| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Aug 2021 12:18:22 +0900
From: Masahiro Yamada <masahiroy@...nel.org>
To: Kees Cook <keescook@...omium.org>
Cc: Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
Sami Tolvanen <samitolvanen@...gle.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Michal Marek <michal.lkml@...kovi.net>,
Nick Desaulniers <ndesaulniers@...gle.com>
Subject: Re: [PATCH 03/13] kbuild: detect objtool changes correctly and remove .SECONDEXPANSION
On Thu, Aug 19, 2021 at 11:55 AM Kees Cook <keescook@...omium.org> wrote:
>
> On Thu, Aug 19, 2021 at 09:57:34AM +0900, Masahiro Yamada wrote:
> > This reverts commit 8852c5524029 ("kbuild: Fix objtool dependency for
> > 'OBJECT_FILES_NON_STANDARD_<obj> := n'"), and fix the dependency in a
> > cleaner way.
> >
> > Using .SECONDEXPANSION is expensive since Makefile.build is parsed
> > twice every time, and the escaping dollars makes the code unreadable.
> >
> > Adding include/config/* as dependency is not maintainable either because
> > objtool_args is dependent on more CONFIG options.
> >
> > A better fix is to include the objtool command in *.cmd files so any
> > command change is naturally detected by if_change.
> >
> > Signed-off-by: Masahiro Yamada <masahiroy@...nel.org>
> > ---
> >
> > scripts/Makefile.build | 28 ++++++++++------------------
> > 1 file changed, 10 insertions(+), 18 deletions(-)
> >
> > diff --git a/scripts/Makefile.build b/scripts/Makefile.build
> > index 31154e44c251..3e4cd1439cd4 100644
> > --- a/scripts/Makefile.build
> > +++ b/scripts/Makefile.build
> > @@ -155,7 +155,7 @@ $(obj)/%.ll: $(src)/%.c FORCE
> > # (See cmd_cc_o_c + relevant part of rule_cc_o_c)
> >
> > quiet_cmd_cc_o_c = CC $(quiet_modtag) $@
> > - cmd_cc_o_c = $(CC) $(c_flags) -c -o $@ $<
> > + cmd_cc_o_c = $(CC) $(c_flags) -c -o $@ $< $(cmd_objtool)
> >
> > ifdef CONFIG_MODVERSIONS
> > # When module versioning is enabled the following steps are executed:
> > @@ -223,6 +223,8 @@ endif # CONFIG_FTRACE_MCOUNT_USE_RECORDMCOUNT
> >
> > ifdef CONFIG_STACK_VALIDATION
> >
> > +objtool := $(objtree)/tools/objtool/objtool
> > +
> > # Objtool arguments are also needed for modfinal with LTO, so we define
> > # then here to avoid duplication.
> > objtool_args = \
> > @@ -237,26 +239,19 @@ objtool_args = \
> >
> > ifndef CONFIG_LTO_CLANG
> >
> > -__objtool_obj := $(objtree)/tools/objtool/objtool
> > -
> > # 'OBJECT_FILES_NON_STANDARD := y': skip objtool checking for a directory
> > # 'OBJECT_FILES_NON_STANDARD_foo.o := 'y': skip objtool checking for a file
> > # 'OBJECT_FILES_NON_STANDARD_foo.o := 'n': override directory skip for a file
> > cmd_objtool = $(if $(patsubst y%,, \
> > $(OBJECT_FILES_NON_STANDARD_$(basetarget).o)$(OBJECT_FILES_NON_STANDARD)n), \
> > - $(__objtool_obj) $(objtool_args) $@)
> > -objtool_obj = $(if $(patsubst y%,, \
> > - $(OBJECT_FILES_NON_STANDARD_$(basetarget).o)$(OBJECT_FILES_NON_STANDARD)n), \
> > - $(__objtool_obj))
> > + ; $(objtool) $(objtool_args) $@)
>
> This is extremely clever -- pasting commands together. :)
>
> Does this correctly propagate failures in the first half of the command?
Yes.
Any failure bails out immediately because the -e option is set.
See
cmd = @set -e; $(echo-cmd) $(cmd_$(1))
in scripts/Kbuild.include
>
> For example, now we'd have:
> gcc flags..... -c -o out in ; objtool...
>
> But I think objtool will run even on gcc failure, and "make" won't see
> the failure from gcc? I need to go test this.
>
> -Kees
>
> > +
> > +# Rebuild all objects when objtool is updated
> > +objtool_dep = $(objtool)
> >
> > endif # CONFIG_LTO_CLANG
> > endif # CONFIG_STACK_VALIDATION
> >
> > -# Rebuild all objects when objtool changes, or is enabled/disabled.
> > -objtool_dep = $(objtool_obj) \
> > - $(wildcard include/config/ORC_UNWINDER \
> > - include/config/STACK_VALIDATION)
> > -
> > ifdef CONFIG_TRIM_UNUSED_KSYMS
> > cmd_gen_ksymdeps = \
> > $(CONFIG_SHELL) $(srctree)/scripts/gen_ksymdeps.sh $@ >> $(dot-target).cmd
> > @@ -270,7 +265,6 @@ define rule_cc_o_c
> > $(call cmd,gen_ksymdeps)
> > $(call cmd,checksrc)
> > $(call cmd,checkdoc)
> > - $(call cmd,objtool)
> > $(call cmd,modversions_c)
> > $(call cmd,record_mcount)
> > endef
> > @@ -278,13 +272,11 @@ endef
> > define rule_as_o_S
> > $(call cmd_and_fixdep,as_o_S)
> > $(call cmd,gen_ksymdeps)
> > - $(call cmd,objtool)
> > $(call cmd,modversions_S)
> > endef
> >
> > # Built-in and composite module parts
> > -.SECONDEXPANSION:
> > -$(obj)/%.o: $(src)/%.c $(recordmcount_source) $$(objtool_dep) FORCE
> > +$(obj)/%.o: $(src)/%.c $(recordmcount_source) $(objtool_dep) FORCE
> > $(call if_changed_rule,cc_o_c)
> > $(call cmd,force_checksrc)
> >
> > @@ -367,7 +359,7 @@ $(obj)/%.s: $(src)/%.S FORCE
> > $(call if_changed_dep,cpp_s_S)
> >
> > quiet_cmd_as_o_S = AS $(quiet_modtag) $@
> > - cmd_as_o_S = $(CC) $(a_flags) -c -o $@ $<
> > + cmd_as_o_S = $(CC) $(a_flags) -c -o $@ $< $(cmd_objtool)
> >
> > ifdef CONFIG_ASM_MODVERSIONS
> >
> > @@ -386,7 +378,7 @@ cmd_modversions_S = \
> > fi
> > endif
> >
> > -$(obj)/%.o: $(src)/%.S $$(objtool_dep) FORCE
> > +$(obj)/%.o: $(src)/%.S $(objtool_dep) FORCE
> > $(call if_changed_rule,as_o_S)
> >
> > targets += $(filter-out $(subdir-builtin), $(real-obj-y))
> > --
> > 2.30.2
> >
>
> --
> Kees Cook
--
Best Regards
Masahiro Yamada
Powered by blists - more mailing lists