1102 Commits

Author SHA1 Message Date
Andrey Ryabinin
0b24becc81 kasan: add kernel address sanitizer infrastructure
Kernel Address sanitizer (KASan) is a dynamic memory error detector.  It
provides fast and comprehensive solution for finding use-after-free and
out-of-bounds bugs.

KASAN uses compile-time instrumentation for checking every memory access,
therefore GCC > v4.9.2 required.  v4.9.2 almost works, but has issues with
putting symbol aliases into the wrong section, which breaks kasan
instrumentation of globals.

This patch only adds infrastructure for kernel address sanitizer.  It's
not available for use yet.  The idea and some code was borrowed from [1].

Basic idea:

The main idea of KASAN is to use shadow memory to record whether each byte
of memory is safe to access or not, and use compiler's instrumentation to
check the shadow memory on each memory access.

Address sanitizer uses 1/8 of the memory addressable in kernel for shadow
memory and uses direct mapping with a scale and offset to translate a
memory address to its corresponding shadow address.

Here is function to translate address to corresponding shadow address:

     unsigned long kasan_mem_to_shadow(unsigned long addr)
     {
                return (addr >> KASAN_SHADOW_SCALE_SHIFT) + KASAN_SHADOW_OFFSET;
     }

where KASAN_SHADOW_SCALE_SHIFT = 3.

So for every 8 bytes there is one corresponding byte of shadow memory.
The following encoding used for each shadow byte: 0 means that all 8 bytes
of the corresponding memory region are valid for access; k (1 <= k <= 7)
means that the first k bytes are valid for access, and other (8 - k) bytes
are not; Any negative value indicates that the entire 8-bytes are
inaccessible.  Different negative values used to distinguish between
different kinds of inaccessible memory (redzones, freed memory) (see
mm/kasan/kasan.h).

To be able to detect accesses to bad memory we need a special compiler.
Such compiler inserts a specific function calls (__asan_load*(addr),
__asan_store*(addr)) before each memory access of size 1, 2, 4, 8 or 16.

These functions check whether memory region is valid to access or not by
checking corresponding shadow memory.  If access is not valid an error
printed.

Historical background of the address sanitizer from Dmitry Vyukov:

	"We've developed the set of tools, AddressSanitizer (Asan),
	ThreadSanitizer and MemorySanitizer, for user space. We actively use
	them for testing inside of Google (continuous testing, fuzzing,
	running prod services). To date the tools have found more than 10'000
	scary bugs in Chromium, Google internal codebase and various
	open-source projects (Firefox, OpenSSL, gcc, clang, ffmpeg, MySQL and
	lots of others): [2] [3] [4].
	The tools are part of both gcc and clang compilers.

	We have not yet done massive testing under the Kernel AddressSanitizer
	(it's kind of chicken and egg problem, you need it to be upstream to
	start applying it extensively). To date it has found about 50 bugs.
	Bugs that we've found in upstream kernel are listed in [5].
	We've also found ~20 bugs in out internal version of the kernel. Also
	people from Samsung and Oracle have found some.

	[...]

	As others noted, the main feature of AddressSanitizer is its
	performance due to inline compiler instrumentation and simple linear
	shadow memory. User-space Asan has ~2x slowdown on computational
	programs and ~2x memory consumption increase. Taking into account that
	kernel usually consumes only small fraction of CPU and memory when
	running real user-space programs, I would expect that kernel Asan will
	have ~10-30% slowdown and similar memory consumption increase (when we
	finish all tuning).

	I agree that Asan can well replace kmemcheck. We have plans to start
	working on Kernel MemorySanitizer that finds uses of unitialized
	memory. Asan+Msan will provide feature-parity with kmemcheck. As
	others noted, Asan will unlikely replace debug slab and pagealloc that
	can be enabled at runtime. Asan uses compiler instrumentation, so even
	if it is disabled, it still incurs visible overheads.

	Asan technology is easily portable to other architectures. Compiler
	instrumentation is fully portable. Runtime has some arch-dependent
	parts like shadow mapping and atomic operation interception. They are
	relatively easy to port."

Comparison with other debugging features:
========================================

KMEMCHECK:

  - KASan can do almost everything that kmemcheck can.  KASan uses
    compile-time instrumentation, which makes it significantly faster than
    kmemcheck.  The only advantage of kmemcheck over KASan is detection of
    uninitialized memory reads.

    Some brief performance testing showed that kasan could be
    x500-x600 times faster than kmemcheck:

$ netperf -l 30
		MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to localhost (127.0.0.1) port 0 AF_INET
		Recv   Send    Send
		Socket Socket  Message  Elapsed
		Size   Size    Size     Time     Throughput
		bytes  bytes   bytes    secs.    10^6bits/sec

no debug:	87380  16384  16384    30.00    41624.72

kasan inline:	87380  16384  16384    30.00    12870.54

kasan outline:	87380  16384  16384    30.00    10586.39

kmemcheck: 	87380  16384  16384    30.03      20.23

  - Also kmemcheck couldn't work on several CPUs.  It always sets
    number of CPUs to 1.  KASan doesn't have such limitation.

DEBUG_PAGEALLOC:
	- KASan is slower than DEBUG_PAGEALLOC, but KASan works on sub-page
	  granularity level, so it able to find more bugs.

SLUB_DEBUG (poisoning, redzones):
	- SLUB_DEBUG has lower overhead than KASan.

	- SLUB_DEBUG in most cases are not able to detect bad reads,
	  KASan able to detect both reads and writes.

	- In some cases (e.g. redzone overwritten) SLUB_DEBUG detect
	  bugs only on allocation/freeing of object. KASan catch
	  bugs right before it will happen, so we always know exact
	  place of first bad read/write.

[1] https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel
[2] https://code.google.com/p/address-sanitizer/wiki/FoundBugs
[3] https://code.google.com/p/thread-sanitizer/wiki/FoundBugs
[4] https://code.google.com/p/memory-sanitizer/wiki/FoundBugs
[5] https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel#Trophies

Based on work by Andrey Konovalov.

Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Acked-by: Michal Marek <mmarek@suse.cz>
Signed-off-by: Andrey Konovalov <adech.fo@gmail.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Konstantin Serebryany <kcc@google.com>
Cc: Dmitry Chernenkov <dmitryc@google.com>
Cc: Yuri Gribov <tetra2005@gmail.com>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Pekka Enberg <penberg@kernel.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-02-13 21:21:40 -08:00
Linus Torvalds
b3d6524ff7 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 updates from Martin Schwidefsky:

 - The remaining patches for the z13 machine support: kernel build
   option for z13, the cache synonym avoidance, SMT support,
   compare-and-delay for spinloops and the CES5S crypto adapater.

 - The ftrace support for function tracing with the gcc hotpatch option.
   This touches common code Makefiles, Steven is ok with the changes.

 - The hypfs file system gets an extension to access diagnose 0x0c data
   in user space for performance analysis for Linux running under z/VM.

 - The iucv hvc console gets wildcard spport for the user id filtering.

 - The cacheinfo code is converted to use the generic infrastructure.

 - Cleanup and bug fixes.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (42 commits)
  s390/process: free vx save area when releasing tasks
  s390/hypfs: Eliminate hypfs interval
  s390/hypfs: Add diagnose 0c support
  s390/cacheinfo: don't use smp_processor_id() in preemptible context
  s390/zcrypt: fixed domain scanning problem (again)
  s390/smp: increase maximum value of NR_CPUS to 512
  s390/jump label: use different nop instruction
  s390/jump label: add sanity checks
  s390/mm: correct missing space when reporting user process faults
  s390/dasd: cleanup profiling
  s390/dasd: add locking for global_profile access
  s390/ftrace: hotpatch support for function tracing
  ftrace: let notrace function attribute disable hotpatching if necessary
  ftrace: allow architectures to specify ftrace compile options
  s390: reintroduce diag 44 calls for cpu_relax()
  s390/zcrypt: Add support for new crypto express (CEX5S) adapter.
  s390/zcrypt: Number of supported ap domains is not retrievable.
  s390/spinlock: add compare-and-delay to lock wait loops
  s390/tape: remove redundant if statement
  s390/hvc_iucv: add simple wildcard matches to the iucv allow filter
  ...
2015-02-11 17:42:32 -08:00
Linus Torvalds
bfa76d4957 Linux 3.19 2015-02-08 18:54:22 -08:00
Linus Torvalds
e36f014edf Linux 3.19-rc7 2015-02-01 20:07:21 -08:00
Heiko Carstens
c0a80c0c27 ftrace: allow architectures to specify ftrace compile options
If the kernel is compiled with function tracer support the -pg compile option
is passed to gcc to generate extra code into the prologue of each function.

This patch replaces the "open-coded" -pg compile flag with a CC_FLAGS_FTRACE
makefile variable which architectures can override if a different option
should be used for code generation.

Acked-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2015-01-29 09:19:19 +01:00
Linus Torvalds
26bc420b59 Linux 3.19-rc6 2015-01-25 20:04:41 -08:00
Linus Torvalds
ec6f34e5b5 Linux 3.19-rc5 2015-01-18 18:02:20 +12:00
Linus Torvalds
eaa27f34e9 linux 3.19-rc4 2015-01-11 12:44:53 -08:00
Michal Marek
90ac086bca Makefile: include arch/*/include/generated/uapi before .../generated
The introduction of the uapi directories in v3.7-rc1 moved some of the
generated headers from arch/*/include/generated to the uapi directory,
keeping the #include directives intact.

This creates a problem when bisecting, because the unversioned files are
not cleaned automatically by git and the compiler might include stale
headers as a result.  Instead of cleaning them in the Makefiles, promote
arch/*/include/generated/uapi in the search path.  Under normal
circumstances, there is no overlap between this uapi subdirectory and
its parent, so the include choices remain the same.  We keep
arch/*/include/generated/uapi in the USERINCLUDE variable so that it is
usable standalone.

Note that we cannot completely swap the order of the uapi and
kernel-only directories, since the headers in include/uapi/asm-generic
are meant to be wrapped by their include/asm-generic counterparts when
building kernel code.

Reported-by: "Nicholas A. Bellinger" <nab@linux-iscsi.org>
Reported-by: David Drysdale <dmd@lurklurk.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-01-08 14:24:54 -08:00
Masahiro Yamada
c22bd32c66 kbuild: drop $(version_h) from MRPROPER_FILES
Now $(version_h) is include/generated/uapi/linux/version.h.

$(version_h) in MRPROPER_FILES is redundant because it is covered
by include/generated in MRPROPER_DIRS.

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2015-01-08 16:25:54 +01:00
Masahiro Yamada
d0d38cd9e8 kbuild: use mixed-targets when two or more config targets are given
"make kvmconfig" expects that the .config has already been created,
but some people might want to create the .config and run kvmconfig
in one shot command, like this:

  $ make defconfig kvmconfig

To make sure this command works correctly even if -j* option is set,
we must handle them one by one.
This commit turns on mixed-targets when $(MAKECMDGOALS) includes
at least one config target and also includes another target.

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2015-01-08 15:05:28 +01:00
Linus Torvalds
b1940cd21c Linux 3.19-rc3 2015-01-05 17:05:20 -08:00
Linus Torvalds
b7392d2247 Linux 3.19-rc2 2014-12-28 16:49:37 -08:00
Linus Torvalds
97bf6af1f9 Linux 3.19-rc1 2014-12-20 17:08:50 -08:00
Linus Torvalds
d08372ca28 Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Pull kbuild updates from Michal Marek:
 "Here are the kbuild changes for v3.19-rc1:

   - Cleanups and deduplication in the main Makefile and
     scripts/Makefile.*
   - Sort the output of *config targets in make help
   - Old <linux/version.h> is always removed to avoid a surprise during
     bisecting
   - Warning fix in kconfig"

* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  kbuild: remove redundant -rR flag of hdr-inst
  kbuild: Fix make help-<board series> on powerpc
  kbuild: Automatically remove stale <linux/version.h> file
  kconfig: Fix warning "‘jump’ may be used uninitialized"
  Makefile: sort list of defconfig targets in make help output
  kbuild: Remove duplicate $(cmd) definition in Makefile.clean
  kbuild: collect shorthands into scripts/Kbuild.include
2014-12-20 13:31:14 -08:00
Linus Torvalds
b2776bf714 Linux 3.18 2014-12-07 14:21:05 -08:00
Linus Torvalds
009d0431c3 Linux 3.18-rc7 2014-11-30 16:42:27 -08:00
Michal Marek
fbae4d585e kbuild: Fix make help-<board series> on powerpc
make ARCH=powerpc help-<board series> should not require a cofigured
source tree. Also, sort the boards in the output.

Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-11-28 16:39:11 +01:00
Michal Marek
223c24a7db kbuild: Automatically remove stale <linux/version.h> file
In 3.7, the file moved from include/linux/ to
include/generated/uapi/linux/. The path in the #include directive
remained the same for compatibility reasons, but this created a problem
when bisecting. Commit 9c8cdb71 (kbuild: unconditionally clobber
include/linux/version.h on distclean) fixes this, provided the user does
make distclean between builds. Better not rely on the user and delete
the stale file each time make is invoked.

Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-11-28 16:39:05 +01:00
Konstantin Khlebnikov
a1e7b7bb1a Makefile: sort list of defconfig targets in make help output
Without sorting this list is completely unreadable for ARCH=arm.

Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-11-28 13:20:06 +01:00
Masahiro Yamada
371fdc77af kbuild: collect shorthands into scripts/Kbuild.include
The shorthand "clean" is defined in both the top Makefile and
scripts/Makefile.clean.  Likewise, the "hdr-inst" is defined in
both the top Makefile and scripts/Makefile.headersinst.

To reduce code duplication, this commit collects them into
scripts/Kbuild.include like the "build" and "modbuiltin" shorthands.
It requires scripts/Makefile.clean to include scripts/Kbuild.include,
but its impact on the performance of "make clean" should be
negligible.

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-11-26 14:36:52 +01:00
Linus Torvalds
5d01410fe4 Linux 3.18-rc6 2014-11-23 15:25:20 -08:00
Linus Torvalds
fc14f9c127 Linux 3.18-rc5 2014-11-16 16:36:20 -08:00
Kirill A. Shutemov
51b97e354b kernel: use the gnu89 standard explicitly
Sasha Levin reports:
 "gcc5 changes the default standard to c11, which makes kernel build
  unhappy

  Explicitly define the kernel standard to be gnu89 which should keep
  everything working exactly like it was before gcc5"

There are multiple small issues with the new default, but the biggest
issue seems to be that the old - and very useful - GNU extension to
allow a cast in front of an initializer has gone away.

Patch updated by Kirill:
 "I'm pretty sure all gcc versions you can build kernel with supports
  -std=gnu89.  cc-option is redunrant.

  We also need to adjust HOSTCFLAGS otherwise allmodconfig fails for me"

Note by Andrew Pinski:
 "Yes it was reported and both problems relating to this extension has
  been added to gnu99 and gnu11.  Though there are other issues with the
  kernel dealing with extern inline have different semantics between
  gnu89 and gnu99/11"

End result: we may be able to move up to a newer stdc model eventually,
but right now the newer models have some annoying deficiencies, so the
traditional "gnu89" model ends up being the preferred one.

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Singed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-11-15 14:29:55 -08:00
Linus Torvalds
206c5f60a3 Linux 3.18-rc4 2014-11-09 14:55:29 -08:00
Linus Torvalds
0df1f2487d Linux 3.18-rc3 2014-11-02 15:01:51 -08:00
Linus Torvalds
cac7f24298 Linux 3.18-rc2 2014-10-26 16:48:41 -07:00
Linus Torvalds
f114040e3e Linux 3.18-rc1 2014-10-19 18:08:38 -07:00
Linus Torvalds
f33a3faa25 Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Pull kbuild changes from Michal Marek:
 - fix for handling dependencies of *-objs targets by Masahiro Yamada
 - lots of cleanups in the kbuild machinery, also by Masahiro
 - fixes for the kconfig build to use an UTF-8 capable ncurses library
   if possible and to build on not-so-standard installs
 - some more minor fixes

* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  kbuild: Do not reference *-n variables in the Makefile
  kbuild: simplify build, clean, modbuiltin shorthands
  kbuild: arm: Do not define "comma" twice
  kbuild: remove obj-n and lib-n handling
  kbuild: remove unnecessary variable initializaions
  kbuild: remove unnecessary "obj- := dummy.o" trick
  kbuild: handle C=... and M=... after entering into build directory
  kbuild: use $(Q) for sub-make target
  kbuild: fake the "Entering directory ..." message more simply
  kconfig/lxdialog: get ncurses CFLAGS with pkg-config
  kconfig: nconfig: fix multi-byte UTF handling
  kconfig: lxdialog: fix spelling
  kbuild: Make scripts executable
  kbuild: remove redundant clean-files from scripts/kconfig/Makefile
  kbuild: refactor script/kconfig/Makefile
  kbuild: handle the dependency of multi-objs hostprogs appropriately
  kbuild: handle multi-objs dependency appropriately
2014-10-14 09:22:26 +02:00
Linus Torvalds
b6420ebd4a Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/doc
Pull documentation updates from Jiri Kosina:
 "Updates to kernel documentation.

  I took this over (hopefully temporarily) from Randy who was not
  willing to maintain it any longer.  This pile mostly is a relay of
  queue that Randy already had in his tree"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/doc:
  Documentation: fix broken v4l-utils URL
  Documentation: update include path for mpssd
  Documentation: correct parameter error for dma_mapping_error
  MAINTAINERS: update location of linux-doc tree
  Documentation: remove networking/.gitignore
  tools: add more endian.h macros
  Make Documenation depend on headers_install
  Docs: this_cpu_ops: remove redundant add forms
  Documentation: disable vdso_test to avoid breakage with old glibc
  Documentation: update vDSO makefile to build portable examples
  Documentation: update .gitignore files
  Documentation: support glibc versions without htole macros
  v4l2-pci-skeleton: Only build if PCI is available
  Documentation: fix misc. warnings
  Documentation: make functions static to avoid prototype warnings
  Documentation: add makefiles for more targets
  Documentation: use subdir-y to avoid unnecessary built-in.o files
2014-10-07 21:14:57 -04:00
Linus Torvalds
bdf428feb2 Nothing major: support for compressing modules, and auto-tainting params.
Cheers,
 Rusty.
 PS.  My virtio-next tree is empty: DaveM took the patches I had.  There might
      be a virtio-rng starvation fix, but so far it's a bit voodoo so I will
      get to that in the next two days or it will wait.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUGFrvAAoJENkgDmzRrbjxOJYQALaZbTumrtX3Mo/FAtzn8d5N
 8gxcqk1Mhz4lR1vPWy/YN/H2f23qb/saqLxPar8Wgou3h7N8EqSdwDqJSuvEqhG0
 iEXUsNLC7BOsDkLYhdjTfZoW/lsVU/EH4bkZMSxAZI9V64phXhDYfPb5SQgJTECr
 Ue6IK4ijW6zdWLstGfg/ixrIeGDUSnyiThF9O2mYVaB1D0QkLDIAZxbjZJgfFfut
 PwO33/sEV4pceTpkmxFKl/OiS+obi/VbDixjSCcO+jaBd1pVxH9fhhKREStOhN4z
 88z5ADR71RH6so9TQTwIIcgb2Hon5d+3RVMB6CxuvKs9NmHSXDiQyZvG9J/jiSdm
 KrPKSiVwGGwJSwxXTm8CDaz6Oj0ibDXBIzv/vYI22sR7u8PmRQFvL3O1VrW+KDnE
 yoG75S9DHzSQ1183xFFFTt4FBRm/4XKyVs+F6YqYkchLigrUfQMCGb1cmZyE5y7K
 bgNyonu0m/ItoQmekoDgYqvSjwdguaJ35XCW55GrKJ84JDHBaw3SpPdEfjAS8FsH
 aT5o2oernvwRG6gsX9858RvB/uo1UKwHv1waDfV4cqNjMm5Ko+Yr6OIdQvBQiq07
 cFkVmkrMtEyX19QyIGW3QSbFL1lr3X5cC5glzEeKY941yZbTluSsNuMlMPT1+IMx
 NOUbh0aG8B8ZaMZPFNLi
 =QzCn
 -----END PGP SIGNATURE-----

Merge tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux

Pull module update from Rusty Russell:
 "Nothing major: support for compressing modules, and auto-tainting
  params.

  PS. My virtio-next tree is empty: DaveM took the patches I had.  There
      might be a virtio-rng starvation fix, but so far it's a bit voodoo
      so I will get to that in the next two days or it will wait"

* tag 'modules-next-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux:
  moduleparam: Resolve missing-field-initializer warning
  kbuild: handle module compression while running 'make modules_install'.
  modinst: wrap long lines in order to enhance cmd_modules_install
  modsign: lookup lines ending in .ko in .mod files
  modpost: simplify file name generation of *.mod.c files
  modpost: reduce visibility of symbols and constify r/o arrays
  param: check for tainting before calling set op.
  drm/i915: taint the kernel if unsafe module parameters are set
  module: add module_param_unsafe and module_param_named_unsafe
  module: make it possible to have unsafe, tainting module params
  module: rename KERNEL_PARAM_FL_NOARG to avoid confusion
2014-10-07 20:17:38 -04:00
Linus Torvalds
bfe01a5ba2 Linux 3.17 2014-10-05 12:23:04 -07:00
Michal Marek
30142230a7 kbuild: Do not reference *-n variables in the Makefile
Kconfig options are either 'y', 'm', or undefined.

Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-10-02 15:31:53 +02:00
Masahiro Yamada
5b2389b45d kbuild: simplify build, clean, modbuiltin shorthands
$(if $(KBUILD_SRC),$(srctree)/) was a useful strategy
to omit a long absolute path for in-source-tree build
prior to commit 890676c65d699db3ad82e7dddd0cf8fb449031af
(kbuild: Use relative path when building in the source tree).

Now $(srctree) is "." when building in the source tree.
It would not be annoying to add "$(srctree)/" all the time.

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-10-02 15:12:41 +02:00
Masahiro Yamada
aa55c8e2f7 kbuild: handle C=... and M=... after entering into build directory
This commit avoids processing C=... and M=... twice
when O=... is also given.

Besides, we can also remove KBUILD_EXTMOD="$(KBUILD_EXTMOD)"
in the sub-make target.

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Peter Foley <pefoley2@pefoley.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-10-01 22:44:21 +02:00
Masahiro Yamada
745a254322 kbuild: use $(Q) for sub-make target
Since commit 066b7ed9558087a7957a1128f27d7a3462ff117f
(kbuild: Do not print the build directory with make -s),
"Q" is defined above the sub-make target.

This commit takes advantage of that and replaces
"$(if $(KBUILD_VERBOSE:1=),@)" with "$(Q)".

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Peter Foley <pefoley2@pefoley.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-10-01 22:44:21 +02:00
Masahiro Yamada
7ff525712a kbuild: fake the "Entering directory ..." message more simply
Commit c2e28dc975ea87feed84415006ae143424912ac7
(kbuild: Print the name of the build directory)
added a gimmick to show the "Entering directory ...".

Instead of echoing the hard-coded message (that is, we need to know
the exact message), moving --no-print-directory would be easier.

Signed-off-by: Masahiro Yamada <yamada.m@jp.panasonic.com>
Acked-by: Peter Foley <pefoley2@pefoley.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-10-01 22:44:21 +02:00
Linus Torvalds
fe82dcec64 Linux 3.17-rc7 2014-09-28 14:29:07 -07:00
Peter Foley
8e2faea877 Make Documenation depend on headers_install
Cc: rdunlap@infradead.org
Cc: linux-doc@vger.kernel.org
Cc: sudeep.dutt@intel.com
Cc: nikhil.rao@intel.com
Cc: ashutosh.dixit@intel.com
Cc: akpm@linux-foundation.org
Cc: gregkh@linuxfoundation.org
Signed-off-by: Peter Foley <pefoley2@pefoley.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
2014-09-26 11:03:01 +02:00
Linus Torvalds
0f33be009b Linux 3.17-rc6 2014-09-21 15:43:02 -07:00
Linus Torvalds
9e82bf0141 Linux 3.17-rc5 2014-09-14 17:50:12 -07:00
Linus Torvalds
2ce7598c9a Linux 3.17-rc4 2014-09-07 16:09:43 -07:00
Linus Torvalds
69e273c0b0 Linux 3.17-rc3 2014-08-31 18:23:04 -07:00
Bertrand Jacquin
beb50df39e kbuild: handle module compression while running 'make modules_install'.
Since module-init-tools (gzip) and kmod (gzip and xz) support compressed
modules, it could be useful to include a support for compressing modules
right after having them installed. Doing this in kbuild instead of per
distro can permit to make this kind of usage more generic.

This patch add a Kconfig entry to "Enable loadable module support" menu
and let you choose to compress using gzip (default) or xz.

Both gzip and xz does not used any extra -[1-9] option since Andi Kleen
and Rusty Russell prove no gain is made using them. gzip is called with -n
argument to avoid storing original filename inside compressed file, that
way we can save some more bytes.

On a v3.16 kernel, 'make allmodconfig' generated 4680 modules for a
total of 378MB (no strip, no sign, no compress), the following table
shows observed disk space gain based on the allmodconfig .config :

       |           time                |
       +-------------+-----------------+
       | manual .ko  |       make      | size | percent
       | compression | modules_install |      | gain
       +-------------+-----------------+------+--------
  -    |             |     18.61s      | 378M |
  GZIP |   3m16s     |     3m37s       | 102M | 73.41%
  XZ   |   5m22s     |     5m39s       |  77M | 79.83%

The gain for restricted environnement seems to be interesting while
uncompress can be time consuming but happens only while loading a module,
that is generally done only once.

This is fully compatible with signed modules while the signed module is
compressed. module-init-tools or kmod handles decompression
and provide to other layer the uncompressed but signed payload.

Reviewed-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Bertrand Jacquin <beber@meleeweb.net>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2014-08-27 21:54:12 +09:30
Linus Torvalds
52addcf9d6 Linux 3.17-rc2 2014-08-25 15:36:20 -07:00
Linus Torvalds
7d1311b93e Linux 3.17-rc1 2014-08-16 10:40:26 -06:00
Linus Torvalds
899552d6e8 Merge branch 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Pull misc kbuild updates from Michal Marek:
 "This is the non-critical part of kbuild for 3.17-rc1:

   - make help hint to use make -s with make kernelrelease et al.
   - moved a kbuild document to Documentation/kbuild where it belongs
   - four new Coccinelle scripts, one dropped and one fixed
   - new make kselftest target to run various tests on the kernel"

* 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  kbuild: kselftest - new make target to build and run kernel selftests
  Coccinelle: Script to replace if and BUG with BUG_ON
  Coccinelle: Script to detect incorrect argument to sizeof
  Coccinelle: Script to use ARRAY_SIZE instead of division of two sizeofs
  Coccinelle: Script to detect cast after memory allocation
  coccinelle/null: solve parse error
  Documentation: headers_install.txt is part of kbuild
  kbuild: make -s should be used with kernelrelease/kernelversion/image_name
2014-08-14 11:14:29 -06:00
Linus Torvalds
3b7b3e6ec5 Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Pull kbuild updates from Michal Marek:
 - make clean also considers $(extra-m) and $(extra-) to be consistent
 - cleanup and fixes in scripts/Makefile.host
 - allow to override the name of the Python 2 executable with make
   PYTHON=... (only needed for ia64 in practice)
 - option to split debugingo into *.dwo files to save disk space if the
   compiler supports it (CONFIG_DEBUG_INFO_SPLIT)
 - option to use dwarf4 debuginfo if the compiler supports it
   (CONFIG_DEBUG_INFO_DWARF4)
 - fix for disabling certain warnings with clang
 - fix for unneeded rebuild with dash when a command contains
   backslashes

* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  kbuild: Fix handling of backslashes in *.cmd files
  kbuild, LLVMLinux: Supress warnings unless W=1-3
  Kbuild: Add a option to enable dwarf4 v2
  kbuild: Support split debug info v4
  kbuild: allow to override Python command name
  kbuild: clean-up and bug fix of scripts/Makefile.host
  kbuild: clean up scripts/Makefile.host
  kbuild: drop shared library support from Makefile.host
  kbuild: fix a bug of C++ host program handling
  kbuild: fix a typo in scripts/Makefile.host
  scripts/Makefile.clean: clean also $(extra-m) and $(extra-)
2014-08-14 11:12:46 -06:00
Shuah Khan
5a5da78b3a kbuild: kselftest - new make target to build and run kernel selftests
Add a new make target "kselftest" to enable kernel testing. This
new target builds and runs kernel selftests. Running as root is
recommended for a complete test run as some tests don't run when
run by non-root user. Build, install, and boot kernel before
running kselftest on it.

Signed-off-by: Shuah Khan <shuah.kh@samsung.com>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
2014-08-07 22:30:01 +02:00
Jiri Kosina
69102311a5 ./Makefile: tell gcc optimizer to never introduce new data races
We have been chasing a memory corruption bug, which turned out to be
caused by very old gcc (4.3.4), which happily turned conditional load
into a non-conditional one, and that broke correctness (the condition
was met only if lock was held) and corrupted memory.

This particular problem with that particular code did not happen when
never gccs were used.  I've brought this up with our gcc folks, as I
wanted to make sure that this can't really happen again, and it turns
out it actually can.

Quoting Martin Jambor <mjambor@suse.cz>:
 "More current GCCs are more careful when it comes to replacing a
  conditional load with a non-conditional one, most notably they check
  that a store happens in each iteration of _a_ loop but they assume
  loops are executed.  They also perform a simple check whether the
  store cannot trap which currently passes only for non-const
  variables.  A simple testcase demonstrating it on an x86_64 is for
  example the following:

  $ cat cond_store.c

  int g_1 = 1;

  int g_2[1024] __attribute__((section ("safe_section"), aligned (4096)));

  int c = 4;

  int __attribute__ ((noinline))
  foo (void)
  {
    int l;
    for (l = 0; (l != 4); l++) {
      if (g_1)
        return l;
      for (g_2[0] = 0; (g_2[0] >= 26); ++g_2[0])
        ;
    }
    return 2;
  }

  int main (int argc, char* argv[])
  {
    if (mprotect (g_2, sizeof(g_2), PROT_READ) == -1)
      {
        int e = errno;
        error (e, e, "mprotect error %i", e);
      }
    foo ();
    __builtin_printf("OK\n");
    return 0;
  }
  /* EOF */
  $ ~/gcc/trunk/inst/bin/gcc cond_store.c -O2 --param allow-store-data-races=0
  $ ./a.out
  OK
  $ ~/gcc/trunk/inst/bin/gcc cond_store.c -O2 --param allow-store-data-races=1
  $ ./a.out
  Segmentation fault

  The testcase fails the same at least with 4.9, 4.8 and 4.7.  Therefore
  I would suggest building kernels with this parameter set to zero. I
  also agree with Jikos that the default should be changed for -O2.  I
  have run most of the SPEC 2k6 CPU benchmarks (gamess and dealII
  failed, at -O2, not sure why) compiled with and without this option
  and did not see any real difference between respective run-times"

Hopefully the default will be changed in newer gccs, but let's force it
for kernel builds so that we are on a safe side even when older gcc are
used.

The code in question was out-of-tree printk-in-NMI (yeah, surprise
suprise, once again) patch written by Petr Mladek, let me quote his
comment from our internal bugzilla:

 "I have spent few days investigating inconsistent state of kernel ring buffer.
  It went out that it was caused by speculative store generated by
  gcc-4.3.4.

  The problem is in assembly generated for make_free_space(). The functions is
  called the following way:

  + vprintk_emit();
      + log = MAIN_LOG; // with logbuf_lock
         or
         log = NMI_LOG; // with nmi_logbuf_lock
         cont_add(log, ...);
          + cont_flush(log, ...);
              + log_store(log, ...);
                    + log_make_free_space(log, ...);

  If called with log = NMI_LOG then only nmi_log_* global variables are safe to
  modify but the generated code does store also into (main_)log_* global
  variables:

  <log_make_free_space>:
         55                      push   %rbp
         89 f6                   mov    %esi,%esi

         48 8b 05 03 99 51 01    mov    0x1519903(%rip),%rax       # ffffffff82620868 <nmi_log_next_id>
         44 8b 1d ec 98 51 01    mov    0x15198ec(%rip),%r11d      # ffffffff82620858 <log_next_idx>
         8b 35 36 60 14 01       mov    0x1146036(%rip),%esi       # ffffffff8224cfa8 <log_buf_len>
         44 8b 35 33 60 14 01    mov    0x1146033(%rip),%r14d      # ffffffff8224cfac <nmi_log_buf_len>
         4c 8b 2d d0 98 51 01    mov    0x15198d0(%rip),%r13       # ffffffff82620850 <log_next_seq>
         4c 8b 25 11 61 14 01    mov    0x1146111(%rip),%r12       # ffffffff8224d098 <log_buf>
         49 89 c2                mov    %rax,%r10
         48 21 c2                and    %rax,%rdx
         48 8b 1d 0c 99 55 01    mov    0x155990c(%rip),%rbx       # ffffffff826608a0 <nmi_log_buf>
         49 c1 ea 20             shr    $0x20,%r10
         48 89 55 d0             mov    %rdx,-0x30(%rbp)
         44 29 de                sub    %r11d,%esi
         45 29 d6                sub    %r10d,%r14d
         4c 8b 0d 97 98 51 01    mov    0x1519897(%rip),%r9	# ffffffff82620840 <log_first_seq>
         eb 7e                   jmp    ffffffff81107029	<log_make_free_space+0xe9>
  [...]
         85 ff                   test   %edi,%edi                  # edi = 1 for NMI_LOG
         4c 89 e8                mov    %r13,%rax
         4c 89 ca                mov    %r9,%rdx
         74 0a                   je     ffffffff8110703d	<log_make_free_space+0xfd>
         8b 15 27 98 51 01       mov    0x1519827(%rip),%edx       # ffffffff82620860 <nmi_log_first_id>
         48 8b 45 d0             mov    -0x30(%rbp),%rax
         48 39 c2                cmp    %rax,%rdx                  # end of loop
         0f 84 da 00 00 00       je     ffffffff81107120 <log_make_free_space+0x1e0>
  [...]
         85 ff                   test   %edi,%edi                  # edi = 1 for NMI_LOG
         4c 89 0d 17 97 51 01    mov    %r9,0x1519717(%rip)        # ffffffff82620840 <log_first_seq>
                                 ^^^^^^^^^^^^^^^^^^^^^^^^^^
                                 KABOOOM
         74 35                   je     ffffffff81107160		 <log_make_free_space+0x220>

  It stores log_first_seq when edi == NMI_LOG. This instructions are used also
  when edi == MAIN_LOG but the store is done speculatively before the condition
  is decided.  It is unsafe because we do not have "logbuf_lock" in NMI context
  and some other process migh modify "log_first_seq" in parallel"

I believe that the best course of action is both

 - building kernel (and anything multi-threaded, I guess) with that
   optimization turned off
 - persuade gcc folks to change the default for future releases

Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Cc: Martin Jambor <mjambor@suse.cz>
Cc: Petr Mladek <pmladek@suse.cz>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Marek Polacek <polacek@redhat.com>
Cc: Jakub Jelinek <jakub@redhat.com>
Cc: Steven Noonan <steven@uplinklabs.net>
Cc: Richard Biener <richard.guenther@gmail.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-08-06 18:01:23 -07:00