ddf56288ee
With GCOV_PROFILE_ALL, Clang injects __llvm_gcov_* functions to each object file, and the functions are indirectly called during boot. However, when code is injected to object files that are not part of vmlinux.o, it's also not processed by objtool, which breaks CFI hash randomization as the hashes in these files won't be included in the .cfi_sites section and thus won't be randomized. Similarly to commit42633ed852
("kbuild: Fix CFI hash randomization with KASAN"), disable GCOV for .vmlinux.export.o and init/version-timestamp.o to avoid emitting unnecessary functions to object files that don't otherwise have executable code. Fixes:0c3e806ec0
("x86/cfi: Add boot time hash randomization") Reported-by: Joe Fradley <joefradley@google.com> Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
64 lines
1.8 KiB
Makefile
64 lines
1.8 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0
|
|
#
|
|
# Makefile for the linux kernel.
|
|
#
|
|
|
|
ccflags-y := -fno-function-sections -fno-data-sections
|
|
|
|
obj-y := main.o version.o mounts.o
|
|
ifneq ($(CONFIG_BLK_DEV_INITRD),y)
|
|
obj-y += noinitramfs.o
|
|
else
|
|
obj-$(CONFIG_BLK_DEV_INITRD) += initramfs.o
|
|
endif
|
|
obj-$(CONFIG_GENERIC_CALIBRATE_DELAY) += calibrate.o
|
|
|
|
obj-y += init_task.o
|
|
|
|
mounts-y := do_mounts.o
|
|
mounts-$(CONFIG_BLK_DEV_RAM) += do_mounts_rd.o
|
|
mounts-$(CONFIG_BLK_DEV_INITRD) += do_mounts_initrd.o
|
|
|
|
#
|
|
# UTS_VERSION
|
|
#
|
|
|
|
smp-flag-$(CONFIG_SMP) := SMP
|
|
preempt-flag-$(CONFIG_PREEMPT_BUILD) := PREEMPT
|
|
preempt-flag-$(CONFIG_PREEMPT_DYNAMIC) := PREEMPT_DYNAMIC
|
|
preempt-flag-$(CONFIG_PREEMPT_RT) := PREEMPT_RT
|
|
|
|
build-version = $(or $(KBUILD_BUILD_VERSION), $(build-version-auto))
|
|
build-timestamp = $(or $(KBUILD_BUILD_TIMESTAMP), $(build-timestamp-auto))
|
|
|
|
# Maximum length of UTS_VERSION is 64 chars
|
|
filechk_uts_version = \
|
|
utsver=$$(echo '$(pound)'"$(build-version)" $(smp-flag-y) $(preempt-flag-y) "$(build-timestamp)" | cut -b -64); \
|
|
echo '$(pound)'define UTS_VERSION \""$${utsver}"\"
|
|
|
|
#
|
|
# Build version.c with temporary UTS_VERSION
|
|
#
|
|
|
|
$(obj)/utsversion-tmp.h: FORCE
|
|
$(call filechk,uts_version)
|
|
|
|
clean-files += utsversion-tmp.h
|
|
|
|
$(obj)/version.o: $(obj)/utsversion-tmp.h
|
|
CFLAGS_version.o := -include $(obj)/utsversion-tmp.h
|
|
|
|
#
|
|
# Build version-timestamp.c with final UTS_VERSION
|
|
#
|
|
|
|
include/generated/utsversion.h: build-version-auto = $(shell $(srctree)/$(src)/build-version)
|
|
include/generated/utsversion.h: build-timestamp-auto = $(shell LC_ALL=C date)
|
|
include/generated/utsversion.h: FORCE
|
|
$(call filechk,uts_version)
|
|
|
|
$(obj)/version-timestamp.o: include/generated/utsversion.h
|
|
CFLAGS_version-timestamp.o := -include include/generated/utsversion.h
|
|
KASAN_SANITIZE_version-timestamp.o := n
|
|
GCOV_PROFILE_version-timestamp.o := n
|