1. 09 Jan, 2019 1 commit
    • WANG Chao's avatar
      x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE · e4f35891
      WANG Chao authored
      Commit
      
        4cd24de3 ("x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support")
      
      replaced the RETPOLINE define with CONFIG_RETPOLINE checks. Remove the
      remaining pieces.
      
       [ bp: Massage commit message. ]
      
      Fixes: 4cd24de3
      
       ("x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support")
      Signed-off-by: default avatarWANG Chao <chao.wang@ucloud.cn>
      Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
      Reviewed-by: default avatarZhenzhong Duan <zhenzhong.duan@oracle.com>
      Reviewed-by: Masahiro Yamada's avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Cc: David Woodhouse <dwmw@amazon.co.uk>
      Cc: Geert Uytterhoeven <geert@linux-m68k.org>
      Cc: Jessica Yu <jeyu@kernel.org>
      Cc: Jiri Kosina <jkosina@suse.cz>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      Cc: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
      Cc: Michal Marek <michal.lkml@markovi.net>
      Cc: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Tim Chen <tim.c.chen@linux.intel.com>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Cc: linux-kbuild@vger.kernel.org
      Cc: srinivas.eeda@oracle.com
      Cc: stable <stable@vger.kernel.org>
      Cc: x86-ml <x86@kernel.org>
      Link: https://lkml.kernel.org/r/20181210163725.95977-1-chao.wang@ucloud.cn
      e4f35891
  2. 01 Dec, 2018 4 commits
  3. 21 Nov, 2018 2 commits
  4. 22 Aug, 2018 1 commit
  5. 17 Jul, 2018 1 commit
    • Laura Abbott's avatar
      kbuild: Add build salt to the kernel and modules · 9afb719e
      Laura Abbott authored and Masahiro Yamada's avatar Masahiro Yamada committed
      
      
      In Fedora, the debug information is packaged separately (foo-debuginfo) and
      can be installed separately. There's been a long standing issue where only
      one version of a debuginfo info package can be installed at a time. There's
      been an effort for Fedora for parallel debuginfo to rectify this problem.
      
      Part of the requirement to allow parallel debuginfo to work is that build ids
      are unique between builds. The existing upstream rpm implementation ensures
      this by re-calculating the build-id using the version and release as a
      seed. This doesn't work 100% for the kernel because of the vDSO which is
      its own binary and doesn't get updated when embedded.
      
      Fix this by adding some data in an ELF note for both the kernel and modules.
      The data is controlled via a Kconfig option so distributions can set it
      to an appropriate value to ensure uniqueness between builds.
      Suggested-by: Masahiro Yamada's avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      Signed-off-by: Laura Abbott <labbott@redhat...
      9afb719e
  6. 17 May, 2018 5 commits
  7. 09 Mar, 2018 1 commit
  8. 26 Jan, 2018 1 commit
    • Andi Kleen's avatar
      module/retpoline: Warn about missing retpoline in module · caf7501a
      Andi Kleen authored
      
      
      There's a risk that a kernel which has full retpoline mitigations becomes
      vulnerable when a module gets loaded that hasn't been compiled with the
      right compiler or the right option.
      
      To enable detection of that mismatch at module load time, add a module info
      string "retpoline" at build time when the module was compiled with
      retpoline support. This only covers compiled C source, but assembler source
      or prebuilt object files are not checked.
      
      If a retpoline enabled kernel detects a non retpoline protected module at
      load time, print a warning and report it in the sysfs vulnerability file.
      
      [ tglx: Massaged changelog ]
      Signed-off-by: default avatarAndi Kleen <ak@linux.intel.com>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: David Woodhouse <dwmw2@infradead.org>
      Cc: gregkh@linuxfoundation.org
      Cc: torvalds@linux-foundation.org
      Cc: jeyu@kernel.org
      Cc: arjan@linux.intel.com
      Link: https://lkml.kernel.org/r/20180125235028.31211-1-andi@firstfloor.org
      caf7501a
  9. 16 Jan, 2018 1 commit
  10. 12 Nov, 2017 1 commit
    • Randy Dunlap's avatar
      modpost: detect modules without a MODULE_LICENSE · ba1029c9
      Randy Dunlap authored
      Partially revert commit 2fa36568
      
       ("kbuild: soften MODULE_LICENSE
      check") so that modpost detects modules that do not have a
      MODULE_LICENSE.
      
      Sam's commit also changed the fatal error to a warning, which I am
      leaving as is.
      
      This gives advance notice of when a module has no license and will taint
      the kernel if the module is loaded.
      
      This produces the following warnings on x86_64 allmodconfig:
      
          MODPOST 6520 modules
        WARNING: modpost: missing MODULE_LICENSE() in drivers/auxdisplay/img-ascii-lcd.o
        WARNING: modpost: missing MODULE_LICENSE() in drivers/gpio/gpio-ath79.o
        WARNING: modpost: missing MODULE_LICENSE() in drivers/gpio/gpio-iop.o
        WARNING: modpost: missing MODULE_LICENSE() in drivers/iio/accel/kxsd9-i2c.o
        WARNING: modpost: missing MODULE_LICENSE() in drivers/iio/adc/qcom-vadc-common.o
        WARNING: modpost: missing MODULE_LICENSE() in drivers/media/platform/mtk-vcodec/mtk-vcodec-common.o
        WARNING: modpost: missing MODULE_LICENSE() in drivers/media/platform/soc_camera/soc_scale_crop.o
        WARNING: modpost: missing MODULE_LICENSE() in drivers/mtd/nand/denali_pci.o
        WARNING: modpost: missing MODULE_LICENSE() in drivers/net/phy/cortina.o
        WARNING: modpost: missing MODULE_LICENSE() in drivers/pinctrl/pxa/pinctrl-pxa2xx.o
        WARNING: modpost: missing MODULE_LICENSE() in drivers/power/reset/zx-reboot.o
        WARNING: modpost: missing MODULE_LICENSE() in drivers/rpmsg/qcom_glink_native.o
        WARNING: modpost: missing MODULE_LICENSE() in drivers/staging/comedi/drivers/ni_atmio.o
        WARNING: modpost: missing MODULE_LICENSE() in net/9p/9pnet_xen.o
        WARNING: modpost: missing MODULE_LICENSE() in sound/soc/codecs/snd-soc-pcm512x-spi.o
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Cc: Sam Ravnborg <sam@ravnborg.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ba1029c9
  11. 07 Sep, 2017 1 commit
  12. 25 Jul, 2017 1 commit
    • Wanlong Gao's avatar
      modpost: abort if module name is too long · 4fd3e4ef
      Wanlong Gao authored
      
      
      Module name has a limited length, but currently the build system
      allows the build finishing even if the module name is too long.
      
        CC      /root/kprobe_example/abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz.mod.o
       /root/kprobe_example/abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz.mod.c:9:2:
       warning: initializer-string for array of chars is too long [enabled by default]
        .name = KBUILD_MODNAME,
        ^
      
      but it's merely a warning.
      
      This patch adds the check of the module name length in modpost and stops
      the build properly.
      Signed-off-by: default avatarWanlong Gao <wanlong.gao@gmail.com>
      Signed-off-by: default avatarJessica Yu <jeyu@kernel.org>
      4fd3e4ef
  13. 23 May, 2017 1 commit
    • Kees Cook's avatar
      module: Add module name to modinfo · 3e2e857f
      Kees Cook authored
      
      
      Accessing the mod structure (e.g. for mod->name) prior to having completed
      check_modstruct_version() can result in writing garbage to the error logs
      if the layout of the mod structure loaded from disk doesn't match the
      running kernel's mod structure layout. This kind of mismatch will become
      much more likely if a kernel is built with different randomization seed
      for the struct layout randomization plugin.
      
      Instead, add and use a new modinfo string for logging the module name.
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarJessica Yu <jeyu@redhat.com>
      3e2e857f
  14. 01 Mar, 2017 1 commit
  15. 03 Feb, 2017 1 commit
    • Ard Biesheuvel's avatar
      kbuild: modversions: add infrastructure for emitting relative CRCs · 56067812
      Ard Biesheuvel authored
      
      
      This add the kbuild infrastructure that will allow architectures to emit
      vmlinux symbol CRCs as 32-bit offsets to another location in the kernel
      where the actual value is stored. This works around problems with CRCs
      being mistaken for relocatable symbols on kernels that self relocate at
      runtime (i.e., powerpc with CONFIG_RELOCATABLE=y)
      
      For the kbuild side of things, this comes down to the following:
      
       - introducing a Kconfig symbol MODULE_REL_CRCS
      
       - adding a -R switch to genksyms to instruct it to emit the CRC symbols
         as references into the .rodata section
      
       - making modpost distinguish such references from absolute CRC symbols
         by the section index (SHN_ABS)
      
       - making kallsyms disregard non-absolute symbols with a __crc_ prefix
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      56067812
  16. 29 Nov, 2016 1 commit
    • Nicholas Piggin's avatar
      kbuild: modpost warn if export version crc is missing · d8c1eb86
      Nicholas Piggin authored
      
      
      This catches the failing ceph CRC on with:
      
          LD      vmlinux.o
          MODPOST vmlinux.o
        WARNING: EXPORT symbol "ceph_monc_do_statfs" [vmlinux] version
        generation failed, symbol will not be versioned.
      
      When the modules referring to exported symbols are built, there is an
      existing warning for missing CRC, but it's not always the case such
      any such module will be built, and in any case it is useful to get a
      warning at the source.
      
      This gets a little verbose with CONFIG_DEBUG_SECTION_MISMATCH,
      producing a warning with each object linked, but I didn't think
      that warranted extra complexity to avoid.
      Signed-off-by: default avatarNicholas Piggin <npiggin@gmail.com>
      Signed-off-by: default avatarMichal Marek <mmarek@suse.com>
      d8c1eb86
  17. 26 Nov, 2016 1 commit
  18. 08 Oct, 2016 1 commit
  19. 21 Jan, 2016 1 commit
    • Alan Modra's avatar
      powerpc: Simplify module TOC handling · c153693d
      Alan Modra authored
      
      
      PowerPC64 uses the symbol .TOC. much as other targets use
      _GLOBAL_OFFSET_TABLE_. It identifies the value of the GOT pointer (or in
      powerpc parlance, the TOC pointer). Global offset tables are generally
      local to an executable or shared library, or in the kernel, module. Thus
      it does not make sense for a module to resolve a relocation against
      .TOC. to the kernel's .TOC. value. A module has its own .TOC., and
      indeed the powerpc64 module relocation processing ignores the kernel
      value of .TOC. and instead calculates a module-local value.
      
      This patch removes code involved in exporting the kernel .TOC., tweaks
      modpost to ignore an undefined .TOC., and the module loader to twiddle
      the section symbol so that .TOC. isn't seen as undefined.
      
      Note that if the kernel was compiled with -msingle-pic-base then ELFv2
      would not have function global entry code setting up r2. In that case
      the module call stubs would need to be modified to set up r2 using the
      kernel .TOC. value, requiring some of this code to be reinstated.
      
      mpe: Furthermore a change in binutils master (not yet released) causes
      the current way we handle the TOC to no longer work when building with
      MODVERSIONS=y and RELOCATABLE=n. The symptom is that modules can not be
      loaded due to there being no version found for TOC.
      
      Cc: stable@vger.kernel.org # 3.16+
      Signed-off-by: default avatarAlan Modra <amodra@gmail.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      c153693d
  20. 26 Oct, 2015 1 commit
  21. 06 Oct, 2015 1 commit
  22. 08 Aug, 2015 1 commit
    • Takashi Iwai's avatar
      modpost: abort if a module symbol is too long · 5cfb203a
      Takashi Iwai authored
      
      
      Module symbols have a limited length, but currently the build system
      allows the build finishing even if the driver code contains a too long
      symbol name, which eventually overflows the modversion_info[] item.
      The compiler may catch at compiling *.mod.c like
        CC      xxx.mod.o
        xxx.mod.c:18:16: warning: initializer-string for array of chars is too long
      but it's merely a warning.
      
      This patch adds the check of the symbol length in modpost and stops
      the build properly.
      
      Currently MODULE_NAME_LEN is defined in modpost.c instead of referring
      to the definition in kernel header because including linux/module.h is
      messy and we must cover cross-compilation.
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      5cfb203a
  23. 08 Jul, 2015 1 commit
    • Chris Metcalf's avatar
      modpost: work correctly with tile coldtext sections · 673c2c34
      Chris Metcalf authored
      
      
      The tilegx and tilepro compilers use .coldtext for their unlikely
      executed text section name, so an __attribute__((cold)) function
      will (when compiled with higher optimization levels) land in
      the .coldtext section.
      
      Modify modpost to add .coldtext to the set of OTHER_TEXT_SECTIONS
      so we don't get warnings about referencing such a section in an
      __ex_table block, and then also modify arch/tile/lib/memcpy_user_64.c
      so that it uses plain ".coldtext" instead of ".coldtext.memcpy".
      The latter naming is a relic of an earlier use of -ffunction-sections,
      which we no longer use by default.
      Signed-off-by: default avatarChris Metcalf <cmetcalf@ezchip.com>
      Acked-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      673c2c34
  24. 22 Apr, 2015 7 commits
  25. 13 Apr, 2015 2 commits
    • Quentin Casasnovas's avatar
      modpost: document the use of struct section_check. · e5d8f59a
      Quentin Casasnovas authored
      
      
      struct section_check is used as a generic way of describing what
      relocations are authorized/forbidden when running modpost.  This commit
      tries to describe how each field is used.
      Signed-off-by: default avatarQuentin Casasnovas <quentin.casasnovas@oracle.com>
      Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (Fixed "mist"ake)
      e5d8f59a
    • Quentin Casasnovas's avatar
      modpost: handle relocations mismatch in __ex_table. · 52dc0595
      Quentin Casasnovas authored
      
      
      __ex_table is a simple table section where each entry is a pair of
      addresses - the first address is an address which can fault in kernel
      space, and the second address points to where the kernel should jump to
      when handling that fault.  This is how copy_from_user() does not crash the
      kernel if userspace gives a borked pointer for example.
      
      If one of these addresses point to a non-executable section, something is
      seriously wrong since it either means the kernel will never fault from
      there or it will not be able to jump to there.  As both cases are serious
      enough, we simply error out in these cases so the build fails and the
      developper has to fix the issue.
      
      In case the section is executable, but it isn't referenced in our list of
      authorized sections to point to from __ex_table, we just dump a warning
      giving more information about it.  We do this in case the new section is
      executable but isn't supposed to be executed by the kernel.  This happened
      with .altinstr_replacement, which is executable but is only used to copy
      instructions from - we should never have our instruction pointer pointing
      in .altinstr_replacement.  Admitedly, a proper fix in that case would be to
      just set .altinstr_replacement NX, but we need to warn about future cases
      like this.
      Signed-off-by: default avatarQuentin Casasnovas <quentin.casasnovas@oracle.com>
      Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (added long casts)
      52dc0595