| 文件 | 最后提交记录 | 最后更新时间 |
|---|---|---|
kbuild: dummy-tools: avoid tmpdir leak in dummy gcc stable inclusion from stable-5.10.139 commit 37c7f25fe2b79184f3a7a9f15fdcfbcf8f46913c category: bugfix issue: #I4UU4A CVE: NA Signed-off-by: lizongfeng <lizongfeng1@huawei.com> --------------------------------------- commit aac289653fa5adf9e9985e4912c1d24a3e8cbab2 upstream When passed -print-file-name=plugin, the dummy gcc script creates a temporary directory that is never cleaned up. To avoid cluttering $TMPDIR, instead use a static directory included in the source tree. Fixes: 76426e238834 ("kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig") Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Cc: Jiri Slaby <jirislaby@kernel.org> Link: https://lore.kernel.org/r/9996285f-5a50-e56a-eb1c-645598381a20@kernel.org [ just the plugin-version.h portion as it failed to apply previously - gregkh ] Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: lizongfeng <lizongfeng1@huawei.com> create mode 100644 scripts/dummy-tools/dummy-plugin-dir/include/plugin-version.h Signed-off-by: lizongfeng <lizongfeng1@huawei.com> | 3 年前 | |
kbuild: check the minimum assembler version in Kconfig stable inclusion from stable-5.10.178 commit 83f55e6f298e9e79a38b92d771179090ff0ac771 category: bugfix issue: #I8JM1V CVE: NA Signed-off-by: wanxiaoqing <wanxiaoqing@huawei.com> --------------------------------------- commit ba64beb17493a4bfec563100c86a462a15926f24 upstream. Documentation/process/changes.rst defines the minimum assembler version (binutils version), but we have never checked it in the build time. Kbuild never invokes 'as' directly because all assembly files in the kernel tree are *.S, hence must be preprocessed. I do not expect raw assembly source files (*.s) would be added to the kernel tree. Therefore, we always use $(CC) as the assembler driver, and commit aa824e0c962b ("kbuild: remove AS variable") removed 'AS'. However, we are still interested in the version of the assembler acting behind. As usual, the --version option prints the version string. $ as --version | head -n 1 GNU assembler (GNU Binutils for Ubuntu) 2.35.1 But, we do not have $(AS). So, we can add the -Wa prefix so that $(CC) passes --version down to the backing assembler. $ gcc -Wa,--version | head -n 1 gcc: fatal error: no input files compilation terminated. OK, we need to input something to satisfy gcc. $ gcc -Wa,--version -c -x assembler /dev/null -o /dev/null | head -n 1 GNU assembler (GNU Binutils for Ubuntu) 2.35.1 The combination of Clang and GNU assembler works in the same way: $ clang -no-integrated-as -Wa,--version -c -x assembler /dev/null -o /dev/null | head -n 1 GNU assembler (GNU Binutils for Ubuntu) 2.35.1 Clang with the integrated assembler fails like this: $ clang -integrated-as -Wa,--version -c -x assembler /dev/null -o /dev/null | head -n 1 clang: error: unsupported argument '--version' to option 'Wa,' For the last case, checking the error message is fragile. If the proposal for -Wa,--version support [1] is accepted, this may not be even an error in the future. One easy way is to check if -integrated-as is present in the passed arguments. We did not pass -integrated-as to CLANG_FLAGS before, but we can make it explicit. Nathan pointed out -integrated-as is the default for all of the architectures/targets that the kernel cares about, but it goes along with "explicit is better than implicit" policy. [2] With all this in my mind, I implemented scripts/as-version.sh to check the assembler version in Kconfig time. $ scripts/as-version.sh gcc GNU 23501 $ scripts/as-version.sh clang -no-integrated-as GNU 23501 $ scripts/as-version.sh clang -integrated-as LLVM 0 [1]: https://github.com/ClangBuiltLinux/linux/issues/1320 [2]: https://lore.kernel.org/linux-kbuild/20210307044253.v3h47ucq6ng25iay@archlinux-ax161/ Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Nathan Chancellor <nathan@kernel.org> [nathan: Backport to 5.10. Drop minimum version checking, as it is not required in 5.10] Signed-off-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: wanxiaoqing <wanxiaoqing@huawei.com> create mode 100755 scripts/as-version.sh Signed-off-by: wanxiaoqing <wanxiaoqing@huawei.com> | 2 年前 | |
kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig Staring v4.18, Kconfig evaluates compiler capabilities, and hides CONFIG options your compiler does not support. This works well if you configure and build the kernel on the same host machine. It is inconvenient if you prepare the .config that is carried to a different build environment (typically this happens when you package the kernel for distros) because using a different compiler potentially produces different CONFIG options than the real build environment. So, you probably want to make as many options visible as possible. In other words, you need to create a super-set of CONFIG options that cover any build environment. If some of the CONFIG options turned out to be unsupported on the build machine, they are automatically disabled by the nature of Kconfig. However, it is not feasible to get a full-featured compiler for every arch. This issue was discussed here: https://lkml.org/lkml/2019/12/9/620 Other than distros, savedefconfig is also a problem. Some arch sub-systems periodically resync defconfig files. If you use a less-capable compiler for savedefconfig, options that do not meet 'depends on $(cc-option,...)' will be forcibly disabled. So, 'make defconfig && make savedefconfig' may silently change the behavior. This commit adds a set of dummy toolchains that pretend to support any feature. Most of compiler features are tested by cc-option, which simply checks the exit code of $(CC). The dummy tools are shell scripts that always exit with 0. So, $(cc-option, ...) is evaluated as 'y'. There are more complicated checks such as: scripts/gcc-x86_{32,64}-has-stack-protector.sh scripts/gcc-plugin.sh scripts/tools-support-relr.sh scripts/dummy-tools/gcc passes all checks. From the top directory of the source tree, you can do: $ make CROSS_COMPILE=scripts/dummy-tools/ oldconfig Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Philipp Rudo <prudo@linux.ibm.com> Tested-by: Jeremy Cline <jcline@redhat.com> | 6 年前 | |
kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig Staring v4.18, Kconfig evaluates compiler capabilities, and hides CONFIG options your compiler does not support. This works well if you configure and build the kernel on the same host machine. It is inconvenient if you prepare the .config that is carried to a different build environment (typically this happens when you package the kernel for distros) because using a different compiler potentially produces different CONFIG options than the real build environment. So, you probably want to make as many options visible as possible. In other words, you need to create a super-set of CONFIG options that cover any build environment. If some of the CONFIG options turned out to be unsupported on the build machine, they are automatically disabled by the nature of Kconfig. However, it is not feasible to get a full-featured compiler for every arch. This issue was discussed here: https://lkml.org/lkml/2019/12/9/620 Other than distros, savedefconfig is also a problem. Some arch sub-systems periodically resync defconfig files. If you use a less-capable compiler for savedefconfig, options that do not meet 'depends on $(cc-option,...)' will be forcibly disabled. So, 'make defconfig && make savedefconfig' may silently change the behavior. This commit adds a set of dummy toolchains that pretend to support any feature. Most of compiler features are tested by cc-option, which simply checks the exit code of $(CC). The dummy tools are shell scripts that always exit with 0. So, $(cc-option, ...) is evaluated as 'y'. There are more complicated checks such as: scripts/gcc-x86_{32,64}-has-stack-protector.sh scripts/gcc-plugin.sh scripts/tools-support-relr.sh scripts/dummy-tools/gcc passes all checks. From the top directory of the source tree, you can do: $ make CROSS_COMPILE=scripts/dummy-tools/ oldconfig Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Philipp Rudo <prudo@linux.ibm.com> Tested-by: Jeremy Cline <jcline@redhat.com> | 6 年前 | |
kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig Staring v4.18, Kconfig evaluates compiler capabilities, and hides CONFIG options your compiler does not support. This works well if you configure and build the kernel on the same host machine. It is inconvenient if you prepare the .config that is carried to a different build environment (typically this happens when you package the kernel for distros) because using a different compiler potentially produces different CONFIG options than the real build environment. So, you probably want to make as many options visible as possible. In other words, you need to create a super-set of CONFIG options that cover any build environment. If some of the CONFIG options turned out to be unsupported on the build machine, they are automatically disabled by the nature of Kconfig. However, it is not feasible to get a full-featured compiler for every arch. This issue was discussed here: https://lkml.org/lkml/2019/12/9/620 Other than distros, savedefconfig is also a problem. Some arch sub-systems periodically resync defconfig files. If you use a less-capable compiler for savedefconfig, options that do not meet 'depends on $(cc-option,...)' will be forcibly disabled. So, 'make defconfig && make savedefconfig' may silently change the behavior. This commit adds a set of dummy toolchains that pretend to support any feature. Most of compiler features are tested by cc-option, which simply checks the exit code of $(CC). The dummy tools are shell scripts that always exit with 0. So, $(cc-option, ...) is evaluated as 'y'. There are more complicated checks such as: scripts/gcc-x86_{32,64}-has-stack-protector.sh scripts/gcc-plugin.sh scripts/tools-support-relr.sh scripts/dummy-tools/gcc passes all checks. From the top directory of the source tree, you can do: $ make CROSS_COMPILE=scripts/dummy-tools/ oldconfig Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Reviewed-by: Philipp Rudo <prudo@linux.ibm.com> Tested-by: Jeremy Cline <jcline@redhat.com> | 6 年前 |