROR: '$ksym_wl' whitelist file not found" >&2 + exit 1 + fi +fi + # Generate a new ksym list file with symbols needed by the current # set of modules. cat > "$new_ksyms_file" << EOT @@ -48,6 +59,7 @@ cat > "$new_ksyms_file" << EOT EOT sed 's/ko$/mod/' modules.order | xargs -n1 sed -n -e '2{s/ /\n/g;/^$/!p;}' -- | +cat - "$ksym_wl" | sort -u | sed -e 's/\(.*\)/#define __KSYM_\1 1/' >> "$new_ksyms_file" -- cgit v1.2.3 From cd195bc4775a5c07620bbb6fc19c4fa254b62b19 Mon Sep 17 00:00:00 2001 From: Quentin Perret Date: Fri, 28 Feb 2020 17:20:14 +0000 Subject: kbuild: split adjust_autoksyms.sh in two parts In order to prepare the ground for a build-time optimization, split adjust_autoksyms.sh into two scripts: one that generates autoksyms.h based on all currently available information (whitelist, and .mod files), and the other to inspect the diff between two versions of autoksyms.h and trigger appropriate rebuilds. Acked-by: Nicolas Pitre Tested-by: Matthias Maennich Reviewed-by: Matthias Maennich Signed-off-by: Quentin Perret Signed-off-by: Masahiro Yamada --- scripts/adjust_autoksyms.sh | 36 ++++---------------------------- scripts/gen_autoksyms.sh | 51 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 32 deletions(-) create mode 100755 scripts/gen_autoksyms.sh (limited to 'scripts') diff --git a/scripts/adjust_autoksyms.sh b/scripts/adjust_autoksyms.sh index 212ba45595d3..2b366d945ccb 100755 --- a/scripts/adjust_autoksyms.sh +++ b/scripts/adjust_autoksyms.sh @@ -1,14 +1,13 @@ #!/bin/sh # SPDX-License-Identifier: GPL-2.0-only -# Script to create/update include/generated/autoksyms.h and dependency files +# Script to update include/generated/autoksyms.h and dependency files # # Copyright: (C) 2016 Linaro Limited # Created by: Nicolas Pitre, January 2016 # -# Create/update the include/generated/autoksyms.h file from the list -# of all module's needed symbols as recorded on the second line of *.mod files. +# Update the include/generated/autoksyms.h file. # # For each symbol being added or removed, the corresponding dependency # file's timestamp is updated to force a rebuild of the affected source @@ -38,35 +37,8 @@ esac # We need access to CONFIG_ symbols . include/config/auto.conf -ksym_wl=/dev/null -if [ -n "$CONFIG_UNUSED_KSYMS_WHITELIST" ]; then - # Use 'eval' to expand the whitelist path and check if it is relative - eval ksym_wl="$CONFIG_UNUSED_KSYMS_WHITELIST" - [ "${ksym_wl}" != "${ksym_wl#/}" ] || ksym_wl="$abs_srctree/$ksym_wl" - if [ ! -f "$ksym_wl" ] || [ ! -r "$ksym_wl" ]; then - echo "ERROR: '$ksym_wl' whitelist file not found" >&2 - exit 1 - fi -fi - -# Generate a new ksym list file with symbols needed by the current -# set of modules. -cat > "$new_ksyms_file" << EOT -/* - * Automatically generated file; DO NOT EDIT. - */ - -EOT -sed 's/ko$/mod/' modules.order | -xargs -n1 sed -n -e '2{s/ /\n/g;/^$/!p;}' -- | -cat - "$ksym_wl" | -sort -u | -sed -e 's/\(.*\)/#define __KSYM_\1 1/' >> "$new_ksyms_file" - -# Special case for modversions (see modpost.c) -if [ -n "$CONFIG_MODVERSIONS" ]; then - echo "#define __KSYM_module_layout 1" >> "$new_ksyms_file" -fi +# Generate a new symbol list file +$CONFIG_SHELL $srctree/scripts/gen_autoksyms.sh "$new_ksyms_file" # Extract changes between old and new list and touch corresponding # dependency files. diff --git a/scripts/gen_autoksyms.sh b/scripts/gen_autoksyms.sh new file mode 100755 index 000000000000..ef46200c366b --- /dev/null +++ b/scripts/gen_autoksyms.sh @@ -0,0 +1,51 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0-only + +# Create an autoksyms.h header file from the list of all module's needed symbols +# as recorded on the second line of *.mod files and the user-provided symbol +# whitelist. + +set -e + +output_file="$1" + +# Use "make V=1" to debug this script. +case "$KBUILD_VERBOSE" in +*1*) + set -x + ;; +esac + +# We need access to CONFIG_ symbols +. include/config/auto.conf + +ksym_wl=/dev/null +if [ -n "$CONFIG_UNUSED_KSYMS_WHITELIST" ]; then + # Use 'eval' to expand the whitelist path and check if it is relative + eval ksym_wl="$CONFIG_UNUSED_KSYMS_WHITELIST" + [ "${ksym_wl}" != "${ksym_wl#/}" ] || ksym_wl="$abs_srctree/$ksym_wl" + if [ ! -f "$ksym_wl" ] || [ ! -r "$ksym_wl" ]; then + echo "ERROR: '$ksym_wl' whitelist file not found" >&2 + exit 1 + fi +fi + +# Generate a new ksym list file with symbols needed by the current +# set of modules. +cat > "$output_file" << EOT +/* + * Automatically generated file; DO NOT EDIT. + */ + +EOT + +sed 's/ko$/mod/' modules.order | +xargs -n1 sed -n -e '2{s/ /\n/g;/^$/!p;}' -- | +cat - "$ksym_wl" | +sort -u | +sed -e 's/\(.*\)/#define __KSYM_\1 1/' >> "$output_file" + +# Special case for modversions (see modpost.c) +if [ -n "$CONFIG_MODVERSIONS" ]; then + echo "#define __KSYM_module_layout 1" >> "$output_file" +fi -- cgit v1.2.3 From 88694cff4952dba60227f421884ff4140d296900 Mon Sep 17 00:00:00 2001 From: Quentin Perret Date: Fri, 28 Feb 2020 17:20:15 +0000 Subject: kbuild: generate autoksyms.h early When doing a cold build, autoksyms.h starts empty, and is updated late in the build process to have visibility over the symbols used by in-tree drivers. But since the symbol whitelist is known upfront, it can be used to pre-populate autoksyms.h and maximize the amount of code that can be compiled to its final state in a single pass, hence reducing build time. Do this by using gen_autoksyms.sh to initialize autoksyms.h instead of creating an empty file. Acked-by: Nicolas Pitre Tested-by: Matthias Maennich Reviewed-by: Matthias Maennich Signed-off-by: Quentin Perret Signed-off-by: Masahiro Yamada --- scripts/gen_autoksyms.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/gen_autoksyms.sh b/scripts/gen_autoksyms.sh index ef46200c366b..16c0b2ddaa4c 100755 --- a/scripts/gen_autoksyms.sh +++ b/scripts/gen_autoksyms.sh @@ -39,7 +39,8 @@ cat > "$output_file" << EOT EOT -sed 's/ko$/mod/' modules.order | +[ -f modules.order ] && modlist=modules.order || modlist=/dev/null +sed 's/ko$/mod/' $modlist | xargs -n1 sed -n -e '2{s/ /\n/g;/^$/!p;}' -- | cat - "$ksym_wl" | sort -u | -- cgit v1.2.3 From 2ba06cd8565b5b3dee33a9ca24cf86a906d051d1 Mon Sep 17 00:00:00 2001 From: Rob Herring Date: Fri, 28 Feb 2020 18:37:30 -0600 Subject: kbuild: Always validate DT binding examples Most folks only run dt_binding_check on the single schema they care about by setting DT_SCHEMA_FILES. That means example is only checked against that one schema which is not always sufficient. Let's address this by splitting processed-schema.yaml into 2 files: one that's always all schemas for the examples and one that's just the schema in DT_SCHEMA_FILES for dtbs. Co-developed-by: Masahiro Yamada Signed-off-by: Rob Herring Signed-off-by: Masahiro Yamada --- scripts/Makefile.lib | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 752ff0a225a9..97547108ee7f 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -297,7 +297,8 @@ $(obj)/%.dtb: $(src)/%.dts $(DTC) FORCE DT_CHECKER ?= dt-validate DT_BINDING_DIR := Documentation/devicetree/bindings -DT_TMP_SCHEMA := $(objtree)/$(DT_BINDING_DIR)/processed-schema.yaml +# DT_TMP_SCHEMA may be overridden from Documentation/devicetree/bindings/Makefile +DT_TMP_SCHEMA ?= $(objtree)/$(DT_BINDING_DIR)/processed-schema.yaml quiet_cmd_dtb_check = CHECK $@ cmd_dtb_check = $(DT_CHECKER) -u $(srctree)/$(DT_BINDING_DIR) -p $(DT_TMP_SCHEMA) $@ -- cgit v1.2.3 From af73d78bd384aa9b8789aa6e7ddbb165f971276f Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 3 Mar 2020 18:18:34 -0800 Subject: kbuild: Remove debug info from kallsyms linking When CONFIG_DEBUG_INFO is enabled, the two kallsyms linking steps spend time collecting and writing the dwarf sections to the temporary output files. kallsyms does not need this information, and leaving it off halves their linking time. This is especially noticeable without CONFIG_DEBUG_INFO_REDUCED. The BTF linking stage, however, does still need those details. Refactor the BTF and kallsyms generation stages slightly for more regularized temporary names. Skip debug during kallsyms links. Additionally move "info BTF" to the correct place since commit 8959e39272d6 ("kbuild: Parameterize kallsyms generation and correct reporting"), which added "info LD ..." to vmlinux_link calls. For a full debug info build with BTF, my link time goes from 1m06s to 0m54s, saving about 12 seconds, or 18%. Signed-off-by: Kees Cook Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko Link: https://lore.kernel.org/bpf/202003031814.4AEA3351@keescook --- scripts/link-vmlinux.sh | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) (limited to 'scripts') diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh index dd484e92752e..ac569e197bfa 100755 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh @@ -63,12 +63,18 @@ vmlinux_link() local lds="${objtree}/${KBUILD_LDS}" local output=${1} local objects + local strip_debug info LD ${output} # skip output file argument shift + # The kallsyms linking does not need debug symbols included. + if [ "$output" != "${output#.tmp_vmlinux.kallsyms}" ] ; then + strip_debug=-Wl,--strip-debug + fi + if [ "${SRCARCH}" != "um" ]; then objects="--whole-archive \ ${KBUILD_VMLINUX_OBJS} \ @@ -79,6 +85,7 @@ vmlinux_link() ${@}" ${LD} ${KBUILD_LDFLAGS} ${LDFLAGS_vmlinux} \ + ${strip_debug#-Wl,} \ -o ${output} \ -T ${lds} ${objects} else @@ -91,6 +98,7 @@ vmlinux_link() ${@}" ${CC} ${CFLAGS_vmlinux} \ + ${strip_debug} \ -o ${output} \ -Wl,-T,${lds} \ ${objects} \ @@ -106,6 +114,8 @@ gen_btf() { local pahole_ver local bin_arch + local bin_format + local bin_file if ! [ -x "$(command -v ${PAHOLE})" ]; then echo >&2 "BTF: ${1}: pahole (${PAHOLE}) is not available" @@ -118,8 +128,9 @@ gen_btf() return 1 fi - info "BTF" ${2} vmlinux_link ${1} + + info "BTF" ${2} LLVM_OBJCOPY=${OBJCOPY} ${PAHOLE} -J ${1} # dump .BTF section into raw binary file to link with final vmlinux @@ -127,11 +138,12 @@ gen_btf() cut -d, -f1 | cut -d' ' -f2) bin_format=$(LANG=C ${OBJDUMP} -f ${1} | grep 'file format' | \ awk '{print $4}') + bin_file=.btf.vmlinux.bin ${OBJCOPY} --change-section-address .BTF=0 \ --set-section-flags .BTF=alloc -O binary \ - --only-section=.BTF ${1} .btf.vmlinux.bin + --only-section=.BTF ${1} $bin_file ${OBJCOPY} -I binary -O ${bin_format} -B ${bin_arch} \ - --rename-section .data=.BTF .btf.vmlinux.bin ${2} + --rename-section .data=.BTF $bin_file ${2} } # Create ${2} .o file with all symbols from the ${1} object file @@ -166,8 +178,8 @@ kallsyms() kallsyms_step() { kallsymso_prev=${kallsymso} - kallsymso=.tmp_kallsyms${1}.o - kallsyms_vmlinux=.tmp_vmlinux${1} + kallsyms_vmlinux=.tmp_vmlinux.kallsyms${1} + kallsymso=${kallsyms_vmlinux}.o vmlinux_link ${kallsyms_vmlinux} "${kallsymso_prev}" ${btf_vmlinux_bin_o} kallsyms ${kallsyms_vmlinux} ${kallsymso} @@ -190,7 +202,6 @@ cleanup() { rm -f .btf.* rm -f .tmp_System.map - rm -f .tmp_kallsyms* rm -f .tmp_vmlinux* rm -f System.map rm -f vmlinux @@ -257,9 +268,8 @@ tr '\0' '\n' < modules.builtin.modinfo | sed -n 's/^[[:alnum:]:_]*\.file=//p' | btf_vmlinux_bin_o="" if [ -n "${CONFIG_DEBUG_INFO_BTF}" ]; then - if gen_btf .tmp_vmlinux.btf .btf.vmlinux.bin.o ; then - btf_vmlinux_bin_o=.btf.vmlinux.bin.o - else + btf_vmlinux_bin_o=.btf.vmlinux.bin.o + if ! gen_btf .tmp_vmlinux.btf $btf_vmlinux_bin_o ; then echo >&2 "Failed to generate BTF for vmlinux" echo >&2 "Try to disable CONFIG_DEBUG_INFO_BTF" exit 1 -- cgit v1.2.3 From 611d61f9ac99dc9e1494473fb90117a960a89dfa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonathan=20Neusch=C3=A4fer?= Date: Fri, 6 Mar 2020 23:13:11 +0100 Subject: parse-maintainers: Mark as executable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This makes the script more convenient to run. Signed-off-by: Jonathan Neuschäfer Signed-off-by: Linus Torvalds --- scripts/parse-maintainers.pl | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 scripts/parse-maintainers.pl (limited to 'scripts') diff --git a/scripts/parse-maintainers.pl b/scripts/parse-maintainers.pl old mode 100644 new mode 100755 -- cgit v1.2.3 From 2b4cbd5c950525b6d4d2cd384dcefdd95fedabe3 Mon Sep 17 00:00:00 2001 From: Jonathan Corbet Date: Mon, 2 Mar 2020 15:24:04 -0700 Subject: docs: move gcc-plugins to the kbuild manual Information about GCC plugins is relevant to kernel building, so move this document to the kbuild manual. Acked-by: Masahiro Yamada Signed-off-by: Jonathan Corbet --- scripts/gcc-plugins/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig index e3569543bdac..f8ca236d6165 100644 --- a/scripts/gcc-plugins/Kconfig +++ b/scripts/gcc-plugins/Kconfig @@ -23,7 +23,7 @@ menuconfig GCC_PLUGINS GCC plugins are loadable modules that provide extra features to the compiler. They are useful for runtime instrumentation and static analysis. - See Documentation/core-api/gcc-plugins.rst for details. + See Documentation/kbuild/gcc-plugins.rst for details. if GCC_PLUGINS -- cgit v1.2.3 From 8cc4fd73501d9f1370c3eebb70cfe8cc9e24062b Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Tue, 10 Mar 2020 19:12:49 +0900 Subject: kconfig: introduce m32-flag and m64-flag When a compiler supports multiple architectures, some compiler features can be dependent on the target architecture. This is typical for Clang, which supports multiple LLVM backends. Even for GCC, we need to take care of biarch compiler cases. It is not a problem when we evaluate cc-option in Makefiles because cc-option is tested against the flag in question + $(KBUILD_CFLAGS). The cc-option in Kconfig, on the other hand, does not accumulate tested flags. Due to this simplification, it could potentially test cc-option against a different target. At first, Kconfig always evaluated cc-option against the host architecture. Since commit e8de12fb7cde ("kbuild: Check for unknown options with cc-option usage in Kconfig and clang"), in case of cross-compiling with Clang, the target triple is correctly passed to Kconfig. The case with biarch GCC (and native build with Clang) is still not handled properly. We need to pass some flags to specify the target machine bit. Due to the design, all the macros in Kconfig are expanded in the parse stage, where we do not know the target bit size yet. For example, arch/x86/Kconfig allows a user to toggle CONFIG_64BIT. If a compiler flag -foo depends on the machine bit, it must be tested twice, one with -m32 and the other with -m64. However, -m32/-m64 are not always recognized. So, this commits adds m64-flag and m32-flag macros. They expand to -m32, -m64, respectively if supported. Or, they expand to an empty string if unsupported. The typical usage is like this: config FOO bool default $(cc-option,$(m64-flag) -foo) if 64BIT default $(cc-option,$(m32-flag) -foo) This is clumsy, but there is no elegant way to handle this in the current static macro expansion. There was discussion for static functions vs dynamic functions. The consensus was to go as far as possible with the static functions. (https://lkml.org/lkml/2018/3/2/22) Signed-off-by: Masahiro Yamada Tested-by: George Spelvin Reviewed-by: Nathan Chancellor --- scripts/Kconfig.include | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'scripts') diff --git a/scripts/Kconfig.include b/scripts/Kconfig.include index 85334dc8c997..496d11c92c97 100644 --- a/scripts/Kconfig.include +++ b/scripts/Kconfig.include @@ -44,3 +44,10 @@ $(error-if,$(success, $(LD) -v | grep -q gold), gold linker '$(LD)' not supporte # gcc version including patch level gcc-version := $(shell,$(srctree)/scripts/gcc-version.sh $(CC)) + +# machine bit flags +# $(m32-flag): -m32 if the compiler supports it, or an empty string otherwise. +# $(m64-flag): -m64 if the compiler supports it, or an empty string otherwise. +cc-option-bit = $(if-success,$(CC) -Werror $(1) -E -x c /dev/null -o /dev/null,$(1)) +m32-flag := $(cc-option-bit,-m32) +m64-flag := $(cc-option-bit,-m64) -- cgit v1.2.3 From ce5c5d6503c99eddb1664edc19b46a9a5ab0be17 Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab Date: Mon, 2 Mar 2020 09:16:04 +0100 Subject: scsi: docs: convert scsi_mid_low_api.txt to ReST Link: https://lore.kernel.org/r/881e7741dfed5d6f5f73e1dfc2826b200b8604aa.1583136624.git.mchehab+huawei@kernel.org Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Martin K. Petersen --- scripts/documentation-file-ref-check | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/documentation-file-ref-check b/scripts/documentation-file-ref-check index 7784c54aa38b..df8b22112287 100755 --- a/scripts/documentation-file-ref-check +++ b/scripts/documentation-file-ref-check @@ -12,7 +12,7 @@ use Getopt::Long qw(:config no_auto_abbrev); # to mention a past documentation file, for example, to give credits for # the original work. my %false_positives = ( - "Documentation/scsi/scsi_mid_low_api.txt" => "Documentation/Configure.help", + "Documentation/scsi/scsi_mid_low_api.rst" => "Documentation/Configure.help", "drivers/vhost/vhost.c" => "Documentation/virtual/lguest/lguest.c", ); -- cgit v1.2.3 From b4490c5c4e023f09b7d27c9a9d3e7ad7d09ea6bf Mon Sep 17 00:00:00 2001 From: Carlos Neira Date: Wed, 4 Mar 2020 17:41:56 -0300 Subject: bpf: Added new helper bpf_get_ns_current_pid_tgid New bpf helper bpf_get_ns_current_pid_tgid, This helper will return pid and tgid from current task which namespace matches dev_t and inode number provided, this will allows us to instrument a process inside a container. Signed-off-by: Carlos Neira Signed-off-by: Alexei Starovoitov Acked-by: Yonghong Song Link: https://lore.kernel.org/bpf/20200304204157.58695-3-cneirabustos@gmail.com --- scripts/bpf_helpers_doc.py | 1 + 1 file changed, 1 insertion(+) (limited to 'scripts') diff --git a/scripts/bpf_helpers_doc.py b/scripts/bpf_helpers_doc.py index cebed6fb5bbb..c1e2b5410faa 100755 --- a/scripts/bpf_helpers_doc.py +++ b/scripts/bpf_helpers_doc.py @@ -435,6 +435,7 @@ class PrinterHelpers(Printer): 'struct bpf_fib_lookup', 'struct bpf_perf_event_data', 'struct bpf_perf_event_value', + 'struct bpf_pidns_info', 'struct bpf_sock', 'struct bpf_sock_addr', 'struct bpf_sock_ops', -- cgit v1.2.3 From 9dffecc1339b1f446213a9ba2f19579d9db4d7c7 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Wed, 4 Mar 2020 12:20:38 +0900 Subject: kbuild: allow to run dt_binding_check without kernel configuration The dt_binding_check target is located outside of the 'ifneq ($(dtstree),) ... endif' block. So, you can run 'make dt_binding_check' on any architecture. This makes a perfect sense because the dt-schema is arch-agnostic. The only one problem I see is that scripts/dtc/dtc is not always built. For example, ARCH=x86 defconfig does not define CONFIG_DTC. Kbuild descends into scripts/dtc/ with doing nothing. Then, it fails to build *.example.dt.yaml files. Let's build scripts/dtc/dtc forcibly when running dt_binding_check. The dt-schema does not depend on any CONFIG option either, so you should be able to run dt_binding_check without the .config file. Going forward, you can directly run 'make dt_binding_check' in a pristine source tree. Signed-off-by: Masahiro Yamada Reviewed-by: Rob Herring --- scripts/dtc/Makefile | 5 +++-- 1 file changed, 3 inser