| Age | Commit message (Collapse) | Author |
|---|
|
* refs/heads/tmp-5f7f76a
Linux 4.4.118
net: dst_cache_per_cpu_dst_set() can be static
crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
KVM: nVMX: invvpid handling improvements
KVM: VMX: clean up declaration of VPID/EPT invalidation types
kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
KVM: nVMX: kmap() can't fail
x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
x86/spectre: Simplify spectre_v2 command line parsing
x86/retpoline: Avoid retpolines for built-in __init functions
x86/kvm: Update spectre-v1 mitigation
x86/paravirt: Remove 'noreplace-paravirt' cmdline option
x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
x86/spectre: Report get_user mitigation for spectre_v1
nl80211: Sanitize array index in parse_txq_params
vfs, fdtable: Prevent bounds-check bypass via speculative execution
x86/syscall: Sanitize syscall table de-references under speculation
x86/get_user: Use pointer masking to limit speculation
x86: Introduce barrier_nospec
x86: Implement array_index_mask_nospec
array_index_nospec: Sanitize speculative array de-references
Documentation: Document array_index_nospec
x86/spectre: Check CONFIG_RETPOLINE in command line parser
x86/cpu/bugs: Make retpoline module warning conditional
x86/bugs: Drop one "mitigation" from dmesg
x86/nospec: Fix header guards names
module/retpoline: Warn about missing retpoline in module
KVM: VMX: Make indirect call speculation safe
KVM: x86: Make indirect calls in emulator speculation safe
x86/retpoline: Remove the esp/rsp thunk
KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously
kasan: rework Kconfig settings
drm/gma500: remove helper function
x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug
genksyms: Fix segfault with invalid declarations
dell-wmi, dell-laptop: depends DMI
netlink: fix nla_put_{u8,u16,u32} for KASAN
ASoC: Intel: Kconfig: fix build when ACPI is not enabled
ARM: tegra: select USB_ULPI from EHCI rather than platform
ncr5380: shut up gcc indentation warning
usb: phy: msm add regulator dependency
idle: i7300: add PCI dependency
binfmt_elf: compat: avoid unused function warning
isdn: sc: work around type mismatch warning
power: bq27xxx_battery: mark some symbols __maybe_unused
Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
ncpfs: fix unused variable warning
gpio: xgene: mark PM functions as __maybe_unused
net: hp100: remove unnecessary #ifdefs
dmaengine: zx: fix build warning
perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
wireless: cw1200: use __maybe_unused to hide pm functions_
cw1200: fix bogus maybe-uninitialized warning
v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER
hdpvr: hide unused variable
drm/gma500: Sanity-check pipe index
serial: 8250_mid: fix broken DMA dependency
ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
ISDN: eicon: reduce stack size of sig_ind function
em28xx: only use mt9v011 if camera support is enabled
go7007: add MEDIA_CAMERA_SUPPORT dependency
KVM: add X86_LOCAL_APIC dependency
Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
tc358743: fix register i2c_rd/wr functions
staging: unisys: visorinput depends on INPUT
i2c: remove __init from i2c_register_board_info()
b2c2: flexcop: avoid unused function warnings
infiniband: cxgb4: use %pR format string for printing resources
iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels
ASoC: mediatek: add i2c dependency
genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
tty: cyclades: cyz_interrupt is only used for PCI
drm/vmwgfx: use *_32_bits() macros
tlan: avoid unused label with PCI=n
tc1100-wmi: fix build warning when CONFIG_PM not enabled
ipv4: ipconfig: avoid unused ic_proto_used symbol
netfilter: ipvs: avoid unused variable warnings
x86/platform/olpc: Fix resume handler build warning
staging: wilc1000: fix kbuild test robot error
rtlwifi: fix gcc-6 indentation warning
USB: cdc_subset: only build when one driver is enabled
hwrng: exynos - use __maybe_unused to hide pm functions
fbdev: sm712fb: avoid unused function warnings
Drivers: hv: vmbus: fix build warning
modsign: hide openssl output in silent builds
fbdev: s6e8ax0: avoid unused function warnings
mtd: cfi: enforce valid geometry configuration
mtd: sh_flctl: pass FIFO as physical address
amd-xgbe: Fix unused suspend handlers build warning
fbdev: auo_k190x: avoid unused function warnings
driver-core: use 'dev' argument in dev_dbg_ratelimited stub
target/user: Fix cast from pointer to phys_addr_t
tty: hvc_xen: hide xen_console_remove when unused
usb: musb/ux500: remove duplicate check for dma_is_compatible
pwc: hide unused label
SCSI: initio: remove duplicate module device table
scsi: mvumi: use __maybe_unused to hide pm functions
video: Use bool instead int pointer for get_opt_bool() argument
fbdev: sis: enforce selection of at least one backend
staging: ste_rmi4: avoid unused function warnings
video: fbdev: sis: remove unused variable
scsi: fdomain: drop fdomain_pci_tbl when built-in
mptfusion: hide unused seq_mpt_print_ioc_summary function
mtd: maps: add __init attribute
mtd: ichxrom: maybe-uninitialized with gcc-4.9
md: avoid warning for 32-bit sector_t
profile: hide unused functions when !CONFIG_PROC_FS
dpt_i2o: fix build warning
drivers/net: fix eisa_driver probe section mismatch
scsi: sim710: fix build warning
x86/boot: Avoid warning for zero-filling .bss
thermal: spear: use __maybe_unused for PM functions
ssb: mark ssb_bus_register as __maybe_unused
reiserfs: avoid a -Wmaybe-uninitialized warning
ALSA: hda/ca0132 - fix possible NULL pointer use
arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
scsi: advansys: fix uninitialized data access
x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
x86: add MULTIUSER dependency for KVM
thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
x86/build: Silence the build with "make -s"
tools build: Add tools tree support for 'make -s'
x86/fpu/math-emu: Fix possible uninitialized variable use
arm64: define BUG() instruction without CONFIG_BUG
x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
scsi: advansys: fix build warning for PCI=n
video: fbdev: via: remove possibly unused variables
platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
gpio: intel-mid: Fix build warning when !CONFIG_PM
vmxnet3: prevent building with 64K pages
isdn: icn: remove a #warning
virtio_balloon: prevent uninitialized variable use
hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
xen: XEN_ACPI_PROCESSOR is Dom0-only
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
dmaengine: jz4740: disable/unprepare clk if probe fails
drm/armada: fix leak of crtc structure
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
spi: sun4i: disable clocks in the remove function
ASoC: rockchip: disable clock on error
clk: fix a panic error caused by accessing NULL pointer
dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
dmaengine: ioat: Fix error handling path
509: fix printing uninitialized stack memory when OID is empty
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
net_sched: red: Avoid illegal values
net_sched: red: Avoid devision by zero
gianfar: fix a flooded alignment reports because of padding issue.
s390/dasd: prevent prefix I/O error
powerpc/perf: Fix oops when grouping different pmu events
ipvlan: Add the skb->mark as flow4's member to lookup route
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
RDMA/cma: Make sure that PSN is not over max allowed
pinctrl: sunxi: Fix A80 interrupt pin bank
media: s5k6aa: describe some function parameters
perf bench numa: Fixup discontiguous/sparse numa nodes
perf top: Fix window dimensions change handling
ARM: dts: am4372: Correct the interrupts_properties of McASP
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
usb: build drivers/usb/common/ when USB_SUPPORT is set
usbip: keep usbip_device sockfd state in sync with tcp_socket
staging: iio: adc: ad7192: fix external frequency setting
binder: check for binder_thread allocation failure in binder_poll()
staging: android: ashmem: Fix a race condition in pin ioctls
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
Make DST_CACHE a silent config option
arm64: dts: add #cooling-cells to CPU nodes
video: fbdev/mmp: add MODULE_LICENSE
ASoC: ux500: add MODULE_LICENSE tag
net: avoid skb_warn_bad_offload on IS_ERR
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
netfilter: on sockopt() acquire sock lock only in the required scope
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
KVM: x86: fix escape of guest dr6 to the host
crypto: x86/twofish-3way - Fix %rbp usage
selinux: skip bounded transition processing if the policy isn't loaded
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
Provide a function to create a NUL-terminated string from unterminated data
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
blktrace: fix unlocked registration of tracepoints
xfrm: check id proto in validate_tmpl()
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
cfg80211: check dev_set_name() return value
net: replace dst_cache ip6_tunnel implementation with the generic one
net: add dst_cache support
ANDROID: sdcardfs: Hold i_mutex for i_size_write
BACKPORT, FROMGIT: crypto: speck - add test vectors for Speck64-XTS
BACKPORT, FROMGIT: crypto: speck - add test vectors for Speck128-XTS
BACKPORT, FROMGIT: crypto: arm/speck - add NEON-accelerated implementation of Speck-XTS
FROMGIT: crypto: speck - export common helpers
BACKPORT, FROMGIT: crypto: speck - add support for the Speck block cipher
UPSTREAM: ANDROID: binder: synchronize_rcu() when using POLLFREE.
f2fs: updates on v4.16-rc1
Conflicts:
net/Kconfig
net/core/Makefile
Change-Id: I659b0444812b04252f1f1fba8bc62410ce42b061
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
|
commit 5d06ee20b662a78417245714fc576cba90e6374f upstream.
When a user calls 'make -s', we can assume they don't want to
see any output except for warnings and errors, but instead
they see this for a warning free build:
###
### Now generating an X.509 key pair to be used for signing modules.
###
### If this takes a long time, you might wish to run rngd in the
### background to keep the supply of entropy topped up. It
### needs to be run as root, and uses a hardware random
### number generator if one is available.
###
Generating a 4096 bit RSA private key
.................................................................................................................................................................................................................................++
..............................................................................................................................++
writing new private key to 'certs/signing_key.pem'
-----
###
### Key pair generated.
###
The output can confuse simple build testing scripts that just check
for an empty build log.
This patch silences all the output:
- "echo" is changed to "@$(kecho)", which is dropped when "-s" gets
passed
- the openssl command itself is only printed with V=1, using the
$(Q) macro
- The output of openssl gets redirected to /dev/null on "-s" builds.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Enable SYSTEM_TRUSTED_KEYS and add certification for x509 signing for
system.
CRs-Fixed: 1116507
Change-Id: I01298d75da0ff9faee2d01118107d53e9a2aef8a
Signed-off-by: Jeevan Shriram <jshriram@codeaurora.org>
|
|
Currently we see this in "git status" if we build in the source dir:
Untracked files:
(use "git add <file>..." to include in what will be committed)
certs/x509_certificate_list
It looks like it used to live in kernel/ so we squash that .gitignore
entry at the same time. I didn't bother to dig through git history to
see when it moved, since it is just a minor annoyance at most.
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: keyrings@linux-nfs.org
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Since commit 1329e8cc69 ("modsign: Extract signing cert from
CONFIG_MODULE_SIG_KEY if needed"), the build system has carefully coped
with the signing key being specified as a relative path in either the
source or or the build trees.
However, the actual signing of modules has not worked if the filename
is relative to the source tree.
Fix that by moving the config_filename helper into scripts/Kbuild.include
so that it can be used from elsewhere, and then using it in the top-level
Makefile to find the signing key file.
Kill the intermediate $(MODPUBKEY) and $(MODSECKEY) variables too, while
we're at it. There's no need for them.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
We couldn't use if_changed for this before, because it didn't live in
the kernel/ directory so we couldn't add it to $(targets). It was easier
just to leave it as it was.
Now it's in the certs/ directory we can use if_changed, the same as we
do for the trusted certificate list.
Aside from making things consistent, this means we don't need to depend
explicitly on the include/config/module/sig/key.h file. And we also get
to automatically do the right thing and re-extract the cert if the user
does odd things like using a relative filename and then playing silly
buggers with adding/removing that file in both the source and object
trees. We always favour the one in the object tree if it exists, and
now we'll correctly re-extract the cert when it changes. Previously we'd
*only* re-extract the cert if the config option changed, even if the
actual file we're using did change.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Move certificate handling out of the kernel/ directory and into a certs/
directory to get all the weird stuff in one place and move the generated
signing keys into this directory.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: David Woodhouse <David.Woodhouse@intel.com>
|
