mirror of
https://git.proxmox.com/git/mirror_ubuntu-kernels.git
synced 2026-01-17 01:40:57 +00:00
0bf13a8436
- usercopy hardening expanded to check other allocation types (Matthew Wilcox, Yuanzheng Song) - arm64 stackleak behavioral improvements (Mark Rutland) - arm64 CFI code gen improvement (Sami Tolvanen) - LoadPin LSM block dev API adjustment (Christoph Hellwig) - Clang randstruct support (Bill Wendling, Kees Cook) -----BEGIN PGP SIGNATURE----- iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmKL1kMWHGtlZXNjb29r QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJlz6D/9lYEwDQYwKVK6fsXdgcs/eUkqc P06KGm7jDiYiua34LMpgu35wkRcxVDzB92kzQmt7yaVqhlIGjO9wnP+uZrq8q/LS X9FSb457fREg0XLPX5XC60abHYyikvgJMf06dSLaBcRq1Wzqwp5JZPpLZJUAM2ab rM1Vq0brfF1+lPAPECx1sYYNksP9XTw0dtzUu8D9tlTQDFAhKYhV6Io5yRFkA4JH ELSHjJHlNgLYeZE5IfWHRQBb+yofjnt61IwoVkqa5lSfoyvKpBPF5G+3gOgtdkyv A8So2aG/bMNUUY80Th5ojiZ6V7z5SYjUmHRil6I/swAdkc825n2wM+AQqsxv6U4I VvGz3cxaKklERw5N+EJw4amivcgm1jEppZ7qCx9ysLwVg/LI050qhv/T10TYPmOX 0sQEpZvbKuqGb6nzWo6DME8OpZ27yIa/oRzBHdkIkfkEefYlKWS+dfvWb/73cltj jx066Znk1hHZWGT48EsRmxdGAHn4kfIMcMgIs1ki1OO2II6LoXyaFJ0wSAYItxpz 5gCmDMjkGFRrtXXPEhi6kfKKpOuQux+BmpbVfEzox7Gnrf45sp92cYLncmpAsFB3 91nPa4/utqb/9ijFCIinazLdcUBPO8I1C8FOHDWSFCnNt4d3j2ozpLbrKWyQsm7+ RCGdcy+NU/FH1FwZlg== =nxsC -----END PGP SIGNATURE----- Merge tag 'kernel-hardening-v5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull kernel hardening updates from Kees Cook: - usercopy hardening expanded to check other allocation types (Matthew Wilcox, Yuanzheng Song) - arm64 stackleak behavioral improvements (Mark Rutland) - arm64 CFI code gen improvement (Sami Tolvanen) - LoadPin LSM block dev API adjustment (Christoph Hellwig) - Clang randstruct support (Bill Wendling, Kees Cook) * tag 'kernel-hardening-v5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (34 commits) loadpin: stop using bdevname mm: usercopy: move the virt_addr_valid() below the is_vmalloc_addr() gcc-plugins: randstruct: Remove cast exception handling af_unix: Silence randstruct GCC plugin warning niu: Silence randstruct warnings big_keys: Use struct for internal payload gcc-plugins: Change all version strings match kernel randomize_kstack: Improve docs on requirements/rationale lkdtm/stackleak: fix CONFIG_GCC_PLUGIN_STACKLEAK=n arm64: entry: use stackleak_erase_on_task_stack() stackleak: add on/off stack variants lkdtm/stackleak: check stack boundaries lkdtm/stackleak: prevent unexpected stack usage lkdtm/stackleak: rework boundary management lkdtm/stackleak: avoid spurious failure stackleak: rework poison scanning stackleak: rework stack high bound handling stackleak: clarify variable names stackleak: rework stack low bound handling stackleak: remove redundant check ...
86 lines
2.7 KiB
Makefile
86 lines
2.7 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Building a vDSO image for AArch64.
|
|
#
|
|
# Author: Will Deacon <will.deacon@arm.com>
|
|
# Heavily based on the vDSO Makefiles for other archs.
|
|
#
|
|
|
|
# Absolute relocation type $(ARCH_REL_TYPE_ABS) needs to be defined before
|
|
# the inclusion of generic Makefile.
|
|
ARCH_REL_TYPE_ABS := R_AARCH64_JUMP_SLOT|R_AARCH64_GLOB_DAT|R_AARCH64_ABS64
|
|
include $(srctree)/lib/vdso/Makefile
|
|
|
|
obj-vdso := vgettimeofday.o note.o sigreturn.o
|
|
|
|
# Build rules
|
|
targets := $(obj-vdso) vdso.so vdso.so.dbg
|
|
obj-vdso := $(addprefix $(obj)/, $(obj-vdso))
|
|
|
|
btildflags-$(CONFIG_ARM64_BTI_KERNEL) += -z force-bti
|
|
|
|
# -Bsymbolic has been added for consistency with arm, the compat vDSO and
|
|
# potential future proofing if we end up with internal calls to the exported
|
|
# routines, as x86 does (see 6f121e548f83 ("x86, vdso: Reimplement vdso.so
|
|
# preparation in build-time C")).
|
|
ldflags-y := -shared -soname=linux-vdso.so.1 --hash-style=sysv \
|
|
-Bsymbolic --build-id=sha1 -n $(btildflags-y) -T
|
|
|
|
ccflags-y := -fno-common -fno-builtin -fno-stack-protector -ffixed-x18
|
|
ccflags-y += -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO
|
|
|
|
# -Wmissing-prototypes and -Wmissing-declarations are removed from
|
|
# the CFLAGS of vgettimeofday.c to make possible to build the
|
|
# kernel with CONFIG_WERROR enabled.
|
|
CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE) -Os $(CC_FLAGS_SCS) \
|
|
$(RANDSTRUCT_CFLAGS) $(GCC_PLUGINS_CFLAGS) \
|
|
$(CC_FLAGS_LTO) -Wmissing-prototypes -Wmissing-declarations
|
|
KASAN_SANITIZE := n
|
|
KCSAN_SANITIZE := n
|
|
UBSAN_SANITIZE := n
|
|
OBJECT_FILES_NON_STANDARD := y
|
|
KCOV_INSTRUMENT := n
|
|
|
|
CFLAGS_vgettimeofday.o = -O2 -mcmodel=tiny -fasynchronous-unwind-tables
|
|
|
|
ifneq ($(c-gettimeofday-y),)
|
|
CFLAGS_vgettimeofday.o += -include $(c-gettimeofday-y)
|
|
endif
|
|
|
|
# Disable gcov profiling for VDSO code
|
|
GCOV_PROFILE := n
|
|
|
|
targets += vdso.lds
|
|
CPPFLAGS_vdso.lds += -P -C -U$(ARCH)
|
|
|
|
# Link rule for the .so file, .lds has to be first
|
|
$(obj)/vdso.so.dbg: $(obj)/vdso.lds $(obj-vdso) FORCE
|
|
$(call if_changed,vdsold_and_vdso_check)
|
|
|
|
# Strip rule for the .so file
|
|
$(obj)/%.so: OBJCOPYFLAGS := -S
|
|
$(obj)/%.so: $(obj)/%.so.dbg FORCE
|
|
$(call if_changed,objcopy)
|
|
|
|
# Generate VDSO offsets using helper script
|
|
gen-vdsosym := $(srctree)/$(src)/gen_vdso_offsets.sh
|
|
quiet_cmd_vdsosym = VDSOSYM $@
|
|
cmd_vdsosym = $(NM) $< | $(gen-vdsosym) | LC_ALL=C sort > $@
|
|
|
|
include/generated/vdso-offsets.h: $(obj)/vdso.so.dbg FORCE
|
|
$(call if_changed,vdsosym)
|
|
|
|
# Actual build commands
|
|
quiet_cmd_vdsold_and_vdso_check = LD $@
|
|
cmd_vdsold_and_vdso_check = $(cmd_ld); $(cmd_vdso_check)
|
|
|
|
# Install commands for the unstripped file
|
|
quiet_cmd_vdso_install = INSTALL $@
|
|
cmd_vdso_install = cp $(obj)/$@.dbg $(MODLIB)/vdso/$@
|
|
|
|
vdso.so: $(obj)/vdso.so.dbg
|
|
@mkdir -p $(MODLIB)/vdso
|
|
$(call cmd,vdso_install)
|
|
|
|
vdso_install: vdso.so
|