40548c6b6c
Pull x86 pti updates from Thomas Gleixner:
"This contains:
- a PTI bugfix to avoid setting reserved CR3 bits when PCID is
disabled. This seems to cause issues on a virtual machine at least
and is incorrect according to the AMD manual.
- a PTI bugfix which disables the perf BTS facility if PTI is
enabled. The BTS AUX buffer is not globally visible and causes the
CPU to fault when the mapping disappears on switching CR3 to user
space. A full fix which restores BTS on PTI is non trivial and will
be worked on.
- PTI bugfixes for EFI and trusted boot which make sure that the user
space visible page table entries have the NX bit cleared
- removal of dead code in the PTI pagetable setup functions
- add PTI documentation
- add a selftest for vsyscall to verify that the kernel actually
implements what it advertises.
- a sysfs interface to expose vulnerability and mitigation
information so there is a coherent way for users to retrieve the
status.
- the initial spectre_v2 mitigations, aka retpoline:
+ The necessary ASM thunk and compiler support
+ The ASM variants of retpoline and the conversion of affected ASM
code
+ Make LFENCE serializing on AMD so it can be used as speculation
trap
+ The RSB fill after vmexit
- initial objtool support for retpoline
As I said in the status mail this is the most of the set of patches
which should go into 4.15 except two straight forward patches still on
hold:
- the retpoline add on of LFENCE which waits for ACKs
- the RSB fill after context switch
Both should be ready to go early next week and with that we'll have
covered the major holes of spectre_v2 and go back to normality"
* 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (28 commits)
x86,perf: Disable intel_bts when PTI
security/Kconfig: Correct the Documentation reference for PTI
x86/pti: Fix !PCID and sanitize defines
selftests/x86: Add test_vsyscall
x86/retpoline: Fill return stack buffer on vmexit
x86/retpoline/irq32: Convert assembler indirect jumps
x86/retpoline/checksum32: Convert assembler indirect jumps
x86/retpoline/xen: Convert Xen hypercall indirect jumps
x86/retpoline/hyperv: Convert assembler indirect jumps
x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
x86/retpoline/entry: Convert entry assembler indirect jumps
x86/retpoline/crypto: Convert crypto assembler indirect jumps
x86/spectre: Add boot time option to select Spectre v2 mitigation
x86/retpoline: Add initial retpoline support
objtool: Allow alternatives to be ignored
objtool: Detect jumps to retpoline thunks
x86/pti: Make unpoison of pgd for trusted boot work for real
x86/alternatives: Fix optimize_nops() checking
sysfs/cpu: Fix typos in vulnerability documentation
x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
...
337 lines
12 KiB
Makefile
337 lines
12 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
# Unified Makefile for i386 and x86_64
|
|
|
|
# select defconfig based on actual architecture
|
|
ifeq ($(ARCH),x86)
|
|
ifeq ($(shell uname -m),x86_64)
|
|
KBUILD_DEFCONFIG := x86_64_defconfig
|
|
else
|
|
KBUILD_DEFCONFIG := i386_defconfig
|
|
endif
|
|
else
|
|
KBUILD_DEFCONFIG := $(ARCH)_defconfig
|
|
endif
|
|
|
|
# For gcc stack alignment is specified with -mpreferred-stack-boundary,
|
|
# clang has the option -mstack-alignment for that purpose.
|
|
ifneq ($(call cc-option, -mpreferred-stack-boundary=4),)
|
|
cc_stack_align4 := -mpreferred-stack-boundary=2
|
|
cc_stack_align8 := -mpreferred-stack-boundary=3
|
|
else ifneq ($(call cc-option, -mstack-alignment=16),)
|
|
cc_stack_align4 := -mstack-alignment=4
|
|
cc_stack_align8 := -mstack-alignment=8
|
|
endif
|
|
|
|
# How to compile the 16-bit code. Note we always compile for -march=i386;
|
|
# that way we can complain to the user if the CPU is insufficient.
|
|
#
|
|
# The -m16 option is supported by GCC >= 4.9 and clang >= 3.5. For
|
|
# older versions of GCC, include an *assembly* header to make sure that
|
|
# gcc doesn't play any games behind our back.
|
|
CODE16GCC_CFLAGS := -m32 -Wa,$(srctree)/arch/x86/boot/code16gcc.h
|
|
M16_CFLAGS := $(call cc-option, -m16, $(CODE16GCC_CFLAGS))
|
|
|
|
REALMODE_CFLAGS := $(M16_CFLAGS) -g -Os -D__KERNEL__ \
|
|
-DDISABLE_BRANCH_PROFILING \
|
|
-Wall -Wstrict-prototypes -march=i386 -mregparm=3 \
|
|
-fno-strict-aliasing -fomit-frame-pointer -fno-pic \
|
|
-mno-mmx -mno-sse
|
|
|
|
REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -ffreestanding)
|
|
REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), -fno-stack-protector)
|
|
REALMODE_CFLAGS += $(call __cc-option, $(CC), $(REALMODE_CFLAGS), $(cc_stack_align4))
|
|
export REALMODE_CFLAGS
|
|
|
|
# BITS is used as extension for files which are available in a 32 bit
|
|
# and a 64 bit version to simplify shared Makefiles.
|
|
# e.g.: obj-y += foo_$(BITS).o
|
|
export BITS
|
|
|
|
ifdef CONFIG_X86_NEED_RELOCS
|
|
LDFLAGS_vmlinux := --emit-relocs
|
|
endif
|
|
|
|
#
|
|
# Prevent GCC from generating any FP code by mistake.
|
|
#
|
|
# This must happen before we try the -mpreferred-stack-boundary, see:
|
|
#
|
|
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53383
|
|
#
|
|
KBUILD_CFLAGS += -mno-sse -mno-mmx -mno-sse2 -mno-3dnow
|
|
KBUILD_CFLAGS += $(call cc-option,-mno-avx,)
|
|
|
|
ifeq ($(CONFIG_X86_32),y)
|
|
BITS := 32
|
|
UTS_MACHINE := i386
|
|
CHECKFLAGS += -D__i386__
|
|
|
|
biarch := $(call cc-option,-m32)
|
|
KBUILD_AFLAGS += $(biarch)
|
|
KBUILD_CFLAGS += $(biarch)
|
|
|
|
KBUILD_CFLAGS += -msoft-float -mregparm=3 -freg-struct-return
|
|
|
|
# Never want PIC in a 32-bit kernel, prevent breakage with GCC built
|
|
# with nonstandard options
|
|
KBUILD_CFLAGS += -fno-pic
|
|
|
|
# Align the stack to the register width instead of using the default
|
|
# alignment of 16 bytes. This reduces stack usage and the number of
|
|
# alignment instructions.
|
|
KBUILD_CFLAGS += $(call cc-option,$(cc_stack_align4))
|
|
|
|
# Disable unit-at-a-time mode on pre-gcc-4.0 compilers, it makes gcc use
|
|
# a lot more stack due to the lack of sharing of stacklots:
|
|
KBUILD_CFLAGS += $(call cc-ifversion, -lt, 0400, \
|
|
$(call cc-option,-fno-unit-at-a-time))
|
|
|
|
# CPU-specific tuning. Anything which can be shared with UML should go here.
|
|
include arch/x86/Makefile_32.cpu
|
|
KBUILD_CFLAGS += $(cflags-y)
|
|
|
|
# temporary until string.h is fixed
|
|
KBUILD_CFLAGS += -ffreestanding
|
|
else
|
|
BITS := 64
|
|
UTS_MACHINE := x86_64
|
|
CHECKFLAGS += -D__x86_64__ -m64
|
|
|
|
biarch := -m64
|
|
KBUILD_AFLAGS += -m64
|
|
KBUILD_CFLAGS += -m64
|
|
|
|
# Align jump targets to 1 byte, not the default 16 bytes:
|
|
KBUILD_CFLAGS += $(call cc-option,-falign-jumps=1)
|
|
|
|
# Pack loops tightly as well:
|
|
KBUILD_CFLAGS += $(call cc-option,-falign-loops=1)
|
|
|
|
# Don't autogenerate traditional x87 instructions
|
|
KBUILD_CFLAGS += $(call cc-option,-mno-80387)
|
|
KBUILD_CFLAGS += $(call cc-option,-mno-fp-ret-in-387)
|
|
|
|
# By default gcc and clang use a stack alignment of 16 bytes for x86.
|
|
# However the standard kernel entry on x86-64 leaves the stack on an
|
|
# 8-byte boundary. If the compiler isn't informed about the actual
|
|
# alignment it will generate extra alignment instructions for the
|
|
# default alignment which keep the stack *mis*aligned.
|
|
# Furthermore an alignment to the register width reduces stack usage
|
|
# and the number of alignment instructions.
|
|
KBUILD_CFLAGS += $(call cc-option,$(cc_stack_align8))
|
|
|
|
# Use -mskip-rax-setup if supported.
|
|
KBUILD_CFLAGS += $(call cc-option,-mskip-rax-setup)
|
|
|
|
# FIXME - should be integrated in Makefile.cpu (Makefile_32.cpu)
|
|
cflags-$(CONFIG_MK8) += $(call cc-option,-march=k8)
|
|
cflags-$(CONFIG_MPSC) += $(call cc-option,-march=nocona)
|
|
|
|
cflags-$(CONFIG_MCORE2) += \
|
|
$(call cc-option,-march=core2,$(call cc-option,-mtune=generic))
|
|
cflags-$(CONFIG_MATOM) += $(call cc-option,-march=atom) \
|
|
$(call cc-option,-mtune=atom,$(call cc-option,-mtune=generic))
|
|
cflags-$(CONFIG_GENERIC_CPU) += $(call cc-option,-mtune=generic)
|
|
KBUILD_CFLAGS += $(cflags-y)
|
|
|
|
KBUILD_CFLAGS += -mno-red-zone
|
|
KBUILD_CFLAGS += -mcmodel=kernel
|
|
|
|
# -funit-at-a-time shrinks the kernel .text considerably
|
|
# unfortunately it makes reading oopses harder.
|
|
KBUILD_CFLAGS += $(call cc-option,-funit-at-a-time)
|
|
endif
|
|
|
|
ifdef CONFIG_X86_X32
|
|
x32_ld_ok := $(call try-run,\
|
|
/bin/echo -e '1: .quad 1b' | \
|
|
$(CC) $(KBUILD_AFLAGS) -c -x assembler -o "$$TMP" - && \
|
|
$(OBJCOPY) -O elf32-x86-64 "$$TMP" "$$TMPO" && \
|
|
$(LD) -m elf32_x86_64 "$$TMPO" -o "$$TMP",y,n)
|
|
ifeq ($(x32_ld_ok),y)
|
|
CONFIG_X86_X32_ABI := y
|
|
KBUILD_AFLAGS += -DCONFIG_X86_X32_ABI
|
|
KBUILD_CFLAGS += -DCONFIG_X86_X32_ABI
|
|
else
|
|
$(warning CONFIG_X86_X32 enabled but no binutils support)
|
|
endif
|
|
endif
|
|
export CONFIG_X86_X32_ABI
|
|
|
|
#
|
|
# If the function graph tracer is used with mcount instead of fentry,
|
|
# '-maccumulate-outgoing-args' is needed to prevent a GCC bug
|
|
# (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=42109)
|
|
#
|
|
ifdef CONFIG_FUNCTION_GRAPH_TRACER
|
|
ifndef CONFIG_HAVE_FENTRY
|
|
ACCUMULATE_OUTGOING_ARGS := 1
|
|
else
|
|
ifeq ($(call cc-option-yn, -mfentry), n)
|
|
ACCUMULATE_OUTGOING_ARGS := 1
|
|
|
|
# GCC ignores '-maccumulate-outgoing-args' when used with '-Os'.
|
|
# If '-Os' is enabled, disable it and print a warning.
|
|
ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE
|
|
undefine CONFIG_CC_OPTIMIZE_FOR_SIZE
|
|
$(warning Disabling CONFIG_CC_OPTIMIZE_FOR_SIZE. Your compiler does not have -mfentry so you cannot optimize for size with CONFIG_FUNCTION_GRAPH_TRACER.)
|
|
endif
|
|
|
|
endif
|
|
endif
|
|
endif
|
|
|
|
#
|
|
# Jump labels need '-maccumulate-outgoing-args' for gcc < 4.5.2 to prevent a
|
|
# GCC bug (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=46226). There's no way
|
|
# to test for this bug at compile-time because the test case needs to execute,
|
|
# which is a no-go for cross compilers. So check the GCC version instead.
|
|
#
|
|
ifdef CONFIG_JUMP_LABEL
|
|
ifneq ($(ACCUMULATE_OUTGOING_ARGS), 1)
|
|
ACCUMULATE_OUTGOING_ARGS = $(call cc-if-fullversion, -lt, 040502, 1)
|
|
endif
|
|
endif
|
|
|
|
ifeq ($(ACCUMULATE_OUTGOING_ARGS), 1)
|
|
# This compiler flag is not supported by Clang:
|
|
KBUILD_CFLAGS += $(call cc-option,-maccumulate-outgoing-args,)
|
|
endif
|
|
|
|
# Stackpointer is addressed different for 32 bit and 64 bit x86
|
|
sp-$(CONFIG_X86_32) := esp
|
|
sp-$(CONFIG_X86_64) := rsp
|
|
|
|
# do binutils support CFI?
|
|
cfi := $(call as-instr,.cfi_startproc\n.cfi_rel_offset $(sp-y)$(comma)0\n.cfi_endproc,-DCONFIG_AS_CFI=1)
|
|
# is .cfi_signal_frame supported too?
|
|
cfi-sigframe := $(call as-instr,.cfi_startproc\n.cfi_signal_frame\n.cfi_endproc,-DCONFIG_AS_CFI_SIGNAL_FRAME=1)
|
|
cfi-sections := $(call as-instr,.cfi_sections .debug_frame,-DCONFIG_AS_CFI_SECTIONS=1)
|
|
|
|
# does binutils support specific instructions?
|
|
asinstr := $(call as-instr,fxsaveq (%rax),-DCONFIG_AS_FXSAVEQ=1)
|
|
asinstr += $(call as-instr,pshufb %xmm0$(comma)%xmm0,-DCONFIG_AS_SSSE3=1)
|
|
asinstr += $(call as-instr,crc32l %eax$(comma)%eax,-DCONFIG_AS_CRC32=1)
|
|
avx_instr := $(call as-instr,vxorps %ymm0$(comma)%ymm1$(comma)%ymm2,-DCONFIG_AS_AVX=1)
|
|
avx2_instr :=$(call as-instr,vpbroadcastb %xmm0$(comma)%ymm1,-DCONFIG_AS_AVX2=1)
|
|
avx512_instr :=$(call as-instr,vpmovm2b %k1$(comma)%zmm5,-DCONFIG_AS_AVX512=1)
|
|
sha1_ni_instr :=$(call as-instr,sha1msg1 %xmm0$(comma)%xmm1,-DCONFIG_AS_SHA1_NI=1)
|
|
sha256_ni_instr :=$(call as-instr,sha256msg1 %xmm0$(comma)%xmm1,-DCONFIG_AS_SHA256_NI=1)
|
|
|
|
KBUILD_AFLAGS += $(cfi) $(cfi-sigframe) $(cfi-sections) $(asinstr) $(avx_instr) $(avx2_instr) $(avx512_instr) $(sha1_ni_instr) $(sha256_ni_instr)
|
|
KBUILD_CFLAGS += $(cfi) $(cfi-sigframe) $(cfi-sections) $(asinstr) $(avx_instr) $(avx2_instr) $(avx512_instr) $(sha1_ni_instr) $(sha256_ni_instr)
|
|
|
|
LDFLAGS := -m elf_$(UTS_MACHINE)
|
|
|
|
# Speed up the build
|
|
KBUILD_CFLAGS += -pipe
|
|
# Workaround for a gcc prelease that unfortunately was shipped in a suse release
|
|
KBUILD_CFLAGS += -Wno-sign-compare
|
|
#
|
|
KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
|
|
|
|
# Avoid indirect branches in kernel to deal with Spectre
|
|
ifdef CONFIG_RETPOLINE
|
|
RETPOLINE_CFLAGS += $(call cc-option,-mindirect-branch=thunk-extern -mindirect-branch-register)
|
|
ifneq ($(RETPOLINE_CFLAGS),)
|
|
KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE
|
|
else
|
|
$(warning CONFIG_RETPOLINE=y, but not supported by the compiler. Toolchain update recommended.)
|
|
endif
|
|
endif
|
|
|
|
archscripts: scripts_basic
|
|
$(Q)$(MAKE) $(build)=arch/x86/tools relocs
|
|
|
|
###
|
|
# Syscall table generation
|
|
|
|
archheaders:
|
|
$(Q)$(MAKE) $(build)=arch/x86/entry/syscalls all
|
|
|
|
archprepare:
|
|
ifeq ($(CONFIG_KEXEC_FILE),y)
|
|
$(Q)$(MAKE) $(build)=arch/x86/purgatory arch/x86/purgatory/kexec-purgatory.c
|
|
endif
|
|
|
|
###
|
|
# Kernel objects
|
|
|
|
head-y := arch/x86/kernel/head_$(BITS).o
|
|
head-y += arch/x86/kernel/head$(BITS).o
|
|
head-y += arch/x86/kernel/ebda.o
|
|
head-y += arch/x86/kernel/platform-quirks.o
|
|
|
|
libs-y += arch/x86/lib/
|
|
|
|
# See arch/x86/Kbuild for content of core part of the kernel
|
|
core-y += arch/x86/
|
|
|
|
# drivers-y are linked after core-y
|
|
drivers-$(CONFIG_MATH_EMULATION) += arch/x86/math-emu/
|
|
drivers-$(CONFIG_PCI) += arch/x86/pci/
|
|
|
|
# must be linked after kernel/
|
|
drivers-$(CONFIG_OPROFILE) += arch/x86/oprofile/
|
|
|
|
# suspend and hibernation support
|
|
drivers-$(CONFIG_PM) += arch/x86/power/
|
|
|
|
drivers-$(CONFIG_FB) += arch/x86/video/
|
|
|
|
####
|
|
# boot loader support. Several targets are kept for legacy purposes
|
|
|
|
boot := arch/x86/boot
|
|
|
|
BOOT_TARGETS = bzlilo bzdisk fdimage fdimage144 fdimage288 isoimage
|
|
|
|
PHONY += bzImage $(BOOT_TARGETS)
|
|
|
|
# Default kernel to build
|
|
all: bzImage
|
|
|
|
# KBUILD_IMAGE specify target image being built
|
|
KBUILD_IMAGE := $(boot)/bzImage
|
|
|
|
bzImage: vmlinux
|
|
ifeq ($(CONFIG_X86_DECODER_SELFTEST),y)
|
|
$(Q)$(MAKE) $(build)=arch/x86/tools posttest
|
|
endif
|
|
$(Q)$(MAKE) $(build)=$(boot) $(KBUILD_IMAGE)
|
|
$(Q)mkdir -p $(objtree)/arch/$(UTS_MACHINE)/boot
|
|
$(Q)ln -fsn ../../x86/boot/bzImage $(objtree)/arch/$(UTS_MACHINE)/boot/$@
|
|
|
|
$(BOOT_TARGETS): vmlinux
|
|
$(Q)$(MAKE) $(build)=$(boot) $@
|
|
|
|
PHONY += install
|
|
install:
|
|
$(Q)$(MAKE) $(build)=$(boot) $@
|
|
|
|
PHONY += vdso_install
|
|
vdso_install:
|
|
$(Q)$(MAKE) $(build)=arch/x86/entry/vdso $@
|
|
|
|
archclean:
|
|
$(Q)rm -rf $(objtree)/arch/i386
|
|
$(Q)rm -rf $(objtree)/arch/x86_64
|
|
$(Q)$(MAKE) $(clean)=$(boot)
|
|
$(Q)$(MAKE) $(clean)=arch/x86/tools
|
|
$(Q)$(MAKE) $(clean)=arch/x86/purgatory
|
|
|
|
define archhelp
|
|
echo '* bzImage - Compressed kernel image (arch/x86/boot/bzImage)'
|
|
echo ' install - Install kernel using'
|
|
echo ' (your) ~/bin/$(INSTALLKERNEL) or'
|
|
echo ' (distribution) /sbin/$(INSTALLKERNEL) or'
|
|
echo ' install to $$(INSTALL_PATH) and run lilo'
|
|
echo ' fdimage - Create 1.4MB boot floppy image (arch/x86/boot/fdimage)'
|
|
echo ' fdimage144 - Create 1.4MB boot floppy image (arch/x86/boot/fdimage)'
|
|
echo ' fdimage288 - Create 2.8MB boot floppy image (arch/x86/boot/fdimage)'
|
|
echo ' isoimage - Create a boot CD-ROM image (arch/x86/boot/image.iso)'
|
|
echo ' bzdisk/fdimage*/isoimage also accept:'
|
|
echo ' FDARGS="..." arguments for the booted kernel'
|
|
echo ' FDINITRD=file initrd for the booted kernel'
|
|
endef
|