udc
10 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
840671ca47 |
Merge remote-tracking branch 'common/android-4.4-p' into android-msm-wahoo-4.4
# By Sergey Shtylyov (9) and others # Via Greg Kroah-Hartman * common/android-4.4-p: Linux 4.4.288 libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. usb: testusb: Fix for showing the connection speed scsi: sd: Free scsi_disk device via put_device() ext2: fix sleeping in atomic bugs on error sparc64: fix pci_iounmap() when CONFIG_PCI is not set xen-netback: correct success/error reporting for the SKB-with-fraglist case af_unix: fix races in sk_peer_pid and sk_peer_cred accesses Linux 4.4.287 Revert "arm64: Mark __stack_chk_guard as __ro_after_init" Linux 4.4.286 cred: allow get_cred() and put_cred() to be given NULL. HID: usbhid: free raw_report buffers in usbhid_stop netfilter: ipset: Fix oversized kvmalloc() calls HID: betop: fix slab-out-of-bounds Write in betop_probe arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55 EDAC/synopsys: Fix wrong value type assignment for edac_mode ext4: fix potential infinite loop in ext4_dx_readdir() ipack: ipoctal: fix module reference leak ipack: ipoctal: fix missing allocation-failure check ipack: ipoctal: fix tty-registration error handling ipack: ipoctal: fix tty registration race ipack: ipoctal: fix stack information leak e100: fix buffer overrun in e100_get_regs e100: fix length calculation in e100_get_regs_len ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 mac80211: fix use-after-free in CCMP/GCMP RX tty: Fix out-of-bound vmalloc access in imageblit qnx4: work around gcc false positive warning bug spi: Fix tegra20 build with CONFIG_PM=n net: 6pack: Fix tx timeout and slot time alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile arm64: Mark __stack_chk_guard as __ro_after_init parisc: Use absolute_pointer() to define PAGE0 qnx4: avoid stringop-overread errors sparc: avoid stringop-overread errors net: i825xx: Use absolute_pointer for memcpy from fixed memory location compiler.h: Introduce absolute_pointer macro m68k: Double cast io functions to unsigned long blktrace: Fix uaf in blk_trace access after removing by sysfs scsi: iscsi: Adjust iface sysfs attr detection net/mlx4_en: Don't allow aRFS for encapsulated packets net: hso: fix muxed tty registration USB: serial: option: add device id for Foxconn T99W265 USB: serial: option: remove duplicate USB device ID USB: serial: option: add Telit LN920 compositions USB: serial: mos7840: remove duplicated 0xac24 device ID USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter xen/x86: fix PV trap handling on secondary processors cifs: fix incorrect check for null pointer in header_assemble usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() usb: gadget: r8a66597: fix a loop in set_feature() Linux 4.4.285 sctp: validate from_addr_param return drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group nilfs2: fix NULL pointer in nilfs_##name##_attr_release nilfs2: fix memory leak in nilfs_sysfs_create_device_group ceph: lockdep annotations for try_nonblocking_invalidate dmaengine: ioat: depends on !UML parisc: Move pci_dev_is_behind_card_dino to where it is used dmaengine: acpi: Avoid comparison GSI with Linux vIRQ dmaengine: acpi-dma: check for 64-bit MMIO address profiling: fix shift-out-of-bounds bugs prctl: allow to setup brk for et_dyn executables 9p/trans_virtio: Remove sysfs file on probe failure thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() sctp: add param size validation for SCTP_PARAM_SET_PRIMARY sctp: validate chunk size in __rcv_asconf_lookup PM / wakeirq: Fix unbalanced IRQ enable for wakeirq s390/bpf: Fix optimizing out zero-extensions Linux 4.4.284 s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant net: renesas: sh_eth: Fix freeing wrong tx descriptor qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom ARC: export clear_user_page() for modules mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n ethtool: Fix an error code in cxgb2.c dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation x86/mm: Fix kern_addr_valid() to cope with existing but not present entries net/af_unix: fix a data-race in unix_dgram_poll tipc: increase timeout in tipc_sk_enqueue() r6040: Restore MDIO clock frequency after MAC reset net/l2tp: Fix reference count leak in l2tp_udp_recv_core dccp: don't duplicate ccid when cloning dccp sock ptp: dp83640: don't define PAGE0 net-caif: avoid user-triggerable WARN_ON(1) bnx2x: Fix enabling network interfaces without VFs platform/chrome: cros_ec_proto: Send command again when timeout occurs parisc: fix crash with signals and alloca net: fix NULL pointer reference in cipso_v4_doi_free ath9k: fix OOB read ar9300_eeprom_restore_internal parport: remove non-zero check on count Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" cifs: fix wrong release in sess_alloc_buffer() failed path mmc: rtsx_pci: Fix long reads when clock is prescaled gfs2: Don't call dlm after protocol is unmounted rpc: fix gss_svc_init cleanup on failure ARM: tegra: tamonten: Fix UART pad setting gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() Bluetooth: skip invalid hci_sync_conn_complete_evt serial: 8250_pci: make setup_port() parameters explicitly unsigned hvsi: don't panic on tty_register_driver failure xtensa: ISS: don't panic in rs_init serial: 8250: Define RX trigger levels for OxSemi 950 devices s390/jump_label: print real address in a case of a jump label bug ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() video: fbdev: riva: Error out if 'pixclock' equals zero video: fbdev: kyro: Error out if 'pixclock' equals zero video: fbdev: asiliantfb: Error out if 'pixclock' equals zero bpf/tests: Do not PASS tests without actually testing the result bpf/tests: Fix copy-and-paste error in double word test tty: serial: jsm: hold port lock when reporting modem line changes usb: gadget: u_ether: fix a potential null pointer dereference usb: host: fotg210: fix the actual_length of an iso packet Smack: Fix wrong semantics in smk_access_entry() netlink: Deal with ESRCH error in nlmsg_notify() video: fbdev: kyro: fix a DoS bug by restricting user input iio: dac: ad5624r: Fix incorrect handling of an optional regulator. PCI: Use pci_update_current_state() in pci_enable_device_flags() crypto: mxs-dcp - Use sg_mapping_iter to copy data pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() openrisc: don't printk() unconditionally PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported ARM: 9105/1: atags_to_fdt: don't warn about stack size libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs media: rc-loopback: return number of emitters rather than error media: uvc: don't do DMA on stack VMCI: fix NULL pointer dereference when unmapping queue pair power: supply: max17042: handle fails of reading status register xen: fix setting of max_pfn in shared_info PCI/MSI: Skip masking MSI-X on Xen PV rtc: tps65910: Correct driver module alias fbmem: don't allow too huge resolutions clk: kirkwood: Fix a clocking boot regression KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted tty: Fix data race between tiocsti() and flush_to_ldisc() ipv4: make exception cache less predictible bcma: Fix memory leak for internally-handled cores ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() usb: ehci-orion: Handle errors of clk_prepare_enable() in probe i2c: mt65xx: fix IRQ check CIFS: Fix a potencially linear read overflow mmc: moxart: Fix issue with uninitialized dma_slave_config mmc: dw_mmc: Fix issue with uninitialized dma_slave_config i2c: s3c2410: fix IRQ check i2c: iop3xx: fix deferred probing Bluetooth: add timeout sanity check to hci_inquiry usb: gadget: mv_u3d: request_irq() after initializing UDC usb: phy: tahvo: add IRQ check usb: host: ohci-tmio: add IRQ check Bluetooth: Move shutdown callback before flushing tx and rx queue usb: phy: twl6030: add IRQ checks usb: phy: fsl-usb: add IRQ check usb: gadget: udc: at91: add IRQ check drm/msm/dsi: Fix some reference counted resource leaks Bluetooth: fix repeated calls to sco_sock_kill arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7 Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow PCI: PM: Enable PME if it can be signaled from D3cold i2c: highlander: add IRQ check net: cipso: fix warnings in netlbl_cipsov4_add_std tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos Bluetooth: sco: prevent information leak in sco_conn_defer_accept() media: go7007: remove redundant initialization media: dvb-usb: fix uninit-value in vp702x_read_mac_addr media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init certs: Trigger creation of RSA module signing key if it's not an RSA key m68k: emu: Fix invalid free in nfeth_cleanup() udf_get_extendedattr() had no boundary checks. crypto: qat - fix reuse of completion variable crypto: qat - do not ignore errors from enable_vf2pf_comms() libata: fix ata_host_start() power: supply: max17042_battery: fix typo in MAx17042_TOFF crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() crypto: mxs-dcp - Check for DMA mapping errors PCI: Call Max Payload Size-related fixup quirks early x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions Revert "btrfs: compression: don't try to compress if we don't have enough pages" mm/page_alloc: speed up the iteration of max_order net: ll_temac: Remove left-over debug message powerpc/boot: Delete unneeded .globl _zimage_start powerpc/module64: Fix comment in R_PPC64_ENTRY handling mm/kmemleak.c: make cond_resched() rate-limiting more efficient s390/disassembler: correct disassembly lines alignment ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) tc358743: fix register i2c_rd/wr function fix PM / wakeirq: Enable dedicated wakeirq for suspend USB: serial: mos7720: improve OOM-handling in read_mos_reg() usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled igmp: Add ip_mc_list lock in ip_check_mc_rcu media: stkwebcam: fix memory leak in stk_camera_probe ath9k: Postpone key cache entry deletion for TXQ frames reference it ath: Modify ath_key_delete() to not need full key entry ath: Export ath_hw_keysetmac() ath9k: Clear key cache explicitly on disabling hardware ath: Use safer key clearing with key cache entries ALSA: pcm: fix divide error in snd_pcm_lib_ioctl ARM: 8918/2: only build return_address() if needed cryptoloop: add a deprecation warning qede: Fix memset corruption ARC: fix allnoconfig build warning xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG ext4: fix race writing to an inline_data file while its xattrs are changing Change-Id: I1ab34741b8a456049ad2d583e71958af0d5ad3cb |
||
|
Stefan Berger
|
fdd38b08ad |
certs: Trigger creation of RSA module signing key if it's not an RSA key
[ Upstream commit ea35e0d5df6c92fa2e124bb1b91d09b2240715ba ]
Address a kbuild issue where a developer created an ECDSA key for signing
kernel modules and then builds an older version of the kernel, when bi-
secting the kernel for example, that does not support ECDSA keys.
If openssl is installed, trigger the creation of an RSA module signing
key if it is not an RSA key.
Fixes:
|
||
|
Nathan Chancellor
|
c02c2e6d1f |
Merge 4.4.118 into android-msm-wahoo-4.4-oreo-mr1
Changes in 4.4.118: (193 commits)
net: add dst_cache support
net: replace dst_cache ip6_tunnel implementation with the generic one
cfg80211: check dev_set_name() return value
mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
xfrm: check id proto in validate_tmpl()
blktrace: fix unlocked registration of tracepoints
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
Provide a function to create a NUL-terminated string from unterminated data
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
selinux: skip bounded transition processing if the policy isn't loaded
crypto: x86/twofish-3way - Fix %rbp usage
KVM: x86: fix escape of guest dr6 to the host
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
netfilter: on sockopt() acquire sock lock only in the required scope
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
net: avoid skb_warn_bad_offload on IS_ERR
ASoC: ux500: add MODULE_LICENSE tag
video: fbdev/mmp: add MODULE_LICENSE
arm64: dts: add #cooling-cells to CPU nodes
Make DST_CACHE a silent config option
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
staging: android: ashmem: Fix a race condition in pin ioctls
binder: check for binder_thread allocation failure in binder_poll()
staging: iio: adc: ad7192: fix external frequency setting
usbip: keep usbip_device sockfd state in sync with tcp_socket
usb: build drivers/usb/common/ when USB_SUPPORT is set
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: dts: am4372: Correct the interrupts_properties of McASP
perf top: Fix window dimensions change handling
perf bench numa: Fixup discontiguous/sparse numa nodes
media: s5k6aa: describe some function parameters
pinctrl: sunxi: Fix A80 interrupt pin bank
RDMA/cma: Make sure that PSN is not over max allowed
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
ipvlan: Add the skb->mark as flow4's member to lookup route
powerpc/perf: Fix oops when grouping different pmu events
s390/dasd: prevent prefix I/O error
gianfar: fix a flooded alignment reports because of padding issue.
net_sched: red: Avoid devision by zero
net_sched: red: Avoid illegal values
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
509: fix printing uninitialized stack memory when OID is empty
dmaengine: ioat: Fix error handling path
dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
clk: fix a panic error caused by accessing NULL pointer
ASoC: rockchip: disable clock on error
spi: sun4i: disable clocks in the remove function
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
drm/armada: fix leak of crtc structure
dmaengine: jz4740: disable/unprepare clk if probe fails
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
xen: XEN_ACPI_PROCESSOR is Dom0-only
hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
virtio_balloon: prevent uninitialized variable use
isdn: icn: remove a #warning
vmxnet3: prevent building with 64K pages
gpio: intel-mid: Fix build warning when !CONFIG_PM
platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
video: fbdev: via: remove possibly unused variables
scsi: advansys: fix build warning for PCI=n
x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
arm64: define BUG() instruction without CONFIG_BUG
x86/fpu/math-emu: Fix possible uninitialized variable use
tools build: Add tools tree support for 'make -s'
x86/build: Silence the build with "make -s"
thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
x86: add MULTIUSER dependency for KVM
x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
scsi: advansys: fix uninitialized data access
arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
ALSA: hda/ca0132 - fix possible NULL pointer use
reiserfs: avoid a -Wmaybe-uninitialized warning
ssb: mark ssb_bus_register as __maybe_unused
thermal: spear: use __maybe_unused for PM functions
x86/boot: Avoid warning for zero-filling .bss
scsi: sim710: fix build warning
drivers/net: fix eisa_driver probe section mismatch
dpt_i2o: fix build warning
profile: hide unused functions when !CONFIG_PROC_FS
md: avoid warning for 32-bit sector_t
mtd: ichxrom: maybe-uninitialized with gcc-4.9
mtd: maps: add __init attribute
mptfusion: hide unused seq_mpt_print_ioc_summary function
scsi: fdomain: drop fdomain_pci_tbl when built-in
video: fbdev: sis: remove unused variable
staging: ste_rmi4: avoid unused function warnings
fbdev: sis: enforce selection of at least one backend
video: Use bool instead int pointer for get_opt_bool() argument
scsi: mvumi: use __maybe_unused to hide pm functions
SCSI: initio: remove duplicate module device table
pwc: hide unused label
usb: musb/ux500: remove duplicate check for dma_is_compatible
tty: hvc_xen: hide xen_console_remove when unused
target/user: Fix cast from pointer to phys_addr_t
driver-core: use 'dev' argument in dev_dbg_ratelimited stub
fbdev: auo_k190x: avoid unused function warnings
amd-xgbe: Fix unused suspend handlers build warning
mtd: sh_flctl: pass FIFO as physical address
mtd: cfi: enforce valid geometry configuration
fbdev: s6e8ax0: avoid unused function warnings
modsign: hide openssl output in silent builds
Drivers: hv: vmbus: fix build warning
fbdev: sm712fb: avoid unused function warnings
hwrng: exynos - use __maybe_unused to hide pm functions
USB: cdc_subset: only build when one driver is enabled
rtlwifi: fix gcc-6 indentation warning
staging: wilc1000: fix kbuild test robot error
x86/platform/olpc: Fix resume handler build warning
netfilter: ipvs: avoid unused variable warnings
ipv4: ipconfig: avoid unused ic_proto_used symbol
tc1100-wmi: fix build warning when CONFIG_PM not enabled
tlan: avoid unused label with PCI=n
drm/vmwgfx: use *_32_bits() macros
tty: cyclades: cyz_interrupt is only used for PCI
genirq/msi: Add stubs for get_cached_msi_msg/pci_write_msi_msg
ASoC: mediatek: add i2c dependency
iio: adc: axp288: remove redundant duplicate const on axp288_adc_channels
infiniband: cxgb4: use %pR format string for printing resources
b2c2: flexcop: avoid unused function warnings
i2c: remove __init from i2c_register_board_info()
staging: unisys: visorinput depends on INPUT
tc358743: fix register i2c_rd/wr functions
drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
KVM: add X86_LOCAL_APIC dependency
go7007: add MEDIA_CAMERA_SUPPORT dependency
em28xx: only use mt9v011 if camera support is enabled
ISDN: eicon: reduce stack size of sig_ind function
ASoC: rockchip: use __maybe_unused to hide st_irq_syscfg_resume
serial: 8250_mid: fix broken DMA dependency
drm/gma500: Sanity-check pipe index
hdpvr: hide unused variable
v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER
cw1200: fix bogus maybe-uninitialized warning
wireless: cw1200: use __maybe_unused to hide pm functions_
perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
dmaengine: zx: fix build warning
net: hp100: remove unnecessary #ifdefs
gpio: xgene: mark PM functions as __maybe_unused
ncpfs: fix unused variable warning
Revert "power: bq27xxx_battery: Remove unneeded dependency in Kconfig"
power: bq27xxx_battery: mark some symbols __maybe_unused
isdn: sc: work around type mismatch warning
binfmt_elf: compat: avoid unused function warning
idle: i7300: add PCI dependency
usb: phy: msm add regulator dependency
ncr5380: shut up gcc indentation warning
ARM: tegra: select USB_ULPI from EHCI rather than platform
ASoC: Intel: Kconfig: fix build when ACPI is not enabled
netlink: fix nla_put_{u8,u16,u32} for KASAN
dell-wmi, dell-laptop: depends DMI
genksyms: Fix segfault with invalid declarations
x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug
drm/gma500: remove helper function
kasan: rework Kconfig settings
KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously
x86/retpoline: Remove the esp/rsp thunk
KVM: x86: Make indirect calls in emulator speculation safe
KVM: VMX: Make indirect call speculation safe
module/retpoline: Warn about missing retpoline in module
x86/nospec: Fix header guards names
x86/bugs: Drop one "mitigation" from dmesg
x86/cpu/bugs: Make retpoline module warning conditional
x86/spectre: Check CONFIG_RETPOLINE in command line parser
Documentation: Document array_index_nospec
array_index_nospec: Sanitize speculative array de-references
x86: Implement array_index_mask_nospec
x86: Introduce barrier_nospec
x86/get_user: Use pointer masking to limit speculation
x86/syscall: Sanitize syscall table de-references under speculation
vfs, fdtable: Prevent bounds-check bypass via speculative execution
nl80211: Sanitize array index in parse_txq_params
x86/spectre: Report get_user mitigation for spectre_v1
x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
x86/paravirt: Remove 'noreplace-paravirt' cmdline option
x86/kvm: Update spectre-v1 mitigation
x86/retpoline: Avoid retpolines for built-in __init functions
x86/spectre: Simplify spectre_v2 command line parsing
x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
KVM: nVMX: kmap() can't fail
KVM: nVMX: vmx_complete_nested_posted_interrupt() can't fail
kvm: nVMX: Fix kernel panics induced by illegal INVEPT/INVVPID types
KVM: VMX: clean up declaration of VPID/EPT invalidation types
KVM: nVMX: invvpid handling improvements
crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
net: dst_cache_per_cpu_dst_set() can be static
Linux 4.4.118
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
net/Kconfig
net/core/Makefile
|
||
|
Arnd Bergmann
|
9adeb5b0b5 |
modsign: hide openssl output in silent builds
commit 5d06ee20b662a78417245714fc576cba90e6374f upstream. When a user calls 'make -s', we can assume they don't want to see any output except for warnings and errors, but instead they see this for a warning free build: ### ### Now generating an X.509 key pair to be used for signing modules. ### ### If this takes a long time, you might wish to run rngd in the ### background to keep the supply of entropy topped up. It ### needs to be run as root, and uses a hardware random ### number generator if one is available. ### Generating a 4096 bit RSA private key .................................................................................................................................................................................................................................++ ..............................................................................................................................++ writing new private key to 'certs/signing_key.pem' ----- ### ### Key pair generated. ### The output can confuse simple build testing scripts that just check for an empty build log. This patch silences all the output: - "echo" is changed to "@$(kecho)", which is dropped when "-s" gets passed - the openssl command itself is only printed with V=1, using the $(Q) macro - The output of openssl gets redirected to /dev/null on "-s" builds. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Arnd Geis
|
eb9d9c108b |
certs: add public key for mnh firmware signing
Bug: 36782736 Change-Id: I7fa24b0a8bb63e965c373e43082b5b8cd7b2d8e8 Signed-off-by: Arnd Geis <arndg@google.com> |
||
|
Jeevan Shriram
|
d1bb84d765 |
certs: dm-verity: add keyring certification for verity
Enable SYSTEM_TRUSTED_KEYS and add certification for x509 signing for system. CRs-Fixed: 1116507 Change-Id: I01298d75da0ff9faee2d01118107d53e9a2aef8a Signed-off-by: Jeevan Shriram <jshriram@codeaurora.org> |
||
|
Paul Gortmaker
|
48dbc164b4 |
certs: add .gitignore to stop git nagging about x509_certificate_list
Currently we see this in "git status" if we build in the source dir:
Untracked files:
(use "git add <file>..." to include in what will be committed)
certs/x509_certificate_list
It looks like it used to live in kernel/ so we squash that .gitignore
entry at the same time. I didn't bother to dig through git history to
see when it moved, since it is just a minor annoyance at most.
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: keyrings@linux-nfs.org
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: David Howells <dhowells@redhat.com>
|
||
|
David Woodhouse
|
3ee550f12c |
modsign: Handle signing key in source tree
Since commit
|
||
|
David Woodhouse
|
62172c81f2 |
modsign: Use if_changed rule for extracting cert from module signing key
We couldn't use if_changed for this before, because it didn't live in the kernel/ directory so we couldn't add it to $(targets). It was easier just to leave it as it was. Now it's in the certs/ directory we can use if_changed, the same as we do for the trusted certificate list. Aside from making things consistent, this means we don't need to depend explicitly on the include/config/module/sig/key.h file. And we also get to automatically do the right thing and re-extract the cert if the user does odd things like using a relative filename and then playing silly buggers with adding/removing that file in both the source and object trees. We always favour the one in the object tree if it exists, and now we'll correctly re-extract the cert when it changes. Previously we'd *only* re-extract the cert if the config option changed, even if the actual file we're using did change. Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: David Howells <dhowells@redhat.com> |
||
|
David Howells
|
cfc411e7ff |
Move certificate handling to its own directory
Move certificate handling out of the kernel/ directory and into a certs/ directory to get all the weird stuff in one place and move the generated signing keys into this directory. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: David Woodhouse <David.Woodhouse@intel.com> |