ddf56288ee
With GCOV_PROFILE_ALL, Clang injects __llvm_gcov_* functions to each object file, and the functions are indirectly called during boot. However, when code is injected to object files that are not part of vmlinux.o, it's also not processed by objtool, which breaks CFI hash randomization as the hashes in these files won't be included in the .cfi_sites section and thus won't be randomized. Similarly to commit 42633ed852de ("kbuild: Fix CFI hash randomization with KASAN"), disable GCOV for .vmlinux.export.o and init/version-timestamp.o to avoid emitting unnecessary functions to object files that don't otherwise have executable code. Fixes: 0c3e806ec0f9 ("x86/cfi: Add boot time hash randomization") Reported-by: Joe Fradley <joefradley@google.com> Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
54 lines
1.4 KiB
Makefile
54 lines
1.4 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
PHONY := __default
|
|
__default: vmlinux
|
|
|
|
include include/config/auto.conf
|
|
include $(srctree)/scripts/Kbuild.include
|
|
|
|
# for c_flags
|
|
include $(srctree)/scripts/Makefile.lib
|
|
|
|
targets :=
|
|
|
|
quiet_cmd_cc_o_c = CC $@
|
|
cmd_cc_o_c = $(CC) $(c_flags) -c -o $@ $<
|
|
|
|
%.o: %.c FORCE
|
|
$(call if_changed_dep,cc_o_c)
|
|
|
|
ifdef CONFIG_MODULES
|
|
KASAN_SANITIZE_.vmlinux.export.o := n
|
|
GCOV_PROFILE_.vmlinux.export.o := n
|
|
targets += .vmlinux.export.o
|
|
vmlinux: .vmlinux.export.o
|
|
endif
|
|
|
|
ARCH_POSTLINK := $(wildcard $(srctree)/arch/$(SRCARCH)/Makefile.postlink)
|
|
|
|
# Final link of vmlinux with optional arch pass after final link
|
|
cmd_link_vmlinux = \
|
|
$< "$(LD)" "$(KBUILD_LDFLAGS)" "$(LDFLAGS_vmlinux)"; \
|
|
$(if $(ARCH_POSTLINK), $(MAKE) -f $(ARCH_POSTLINK) $@, true)
|
|
|
|
targets += vmlinux
|
|
vmlinux: scripts/link-vmlinux.sh vmlinux.o $(KBUILD_LDS) FORCE
|
|
+$(call if_changed_dep,link_vmlinux)
|
|
|
|
# Add FORCE to the prequisites of a target to force it to be always rebuilt.
|
|
# ---------------------------------------------------------------------------
|
|
|
|
PHONY += FORCE
|
|
FORCE:
|
|
|
|
# Read all saved command lines and dependencies for the $(targets) we
|
|
# may be building above, using $(if_changed{,_dep}). As an
|
|
# optimization, we don't need to read them if the target does not
|
|
# exist, we will rebuild anyway in that case.
|
|
|
|
existing-targets := $(wildcard $(sort $(targets)))
|
|
|
|
-include $(foreach f,$(existing-targets),$(dir $(f)).$(notdir $(f)).cmd)
|
|
|
|
.PHONY: $(PHONY)
|