From 1b8667812b3a1304f3db736ac4905d6ad77d721e Mon Sep 17 00:00:00 2001 From: Nathan Chancellor Date: Fri, 17 Jun 2022 11:08:46 -0700 Subject: x86/Kconfig: Fix CONFIG_CC_HAS_SANE_STACKPROTECTOR when cross compiling with clang Chimera Linux notes that CONFIG_CC_HAS_SANE_STACKPROTECTOR cannot be enabled when cross compiling an x86_64 kernel with clang, even though it does work when natively compiling. When building on aarch64: $ make -sj"$(nproc)" ARCH=x86_64 LLVM=1 defconfig $ grep STACKPROTECTOR .config When building on x86_64: $ make -sj"$(nproc)" ARCH=x86_64 LLVM=1 defconfig $ grep STACKPROTECTOR .config CONFIG_CC_HAS_SANE_STACKPROTECTOR=y CONFIG_HAVE_STACKPROTECTOR=y CONFIG_STACKPROTECTOR=y CONFIG_STACKPROTECTOR_STRONG=y When clang is invoked without a '--target' flag, code is generated for the default target, which is usually the host (it is configurable via cmake). As a result, the has-stack-protector scripts will generate code for the default target but check for x86 specific segment registers, which cannot succeed if the default target is not x86. $(CLANG_FLAGS) contains an explicit '--target' flag so pass that variable along to the has-stack-protector scripts so that the stack protector can be enabled when cross compiling with clang. The 32-bit stack protector cannot currently be enabled with clang, as it does not support '-mstack-protector-guard-symbol', so this results in no functional change for ARCH=i386 when cross compiling. Signed-off-by: Nathan Chancellor Signed-off-by: Dave Hansen Signed-off-by: Borislav Petkov Link: https://github.com/chimera-linux/cports/commit/0fb7e506d5f83fdf2104feb22cdac34934561226 Link: https://github.com/llvm/llvm-project/issues/48553 Link: https://lkml.kernel.org/r/20220617180845.2788442-1-nathan@kernel.org --- arch/x86/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'arch/x86') diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index be0b95e51df6..076adde7ead9 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -391,8 +391,8 @@ config PGTABLE_LEVELS config CC_HAS_SANE_STACKPROTECTOR bool - default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC)) if 64BIT - default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC)) + default $(success,$(srctree)/scripts/gcc-x86_64-has-stack-protector.sh $(CC) $(CLANG_FLAGS)) if 64BIT + default $(success,$(srctree)/scripts/gcc-x86_32-has-stack-protector.sh $(CC) $(CLANG_FLAGS)) help We have to make sure stack protector is unconditionally disabled if the compiler produces broken code or if it does not let us control -- cgit v1.2.3 From 8b979924b9f9e945a095a2f622b39b9fd9f65acb Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Mon, 11 Jul 2022 13:12:47 +0900 Subject: x86/build: Remove unused OBJECT_FILES_NON_STANDARD_test_nx.o Commit 3ad38ceb2769 ("x86/mm: Remove CONFIG_DEBUG_NX_TEST") removed arch/x86/kernel/test_nx.c Signed-off-by: Masahiro Yamada Signed-off-by: Borislav Petkov Link: https://lore.kernel.org/r/20220711041247.119357-1-masahiroy@kernel.org --- arch/x86/kernel/Makefile | 2 -- 1 file changed, 2 deletions(-) (limited to 'arch/x86') diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 4c8b6ae802ac..a20a5ebfacd7 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -34,8 +34,6 @@ KASAN_SANITIZE_sev.o := n # by several compilation units. To be safe, disable all instrumentation. KCSAN_SANITIZE := n -OBJECT_FILES_NON_STANDARD_test_nx.o := y - # If instrumentation of this dir is enabled, boot hangs during first second. # Probably could be more selective here, but note that files related to irqs, # boot, dumpstack/stacktrace, etc are either non-interesting or can lead to -- cgit v1.2.3 From 61922d3fa686733e08387a8a4e11b02b4af6d43c Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Mon, 25 Jul 2022 11:08:11 +0900 Subject: x86/purgatory: Hard-code obj-y in Makefile arch/x86/Kbuild guards the entire purgatory/ directory, and CONFIG_KEXEC_FILE is bool type. $(CONFIG_KEXEC_FILE) is always 'y' when this directory is being built. Signed-off-by: Masahiro Yamada Signed-off-by: Borislav Petkov Link: https://lore.kernel.org/r/20220725020812.622255-1-masahiroy@kernel.org --- arch/x86/purgatory/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'arch/x86') diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile index ae53d54d7959..248b009c4061 100644 --- a/arch/x86/purgatory/Makefile +++ b/arch/x86/purgatory/Makefile @@ -81,4 +81,4 @@ quiet_cmd_bin2c = BIN2C $@ $(obj)/kexec-purgatory.c: $(obj)/purgatory.ro $(obj)/purgatory.chk FORCE $(call if_changed,bin2c) -obj-$(CONFIG_KEXEC_FILE) += kexec-purgatory.o +obj-y += kexec-purgatory.o -- cgit v1.2.3 From 2d17bd24b0169d3fdbf003dfd55af600e9a30553 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Mon, 25 Jul 2022 11:08:12 +0900 Subject: x86/purgatory: Omit use of bin2c The .incbin assembler directive is much faster than bin2c + $(CC). Do similar refactoring as in 4c0f032d4963 ("s390/purgatory: Omit use of bin2c"). Please note the .quad directive matches to size_t in C (both 8 byte) because the purgatory is compiled only for the 64-bit kernel. (KEXEC_FILE depends on X86_64). Signed-off-by: Masahiro Yamada Signed-off-by: Borislav Petkov Link: https://lore.kernel.org/r/20220725020812.622255-2-masahiroy@kernel.org --- arch/x86/.gitignore | 2 -- arch/x86/Kconfig | 1 - arch/x86/purgatory/Makefile | 8 +------- arch/x86/purgatory/kexec-purgatory.S | 14 ++++++++++++++ scripts/remove-stale-files | 2 ++ 5 files changed, 17 insertions(+), 10 deletions(-) create mode 100644 arch/x86/purgatory/kexec-purgatory.S (limited to 'arch/x86') diff --git a/arch/x86/.gitignore b/arch/x86/.gitignore index 677111acbaa3..f2e1d6c347fb 100644 --- a/arch/x86/.gitignore +++ b/arch/x86/.gitignore @@ -3,6 +3,4 @@ boot/compressed/vmlinux tools/test_get_len tools/insn_sanity tools/insn_decoder_test -purgatory/kexec-purgatory.c purgatory/purgatory.ro - diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 076adde7ead9..901cb59d3a90 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -2032,7 +2032,6 @@ config KEXEC config KEXEC_FILE bool "kexec file based system call" select KEXEC_CORE - select BUILD_BIN2C depends on X86_64 depends on CRYPTO=y depends on CRYPTO_SHA256=y diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile index 248b009c4061..31c634a22818 100644 --- a/arch/x86/purgatory/Makefile +++ b/arch/x86/purgatory/Makefile @@ -73,12 +73,6 @@ $(obj)/purgatory.ro: $(PURGATORY_OBJS) FORCE $(obj)/purgatory.chk: $(obj)/purgatory.ro FORCE $(call if_changed,ld) -targets += kexec-purgatory.c - -quiet_cmd_bin2c = BIN2C $@ - cmd_bin2c = $(objtree)/scripts/bin2c kexec_purgatory < $< > $@ - -$(obj)/kexec-purgatory.c: $(obj)/purgatory.ro $(obj)/purgatory.chk FORCE - $(call if_changed,bin2c) +$(obj)/kexec-purgatory.o: $(obj)/purgatory.ro $(obj)/purgatory.chk obj-y += kexec-purgatory.o diff --git a/arch/x86/purgatory/kexec-purgatory.S b/arch/x86/purgatory/kexec-purgatory.S new file mode 100644 index 000000000000..8530fe93b718 --- /dev/null +++ b/arch/x86/purgatory/kexec-purgatory.S @@ -0,0 +1,14 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + + .section .rodata, "a" + + .align 8 +kexec_purgatory: + .globl kexec_purgatory + .incbin "arch/x86/purgatory/purgatory.ro" +.Lkexec_purgatory_end: + + .align 8 +kexec_purgatory_size: + .globl kexec_purgatory_size + .quad .Lkexec_purgatory_end - kexec_purgatory diff --git a/scripts/remove-stale-files b/scripts/remove-stale-files index 7adab4618035..379e86c71bed 100755 --- a/scripts/remove-stale-files +++ b/scripts/remove-stale-files @@ -41,3 +41,5 @@ if [ -n "${building_out_of_srctree}" ]; then fi rm -f scripts/extract-cert + +rm -f arch/x86/purgatory/kexec-purgatory.c -- cgit v1.2.3