From 3ce9e53e788881da0d5f3912f80e0dd6b501f304 Mon Sep 17 00:00:00 2001 From: Michal Marek Date: Mon, 15 Oct 2012 21:16:56 +0200 Subject: kbuild: Fix accidental revert in commit fe04ddf Commit fe04ddf7c291 ("kbuild: Do not package /boot and /lib in make tar-pkg") accidentally reverted two previous kbuild commits. I don't know what I was thinking. This brings back changes made by commits 24cc7fb69a5b ("x86/kbuild: archscripts depends on scripts_basic") and c1c1a59e37da ("firmware: fix directory creation rule matching with make 3.80") Reported-by: Jan Beulich Cc: Signed-off-by: Michal Marek Signed-off-by: Linus Torvalds --- scripts/Makefile.fwinst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/Makefile.fwinst b/scripts/Makefile.fwinst index c3f69ae275d1..4d908d16c035 100644 --- a/scripts/Makefile.fwinst +++ b/scripts/Makefile.fwinst @@ -27,7 +27,7 @@ endif installed-mod-fw := $(addprefix $(INSTALL_FW_PATH)/,$(mod-fw)) installed-fw := $(addprefix $(INSTALL_FW_PATH)/,$(fw-shipped-all)) -installed-fw-dirs := $(sort $(dir $(installed-fw))) $(INSTALL_FW_PATH)/. +installed-fw-dirs := $(sort $(dir $(installed-fw))) $(INSTALL_FW_PATH)/./ # Workaround for make < 3.81, where .SECONDEXPANSION doesn't work. PHONY += $(INSTALL_FW_PATH)/$$(%) install-all-dirs @@ -42,7 +42,7 @@ quiet_cmd_install = INSTALL $(subst $(srctree)/,,$@) $(installed-fw-dirs): $(call cmd,mkdir) -$(installed-fw): $(INSTALL_FW_PATH)/%: $(obj)/% | $$(dir $(INSTALL_FW_PATH)/%) +$(installed-fw): $(INSTALL_FW_PATH)/%: $(obj)/% | $(INSTALL_FW_PATH)/$$(dir %) $(call cmd,install) PHONY += __fw_install __fw_modinst FORCE -- cgit v1.2.3-59-g8ed1b From 3c5994c83895c89d344f24a86276f00d308e142b Mon Sep 17 00:00:00 2001 From: Catalin Marinas Date: Wed, 17 Oct 2012 12:25:44 +0100 Subject: uapi: Allow automatic generation of uapi/asm/ header files Several arch/*/include/uapi/asm/* header simply include the corresponding file. This patch allows such files to be specified in uapi/asm/Kbuild via "generic-y += ..." to be automatically generated (similar to asm/Kbuild). Signed-off-by: Catalin Marinas Signed-off-by: David Howells Cc: Michal Marek Cc: Arnd Bergmann --- Makefile | 4 +++- scripts/Makefile.asm-generic | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/Makefile b/Makefile index 5be2ee8c90e4..366d0ab0c5fe 100644 --- a/Makefile +++ b/Makefile @@ -437,7 +437,9 @@ endif PHONY += asm-generic asm-generic: $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.asm-generic \ - obj=arch/$(SRCARCH)/include/generated/asm + src=asm obj=arch/$(SRCARCH)/include/generated/asm + $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.asm-generic \ + src=uapi/asm obj=arch/$(SRCARCH)/include/generated/uapi/asm # To make sure we do not include .config for any of the *config targets # catch them early, and hand them over to scripts/kconfig/Makefile diff --git a/scripts/Makefile.asm-generic b/scripts/Makefile.asm-generic index 40caf3c26cd5..d17e0ea911ed 100644 --- a/scripts/Makefile.asm-generic +++ b/scripts/Makefile.asm-generic @@ -5,7 +5,7 @@ # and for each file listed in this file with generic-y creates # a small wrapper file in $(obj) (arch/$(SRCARCH)/include/generated/asm) -kbuild-file := $(srctree)/arch/$(SRCARCH)/include/asm/Kbuild +kbuild-file := $(srctree)/arch/$(SRCARCH)/include/$(src)/Kbuild -include $(kbuild-file) include scripts/Kbuild.include -- cgit v1.2.3-59-g8ed1b From 205a8eb7ce713c7f1722297dd97d19dcea6f266c Mon Sep 17 00:00:00 2001 From: Stephen Warren Date: Mon, 8 Oct 2012 16:15:26 -0600 Subject: dtc: fix for_each_*() to skip first object if deleted The previous definition of for_each_*() would always include the very first object within the list, irrespective of whether it was marked deleted, since the deleted flag was not checked on the first object, but only on any "next" object. Fix for_each_*() to check the deleted flag in the loop body every iteration to correct this. (upstream dtc commit 1762ab42ef77db7ab2776d0d6cba3515150f518a) Signed-off-by: Stephen Warren Signed-off-by: Rob Herring --- scripts/dtc/dtc.h | 44 ++++++++++---------------------------------- 1 file changed, 10 insertions(+), 34 deletions(-) (limited to 'scripts') diff --git a/scripts/dtc/dtc.h b/scripts/dtc/dtc.h index d501c8605f26..3e42a071070e 100644 --- a/scripts/dtc/dtc.h +++ b/scripts/dtc/dtc.h @@ -161,51 +161,27 @@ struct node { struct label *labels; }; -static inline struct label *for_each_label_next(struct label *l) -{ - do { - l = l->next; - } while (l && l->deleted); - - return l; -} - -#define for_each_label(l0, l) \ - for ((l) = (l0); (l); (l) = for_each_label_next(l)) - #define for_each_label_withdel(l0, l) \ for ((l) = (l0); (l); (l) = (l)->next) -static inline struct property *for_each_property_next(struct property *p) -{ - do { - p = p->next; - } while (p && p->deleted); - - return p; -} - -#define for_each_property(n, p) \ - for ((p) = (n)->proplist; (p); (p) = for_each_property_next(p)) +#define for_each_label(l0, l) \ + for_each_label_withdel(l0, l) \ + if (!(l)->deleted) #define for_each_property_withdel(n, p) \ for ((p) = (n)->proplist; (p); (p) = (p)->next) -static inline struct node *for_each_child_next(struct node *c) -{ - do { - c = c->next_sibling; - } while (c && c->deleted); - - return c; -} - -#define for_each_child(n, c) \ - for ((c) = (n)->children; (c); (c) = for_each_child_next(c)) +#define for_each_property(n, p) \ + for_each_property_withdel(n, p) \ + if (!(p)->deleted) #define for_each_child_withdel(n, c) \ for ((c) = (n)->children; (c); (c) = (c)->next_sibling) +#define for_each_child(n, c) \ + for_each_child_withdel(n, c) \ + if (!(c)->deleted) + void add_label(struct label **labels, char *label); void delete_labels(struct label **labels); -- cgit v1.2.3-59-g8ed1b From e2a666d52b4825c26c857cada211f3baac26a600 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Fri, 19 Oct 2012 11:53:15 +1030 Subject: kbuild: sign the modules at install time Linus deleted the old code and put signing on the install command, I fixed it to extract the keyid and signer-name within sign-file and cleaned up that script now it always signs in-place. Some enthusiast should convert sign-key to perl and pull x509keyid into it. Signed-off-by: Rusty Russell Signed-off-by: Linus Torvalds --- Makefile | 11 +++++++ scripts/Makefile.modinst | 2 +- scripts/Makefile.modpost | 77 +----------------------------------------------- scripts/sign-file | 44 +++++++++++---------------- scripts/x509keyid | 16 +++++----- 5 files changed, 39 insertions(+), 111 deletions(-) (limited to 'scripts') diff --git a/Makefile b/Makefile index 366d0ab0c5fe..4fd82f7fc0bc 100644 --- a/Makefile +++ b/Makefile @@ -719,6 +719,17 @@ endif # INSTALL_MOD_STRIP export mod_strip_cmd +ifeq ($(CONFIG_MODULE_SIG),y) +MODSECKEY = ./signing_key.priv +MODPUBKEY = ./signing_key.x509 +export MODPUBKEY +mod_sign_cmd = sh $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY) $(srctree)/scripts/x509keyid +else +mod_sign_cmd = true +endif +export mod_sign_cmd + + ifeq ($(KBUILD_EXTMOD),) core-y += kernel/ mm/ fs/ ipc/ security/ crypto/ block/ diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst index 3d13d3a3edfe..dda4b2b61927 100644 --- a/scripts/Makefile.modinst +++ b/scripts/Makefile.modinst @@ -17,7 +17,7 @@ __modinst: $(modules) @: quiet_cmd_modules_install = INSTALL $@ - cmd_modules_install = mkdir -p $(2); cp $@ $(2) ; $(mod_strip_cmd) $(2)/$(notdir $@) + cmd_modules_install = mkdir -p $(2); cp $@ $(2) ; $(mod_strip_cmd) $(2)/$(notdir $@) ; $(mod_sign_cmd) $(2)/$(notdir $@) # Modules built outside the kernel source tree go into extra by default INSTALL_MOD_DIR ?= extra diff --git a/scripts/Makefile.modpost b/scripts/Makefile.modpost index 002089141df4..a1cb0222ebe6 100644 --- a/scripts/Makefile.modpost +++ b/scripts/Makefile.modpost @@ -14,8 +14,7 @@ # 3) create one .mod.c file pr. module # 4) create one Module.symvers file with CRC for all exported symbols # 5) compile all .mod.c files -# 6) final link of the module to a (or ) file -# 7) signs the modules to a file +# 6) final link of the module to a file # Step 3 is used to place certain information in the module's ELF # section, including information such as: @@ -33,8 +32,6 @@ # Step 4 is solely used to allow module versioning in external modules, # where the CRC of each module is retrieved from the Module.symvers file. -# Step 7 is dependent on CONFIG_MODULE_SIG being enabled. - # KBUILD_MODPOST_WARN can be set to avoid error out in case of undefined # symbols in the final module linking stage # KBUILD_MODPOST_NOFINAL can be set to skip the final link of modules. @@ -119,7 +116,6 @@ $(modules:.ko=.mod.o): %.mod.o: %.mod.c FORCE targets += $(modules:.ko=.mod.o) # Step 6), final link of the modules -ifneq ($(CONFIG_MODULE_SIG),y) quiet_cmd_ld_ko_o = LD [M] $@ cmd_ld_ko_o = $(LD) -r $(LDFLAGS) \ $(KBUILD_LDFLAGS_MODULE) $(LDFLAGS_MODULE) \ @@ -129,78 +125,7 @@ $(modules): %.ko :%.o %.mod.o FORCE $(call if_changed,ld_ko_o) targets += $(modules) -else -quiet_cmd_ld_ko_unsigned_o = LD [M] $@ - cmd_ld_ko_unsigned_o = \ - $(LD) -r $(LDFLAGS) \ - $(KBUILD_LDFLAGS_MODULE) $(LDFLAGS_MODULE) \ - -o $@ $(filter-out FORCE,$^) \ - $(if $(AFTER_LINK),; $(AFTER_LINK)) - -$(modules:.ko=.ko.unsigned): %.ko.unsigned :%.o %.mod.o FORCE - $(call if_changed,ld_ko_unsigned_o) - -targets += $(modules:.ko=.ko.unsigned) - -# Step 7), sign the modules -MODSECKEY = ./signing_key.priv -MODPUBKEY = ./signing_key.x509 - -ifeq ($(wildcard $(MODSECKEY))+$(wildcard $(MODPUBKEY)),$(MODSECKEY)+$(MODPUBKEY)) -ifeq ($(KBUILD_SRC),) - # no O= is being used - SCRIPTS_DIR := scripts -else - SCRIPTS_DIR := $(KBUILD_SRC)/scripts -endif -SIGN_MODULES := 1 -else -SIGN_MODULES := 0 -endif - -# only sign if it's an in-tree module -ifneq ($(KBUILD_EXTMOD),) -SIGN_MODULES := 0 -endif -# We strip the module as best we can - note that using both strip and eu-strip -# results in a smaller module than using either alone. -EU_STRIP = $(shell which eu-strip || echo true) - -quiet_cmd_sign_ko_stripped_ko_unsigned = STRIP [M] $@ - cmd_sign_ko_stripped_ko_unsigned = \ - cp $< $@ && \ - strip -x -g $@ && \ - $(EU_STRIP) $@ - -ifeq ($(SIGN_MODULES),1) - -quiet_cmd_genkeyid = GENKEYID $@ - cmd_genkeyid = \ - perl $(SCRIPTS_DIR)/x509keyid $< $<.signer $<.keyid - -%.signer %.keyid: % - $(call if_changed,genkeyid) - -KEYRING_DEP := $(MODSECKEY) $(MODPUBKEY) $(MODPUBKEY).signer $(MODPUBKEY).keyid -quiet_cmd_sign_ko_ko_stripped = SIGN [M] $@ - cmd_sign_ko_ko_stripped = \ - sh $(SCRIPTS_DIR)/sign-file $(MODSECKEY) $(MODPUBKEY) $< $@ -else -KEYRING_DEP := -quiet_cmd_sign_ko_ko_unsigned = NO SIGN [M] $@ - cmd_sign_ko_ko_unsigned = \ - cp $< $@ -endif - -$(modules): %.ko :%.ko.stripped $(KEYRING_DEP) FORCE - $(call if_changed,sign_ko_ko_stripped) - -$(patsubst %.ko,%.ko.stripped,$(modules)): %.ko.stripped :%.ko.unsigned FORCE - $(call if_changed,sign_ko_stripped_ko_unsigned) - -targets += $(modules) -endif # Add FORCE to the prequisites of a target to force it to be always rebuilt. # --------------------------------------------------------------------------- diff --git a/scripts/sign-file b/scripts/sign-file index e58e34e50ac5..095a953bdb8e 100644 --- a/scripts/sign-file +++ b/scripts/sign-file @@ -1,8 +1,8 @@ -#!/bin/sh +#!/bin/bash # # Sign a module file using the given key. # -# Format: sign-file +# Format: sign-file # scripts=`dirname $0` @@ -15,8 +15,8 @@ fi key="$1" x509="$2" -src="$3" -dst="$4" +keyid_script="$3" +mod="$4" if [ ! -r "$key" ] then @@ -29,16 +29,6 @@ then echo "Can't read X.509 certificate" >&2 exit 2 fi -if [ ! -r "$x509.signer" ] -then - echo "Can't read Signer name" >&2 - exit 2; -fi -if [ ! -r "$x509.keyid" ] -then - echo "Can't read Key identifier" >&2 - exit 2; -fi # # Signature parameters @@ -83,33 +73,35 @@ fi ( perl -e "binmode STDOUT; print pack(\"C*\", $prologue)" || exit $? -openssl dgst $dgst -binary $src || exit $? -) >$src.dig || exit $? +openssl dgst $dgst -binary $mod || exit $? +) >$mod.dig || exit $? # # Generate the binary signature, which will be just the integer that comprises # the signature with no metadata attached. # -openssl rsautl -sign -inkey $key -keyform PEM -in $src.dig -out $src.sig || exit $? -signerlen=`stat -c %s $x509.signer` -keyidlen=`stat -c %s $x509.keyid` -siglen=`stat -c %s $src.sig` +openssl rsautl -sign -inkey $key -keyform PEM -in $mod.dig -out $mod.sig || exit $? + +SIGNER="`perl $keyid_script $x509 signer-name`" +KEYID="`perl $keyid_script $x509 keyid`" +keyidlen=${#KEYID} +siglen=${#SIGNER} # # Build the signed binary # ( - cat $src || exit $? + cat $mod || exit $? echo '~Module signature appended~' || exit $? - cat $x509.signer $x509.keyid || exit $? + echo -n "$SIGNER" || exit $? + echo -n "$KEYID" || exit $? # Preface each signature integer with a 2-byte BE length perl -e "binmode STDOUT; print pack(\"n\", $siglen)" || exit $? - cat $src.sig || exit $? + cat $mod.sig || exit $? # Generate the information block perl -e "binmode STDOUT; print pack(\"CCCCCxxxN\", $algo, $hash, $id_type, $signerlen, $keyidlen, $siglen + 2)" || exit $? -) >$dst~ || exit $? +) >$mod~ || exit $? -# Permit in-place signing -mv $dst~ $dst || exit $? +mv $mod~ $mod || exit $? diff --git a/scripts/x509keyid b/scripts/x509keyid index c8e91a4af385..4241ec6c64b1 100755 --- a/scripts/x509keyid +++ b/scripts/x509keyid @@ -22,7 +22,7 @@ use strict; my $raw_data; -die "Need three filenames\n" if ($#ARGV != 2); +die "Need a filename [keyid|signer-name]\n" if ($#ARGV != 1); my $src = $ARGV[0]; @@ -259,10 +259,10 @@ die $src, ": ", "X.509: Couldn't find the Subject Key Identifier extension\n" my $id_key_id = asn1_retrieve($subject_key_id->[1]); -open(OUTFD, ">$ARGV[1]") || die $ARGV[1]; -print OUTFD $id_name; -close OUTFD || die $ARGV[1]; - -open(OUTFD, ">$ARGV[2]") || die $ARGV[2]; -print OUTFD $id_key_id; -close OUTFD || die $ARGV[2]; +if ($ARGV[1] eq "signer-name") { + print $id_name; +} elsif ($ARGV[1] eq "keyid") { + print $id_key_id; +} else { + die "Unknown arg"; +} -- cgit v1.2.3-59-g8ed1b From b05e585d4964cf0a70573d29113a1236ced98abf Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Fri, 19 Oct 2012 12:43:19 -0700 Subject: kbuild: Fix module signature generation Rusty had clearly not actually tested his module signing changes that I (trustingly) applied as commit e2a666d52b48 ("kbuild: sign the modules at install time"). That commit had multiple bugs: - using "${#VARIABLE}" to get the number of characters in a shell variable may look clever, but it's locale-dependent: it returns the number of *characters*, not bytes. And we do need bytes. So don't use "${#..}" expansion, do the stupid "wc -c" thing instead (where "c" stands for "bytes", not "characters", despite the letter. - Rusty had confused "siglen" and "signerlen", and his conversion didn't set "signerlen" at all, and incorrectly set "siglen" to the size of the signer, not the size of the signature. End result: the modified sign-file script did create something that superficially *looked* like a signature, but didn't actually work at all, and would fail the signature check. Oops. Tssk, tssk, Rusty. But Rusty was definitely right that this whole thing should be rewritten in perl by somebody who has the perl-fu to do so. That is not me, though - I'm just doing an emergency fix for the shell script. Cc: Rusty Russell Signed-off-by: Linus Torvalds --- scripts/sign-file | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/sign-file b/scripts/sign-file index 095a953bdb8e..d014abd11f1c 100644 --- a/scripts/sign-file +++ b/scripts/sign-file @@ -81,11 +81,12 @@ openssl dgst $dgst -binary $mod || exit $? # the signature with no metadata attached. # openssl rsautl -sign -inkey $key -keyform PEM -in $mod.dig -out $mod.sig || exit $? +siglen=`stat -c %s $mod.sig` SIGNER="`perl $keyid_script $x509 signer-name`" KEYID="`perl $keyid_script $x509 keyid`" -keyidlen=${#KEYID} -siglen=${#SIGNER} +keyidlen=$(echo -n "$KEYID" | wc -c) +signerlen=$(echo -n "$SIGNER" | wc -c) # # Build the signed binary -- cgit v1.2.3-59-g8ed1b From b37d1bfb55d4b8a7d234fad0a84dca3336cee50b Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 19 Oct 2012 23:56:37 +0100 Subject: MODSIGN: perlify sign-file and merge in x509keyid Turn sign-file into perl and merge in x509keyid. The latter doesn't need to be a separate script as it doesn't actually need to work out the SHA1 sum of the X.509 certificate itself, since it can get that from the X.509 certificate. Signed-off-by: David Howells Signed-off-by: Linus Torvalds --- Makefile | 2 +- scripts/sign-file | 477 +++++++++++++++++++++++++++++++++++++++++++++--------- scripts/x509keyid | 268 ------------------------------ 3 files changed, 400 insertions(+), 347 deletions(-) mode change 100644 => 100755 scripts/sign-file delete mode 100755 scripts/x509keyid (limited to 'scripts') diff --git a/Makefile b/Makefile index 4fd82f7fc0bc..14b987431d92 100644 --- a/Makefile +++ b/Makefile @@ -723,7 +723,7 @@ ifeq ($(CONFIG_MODULE_SIG),y) MODSECKEY = ./signing_key.priv MODPUBKEY = ./signing_key.x509 export MODPUBKEY -mod_sign_cmd = sh $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY) $(srctree)/scripts/x509keyid +mod_sign_cmd = perl $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY) else mod_sign_cmd = true endif diff --git a/scripts/sign-file b/scripts/sign-file old mode 100644 new mode 100755 index d014abd11f1c..d37d1309531e --- a/scripts/sign-file +++ b/scripts/sign-file @@ -1,108 +1,429 @@ -#!/bin/bash +#!/usr/bin/perl -w # # Sign a module file using the given key. # -# Format: sign-file +# Format: # +# ./scripts/sign-file [-v] [] +# +# +use strict; +use FileHandle; +use IPC::Open2; + +my $verbose = 0; +if ($#ARGV >= 0 && $ARGV[0] eq "-v") { + $verbose = 1; + shift; +} + +die "Format: ./scripts/sign-file [-v] []\n" + if ($#ARGV != 2 && $#ARGV != 3); + +my $private_key = $ARGV[0]; +my $x509 = $ARGV[1]; +my $module = $ARGV[2]; +my $dest = ($#ARGV == 3) ? $ARGV[3] : $ARGV[2] . "~"; + +die "Can't read private key\n" unless (-r $private_key); +die "Can't read X.509 certificate\n" unless (-r $x509); +die "Can't read module\n" unless (-r $module); + +# +# Read the kernel configuration +# +my %config = ( + CONFIG_MODULE_SIG_SHA512 => 1 + ); + +if (-r ".config") { + open(FD, "<.config") || die ".config"; + while () { + if ($_ =~ /^(CONFIG_.*)=[ym]/) { + $config{$1} = 1; + } + } + close(FD); +} -scripts=`dirname $0` +# +# Function to read the contents of a file into a variable. +# +sub read_file($) +{ + my ($file) = @_; + my $contents; + my $len; + + open(FD, "<$file") || die $file; + binmode FD; + my @st = stat(FD); + die $file if (!@st); + $len = read(FD, $contents, $st[7]) || die $file; + close(FD) || die $file; + die "$file: Wanted length ", $st[7], ", got ", $len, "\n" + if ($len != $st[7]); + return $contents; +} + +############################################################################### +# +# First of all, we have to parse the X.509 certificate to find certain details +# about it. +# +# We read the DER-encoded X509 certificate and parse it to extract the Subject +# name and Subject Key Identifier. Theis provides the data we need to build +# the certificate identifier. +# +# The signer's name part of the identifier is fabricated from the commonName, +# the organizationName or the emailAddress components of the X.509 subject +# name. +# +# The subject key ID is used to select which of that signer's certificates +# we're intending to use to sign the module. +# +############################################################################### +my $x509_certificate = read_file($x509); -CONFIG_MODULE_SIG_SHA512=y -if [ -r .config ] -then - . ./.config -fi +my $UNIV = 0 << 6; +my $APPL = 1 << 6; +my $CONT = 2 << 6; +my $PRIV = 3 << 6; -key="$1" -x509="$2" -keyid_script="$3" -mod="$4" +my $CONS = 0x20; -if [ ! -r "$key" ] -then - echo "Can't read private key" >&2 - exit 2 -fi +my $BOOLEAN = 0x01; +my $INTEGER = 0x02; +my $BIT_STRING = 0x03; +my $OCTET_STRING = 0x04; +my $NULL = 0x05; +my $OBJ_ID = 0x06; +my $UTF8String = 0x0c; +my $SEQUENCE = 0x10; +my $SET = 0x11; +my $UTCTime = 0x17; +my $GeneralizedTime = 0x18; -if [ ! -r "$x509" ] -then - echo "Can't read X.509 certificate" >&2 - exit 2 -fi +my %OIDs = ( + pack("CCC", 85, 4, 3) => "commonName", + pack("CCC", 85, 4, 6) => "countryName", + pack("CCC", 85, 4, 10) => "organizationName", + pack("CCC", 85, 4, 11) => "organizationUnitName", + pack("CCCCCCCCC", 42, 134, 72, 134, 247, 13, 1, 1, 1) => "rsaEncryption", + pack("CCCCCCCCC", 42, 134, 72, 134, 247, 13, 1, 1, 5) => "sha1WithRSAEncryption", + pack("CCCCCCCCC", 42, 134, 72, 134, 247, 13, 1, 9, 1) => "emailAddress", + pack("CCC", 85, 29, 35) => "authorityKeyIdentifier", + pack("CCC", 85, 29, 14) => "subjectKeyIdentifier", + pack("CCC", 85, 29, 19) => "basicConstraints" +); + +############################################################################### +# +# Extract an ASN.1 element from a string and return information about it. +# +############################################################################### +sub asn1_extract($$@) +{ + my ($cursor, $expected_tag, $optional) = @_; + + return [ -1 ] + if ($cursor->[1] == 0 && $optional); + + die $x509, ": ", $cursor->[0], ": ASN.1 data underrun (elem ", $cursor->[1], ")\n" + if ($cursor->[1] < 2); + + my ($tag, $len) = unpack("CC", substr(${$cursor->[2]}, $cursor->[0], 2)); + + if ($expected_tag != -1 && $tag != $expected_tag) { + return [ -1 ] + if ($optional); + die $x509, ": ", $cursor->[0], ": ASN.1 unexpected tag (", $tag, + " not ", $expected_tag, ")\n"; + } + + $cursor->[0] += 2; + $cursor->[1] -= 2; + + die $x509, ": ", $cursor->[0], ": ASN.1 long tag\n" + if (($tag & 0x1f) == 0x1f); + die $x509, ": ", $cursor->[0], ": ASN.1 indefinite length\n" + if ($len == 0x80); + + if ($len > 0x80) { + my $l = $len - 0x80; + die $x509, ": ", $cursor->[0], ": ASN.1 data underrun (len len $l)\n" + if ($cursor->[1] < $l); + + if ($l == 0x1) { + $len = unpack("C", substr(${$cursor->[2]}, $cursor->[0], 1)); + } elsif ($l = 0x2) { + $len = unpack("n", substr(${$cursor->[2]}, $cursor->[0], 2)); + } elsif ($l = 0x3) { + $len = unpack("C", substr(${$cursor->[2]}, $cursor->[0], 1)) << 16; + $len = unpack("n", substr(${$cursor->[2]}, $cursor->[0] + 1, 2)); + } elsif ($l = 0x4) { + $len = unpack("N", substr(${$cursor->[2]}, $cursor->[0], 4)); + } else { + die $x509, ": ", $cursor->[0], ": ASN.1 element too long (", $l, ")\n"; + } + + $cursor->[0] += $l; + $cursor->[1] -= $l; + } + + die $x509, ": ", $cursor->[0], ": ASN.1 data underrun (", $len, ")\n" + if ($cursor->[1] < $len); + + my $ret = [ $tag, [ $cursor->[0], $len, $cursor->[2] ] ]; + $cursor->[0] += $len; + $cursor->[1] -= $len; + + return $ret; +} + +############################################################################### +# +# Retrieve the data referred to by a cursor +# +############################################################################### +sub asn1_retrieve($) +{ + my ($cursor) = @_; + my ($offset, $len, $data) = @$cursor; + return substr($$data, $offset, $len); +} + +############################################################################### +# +# Roughly parse the X.509 certificate +# +############################################################################### +my $cursor = [ 0, length($x509_certificate), \$x509_certificate ]; + +my $cert = asn1_extract($cursor, $UNIV | $CONS | $SEQUENCE); +my $tbs = asn1_extract($cert->[1], $UNIV | $CONS | $SEQUENCE); +my $version = asn1_extract($tbs->[1], $CONT | $CONS | 0, 1); +my $serial_number = asn1_extract($tbs->[1], $UNIV | $INTEGER); +my $sig_type = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); +my $issuer = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); +my $validity = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); +my $subject = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); +my $key = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); +my $issuer_uid = asn1_extract($tbs->[1], $CONT | $CONS | 1, 1); +my $subject_uid = asn1_extract($tbs->[1], $CONT | $CONS | 2, 1); +my $extension_list = asn1_extract($tbs->[1], $CONT | $CONS | 3, 1); + +my $subject_key_id = (); +my $authority_key_id = (); + +# +# Parse the extension list +# +if ($extension_list->[0] != -1) { + my $extensions = asn1_extract($extension_list->[1], $UNIV | $CONS | $SEQUENCE); + + while ($extensions->[1]->[1] > 0) { + my $ext = asn1_extract($extensions->[1], $UNIV | $CONS | $SEQUENCE); + my $x_oid = asn1_extract($ext->[1], $UNIV | $OBJ_ID); + my $x_crit = asn1_extract($ext->[1], $UNIV | $BOOLEAN, 1); + my $x_val = asn1_extract($ext->[1], $UNIV | $OCTET_STRING); + + my $raw_oid = asn1_retrieve($x_oid->[1]); + next if (!exists($OIDs{$raw_oid})); + my $x_type = $OIDs{$raw_oid}; + + my $raw_value = asn1_retrieve($x_val->[1]); + + if ($x_type eq "subjectKeyIdentifier") { + my $vcursor = [ 0, length($raw_value), \$raw_value ]; + + $subject_key_id = asn1_extract($vcursor, $UNIV | $OCTET_STRING); + } + } +} + +############################################################################### +# +# Determine what we're going to use as the signer's name. In order of +# preference, take one of: commonName, organizationName or emailAddress. +# +############################################################################### +my $org = ""; +my $cn = ""; +my $email = ""; + +while ($subject->[1]->[1] > 0) { + my $rdn = asn1_extract($subject->[1], $UNIV | $CONS | $SET); + my $attr = asn1_extract($rdn->[1], $UNIV | $CONS | $SEQUENCE); + my $n_oid = asn1_extract($attr->[1], $UNIV | $OBJ_ID); + my $n_val = asn1_extract($attr->[1], -1); + + my $raw_oid = asn1_retrieve($n_oid->[1]); + next if (!exists($OIDs{$raw_oid})); + my $n_type = $OIDs{$raw_oid}; + + my $raw_value = asn1_retrieve($n_val->[1]); + + if ($n_type eq "organizationName") { + $org = $raw_value; + } elsif ($n_type eq "commonName") { + $cn = $raw_value; + } elsif ($n_type eq "emailAddress") { + $email = $raw_value; + } +} + +my $signers_name = $email; + +if ($org && $cn) { + # Don't use the organizationName if the commonName repeats it + if (length($org) <= length($cn) && + substr($cn, 0, length($org)) eq $org) { + $signers_name = $cn; + goto got_id_name; + } + + # Or a signifcant chunk of it + if (length($org) >= 7 && + length($cn) >= 7 && + substr($cn, 0, 7) eq substr($org, 0, 7)) { + $signers_name = $cn; + goto got_id_name; + } + + $signers_name = $org . ": " . $cn; +} elsif ($org) { + $signers_name = $org; +} elsif ($cn) { + $signers_name = $cn; +} + +got_id_name: + +die $x509, ": ", "X.509: Couldn't find the Subject Key Identifier extension\n" + if (!$subject_key_id); + +my $key_identifier = asn1_retrieve($subject_key_id->[1]); + +############################################################################### +# +# Create and attach the module signature +# +############################################################################### # # Signature parameters # -algo=1 # Public-key crypto algorithm: RSA -hash= # Digest algorithm -id_type=1 # Identifier type: X.509 +my $algo = 1; # Public-key crypto algorithm: RSA +my $hash = 0; # Digest algorithm +my $id_type = 1; # Identifier type: X.509 # # Digest the data # -dgst= -if [ "$CONFIG_MODULE_SIG_SHA1" = "y" ] -then - prologue="0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14" - dgst=-sha1 - hash=2 -elif [ "$CONFIG_MODULE_SIG_SHA224" = "y" ] -then - prologue="0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1C" - dgst=-sha224 - hash=7 -elif [ "$CONFIG_MODULE_SIG_SHA256" = "y" ] -then - prologue="0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20" - dgst=-sha256 - hash=4 -elif [ "$CONFIG_MODULE_SIG_SHA384" = "y" ] -then - prologue="0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30" - dgst=-sha384 - hash=5 -elif [ "$CONFIG_MODULE_SIG_SHA512" = "y" ] -then - prologue="0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40" - dgst=-sha512 - hash=6 -else - echo "$0: Can't determine hash algorithm" >&2 - exit 2 -fi - -( -perl -e "binmode STDOUT; print pack(\"C*\", $prologue)" || exit $? -openssl dgst $dgst -binary $mod || exit $? -) >$mod.dig || exit $? +my ($dgst, $prologue) = (); +if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) { + $prologue = pack("C*", + 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, + 0x2B, 0x0E, 0x03, 0x02, 0x1A, + 0x05, 0x00, 0x04, 0x14); + $dgst = "-sha1"; + $hash = 2; +} elsif (exists $config{"CONFIG_MODULE_SIG_SHA224"}) { + $prologue = pack("C*", + 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, + 0x05, 0x00, 0x04, 0x1C); + $dgst = "-sha224"; + $hash = 7; +} elsif (exists $config{"CONFIG_MODULE_SIG_SHA256"}) { + $prologue = pack("C*", + 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, + 0x05, 0x00, 0x04, 0x20); + $dgst = "-sha256"; + $hash = 4; +} elsif (exists $config{"CONFIG_MODULE_SIG_SHA384"}) { + $prologue = pack("C*", + 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, + 0x05, 0x00, 0x04, 0x30); + $dgst = "-sha384"; + $hash = 5; +} elsif (exists $config{"CONFIG_MODULE_SIG_SHA512"}) { + $prologue = pack("C*", + 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, + 0x05, 0x00, 0x04, 0x40); + $dgst = "-sha512"; + $hash = 6; +} else { + die "Can't determine hash algorithm"; +} + +# +# Generate the digest and read from openssl's stdout +# +my $digest; +$digest = readpipe("openssl dgst $dgst -binary $module") || die "openssl dgst"; # # Generate the binary signature, which will be just the integer that comprises # the signature with no metadata attached. # -openssl rsautl -sign -inkey $key -keyform PEM -in $mod.dig -out $mod.sig || exit $? -siglen=`stat -c %s $mod.sig` +my $pid; +$pid = open2(*read_from, *write_to, + "openssl rsautl -sign -inkey $private_key -keyform PEM") || + die "openssl rsautl"; +binmode write_to; +print write_to $prologue . $digest || die "pipe to openssl rsautl"; +close(write_to) || die "pipe to openssl rsautl"; + +binmode read_from; +my $signature; +read(read_from, $signature, 4096) || die "pipe from openssl rsautl"; +close(read_from) || die "pipe from openssl rsautl"; +$signature = pack("n", length($signature)) . $signature, -SIGNER="`perl $keyid_script $x509 signer-name`" -KEYID="`perl $keyid_script $x509 keyid`" -keyidlen=$(echo -n "$KEYID" | wc -c) -signerlen=$(echo -n "$SIGNER" | wc -c) +waitpid($pid, 0) || die; +die "openssl rsautl died: $?" if ($? >> 8); # # Build the signed binary # -( - cat $mod || exit $? - echo '~Module signature appended~' || exit $? - echo -n "$SIGNER" || exit $? - echo -n "$KEYID" || exit $? +my $unsigned_module = read_file($module); + +my $magic_number = "~Module signature appended~\n"; + +my $info = pack("CCCCCxxxN", + $algo, $hash, $id_type, + length($signers_name), + length($key_identifier), + length($signature)); - # Preface each signature integer with a 2-byte BE length - perl -e "binmode STDOUT; print pack(\"n\", $siglen)" || exit $? - cat $mod.sig || exit $? +if ($verbose) { + print "Size of unsigned module: ", length($unsigned_module), "\n"; + print "Size of magic number : ", length($magic_number), "\n"; + print "Size of signer's name : ", length($signers_name), "\n"; + print "Size of key identifier : ", length($key_identifier), "\n"; + print "Size of signature : ", length($signature), "\n"; + print "Size of informaton : ", length($info), "\n"; + print "Signer's name : '", $signers_name, "'\n"; + print "Digest : $dgst\n"; +} - # Generate the information block - perl -e "binmode STDOUT; print pack(\"CCCCCxxxN\", $algo, $hash, $id_type, $signerlen, $keyidlen, $siglen + 2)" || exit $? -) >$mod~ || exit $? +open(FD, ">$dest") || die $dest; +binmode FD; +print FD + $unsigned_module, + $magic_number, + $signers_name, + $key_identifier, + $signature, + $info + ; +close FD || die $dest; -mv $mod~ $mod || exit $? +if ($#ARGV != 3) { + rename($dest, $module) || die $module; +} diff --git a/scripts/x509keyid b/scripts/x509keyid deleted file mode 100755 index 4241ec6c64b1..000000000000 --- a/scripts/x509keyid +++ /dev/null @@ -1,268 +0,0 @@ -#!/usr/bin/perl -w -# -# Generate an identifier from an X.509 certificate that can be placed in a -# module signature to indentify the key to use. -# -# Format: -# -# ./scripts/x509keyid -# -# We read the DER-encoded X509 certificate and parse it to extract the Subject -# name and Subject Key Identifier. The provide the data we need to build the -# certificate identifier. -# -# The signer's name part of the identifier is fabricated from the commonName, -# the organizationName or the emailAddress components of the X.509 subject -# name and written to the second named file. -# -# The subject key ID to select which of that signer's certificates we're -# intending to use to sign the module is written to the third named file. -# -use strict; - -my $raw_data; - -die "Need a filename [keyid|signer-name]\n" if ($#ARGV != 1); - -my $src = $ARGV[0]; - -open(FD, "<$src") || die $src; -binmode FD; -my @st = stat(FD); -die $src if (!@st); -read(FD, $raw_data, $st[7]) || die $src; -close(FD); - -my $UNIV = 0 << 6; -my $APPL = 1 << 6; -my $CONT = 2 << 6; -my $PRIV = 3 << 6; - -my $CONS = 0x20; - -my $BOOLEAN = 0x01; -my $INTEGER = 0x02; -my $BIT_STRING = 0x03; -my $OCTET_STRING = 0x04; -my $NULL = 0x05; -my $OBJ_ID = 0x06; -my $UTF8String = 0x0c; -my $SEQUENCE = 0x10; -my $SET = 0x11; -my $UTCTime = 0x17; -my $GeneralizedTime = 0x18; - -my %OIDs = ( - pack("CCC", 85, 4, 3) => "commonName", - pack("CCC", 85, 4, 6) => "countryName", - pack("CCC", 85, 4, 10) => "organizationName", - pack("CCC", 85, 4, 11) => "organizationUnitName", - pack("CCCCCCCCC", 42, 134, 72, 134, 247, 13, 1, 1, 1) => "rsaEncryption", - pack("CCCCCCCCC", 42, 134, 72, 134, 247, 13, 1, 1, 5) => "sha1WithRSAEncryption", - pack("CCCCCCCCC", 42, 134, 72, 134, 247, 13, 1, 9, 1) => "emailAddress", - pack("CCC", 85, 29, 35) => "authorityKeyIdentifier", - pack("CCC", 85, 29, 14) => "subjectKeyIdentifier", - pack("CCC", 85, 29, 19) => "basicConstraints" -); - -############################################################################### -# -# Extract an ASN.1 element from a string and return information about it. -# -############################################################################### -sub asn1_extract($$@) -{ - my ($cursor, $expected_tag, $optional) = @_; - - return [ -1 ] - if ($cursor->[1] == 0 && $optional); - - die $src, ": ", $cursor->[0], ": ASN.1 data underrun (elem ", $cursor->[1], ")\n" - if ($cursor->[1] < 2); - - my ($tag, $len) = unpack("CC", substr(${$cursor->[2]}, $cursor->[0], 2)); - - if ($expected_tag != -1 && $tag != $expected_tag) { - return [ -1 ] - if ($optional); - die $src, ": ", $cursor->[0], ": ASN.1 unexpected tag (", $tag, - " not ", $expected_tag, ")\n"; - } - - $cursor->[0] += 2; - $cursor->[1] -= 2; - - die $src, ": ", $cursor->[0], ": ASN.1 long tag\n" - if (($tag & 0x1f) == 0x1f); - die $src, ": ", $cursor->[0], ": ASN.1 indefinite length\n" - if ($len == 0x80); - - if ($len > 0x80) { - my $l = $len - 0x80; - die $src, ": ", $cursor->[0], ": ASN.1 data underrun (len len $l)\n" - if ($cursor->[1] < $l); - - if ($l == 0x1) { - $len = unpack("C", substr(${$cursor->[2]}, $cursor->[0], 1)); - } elsif ($l = 0x2) { - $len = unpack("n", substr(${$cursor->[2]}, $cursor->[0], 2)); - } elsif ($l = 0x3) { - $len = unpack("C", substr(${$cursor->[2]}, $cursor->[0], 1)) << 16; - $len = unpack("n", substr(${$cursor->[2]}, $cursor->[0] + 1, 2)); - } elsif ($l = 0x4) { - $len = unpack("N", substr(${$cursor->[2]}, $cursor->[0], 4)); - } else { - die $src, ": ", $cursor->[0], ": ASN.1 element too long (", $l, ")\n"; - } - - $cursor->[0] += $l; - $cursor->[1] -= $l; - } - - die $src, ": ", $cursor->[0], ": ASN.1 data underrun (", $len, ")\n" - if ($cursor->[1] < $len); - - my $ret = [ $tag, [ $cursor->[0], $len, $cursor->[2] ] ]; - $cursor->[0] += $len; - $cursor->[1] -= $len; - - return $ret; -} - -############################################################################### -# -# Retrieve the data referred to by a cursor -# -############################################################################### -sub asn1_retrieve($) -{ - my ($cursor) = @_; - my ($offset, $len, $data) = @$cursor; - return substr($$data, $offset, $len); -} - -############################################################################### -# -# Roughly parse the X.509 certificate -# -############################################################################### -my $cursor = [ 0, length($raw_data), \$raw_data ]; - -my $cert = asn1_extract($cursor, $UNIV | $CONS | $SEQUENCE); -my $tbs = asn1_extract($cert->[1], $UNIV | $CONS | $SEQUENCE); -my $version = asn1_extract($tbs->[1], $CONT | $CONS | 0, 1); -my $serial_number = asn1_extract($tbs->[1], $UNIV | $INTEGER); -my $sig_type = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); -my $issuer = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); -my $validity = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); -my $subject = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); -my $key = asn1_extract($tbs->[1], $UNIV | $CONS | $SEQUENCE); -my $issuer_uid = asn1_extract($tbs->[1], $CONT | $CONS | 1, 1); -my $subject_uid = asn1_extract($tbs->[1], $CONT | $CONS | 2, 1); -my $extension_list = asn1_extract($tbs->[1], $CONT | $CONS | 3, 1); - -my $subject_key_id = (); -my $authority_key_id = (); - -# -# Parse the extension list -# -if ($extension_list->[0] != -1) { - my $extensions = asn1_extract($extension_list->[1], $UNIV | $CONS | $SEQUENCE); - - while ($extensions->[1]->[1] > 0) { - my $ext = asn1_extract($extensions->[1], $UNIV | $CONS | $SEQUENCE); - my $x_oid = asn1_extract($ext->[1], $UNIV | $OBJ_ID); - my $x_crit = asn1_extract($ext->[1], $UNIV | $BOOLEAN, 1); - my $x_val = asn1_extract($ext->[1], $UNIV | $OCTET_STRING); - - my $raw_oid = asn1_retrieve($x_oid->[1]); - next if (!exists($OIDs{$raw_oid})); - my $x_type = $OIDs{$raw_oid}; - - my $raw_value = asn1_retrieve($x_val->[1]); - - if ($x_type eq "subjectKeyIdentifier") { - my $vcursor = [ 0, length($raw_value), \$raw_value ]; - - $subject_key_id = asn1_extract($vcursor, $UNIV | $OCTET_STRING); - } - } -} - -############################################################################### -# -# Determine what we're going to use as the signer's name. In order of -# preference, take one of: commonName, organizationName or emailAddress. -# -############################################################################### -my $org = ""; -my $cn = ""; -my $email = ""; - -while ($subject->[1]->[1] > 0) { - my $rdn = asn1_extract($subject->[1], $UNIV | $CONS | $SET); - my $attr = asn1_extract($rdn->[1], $UNIV | $CONS | $SEQUENCE); - my $n_oid = asn1_extract($attr->[1], $UNIV | $OBJ_ID); - my $n_val = asn1_extract($attr->[1], -1); - - my $raw_oid = asn1_retrieve($n_oid->[1]); - next if (!exists($OIDs{$raw_oid})); - my $n_type = $OIDs{$raw_oid}; - - my $raw_value = asn1_retrieve($n_val->[1]); - - if ($n_type eq "organizationName") { - $org = $raw_value; - } elsif ($n_type eq "commonName") { - $cn = $raw_value; - } elsif ($n_type eq "emailAddress") { - $email = $raw_value; - } -} - -my $id_name = $email; - -if ($org && $cn) { - # Don't use the organizationName if the commonName repeats it - if (length($org) <= length($cn) && - substr($cn, 0, length($org)) eq $org) { - $id_name = $cn; - goto got_id_name; - } - - # Or a signifcant chunk of it - if (length($org) >= 7 && - length($cn) >= 7 && - substr($cn, 0, 7) eq substr($org, 0, 7)) { - $id_name = $cn; - goto got_id_name; - } - - $id_name = $org . ": " . $cn; -} elsif ($org) { - $id_name = $org; -} elsif ($cn) { - $id_name = $cn; -} - -got_id_name: - -############################################################################### -# -# Output the signer's name and the key identifier that we're going to include -# in module signatures. -# -############################################################################### -die $src, ": ", "X.509: Couldn't find the Subject Key Identifier extension\n" - if (!$subject_key_id); - -my $id_key_id = asn1_retrieve($subject_key_id->[1]); - -if ($ARGV[1] eq "signer-name") { - print $id_name; -} elsif ($ARGV[1] eq "keyid") { - print $id_key_id; -} else { - die "Unknown arg"; -} -- cgit v1.2.3-59-g8ed1b From caabe240574aec05b2f5667414ce80f9075c2ba1 Mon Sep 17 00:00:00 2001 From: David Howells Date: Sat, 20 Oct 2012 01:19:29 +0100 Subject: MODSIGN: Move the magic string to the end of a module and eliminate the search Emit the magic string that indicates a module has a signature after the signature data instead of before it. This allows module_sig_check() to be made simpler and faster by the elimination of the search for the magic string. Instead we just need to do a single memcmp(). This works because at the end of the signature data there is the fixed-length signature information block. This block then falls immediately prior to the magic number. From the contents of the information block, it is trivial to calculate the size of the signature data and thus the size of the actual module data. Signed-off-by: David Howells Signed-off-by: Linus Torvalds --- kernel/module-internal.h | 3 +-- kernel/module.c | 26 +++++++++----------------- kernel/module_signing.c | 24 +++++++++++++++--------- scripts/sign-file | 6 +++--- 4 files changed, 28 insertions(+), 31 deletions(-) (limited to 'scripts') diff --git a/kernel/module-internal.h b/kernel/module-internal.h index 6114a13419bd..24f9247b7d02 100644 --- a/kernel/module-internal.h +++ b/kernel/module-internal.h @@ -11,5 +11,4 @@ extern struct key *modsign_keyring; -extern int mod_verify_sig(const void *mod, unsigned long modlen, - const void *sig, unsigned long siglen); +extern int mod_verify_sig(const void *mod, unsigned long *_modlen); diff --git a/kernel/module.c b/kernel/module.c index 0e2da8695f8e..6085f5ef88ea 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -2421,25 +2421,17 @@ static inline void kmemleak_load_module(const struct module *mod, #ifdef CONFIG_MODULE_SIG static int module_sig_check(struct load_info *info, - const void *mod, unsigned long *len) + const void *mod, unsigned long *_len) { int err = -ENOKEY; - const unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1; - const void *p = mod, *end = mod + *len; - - /* Poor man's memmem. */ - while ((p = memchr(p, MODULE_SIG_STRING[0], end - p))) { - if (p + markerlen > end) - break; - - if (memcmp(p, MODULE_SIG_STRING, markerlen) == 0) { - const void *sig = p + markerlen; - /* Truncate module up to signature. */ - *len = p - mod; - err = mod_verify_sig(mod, *len, sig, end - sig); - break; - } - p++; + unsigned long markerlen = sizeof(MODULE_SIG_STRING) - 1; + unsigned long len = *_len; + + if (len > markerlen && + memcmp(mod + len - markerlen, MODULE_SIG_STRING, markerlen) == 0) { + /* We truncate the module to discard the signature */ + *_len -= markerlen; + err = mod_verify_sig(mod, _len); } if (!err) { diff --git a/kernel/module_signing.c b/kernel/module_signing.c index 6b09f6983ac0..d492a23df99c 100644 --- a/kernel/module_signing.c +++ b/kernel/module_signing.c @@ -183,27 +183,33 @@ static struct key *request_asymmetric_key(const char *signer, size_t signer_len, /* * Verify the signature on a module. */ -int mod_verify_sig(const void *mod, unsigned long modlen, - const void *sig, unsigned long siglen) +int mod_verify_sig(const void *mod, unsigned long *_modlen) { struct public_key_signature *pks; struct module_signature ms; struct key *key; - size_t sig_len; + const void *sig; + size_t modlen = *_modlen, sig_len; int ret; - pr_devel("==>%s(,%lu,,%lu,)\n", __func__, modlen, siglen); + pr_devel("==>%s(,%lu)\n", __func__, modlen); - if (siglen <= sizeof(ms)) + if (modlen <= sizeof(ms)) return -EBADMSG; - memcpy(&ms, sig + (siglen - sizeof(ms)), sizeof(ms)); - siglen -= sizeof(ms); + memcpy(&ms, mod + (modlen - sizeof(ms)), sizeof(ms)); + modlen -= sizeof(ms); sig_len = be32_to_cpu(ms.sig_len); - if (sig_len >= siglen || - siglen - sig_len != (size_t)ms.signer_len + ms.key_id_len) + if (sig_len >= modlen) return -EBADMSG; + modlen -= sig_len; + if ((size_t)ms.signer_len + ms.key_id_len >= modlen) + return -EBADMSG; + modlen -= (size_t)ms.signer_len + ms.key_id_len; + + *_modlen = modlen; + sig = mod + modlen; /* For the moment, only support RSA and X.509 identifiers */ if (ms.algo != PKEY_ALGO_RSA || diff --git a/scripts/sign-file b/scripts/sign-file index d37d1309531e..87ca59d36e7e 100755 --- a/scripts/sign-file +++ b/scripts/sign-file @@ -403,11 +403,11 @@ my $info = pack("CCCCCxxxN", if ($verbose) { print "Size of unsigned module: ", length($unsigned_module), "\n"; - print "Size of magic number : ", length($magic_number), "\n"; print "Size of signer's name : ", length($signers_name), "\n"; print "Size of key identifier : ", length($key_identifier), "\n"; print "Size of signature : ", length($signature), "\n"; print "Size of informaton : ", length($info), "\n"; + print "Size of magic number : ", length($magic_number), "\n"; print "Signer's name : '", $signers_name, "'\n"; print "Digest : $dgst\n"; } @@ -416,11 +416,11 @@ open(FD, ">$dest") || die $dest; binmode FD; print FD $unsigned_module, - $magic_number, $signers_name, $key_identifier, $signature, - $info + $info, + $magic_number ; close FD || die $dest; -- cgit v1.2.3-59-g8ed1b From bad9955db1b73d7286f74a8136a0628a9b1ac017 Mon Sep 17 00:00:00 2001 From: Benjamin Poirier Date: Sun, 21 Oct 2012 05:27:53 -0400 Subject: menuconfig: Replace CIRCLEQ by list_head-style lists. sys/queue.h and CIRCLEQ in particular have proven to cause portability problems (reported on Debian Sarge, Cygwin and FreeBSD) Reported-by: Tetsuo Handa Tested-by: Tetsuo Handa Tested-by: Yaakov Selkowitz Signed-off-by: Benjamin Poirier Signed-off-by: "Yann E. MORIN" Signed-off-by: Michal Marek --- scripts/kconfig/expr.h | 5 +-- scripts/kconfig/list.h | 91 +++++++++++++++++++++++++++++++++++++++++++++ scripts/kconfig/lkc_proto.h | 4 +- scripts/kconfig/mconf.c | 6 +-- scripts/kconfig/menu.c | 14 ++++--- 5 files changed, 106 insertions(+), 14 deletions(-) create mode 100644 scripts/kconfig/list.h (limited to 'scripts') diff --git a/scripts/kconfig/expr.h b/scripts/kconfig/expr.h index bd2e09895553..cdd48600e02a 100644 --- a/scripts/kconfig/expr.h +++ b/scripts/kconfig/expr.h @@ -12,7 +12,7 @@ extern "C" { #include #include -#include +#include "list.h" #ifndef __cplusplus #include #endif @@ -175,12 +175,11 @@ struct menu { #define MENU_ROOT 0x0002 struct jump_key { - CIRCLEQ_ENTRY(jump_key) entries; + struct list_head entries; size_t offset; struct menu *target; int index; }; -CIRCLEQ_HEAD(jk_head, jump_key); #define JUMP_NB 9 diff --git a/scripts/kconfig/list.h b/scripts/kconfig/list.h new file mode 100644 index 000000000000..0ae730be5f49 --- /dev/null +++ b/scripts/kconfig/list.h @@ -0,0 +1,91 @@ +#ifndef LIST_H +#define LIST_H + +/* + * Copied from include/linux/... + */ + +#undef offsetof +#define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) + +/** + * container_of - cast a member of a structure out to the containing structure + * @ptr: the pointer to the member. + * @type: the type of the container struct this is embedded in. + * @member: the name of the member within the struct. + * + */ +#define container_of(ptr, type, member) ({ \ + const typeof( ((type *)0)->member ) *__mptr = (ptr); \ + (type *)( (char *)__mptr - offsetof(type,member) );}) + + +struct list_head { + struct list_head *next, *prev; +}; + + +#define LIST_HEAD_INIT(name) { &(name), &(name) } + +#define LIST_HEAD(name) \ + struct list_head name = LIST_HEAD_INIT(name) + +/** + * list_entry - get the struct for this entry + * @ptr: the &struct list_head pointer. + * @type: the type of the struct this is embedded in. + * @member: the name of the list_struct within the struct. + */ +#define list_entry(ptr, type, member) \ + container_of(ptr, type, member) + +/** + * list_for_each_entry - iterate over list of given type + * @pos: the type * to use as a loop cursor. + * @head: the head for your list. + * @member: the name of the list_struct within the struct. + */ +#define list_for_each_entry(pos, head, member) \ + for (pos = list_entry((head)->next, typeof(*pos), member); \ + &pos->member != (head); \ + pos = list_entry(pos->member.next, typeof(*pos), member)) + +/** + * list_empty - tests whether a list is empty + * @head: the list to test. + */ +static inline int list_empty(const struct list_head *head) +{ + return head->next == head; +} + +/* + * Insert a new entry between two known consecutive entries. + * + * This is only for internal list manipulation where we know + * the prev/next entries already! + */ +static inline void __list_add(struct list_head *_new, + struct list_head *prev, + struct list_head *next) +{ + next->prev = _new; + _new->next = next; + _new->prev = prev; + prev->next = _new; +} + +/** + * list_add_tail - add a new entry + * @new: new entry to be added + * @head: list head to add it before + * + * Insert a new entry before the specified head. + * This is useful for implementing queues. + */ +static inline void list_add_tail(struct list_head *_new, struct list_head *head) +{ + __list_add(_new, head->prev, head); +} + +#endif diff --git a/scripts/kconfig/lkc_proto.h b/scripts/kconfig/lkc_proto.h index 1d1c08537f1e..ef1a7381f956 100644 --- a/scripts/kconfig/lkc_proto.h +++ b/scripts/kconfig/lkc_proto.h @@ -21,9 +21,9 @@ P(menu_get_root_menu,struct menu *,(struct menu *menu)); P(menu_get_parent_menu,struct menu *,(struct menu *menu)); P(menu_has_help,bool,(struct menu *menu)); P(menu_get_help,const char *,(struct menu *menu)); -P(get_symbol_str, void, (struct gstr *r, struct symbol *sym, struct jk_head +P(get_symbol_str, void, (struct gstr *r, struct symbol *sym, struct list_head *head)); -P(get_relations_str, struct gstr, (struct symbol **sym_arr, struct jk_head +P(get_relations_str, struct gstr, (struct symbol **sym_arr, struct list_head *head)); P(menu_get_ext_help,void,(struct menu *menu, struct gstr *help)); diff --git a/scripts/kconfig/mconf.c b/scripts/kconfig/mconf.c index 48f67448af7b..53975cf87608 100644 --- a/scripts/kconfig/mconf.c +++ b/scripts/kconfig/mconf.c @@ -312,7 +312,7 @@ static void set_config_filename(const char *config_filename) struct search_data { - struct jk_head *head; + struct list_head *head; struct menu **targets; int *keys; }; @@ -323,7 +323,7 @@ static void update_text(char *buf, size_t start, size_t end, void *_data) struct jump_key *pos; int k = 0; - CIRCLEQ_FOREACH(pos, data->head, entries) { + list_for_each_entry(pos, data->head, entries) { if (pos->offset >= start && pos->offset < end) { char header[4]; @@ -375,7 +375,7 @@ again: sym_arr = sym_re_search(dialog_input); do { - struct jk_head head = CIRCLEQ_HEAD_INITIALIZER(head); + LIST_HEAD(head); struct menu *targets[JUMP_NB]; int keys[JUMP_NB + 1], i; struct search_data data = { diff --git a/scripts/kconfig/menu.c b/scripts/kconfig/menu.c index a3cade659f89..e98a05c8e508 100644 --- a/scripts/kconfig/menu.c +++ b/scripts/kconfig/menu.c @@ -508,7 +508,7 @@ const char *menu_get_help(struct menu *menu) } static void get_prompt_str(struct gstr *r, struct property *prop, - struct jk_head *head) + struct list_head *head) { int i, j; struct menu *submenu[8], *menu, *location = NULL; @@ -544,12 +544,13 @@ static void get_prompt_str(struct gstr *r, struct property *prop, } else jump->target = location; - if (CIRCLEQ_EMPTY(head)) + if (list_empty(head)) jump->index = 0; else - jump->index = CIRCLEQ_LAST(head)->index + 1; + jump->index = list_entry(head->prev, struct jump_key, + entries)->index + 1; - CIRCLEQ_INSERT_TAIL(head, jump, entries); + list_add_tail(&jump->entries, head); } if (i > 0) { @@ -573,7 +574,8 @@ static void get_prompt_str(struct gstr *r, struct property *prop, /* * head is optional and may be NULL */ -void get_symbol_str(struct gstr *r, struct symbol *sym, struct jk_head *head) +void get_symbol_str(struct gstr *r, struct symbol *sym, + struct list_head *head) { bool hit; struct property *prop; @@ -612,7 +614,7 @@ void get_symbol_str(struct gstr *r, struct symbol *sym, struct jk_head *head) str_append(r, "\n\n"); } -struct gstr get_relations_str(struct symbol **sym_arr, struct jk_head *head) +struct gstr get_relations_str(struct symbol **sym_arr, struct list_head *head) { struct symbol *sym; struct gstr res = str_new(); -- cgit v1.2.3-59-g8ed1b From ee951c630c5ce5108f8014ce1c9d738b5bbfea60 Mon Sep 17 00:00:00 2001 From: Stephen Boyd Date: Mon, 29 Oct 2012 19:19:34 +0100 Subject: ARM: 7568/1: Sort exception table at compile time Add the ARM machine identifier to sortextable and select the config option so that we can sort the exception table at compile time. sortextable relies on a section named __ex_table existing in the vmlinux, but ARM's linker script places the exception table in the data section. Give the exception table its own section so that sortextable can find it. This allows us to skip the sorting step during boot. Cc: David Daney Signed-off-by: Stephen Boyd Tested-by: Will Deacon Signed-off-by: Russell King --- arch/arm/Kconfig | 1 + arch/arm/kernel/vmlinux.lds.S | 19 +++++++++---------- scripts/sortextable.c | 1 + 3 files changed, 11 insertions(+), 10 deletions(-) (limited to 'scripts') diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 73067efd4845..208414c0506a 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -5,6 +5,7 @@ config ARM select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE select ARCH_HAVE_CUSTOM_GPIO_H select ARCH_WANT_IPC_PARSE_VERSION + select BUILDTIME_EXTABLE_SORT if MMU select CPU_PM if (SUSPEND || CPU_IDLE) select DCACHE_WORD_ACCESS if (CPU_V6 || CPU_V6K || CPU_V7) && !CPU_BIG_ENDIAN select GENERIC_ATOMIC64 if (CPU_V6 || !CPU_32v6K || !AEABI) diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S index 36ff15bbfdd4..b9f38e388b43 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -114,6 +114,15 @@ SECTIONS RO_DATA(PAGE_SIZE) + . = ALIGN(4); + __ex_table : AT(ADDR(__ex_table) - LOAD_OFFSET) { + __start___ex_table = .; +#ifdef CONFIG_MMU + *(__ex_table) +#endif + __stop___ex_table = .; + } + #ifdef CONFIG_ARM_UNWIND /* * Stack unwinding tables @@ -219,16 +228,6 @@ SECTIONS CACHELINE_ALIGNED_DATA(L1_CACHE_BYTES) READ_MOSTLY_DATA(L1_CACHE_BYTES) - /* - * The exception fixup table (might need resorting at runtime) - */ - . = ALIGN(4); - __start___ex_table = .; -#ifdef CONFIG_MMU - *(__ex_table) -#endif - __stop___ex_table = .; - /* * and the usual data section */ diff --git a/scripts/sortextable.c b/scripts/sortextable.c index f19ddc47304c..1f10e89d15b4 100644 --- a/scripts/sortextable.c +++ b/scripts/sortextable.c @@ -248,6 +248,7 @@ do_file(char const *const fname) case EM_S390: custom_sort = sort_relative_table; break; + case EM_ARM: case EM_MIPS: break; } /* end switch */ -- cgit v1.2.3-59-g8ed1b From f6a79af8f3701b5a0df431a76adee212616154dc Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Tue, 6 Nov 2012 11:46:59 +1030 Subject: modules: don't break modules_install on external modules with no key. The script still spits out an error ("Can't read private key") but we don't break modules_install. Reported-by: Bruno Wolff III Original-patch-by: Josh Boyer Signed-off-by: Rusty Russell --- scripts/Makefile.modinst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst index dda4b2b61927..ecbb44797e28 100644 --- a/scripts/Makefile.modinst +++ b/scripts/Makefile.modinst @@ -16,8 +16,9 @@ PHONY += $(modules) __modinst: $(modules) @: +# Don't stop modules_install if we can't sign external modules. quiet_cmd_modules_install = INSTALL $@ - cmd_modules_install = mkdir -p $(2); cp $@ $(2) ; $(mod_strip_cmd) $(2)/$(notdir $@) ; $(mod_sign_cmd) $(2)/$(notdir $@) + cmd_modules_install = mkdir -p $(2); cp $@ $(2) ; $(mod_strip_cmd) $(2)/$(notdir $@) ; $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD)) # Modules built outside the kernel source tree go into extra by default INSTALL_MOD_DIR ?= extra -- cgit v1.2.3-59-g8ed1b From c24f9f195edf8c7f78eff1081cdadd26bd272ee3 Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Thu, 8 Nov 2012 15:53:29 -0800 Subject: checkpatch: improve network block comment style checking Some comment styles in net and drivers/net are flagged inappropriately. Avoid proclaiming inline comments like: int a = b; /* some comment */ and block comments like: /********************* * some comment ********************/ are defective. Tested with $ cat drivers/net/t.c /* foo */ /* * foo */ /* foo */ /* foo * bar */ /**************************** * some long block comment ***************************/ struct foo { int bar; /* another test */ }; $ Signed-off-by: Joe Perches Reported-by: Larry Finger Cc: David Miller Cc: Stephen Hemminger Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/checkpatch.pl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 21a9f5de0a21..f18750e3bd6c 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -1890,8 +1890,10 @@ sub process { } if ($realfile =~ m@^(drivers/net/|net/)@ && - $rawline !~ m@^\+[ \t]*(\/\*|\*\/)@ && - $rawline =~ m@^\+[ \t]*.+\*\/[ \t]*$@) { + $rawline !~ m@^\+[ \t]*\*/[ \t]*$@ && #trailing */ + $rawline !~ m@^\+.*/\*.*\*/[ \t]*$@ && #inline /*...*/ + $rawline !~ m@^\+.*\*{2,}/[ \t]*$@ && #trailing **/ + $rawline =~ m@^\+[ \t]*.+\*\/[ \t]*$@) { #non blank */ WARN("NETWORKING_BLOCK_COMMENT_STYLE", "networking block comments put the trailing */ on a separate line\n" . $herecurr); } -- cgit v1.2.3-59-g8ed1b From fc96b211bc6fa917bfb07a8db4cd898663e5f2c6 Mon Sep 17 00:00:00 2001 From: Andreas Bießmann Date: Thu, 18 Oct 2012 11:08:49 +0200 Subject: scripts/pnmtologo: fix for plain PBM MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PBM generated with current tools do not have a whitespace between the digits. Therefore the pnmtologo tool fails to gernerate the required C-Array for these images. This patch fixes that behaviour and can handle both 'old style' and 'new style' PBM files. Signed-off-by: Andreas Bießmann Signed-off-by: Michal Marek --- scripts/pnmtologo.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'scripts') diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c index 5c113123ed9f..68bb4efc5af4 100644 --- a/scripts/pnmtologo.c +++ b/scripts/pnmtologo.c @@ -74,6 +74,7 @@ static unsigned int logo_height; static struct color **logo_data; static struct color logo_clut[MAX_LINUX_LOGO_COLORS]; static unsigned int logo_clutsize; +static int is_plain_pbm = 0; static void die(const char *fmt, ...) __attribute__ ((noreturn)) __attribute ((format (printf, 1, 2))); @@ -103,6 +104,11 @@ static unsigned int get_number(FILE *fp) val = 0; while (isdigit(c)) { val = 10*val+c-'0'; + /* some PBM are 'broken'; GiMP for example exports a PBM without space + * between the digits. This is Ok cause we know a PBM can only have a '1' + * or a '0' for the digit. */ + if (is_plain_pbm) + break; c = fgetc(fp); if (c == EOF) die("%s: end of file\n", filename); @@ -167,6 +173,7 @@ static void read_image(void) switch (magic) { case '1': /* Plain PBM */ + is_plain_pbm = 1; for (i = 0; i < logo_height; i++) for (j = 0; j < logo_width; j++) logo_data[i][j].red = logo_data[i][j].green = -- cgit v1.2.3-59-g8ed1b From 4f3be1cfa8422c93271dcdb59f223f6c84c70804 Mon Sep 17 00:00:00 2001 From: Magnus Damm Date: Fri, 16 Nov 2012 15:53:14 +0900 Subject: script: dtc: clean generated files Fix "make distclean" to clean up generated dtc files. Without this patch the following files are left around: - dtc-lexer.lex.c - dtc-parser.tab.c - dtc-parser.tab.h Signed-off-by: Magnus Damm Reviewed-by: Simon Horman Signed-off-by: Grant Likely --- scripts/dtc/Makefile | 2 ++ 1 file changed, 2 insertions(+) (limited to 'scripts') diff --git a/scripts/dtc/Makefile b/scripts/dtc/Makefile index 6d1c6bb9f224..2a48022c41e7 100644 --- a/scripts/dtc/Makefile +++ b/scripts/dtc/Makefile @@ -27,3 +27,5 @@ HOSTCFLAGS_dtc-parser.tab.o := $(HOSTCFLAGS_DTC) # dependencies on generated files need to be listed explicitly $(obj)/dtc-lexer.lex.o: $(obj)/dtc-parser.tab.h +# generated files need to be cleaned explicitly +clean-files := dtc-lexer.lex.c dtc-parser.tab.c dtc-parser.tab.h -- cgit v1.2.3-59-g8ed1b From 916492b1e1a186260951831c53a53d8a448dc026 Mon Sep 17 00:00:00 2001 From: Chun-Yi Lee Date: Wed, 21 Nov 2012 11:26:09 +0000 Subject: sign-file: fix the perl warning message when extracting ASN.1 There have the following warning message when running modules install for sign ko files: # make modules_install ... INSTALL drivers/input/touchscreen/pcap_ts.ko Found = in conditional, should be == at scripts/sign-file line 164. Found = in conditional, should be == at scripts/sign-file line 161. Found = in conditional, should be == at scripts/sign-file line 159. This patch change replace '=' by '==' in elsif conditions for avoid the above warning messages. Signed-off-by: Chun-Yi Lee Signed-off-by: David Howells Signed-off-by: Linus Torvalds --- scripts/sign-file | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'scripts') diff --git a/scripts/sign-file b/scripts/sign-file index 87ca59d36e7e..974a20b661b7 100755 --- a/scripts/sign-file +++ b/scripts/sign-file @@ -156,12 +156,12 @@ sub asn1_extract($$@) if ($l == 0x1) { $len = unpack("C", substr(${$cursor->[2]}, $cursor->[0], 1)); - } elsif ($l = 0x2) { + } elsif ($l == 0x2) { $len = unpack("n", substr(${$cursor->[2]}, $cursor->[0], 2)); - } elsif ($l = 0x3) { + } elsif ($l == 0x3) { $len = unpack("C", substr(${$cursor->[2]}, $cursor->[0], 1)) << 16; $len = unpack("n", substr(${$cursor->[2]}, $cursor->[0] + 1, 2)); - } elsif ($l = 0x4) { + } elsif ($l == 0x4) { $len = unpack("N", substr(${$cursor->[2]}, $cursor->[0], 4)); } else { die $x509, ": ", $cursor->[0], ": ASN.1 element too long (", $l, ")\n"; -- cgit v1.2.3-59-g8ed1b From 56c176c9cac9a77249fa1736bfd792f379d61942 Mon Sep 17 00:00:00 2001 From: David Howells Date: Mon, 26 Nov 2012 16:29:39 -0800 Subject: UAPI: strip the _UAPI prefix from header guards during header installation Strip the _UAPI prefix from header guards during header installation so that any userspace dependencies aren't affected. glibc, for example, checks for linux/types.h, linux/kernel.h, linux/compiler.h and linux/list.h by their guards - though the last two aren't actually exported. libtool: compile: gcc -std=gnu99 -DHAVE_CONFIG_H -I. -Wall -Werror -Wformat -Wformat-security -D_FORTIFY_SOURCE=2 -fno-delete-null-pointer-checks -fstack-protector -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables -c child.c -fPIC -DPIC -o .libs/child.o In file included from cli.c:20:0: common.h:152:8: error: redefinition of 'struct sysinfo' In file included from /usr/include/linux/kernel.h:4:0, from /usr/include/linux/sysctl.h:25, from /usr/include/sys/sysctl.h:43, from common.h:50, from cli.c:20: /usr/include/linux/sysinfo.h:7:8: note: originally defined here Reported-by: Tomasz Torcz Signed-off-by: David Howells Acked-by: Josh Boyer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/headers_install.pl | 3 +++ 1 file changed, 3 insertions(+) (limited to 'scripts') diff --git a/scripts/headers_install.pl b/scripts/headers_install.pl index 239d22d4207b..6c353ae8a451 100644 --- a/scripts/headers_install.pl +++ b/scripts/headers_install.pl @@ -42,6 +42,9 @@ foreach my $filename (@files) { $line =~ s/(^|\s)(inline)\b/$1__$2__/g; $line =~ s/(^|\s)(asm)\b(\s|[(]|$)/$1__$2__$3/g; $line =~ s/(^|\s|[(])(volatile)\b(\s|[(]|$)/$1__$2__$3/g; + $line =~ s/#ifndef _UAPI/#ifndef /; + $line =~ s/#define _UAPI/#define /; + $line =~ s!#endif /[*] _UAPI!#endif /* !; printf {$out} "%s", $line; } close $out; -- cgit v1.2.3-59-g8ed1b From 4092bac77131048b8f69cb1f939326c55d93709f Mon Sep 17 00:00:00 2001 From: Yacine Belkadi Date: Mon, 26 Nov 2012 22:22:27 +0100 Subject: scripts/kernel-doc: check that non-void fcts describe their return value If a function has a return value, but its kernel-doc comment doesn't contain a "Return" section, then emit the following warning: Warning(file.h:129): No description found for return value of 'fct' Note: This check emits a lot of warnings at the moment, because many functions don't have a 'Return' doc section. So until the number of warnings goes sufficiently down, the check is only performed in verbose mode. Signed-off-by: Yacine Belkadi Signed-off-by: Rob Landley Signed-off-by: Jiri Kosina --- scripts/kernel-doc | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'scripts') diff --git a/scripts/kernel-doc b/scripts/kernel-doc index 46e7aff80d1a..28b761567815 100755 --- a/scripts/kernel-doc +++ b/scripts/kernel-doc @@ -137,6 +137,8 @@ use strict; # should document the "Context:" of the function, e.g. whether the functions # can be called form interrupts. Unlike other sections you can end it with an # empty line. +# A non-void function should have a "Return:" section describing the return +# value(s). # Example-sections should contain the string EXAMPLE so that they are marked # appropriately in DocBook. # @@ -315,6 +317,7 @@ my $section_default = "Description"; # default section my $section_intro = "Introduction"; my $section = $section_default; my $section_context = "Context"; +my $section_return = "Return"; my $undescribed = "-- undescribed --"; @@ -2038,6 +2041,28 @@ sub check_sections($$$$$$) { } } +## +# Checks the section describing the return value of a function. +sub check_return_section { + my $file = shift; + my $declaration_name = shift; + my $return_type = shift; + + # Ignore an empty return type (It's a macro) + # Ignore functions with a "void" return type. (But don't ignore "void *") + if (($return_type eq "") || ($return_type =~ /void\s*\w*\s*$/)) { + return; + } + + if (!defined($sections{$section_return}) || + $sections{$section_return} eq "") { + print STDERR "Warning(${file}:$.): " . + "No description found for return value of " . + "'$declaration_name'\n"; + ++$warnings; + } +} + ## # takes a function prototype and the name of the current file being # processed and spits out all the details stored in the global @@ -2109,6 +2134,15 @@ sub dump_function($$) { my $prms = join " ", @parameterlist; check_sections($file, $declaration_name, "function", $sectcheck, $prms, ""); + # This check emits a lot of warnings at the moment, because many + # functions don't have a 'Return' doc section. So until the number + # of warnings goes sufficiently down, the check is only performed in + # verbose mode. + # TODO: always perform the check. + if ($verbose) { + check_return_section($file, $declaration_name, $return_type); + } + output_declaration($declaration_name, 'function', {'function' => $declaration_name, -- cgit v1.2.3-59-g8ed1b From 90b335fbbc316b58a0daee8ea792b5aa8903f2ae Mon Sep 17 00:00:00 2001 From: Stephen Warren Date: Tue, 27 Nov 2012 16:29:10 -0700 Subject: kbuild: centralize .dts->.dtb rule All architectures that use cmd_dtc do so in almost the same way. Create a central build rule to avoid duplication. The one difference is that most current uses of dtc build $(obj)/%.dtb from $(src)/dts/%.dts rather than building the .dtb in the same directory as the .dts file. This difference will be eliminated arch-by-arch in future patches. MIPS is the exception here; it already uses the exact same rule as the new common rule, so the duplicate is removed in this patch to avoid any conflict. arch/mips changes courtesy of Ralf Baechle. Update Documentation/kbuild to remove the explicit call to cmd_dtc from the example, now that the rule exists in a centralized location. Cc: Arnd Bergmann Cc: linux-arm-kernel@lists.infradead.org Cc: Olof Johansson Cc: Russell King Acked-by: Catalin Marinas Cc: Jonas Bonn Cc: linux@lists.openrisc.net Cc: Aurelien Jacquiot Cc: linux-c6x-dev@linux-c6x.org Cc: Mark Salter Cc: Michal Simek Cc: microblaze-uclinux@itee.uq.edu.au Cc: Chris Zankel Cc: linux-xtensa@linux-xtensa.org Cc: Max Filippov Signed-off-by: Ralf Baechle Signed-off-by: Stephen Warren Signed-off-by: Rob Herring --- Documentation/kbuild/makefiles.txt | 15 ++++++++------- arch/mips/cavium-octeon/Makefile | 3 --- arch/mips/lantiq/dts/Makefile | 3 --- arch/mips/netlogic/dts/Makefile | 3 --- scripts/Makefile.lib | 3 +++ 5 files changed, 11 insertions(+), 16 deletions(-) (limited to 'scripts') diff --git a/Documentation/kbuild/makefiles.txt b/Documentation/kbuild/makefiles.txt index ec9ae6708691..14c3f4f1b617 100644 --- a/Documentation/kbuild/makefiles.txt +++ b/Documentation/kbuild/makefiles.txt @@ -1175,15 +1175,16 @@ When kbuild executes, the following steps are followed (roughly): in an init section in the image. Platform code *must* copy the blob to non-init memory prior to calling unflatten_device_tree(). - Example: - #arch/x86/platform/ce4100/Makefile - clean-files := *dtb.S + To use this command, simply add *.dtb into obj-y or targets, or make + some other target depend on %.dtb - DTC_FLAGS := -p 1024 - obj-y += foo.dtb.o + A central rule exists to create $(obj)/%.dtb from $(src)/%.dts; + architecture Makefiles do no need to explicitly write out that rule. - $(obj)/%.dtb: $(src)/%.dts - $(call cmd,dtc) + Example: + targets += $(dtb-y) + clean-files += *.dtb + DTC_FLAGS ?= -p 1024 --- 6.8 Custom kbuild commands diff --git a/arch/mips/cavium-octeon/Makefile b/arch/mips/cavium-octeon/Makefile index bc96e2908f14..6e927cf20df2 100644 --- a/arch/mips/cavium-octeon/Makefile +++ b/arch/mips/cavium-octeon/Makefile @@ -24,9 +24,6 @@ DTB_FILES = $(patsubst %.dts, %.dtb, $(DTS_FILES)) obj-y += $(patsubst %.dts, %.dtb.o, $(DTS_FILES)) -$(obj)/%.dtb: $(src)/%.dts FORCE - $(call if_changed_dep,dtc) - # Let's keep the .dtb files around in case we want to look at them. .SECONDARY: $(addprefix $(obj)/, $(DTB_FILES)) diff --git a/arch/mips/lantiq/dts/Makefile b/arch/mips/lantiq/dts/Makefile index 674fca45f72d..6fa72dd641b2 100644 --- a/arch/mips/lantiq/dts/Makefile +++ b/arch/mips/lantiq/dts/Makefile @@ -1,4 +1 @@ obj-$(CONFIG_DT_EASY50712) := easy50712.dtb.o - -$(obj)/%.dtb: $(obj)/%.dts - $(call if_changed,dtc) diff --git a/arch/mips/netlogic/dts/Makefile b/arch/mips/netlogic/dts/Makefile index 67ae3fe296f0..d117d46413aa 100644 --- a/arch/mips/netlogic/dts/Makefile +++ b/arch/mips/netlogic/dts/Makefile @@ -1,4 +1 @@ obj-$(CONFIG_DT_XLP_EVP) := xlp_evp.dtb.o - -$(obj)/%.dtb: $(obj)/%.dts - $(call if_changed,dtc) diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 0be6f110cce7..bdf42fdf64c9 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -266,6 +266,9 @@ $(obj)/%.dtb.S: $(obj)/%.dtb quiet_cmd_dtc = DTC $@ cmd_dtc = $(objtree)/scripts/dtc/dtc -O dtb -o $@ -b 0 $(DTC_FLAGS) -d $(depfile) $< +$(obj)/%.dtb: $(src)/%.dts FORCE + $(call if_changed_dep,dtc) + # Bzip2 # --------------------------------------------------------------------------- -- cgit v1.2.3-59-g8ed1b From 92e9e6d1f9844b73a26215025a922e7d7aeae361 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 29 Nov 2012 10:45:02 -0800 Subject: modpost.c: Stop checking __dev* section mismatches Now that the __dev* sections are not being generated, we don't need to check for them in modpost.c. Acked-by: Sam Ravnborg Signed-off-by: Greg Kroah-Hartman --- scripts/mod/modpost.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) (limited to 'scripts') diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index 0d93856a03f4..ff36c508a10e 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -858,25 +858,23 @@ static void check_section(const char *modname, struct elf_info *elf, #define ALL_INIT_DATA_SECTIONS \ ".init.setup$", ".init.rodata$", \ - ".devinit.rodata$", ".cpuinit.rodata$", ".meminit.rodata$", \ - ".init.data$", ".devinit.data$", ".cpuinit.data$", ".meminit.data$" + ".cpuinit.rodata$", ".meminit.rodata$", \ + ".init.data$", ".cpuinit.data$", ".meminit.data$" #define ALL_EXIT_DATA_SECTIONS \ - ".exit.data$", ".devexit.data$", ".cpuexit.data$", ".memexit.data$" + ".exit.data$", ".cpuexit.data$", ".memexit.data$" #define ALL_INIT_TEXT_SECTIONS \ - ".init.text$", ".devinit.text$", ".cpuinit.text$", ".meminit.text$" + ".init.text$", ".cpuinit.text$", ".meminit.text$" #define ALL_EXIT_TEXT_SECTIONS \ - ".exit.text$", ".devexit.text$", ".cpuexit.text$", ".memexit.text$" + ".exit.text$", ".cpuexit.text$", ".memexit.text$" #define ALL_PCI_INIT_SECTIONS \ ".pci_fixup_early$", ".pci_fixup_header$", ".pci_fixup_final$", \ ".pci_fixup_enable$", ".pci_fixup_resume$", \ ".pci_fixup_resume_early$", ".pci_fixup_suspend$" -#define ALL_XXXINIT_SECTIONS DEV_INIT_SECTIONS, CPU_INIT_SECTIONS, \ - MEM_INIT_SECTIONS -#define ALL_XXXEXIT_SECTIONS DEV_EXIT_SECTIONS, CPU_EXIT_SECTIONS, \ - MEM_EXIT_SECTIONS +#define ALL_XXXINIT_SECTIONS CPU_INIT_SECTIONS, MEM_INIT_SECTIONS +#define ALL_XXXEXIT_SECTIONS CPU_EXIT_SECTIONS, MEM_EXIT_SECTIONS #define ALL_INIT_SECTIONS INIT_SECTIONS, ALL_XXXINIT_SECTIONS #define ALL_EXIT_SECTIONS EXIT_SECTIONS, ALL_XXXEXIT_SECTIONS @@ -885,12 +883,10 @@ static void check_section(const char *modname, struct elf_info *elf, #define TEXT_SECTIONS ".text$" #define INIT_SECTIONS ".init.*" -#define DEV_INIT_SECTIONS ".devinit.*" #define CPU_INIT_SECTIONS ".cpuinit.*" #define MEM_INIT_SECTIONS ".meminit.*" #define EXIT_SECTIONS ".exit.*" -#define DEV_EXIT_SECTIONS ".devexit.*" #define CPU_EXIT_SECTIONS ".cpuexit.*" #define MEM_EXIT_SECTIONS ".memexit.*" @@ -979,7 +975,7 @@ const struct sectioncheck sectioncheck[] = { .mismatch = DATA_TO_ANY_EXIT, .symbol_white_list = { DEFAULT_SYMBOL_WHITE_LIST, NULL }, }, -/* Do not reference init code/data from devinit/cpuinit/meminit code/data */ +/* Do not reference init code/data from cpuinit/meminit code/data */ { .fromsec = { ALL_XXXINIT_SECTIONS, NULL }, .tosec = { INIT_SECTIONS, NULL }, @@ -1000,7 +996,7 @@ const struct sectioncheck sectioncheck[] = { .mismatch = XXXINIT_TO_SOME_INIT, .symbol_white_list = { DEFAULT_SYMBOL_WHITE_LIST, NULL }, }, -/* Do not reference exit code/data from devexit/cpuexit/memexit code/data */ +/* Do not reference exit code/data from cpuexit/memexit code/data */ { .fromsec = { ALL_XXXEXIT_SECTIONS, NULL }, .tosec = { EXIT_SECTIONS, NULL }, @@ -1089,7 +1085,7 @@ static const struct sectioncheck *section_mismatch( * Pattern 2: * Many drivers utilise a *driver container with references to * add, remove, probe functions etc. - * These functions may often be marked __devinit and we do not want to + * These functions may often be marked __cpuinit and we do not want to * warn here. * the pattern is identified by: * tosec = init or exit section -- cgit v1.2.3-59-g8ed1b From 9a52aeeb92853167a67225602b9783f3cf4e578e Mon Sep 17 00:00:00 2001 From: Yacine Belkadi Date: Tue, 27 Nov 2012 21:27:19 +0100 Subject: scripts/kernel-doc: check that non-void fcts describe their return value If a function has a return value, but its kernel-doc comment doesn't contain a "Return" section, then emit the following warning: Warning(file.h:129): No description found for return value of 'fct' Note: This check emits a lot of warnings at the moment, because many functions don't have a 'Return' doc section. So until the number of warnings goes sufficiently down, the check is only performed in verbose mode. Signed-off-by: Yacine Belkadi Acked-by: Randy Dunlap Signed-off-by: Michal Marek --- scripts/kernel-doc | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'scripts') diff --git a/scripts/kernel-doc b/scripts/kernel-doc index 46e7aff80d1a..28b761567815 100755 --- a/scripts/kernel-doc +++ b/scripts/kernel-doc @@ -137,6 +137,8 @@ use strict; # should document the "Context:" of the function, e.g. whether the functions # can be called form interrupts. Unlike other sections you can end it with an # empty line. +# A non-void function should have a "Return:" section describing the return +# value(s). # Example-sections should contain the string EXAMPLE so that they are marked # appropriately in DocBook. # @@ -315,6 +317,7 @@ my $section_default = "Description"; # default section my $section_intro = "Introduction"; my $section = $section_default; my $section_context = "Context"; +my $section_return = "Return"; my $undescribed = "-- undescribed --"; @@ -2038,6 +2041,28 @@ sub check_sections($$$$$$) { } } +## +# Checks the section describing the return value of a function. +sub check_return_section { + my $file = shift; + my $declaration_name = shift; + my $return_type = shift; + + # Ignore an empty return type (It's a macro) + # Ignore functions with a "void" return type. (But don't ignore "void *") + if (($return_type eq "") || ($return_type =~ /void\s*\w*\s*$/)) { + return; + } + + if (!defined($sections{$section_return}) || + $sections{$section_return} eq "") { + print STDERR "Warning(${file}:$.): " . + "No description found for return value of " . + "'$declaration_name'\n"; + ++$warnings; + } +} + ## # takes a function prototype and the name of the current file being # processed and spits out all the details stored in the global @@ -2109,6 +2134,15 @@ sub dump_function($$) { my $prms = join " ", @parameterlist; check_sections($file, $declaration_name, "function", $sectcheck, $prms, ""); + # This check emits a lot of warnings at the moment, because many + # functions don't have a 'Return' doc section. So until the number + # of warnings goes sufficiently down, the check is only performed in + # verbose mode. + # TODO: always perform the check. + if ($verbose) { + check_return_section($file, $declaration_name, $return_type); + } + output_declaration($declaration_name, 'function', {'function' => $declaration_name, -- cgit v1.2.3-59-g8ed1b From ad99ac2fa76b4a793ee801920f7501c8df6534d0 Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Sat, 3 Nov 2012 21:02:09 +0100 Subject: scripts/coccinelle/misc/warn.cocci: use WARN Use WARN(1,...) rather than printk followed by WARN(1). Signed-off-by: Julia Lawall Signed-off-by: Michal Marek --- scripts/coccinelle/misc/warn.cocci | 109 +++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 scripts/coccinelle/misc/warn.cocci (limited to 'scripts') diff --git a/scripts/coccinelle/misc/warn.cocci b/scripts/coccinelle/misc/warn.cocci new file mode 100644 index 000000000000..fda8c3558e4f --- /dev/null +++ b/scripts/coccinelle/misc/warn.cocci @@ -0,0 +1,109 @@ +/// Use WARN(1,...) rather than printk followed by WARN_ON(1) +/// +// Confidence: High +// Copyright: (C) 2012 Julia Lawall, INRIA/LIP6. GPLv2. +// Copyright: (C) 2012 Gilles Muller, INRIA/LiP6. GPLv2. +// URL: http://coccinelle.lip6.fr/ +// Comments: +// Options: -no_includes -include_headers + +virtual patch +virtual context +virtual org +virtual report + +@bad1@ +position p; +@@ + +printk(...); +printk@p(...); +WARN_ON(1); + +@r1 depends on context || report || org@ +position p != bad1.p; +@@ + + printk@p(...); +*WARN_ON(1); + +@script:python depends on org@ +p << r1.p; +@@ + +cocci.print_main("printk + WARN_ON can be just WARN",p) + +@script:python depends on report@ +p << r1.p; +@@ + +msg = "SUGGESTION: printk + WARN_ON can be just WARN" +coccilib.report.print_report(p[0],msg) + +@ok1 depends on patch@ +expression list es; +position p != bad1.p; +@@ + +-printk@p( ++WARN(1, + es); +-WARN_ON(1); + +@depends on patch@ +expression list ok1.es; +@@ + +if (...) +- { + WARN(1,es); +- } + +// -------------------------------------------------------------------- + +@bad2@ +position p; +@@ + +printk(...); +printk@p(...); +WARN_ON_ONCE(1); + +@r2 depends on context || report || org@ +position p != bad1.p; +@@ + + printk@p(...); +*WARN_ON_ONCE(1); + +@script:python depends on org@ +p << r2.p; +@@ + +cocci.print_main("printk + WARN_ON_ONCE can be just WARN_ONCE",p) + +@script:python depends on report@ +p << r2.p; +@@ + +msg = "SUGGESTION: printk + WARN_ON_ONCE can be just WARN_ONCE" +coccilib.report.print_report(p[0],msg) + +@ok2 depends on patch@ +expression list es; +position p != bad2.p; +@@ + +-printk@p( ++WARN_ONCE(1, + es); +-WARN_ON_ONCE(1); + +@depends on patch@ +expression list ok2.es; +@@ + +if (...) +- { + WARN_ONCE(1,es); +- } -- cgit v1.2.3-59-g8ed1b From 596585090a6d7f0a62b4e5864ad8cedf1af964d1 Mon Sep 17 00:00:00 2001 From: Joonsoo Kim Date: Tue, 11 Dec 2012 00:11:45 +0900 Subject: scripts/tags.sh: Support subarch for ARM Current tags.sh doesn't handle subarch for ARM. There are too many subarch on ARM, it is hard that we locate some functions which are defined in every subarch with tags util family. Therefore support subarch for removing this unconvenience. We can use ARM subarch functionality like below. "make cscope O=. SRCARCH=arm SUBARCH=xxx" Signed-off-by: Joonsoo Kim Signed-off-by: Michal Marek --- scripts/tags.sh | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/tags.sh b/scripts/tags.sh index 79fdafb0d263..8fb18d1da71b 100755 --- a/scripts/tags.sh +++ b/scripts/tags.sh @@ -48,13 +48,14 @@ find_arch_sources() for i in $archincludedir; do prune="$prune -wholename $i -prune -o" done - find ${tree}arch/$1 $ignore $prune -name "$2" -print; + find ${tree}arch/$1 $ignore $subarchprune $prune -name "$2" -print; } # find sources in arch/$1/include find_arch_include_sources() { - include=$(find ${tree}arch/$1/ -name include -type d); + include=$(find ${tree}arch/$1/ $subarchprune \ + -name include -type d -print); if [ -n "$include" ]; then archincludedir="$archincludedir $include" find $include $ignore -name "$2" -print; @@ -234,6 +235,21 @@ if [ "${ARCH}" = "um" ]; then else archinclude=${SUBARCH} fi +elif [ "${SRCARCH}" = "arm" -a "${SUBARCH}" != "" ]; then + subarchdir=$(find ${tree}arch/$SRCARCH/ -name "mach-*" -type d -o \ + -name "plat-*" -type d); + for i in $subarchdir; do + case "$i" in + *"mach-"${SUBARCH}) + ;; + *"plat-"${SUBARCH}) + ;; + *) + subarchprune="$subarchprune \ + -wholename $i -prune -o" + ;; + esac + done fi remove_structs= -- cgit v1.2.3-59-g8ed1b From 923e02ecf3f8db19d52176723fefa0ffe6e9a3cd Mon Sep 17 00:00:00 2001 From: Joonsoo Kim Date: Tue, 11 Dec 2012 00:11:46 +0900 Subject: scripts/tags.sh: Support compiled source We usually have interst in compiled files only, because they are strongly related to individual's work. Current tags.sh can't select compiled files, so support it. We can use this functionality like below. "make cscope O=. SRCARCH=xxxx COMPILED_SOURCE=compiled" It must be executed after building the kernel. Signed-off-by: Joonsoo Kim Signed-off-by: Michal Marek --- scripts/tags.sh | 37 +++++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) (limited to 'scripts') diff --git a/scripts/tags.sh b/scripts/tags.sh index 8fb18d1da71b..08f06c00745e 100755 --- a/scripts/tags.sh +++ b/scripts/tags.sh @@ -96,6 +96,32 @@ all_sources() find_other_sources '*.[chS]' } +all_compiled_sources() +{ + for i in $(all_sources); do + case "$i" in + *.[cS]) + j=${i/\.[cS]/\.o} + if [ -e $j ]; then + echo $i + fi + ;; + *) + echo $i + ;; + esac + done +} + +all_target_sources() +{ + if [ -n "$COMPILED_SOURCE" ]; then + all_compiled_sources + else + all_sources + fi +} + all_kconfigs() { for arch in $ALLSOURCE_ARCHS; do @@ -111,18 +137,18 @@ all_defconfigs() docscope() { - (echo \-k; echo \-q; all_sources) > cscope.files + (echo \-k; echo \-q; all_target_sources) > cscope.files cscope -b -f cscope.out } dogtags() { - all_sources | gtags -i -f - + all_target_sources | gtags -i -f - } exuberant() { - all_sources | xargs $1 -a \ + all_target_sources | xargs $1 -a \ -I __initdata,__exitdata,__acquires,__releases \ -I __read_mostly,____cacheline_aligned \ -I ____cacheline_aligned_in_smp \ @@ -174,7 +200,7 @@ exuberant() emacs() { - all_sources | xargs $1 -a \ + all_target_sources | xargs $1 -a \ --regex='/^(ENTRY|_GLOBAL)(\([^)]*\)).*/\2/' \ --regex='/^SYSCALL_DEFINE[0-9]?(\([^,)]*\).*/sys_\1/' \ --regex='/^TRACE_EVENT(\([^,)]*\).*/trace_\1/' \ @@ -221,11 +247,10 @@ xtags() elif $1 --version 2>&1 | grep -iq emacs; then emacs $1 else - all_sources | xargs $1 -a + all_target_sources | xargs $1 -a fi } - # Support um (which uses SUBARCH) if [ "${ARCH}" = "um" ]; then if [ "$SUBARCH" = "i386" ]; then -- cgit v1.2.3-59-g8ed1b From d890f510c8e45aaf33b8737f211ea05aecb8b460 Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Mon, 5 Nov 2012 09:09:24 +1030 Subject: MODSIGN: Add modules_sign make target If CONFIG_MODULE_SIG is set, and 'make modules_sign' is called then this patch will cause the modules to get a signature appended. The make target is intended to be run after 'make modules_install', and will modify the modules in-place in the installed location. It can be used to produce signed modules after they have been processed by distribution build scripts. Signed-off-by: Josh Boyer Signed-off-by: Rusty Russell (minor typo fix) --- Makefile | 6 ++++++ scripts/Makefile.modsign | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 scripts/Makefile.modsign (limited to 'scripts') diff --git a/Makefile b/Makefile index 6cab75b74365..f00e0e3c4a87 100644 --- a/Makefile +++ b/Makefile @@ -981,6 +981,12 @@ _modinst_post: _modinst_ $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.fwinst obj=firmware __fw_modinst $(call cmd,depmod) +ifeq ($(CONFIG_MODULE_SIG), y) +PHONY += modules_sign +modules_sign: + $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modsign +endif + else # CONFIG_MODULES # Modules not configured diff --git a/scripts/Makefile.modsign b/scripts/Makefile.modsign new file mode 100644 index 000000000000..abfda626dbad --- /dev/null +++ b/scripts/Makefile.modsign @@ -0,0 +1,32 @@ +# ========================================================================== +# Signing modules +# ========================================================================== + +PHONY := __modsign +__modsign: + +include scripts/Kbuild.include + +__modules := $(sort $(shell grep -h '\.ko' /dev/null $(wildcard $(MODVERDIR)/*.mod))) +modules := $(patsubst %.o,%.ko,$(wildcard $(__modules:.ko=.o))) + +PHONY += $(modules) +__modsign: $(modules) + @: + +quiet_cmd_sign_ko = SIGN [M] $(2)/$(notdir $@) + cmd_sign_ko = $(mod_sign_cmd) $(2)/$(notdir $@) + +# Modules built outside the kernel source tree go into extra by default +INSTALL_MOD_DIR ?= extra +ext-mod-dir = $(INSTALL_MOD_DIR)$(subst $(patsubst %/,%,$(KBUILD_EXTMOD)),,$(@D)) + +modinst_dir = $(if $(KBUILD_EXTMOD),$(ext-mod-dir),kernel/$(@D)) + +$(modules): + $(call cmd,sign_ko,$(MODLIB)/$(modinst_dir)) + +# Declare the contents of the .PHONY variable as phony. We keep that +# information in a variable se we can use it in if_changed and friends. + +.PHONY: $(PHONY) -- cgit v1.2.3-59-g8ed1b From c6ba8d06ecfc1dadcf7f1b54960cf9332ba5ae8d Mon Sep 17 00:00:00 2001 From: Hiroshi Doyu Date: Fri, 14 Dec 2012 08:47:59 +0200 Subject: scripts/config: Fix wrong "shift" for --keep-case Remove wrong "shift" for --keep-case. There is always "shift" at beginning of while-loop. No need "shift" at --keep-case just before "continue" to process next argument. Now the following works as expected: ./scripts/config -e aAa -k -e bBb -e cCc && tail -3 .config CONFIG_AAA=y CONFIG_bBb=y CONFIG_cCc=y Signed-off-by: Hiroshi Doyu Signed-off-by: Michal Marek --- scripts/config | 1 - 1 file changed, 1 deletion(-) (limited to 'scripts') diff --git a/scripts/config b/scripts/config index ee355394f4ef..bb4d3deb6d1c 100755 --- a/scripts/config +++ b/scripts/config @@ -101,7 +101,6 @@ while [ "$1" != "" ] ; do case "$CMD" in --keep-case|-k) MUNGE_CASE=no - shift continue ;; --refresh) -- cgit v1.2.3-59-g8ed1b From 5023d3472d444747bfa12e9798d7993e7efb8287 Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Mon, 17 Dec 2012 16:01:47 -0800 Subject: checkpatch: warn on unnecessary line continuations When the previous line is not a line continuation and the current line has a line continuation but is not a #define, emit a warning. Signed-off-by: Joe Perches Cc: Peter Hurley Cc: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/checkpatch.pl | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'scripts') diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index f18750e3bd6c..d4f61a6fed5d 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -3013,6 +3013,15 @@ sub process { "Macros with complex values should be enclosed in parenthesis\n" . "$herectx"); } } + +# check for line continuations outside of #defines + + } else { + if ($prevline !~ /^..*\\$/ && + $line =~ /^\+.*\\$/) { + WARN("LINE_CONTINUATIONS", + "Avoid unnecessary line continuations\n" . $herecurr); + } } # do {} while (0) macro tests: -- cgit v1.2.3-59-g8ed1b From 1ba8dfd17ead04de18bfca7b68c2a144c8be736a Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Mon, 17 Dec 2012 16:01:48 -0800 Subject: checkpatch: warn about using CONFIG_EXPERIMENTAL This config item has not carried much meaning for a while now and is almost always enabled by default. As agreed during the Linux kernel summit, it is being removed. This will discourage future addition of CONFIG_EXPERIMENTAL while it is being phased out. Signed-off-by: Kees Cook Cc: Andy Whitcroft Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/checkpatch.pl | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'scripts') diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index d4f61a6fed5d..cd251d5f3f1a 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -1757,6 +1757,13 @@ sub process { #print "is_start<$is_start> is_end<$is_end> length<$length>\n"; } +# discourage the addition of CONFIG_EXPERIMENTAL in Kconfig. + if ($realfile =~ /Kconfig/ && + $line =~ /.\s*depends on\s+.*\bEXPERIMENTAL\b/) { + WARN("CONFIG_EXPERIMENTAL", + "Use of CONFIG_EXPERIMENTAL is deprecated. For alternatives, see https://lkml.org/lkml/2012/10/23/580\n"); + } + if (($realfile =~ /Makefile.*/ || $realfile =~ /Kbuild.*/) && ($line =~ /\+(EXTRA_[A-Z]+FLAGS).*/)) { my $flag = $1; @@ -1912,6 +1919,12 @@ sub process { # check we are in a valid C source file if not then ignore this hunk next if ($realfile !~ /\.(h|c)$/); +# discourage the addition of CONFIG_EXPERIMENTAL in #if(def). + if ($line =~ /^\+\s*\#\s*if.*\bCONFIG_EXPERIMENTAL\b/) { + WARN("CONFIG_EXPERIMENTAL", + "Use of CONFIG_EXPERIMENTAL is deprecated. For alternatives, see https://lkml.org/lkml/2012/10/23/580\n"); + } + # check for RCS/CVS revision markers if ($rawline =~ /^\+.*\$(Revision|Log|Id)(?:\$|)/) { WARN("CVS_KEYWORD", -- cgit v1.2.3-59-g8ed1b From 78e3f1f01d23c1a0d5828669d35afa2e7951987d Mon Sep 17 00:00:00 2001 From: Tao Ma Date: Mon, 17 Dec 2012 16:01:49 -0800 Subject: checkpatch: remove reference to feature-removal-schedule.txt In commit 9c0ece069b32 ("Get rid of Documentation/feature-removal.txt"), Linus removes feature-removal-schedule.txt from Documentation, but there is still some reference to this file. So remove them. Signed-off-by: Tao Ma Acked-by: Andy Whitcroft Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/checkpatch.pl | 37 ------------------------------------- 1 file changed, 37 deletions(-) (limited to 'scripts') diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index cd251d5f3f1a..d2d5ba17ad6c 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -352,27 +352,6 @@ sub deparenthesize { $chk_signoff = 0 if ($file); -my @dep_includes = (); -my @dep_functions = (); -my $removal = "Documentation/feature-removal-schedule.txt"; -if ($tree && -f "$root/$removal") { - open(my $REMOVE, '<', "$root/$removal") || - die "$P: $removal: open failed - $!\n"; - while (<$REMOVE>) { - if (/^Check:\s+(.*\S)/) { - for my $entry (split(/[, ]+/, $1)) { - if ($entry =~ m@include/(.*)@) { - push(@dep_includes, $1); - - } elsif ($entry !~ m@/@) { - push(@dep_functions, $entry); - } - } - } - } - close($REMOVE); -} - my @rawlines = (); my @lines = (); my $vname; @@ -3205,22 +3184,6 @@ sub process { } } -# don't include deprecated include files (uses RAW line) - for my $inc (@dep_includes) { - if ($rawline =~ m@^.\s*\#\s*include\s*\<$inc>@) { - ERROR("DEPRECATED_INCLUDE", - "Don't use <$inc>: see Documentation/feature-removal-schedule.txt\n" . $herecurr); - } - } - -# don't use deprecated functions - for my $func (@dep_functions) { - if ($line =~ /\b$func\b/) { - ERROR("DEPRECATED_FUNCTION", - "Don't use $func(): see Documentation/feature-removal-schedule.txt\n" . $herecurr); - } - } - # no volatiles please my $asm_volatile = qr{\b(__asm__|asm)\s+(__volatile__|volatile)\b}; if ($line =~ /\bvolatile\b/ && $line !~ /$asm_volatile/) { -- cgit v1.2.3-59-g8ed1b From 03df4b51f33e1fdd35fe7bc19f1f450726395207 Mon Sep 17 00:00:00 2001 From: Andy Whitcroft Date: Mon, 17 Dec 2012 16:01:52 -0800 Subject: checkpatch: consolidate if (foo) bar(foo) checks and add debugfs_remove Consolidate the if (foo) bar(foo) detectors into a single check. Add debugfs_remove and family. Based on a patch by Constantine Shulyupin. Signed-off-by: Andy Whitcroft Cc: Constantine Shulyupin . Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/checkpatch.pl | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) (limited to 'scripts') diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index d2d5ba17ad6c..a1b870d188c4 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -3198,20 +3198,12 @@ sub process { $herecurr); } -# check for needless kfree() checks - if ($prevline =~ /\bif\s*\(([^\)]*)\)/) { - my $expr = $1; - if ($line =~ /\bkfree\(\Q$expr\E\);/) { - WARN("NEEDLESS_KFREE", - "kfree(NULL) is safe this check is probably not required\n" . $hereprev); - } - } -# check for needless usb_free_urb() checks - if ($prevline =~ /\bif\s*\(([^\)]*)\)/) { - my $expr = $1; - if ($line =~ /\busb_free_urb\(\Q$expr\E\);/) { - WARN("NEEDLESS_USB_FREE_URB", - "usb_free_urb(NULL) is safe this check is probably not required\n" . $hereprev); +# check for needless "if () fn()" uses + if ($prevline =~ /\bif\s*\(\s*($Lval)\s*\)/) { + my $expr = '\s*\(\s*' . quotemeta($1) . '\s*\)\s*;'; + if ($line =~ /\b(kfree|usb_free_urb|debugfs_remove(?:_recursive)?)$expr/) { + WARN('NEEDLESS_IF', + "$1(NULL) is safe this check is probably not required\n" . $hereprev); } } -- cgit v1.2.3-59-g8ed1b From 6cd7f3869c925622bbf420e1107a026d91dbd7f2 Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Mon, 17 Dec 2012 16:01:54 -0800 Subject: checkpatch: allow control over line length warning, default remains 80 Some projects might want a longer line length so allow a command line --max-line-length=n control over the long line warnings. The default line length is 80. Signed-off-by: Joe Perches Cc: Constantine Shulyupin Cc: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/checkpatch.pl | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'scripts') diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index a1b870d188c4..6fa167758f82 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -33,6 +33,7 @@ my %ignore_type = (); my @ignore = (); my $help = 0; my $configuration_file = ".checkpatch.conf"; +my $max_line_length = 80; sub help { my ($exitcode) = @_; @@ -51,6 +52,7 @@ Options: -f, --file treat FILE as regular source file --subjective, --strict enable more subjective tests --ignore TYPE(,TYPE2...) ignore various comma separated message types + --max-line-length=n set the maximum line length, if exceeded, warn --show-types show the message "types" in the output --root=PATH PATH to the kernel tree root --no-summary suppress the per-file summary @@ -107,6 +109,7 @@ GetOptions( 'strict!' => \$check, 'ignore=s' => \@ignore, 'show-types!' => \$show_types, + 'max-line-length=i' => \$max_line_length, 'root=s' => \$root, 'summary!' => \$summary, 'mailback!' => \$mailback, @@ -1760,15 +1763,15 @@ sub process { # check we are in a valid source file if not then ignore this hunk next if ($realfile !~ /\.(h|c|s|S|pl|sh)$/); -#80 column limit +#line length limit if ($line =~ /^\+/ && $prevrawline !~ /\/\*\*/ && $rawline !~ /^.\s*\*\s*\@$Ident\s/ && !($line =~ /^\+\s*$logFunctions\s*\(\s*(?:(KERN_\S+\s*|[^"]*))?"[X\t]*"\s*(?:|,|\)\s*;)\s*$/ || $line =~ /^\+\s*"[^"]*"\s*(?:\s*|,|\)\s*;)\s*$/) && - $length > 80) + $length > $max_line_length) { WARN("LONG_LINE", - "line over 80 characters\n" . $herecurr); + "line over $max_line_length characters\n" . $herecurr); } # Check for user-visible strings broken across lines, which breaks the ability -- cgit v1.2.3-59-g8ed1b From 481eb486a88c9b068f0168ac4c21291802720933 Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Mon, 17 Dec 2012 16:01:56 -0800 Subject: checkpatch: extend line continuation test Preprocessor directives and asm statements should be allowed to have a line continuation. Signed-off-by: Joe Perches Tested-by: Jingoo Han Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/checkpatch.pl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 6fa167758f82..3e9fee60642c 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -3009,10 +3009,12 @@ sub process { } } -# check for line continuations outside of #defines +# check for line continuations outside of #defines, preprocessor #, and asm } else { if ($prevline !~ /^..*\\$/ && + $line !~ /^\+\s*\#.*\\$/ && # preprocessor + $line !~ /^\+.*\b(__asm__|asm)\b.*\\$/ && # asm $line =~ /^\+.*\\$/) { WARN("LINE_CONTINUATIONS", "Avoid unnecessary line continuations\n" . $herecurr); -- cgit v1.2.3-59-g8ed1b From 0979ae66464bd9793c6701861bccb21f9f118a52 Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Mon, 17 Dec 2012 16:01:59 -0800 Subject: checkpatch: Add --strict messages for blank lines around braces Blank lines around braces are not unnecessary. Emit a message on the use of these blank lines only when using --strict. int foo(int bar) { something or other.... } is generally written in the kernel as: int foo(int bar) { something or other... } Signed-off-by: Joe Perches Cc: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/checkpatch.pl | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'scripts') diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 3e9fee60642c..e0a674f471ee 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -3189,6 +3189,16 @@ sub process { } } +# check for unnecessary blank lines around braces + if (($line =~ /^..*}\s*$/ && $prevline =~ /^.\s*$/)) { + CHK("BRACES", + "Blank lines aren't necessary before a close brace '}'\n" . $hereprev); + } + if (($line =~ /^.\s*$/ && $prevline =~ /^..*{\s*$/)) { + CHK("BRACES", + "Blank lines aren't necessary after an open brace '{'\n" . $hereprev); + } + # no volatiles please my $asm_volatile = qr{\b(__asm__|asm)\s+(__volatile__|volatile)\b}; if ($line =~ /\bvolatile\b/ && $line !~ /$asm_volatile/) { -- cgit v1.2.3-59-g8ed1b From 88982fea52d0115d44b77619afef576f24cdb844 Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Mon, 17 Dec 2012 16:02:00 -0800 Subject: checkpatch: warn when declaring "struct spinlock foo;" spinlock_t should always be used. Signed-off-by: Joe Perches Acked-by: "Luis R. Rodriguez" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/checkpatch.pl | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'scripts') diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index e0a674f471ee..f27b0b53e3ea 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -3336,6 +3336,12 @@ sub process { "Avoid line continuations in quoted strings\n" . $herecurr); } +# check for struct spinlock declarations + if ($line =~ /^.\s*\bstruct\s+spinlock\s+\w+\s*;/) { + WARN("USE_SPINLOCK_T", + "struct spinlock should be spinlock_t\n" . $herecurr); + } + # Check for misused memsets if ($^V && $^V ge 5.10.0 && defined $stat && -- cgit v1.2.3-59-g8ed1b From d1e2ad07e78c4bbac9fce4d2e3c0fe60bce091d8 Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Mon, 17 Dec 2012 16:02:01 -0800 Subject: checkpatch: add --strict test for switch/default missing break switch default case is sometimes written as "default:;". This can cause new cases added below the default to be defective. Suggest adding a break; after empty default cases to avoid fallthrough defects. Fixed indentation in the other semicolon test above it. Suggested-by: Peter Senna Tschudin Signed-off-by: Joe Perches Cc: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/checkpatch.pl | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index f27b0b53e3ea..725c59611e97 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -3448,8 +3448,22 @@ sub process { # check for multiple semicolons if ($line =~ /;\s*;\s*$/) { - WARN("ONE_SEMICOLON", - "Statements terminations use 1 semicolon\n" . $herecurr); + WARN("ONE_SEMICOLON", + "Statements terminations use 1 semicolon\n" . $herecurr); + } + +# check for switch/default statements without a break; + if ($^V && $^V ge 5.10.0 && + defined $stat && + $stat =~ /^\+[$;\s]*(?:case[$;\s]+\w+[$;\s]*:[$;\s]*|)*[$;\s]*\bdefault[$;\s]*:[$;\s]*;/g) { + my $ctx = ''; + my $herectx = $here . "\n"; + my $cnt = statement_rawlines($stat); + for (my $n = 0; $n < $cnt; $n++) { + $herectx .= raw_line($linenr, $n) . "\n"; + } + WARN("DEFAULT_NO_BREAK", + "switch default: should use break\n" . $herectx); } # check for gcc specific __FUNCTION__ -- cgit v1.2.3-59-g8ed1b From 6b7eaf6e1428be33f731287de963862e3846cd42 Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Mon, 17 Dec 2012 16:02:02 -0800 Subject: checkpatch: find hex constants as a single IDENT Hexadecimal values are current found in 2 parts. A hex constant like 0x123456abcdef is found as 0 and then x123456abcdef and later coalesced. Instead, reverse the order of the 2 searches in $Constant to find 0x first, then 0 so that the entire hex constant is found all at once. Signed-off-by: Joe Perches Cc: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/checkpatch.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 725c59611e97..8cb9bfc7c14f 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -230,7 +230,7 @@ our $Inline = qr{inline|__always_inline|noinline}; our $Member = qr{->$Ident|\.$Ident|\[[^]]*\]}; our $Lval = qr{$Ident(?:$Member)*}; -our $Constant = qr{(?i:(?:[0-9]+|0x[0-9a-f]+)[ul]*)}; +our $Constant = qr{(?i:(?:0x[0-9a-f]+|[0-9]+)[ul]*)}; our $Assignment = qr{(?:\*\=|/=|%=|\+=|-=|<<=|>>=|&=|\^=|\|=|=)}; our $Compare = qr{<=|>=|==|!=|<|>}; our $Operators = qr{ -- cgit v1.2.3-59-g8ed1b From 74349bccedb3e34b4f1fd9c7efd2dda7905e3335 Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Mon, 17 Dec 2012 16:02:05 -0800 Subject: checkpatch: add support for floating point constants Even though the kernel doesn't support using floating point constants, add a regex for them. Support forms like: 0x123p1, 123e-1, 1.23, 1.5e23f Signed-off-by: Joe Perches Cc: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/checkpatch.pl | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 8cb9bfc7c14f..9de3a69260e1 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -230,7 +230,11 @@ our $Inline = qr{inline|__always_inline|noinline}; our $Member = qr{->$Ident|\.$Ident|\[[^]]*\]}; our $Lval = qr{$Ident(?:$Member)*}; -our $Constant = qr{(?i:(?:0x[0-9a-f]+|[0-9]+)[ul]*)}; +our $Float_hex = qr{(?i:0x[0-9a-f]+p-?[0-9]+[fl]?)}; +our $Float_dec = qr{(?i:((?:[0-9]+\.[0-9]*|[0-9]*\.[0-9]+)(?:e-?[0-9]+)?[fl]?))}; +our $Float_int = qr{(?i:[0-9]+e-?[0-9]+[fl]?)}; +our $Float = qr{$Float_hex|$Float_dec|$Float_int}; +our $Constant = qr{(?:$Float|(?i:(?:0x[0-9a-f]+|[0-9]+)[ul]*))}; our $Assignment = qr{(?:\*\=|/=|%=|\+=|-=|<<=|>>=|&=|\^=|\|=|=)}; our $Compare = qr{<=|>=|==|!=|<|>}; our $Operators = qr{ -- cgit v1.2.3-59-g8ed1b From 323c1260ba2c4b5c4b2a1e9ab6657cde54ccf554 Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Mon, 17 Dec 2012 16:02:07 -0800 Subject: checkpatch: warn on CamelCase variable names Store the camelcase variables in a hash and only emit a warning on the first use of each new variable. Signed-off-by: Joe Perches Cc: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/checkpatch.pl | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'scripts') diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 9de3a69260e1..1d6e4c541370 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -1398,6 +1398,8 @@ sub process { my %suppress_export; my $suppress_statement = 0; + my %camelcase = (); + # Pre-scan the patch sanitizing the lines. # Pre-scan the patch looking for any __setup documentation. # @@ -2905,12 +2907,17 @@ sub process { } } -#studly caps, commented out until figure out how to distinguish between use of existing and adding new -# if (($line=~/[\w_][a-z\d]+[A-Z]/) and !($line=~/print/)) { -# print "No studly caps, use _\n"; -# print "$herecurr"; -# $clean = 0; -# } +#CamelCase + while ($line =~ m{($Constant|$Lval)}g) { + my $var = $1; + if ($var !~ /$Constant/ && + $var =~ /[A-Z]\w*[a-z]|[a-z]\w*[A-Z]/ && + !defined $camelcase{$var}) { + $camelcase{$var} = 1; + WARN("CAMELCASE", + "Avoid CamelCase: <$var>\n" . $herecurr); + } + } #no spaces allowed after \ in define if ($line=~/\#\s*define.*\\\s$/) { -- cgit v1.2.3-59-g8ed1b From af56e3f017bae54b9c3b5f7877d5eff990a2eed9 Mon Sep 17 00:00:00 2001 From: Cyril Roelandt Date: Tue, 18 Dec 2012 14:21:28 -0800 Subject: Coccinelle: add api/d_find_alias.cocci Ensure that calls to d_find_alias() have a corresponding dput(). Signed-off-by: Cyril Roelandt Cc: Julia Lawall Cc: Gilles Muller Cc: Nicolas Palix Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/coccinelle/api/d_find_alias.cocci | 80 +++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 scripts/coccinelle/api/d_find_alias.cocci (limited to 'scripts') diff --git a/scripts/coccinelle/api/d_find_alias.cocci b/scripts/coccinelle/api/d_find_alias.cocci new file mode 100644 index 000000000000..a9694a8d3e5a --- /dev/null +++ b/scripts/coccinelle/api/d_find_alias.cocci @@ -0,0 +1,80 @@ +/// Make sure calls to d_find_alias() have a corresponding call to dput(). +// +// Keywords: d_find_alias, dput +// +// Confidence: Moderate +// URL: http://coccinelle.lip6.fr/ +// Options: -include_headers + +virtual context +virtual org +virtual patch +virtual report + +@r exists@ +local idexpression struct dentry *dent; +expression E, E1; +statement S1, S2; +position p1, p2; +@@ +( + if (!(dent@p1 = d_find_alias(...))) S1 +| + dent@p1 = d_find_alias(...) +) + +<...when != dput(dent) + when != if (...) { <+... dput(dent) ...+> } + when != true !dent || ... + when != dent = E + when != E = dent +if (!dent || ...) S2 +...> +( + return <+...dent...+>; +| + return @p2 ...; +| + dent@p2 = E1; +| + E1 = dent; +) + +@depends on context@ +local idexpression struct dentry *r.dent; +position r.p1,r.p2; +@@ +* dent@p1 = ... + ... +( +* return@p2 ...; +| +* dent@p2 +) + + +@script:python depends on org@ +p1 << r.p1; +p2 << r.p2; +@@ +cocci.print_main("Missing call to dput()",p1) +cocci.print_secs("",p2) + +@depends on patch@ +local idexpression struct dentry *r.dent; +position r.p2; +@@ +( ++ dput(dent); + return @p2 ...; +| ++ dput(dent); + dent@p2 = ...; +) + +@script:python depends on report@ +p1 << r.p1; +p2 << r.p2; +@@ +msg = "Missing call to dput() at line %s." +coccilib.report.print_report(p1[0], msg % (p2[0].line)) -- cgit v1.2.3-59-g8ed1b From 495e9d84607cda966ba6d223d5eb9df0070cd21a Mon Sep 17 00:00:00 2001 From: Joe Perches Date: Thu, 20 Dec 2012 15:05:37 -0800 Subject: checkpatch: warn on uapi #includes that #include Acked-by: David Howells Acked-by: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/checkpatch.pl | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 1d6e4c541370..4d2c7dfdaabd 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -2226,8 +2226,11 @@ sub process { my $path = $1; if ($path =~ m{//}) { ERROR("MALFORMED_INCLUDE", - "malformed #include filename\n" . - $herecurr); + "malformed #include filename\n" . $herecurr); + } + if ($path =~ "^uapi/" && $realfile =~ m@\binclude/uapi/@) { + ERROR("UAPI_INCLUDE", + "No #include in ...include/uapi/... should use a uapi/ path prefix\n" . $herecurr); } } -- cgit v1.2.3-59-g8ed1b From 77bdcfe5484fef0da899ec8e74b08dd21b031f66 Mon Sep 17 00:00:00 2001 From: Wang YanQing Date: Mon, 17 Dec 2012 22:37:51 +0800 Subject: kconfig:lxdialog: remove duplicate code dialog.h has two line the same below: extern char dialog_input_result[]; This patch remove one of them. Signed-off-by: Wang YanQing Reviewed-by: "Yann E. MORIN" Tested-by: "Yann E. MORIN" Signed-off-by: "Yann E. MORIN" --- scripts/kconfig/lxdialog/dialog.h | 1 - 1 file changed, 1 deletion(-) (limited to 'scripts') diff --git a/scripts/kconfig/lxdialog/dialog.h b/scripts/kconfig/lxdialog/dialog.h index ee17a5264d5b..307022a8beef 100644 --- a/scripts/kconfig/lxdialog/dialog.h +++ b/scripts/kconfig/lxdialog/dialog.h @@ -221,7 +221,6 @@ int dialog_menu(const char *title, const char *prompt, const void *selected, int *s_scroll); int dialog_checklist(const char *title, const char *prompt, int height, int width, int list_height); -extern char dialog_input_result[]; int dialog_inputbox(const char *title, const char *prompt, int height, int width, const char *init); -- cgit v1.2.3-59-g8ed1b