From patchwork Thu Dec 14 12:49:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 1876173 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SrXJ31krwz23nn for ; Thu, 14 Dec 2023 23:50:10 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rDlA5-0003Nj-Qf; Thu, 14 Dec 2023 12:49:58 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rDl9z-0003Jq-67 for kernel-team@lists.ubuntu.com; Thu, 14 Dec 2023 12:49:51 +0000 Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 1ED603F15F for ; Thu, 14 Dec 2023 12:49:50 +0000 (UTC) Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-333501e22caso6262096f8f.2 for ; Thu, 14 Dec 2023 04:49:50 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558189; x=1703162989; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=AzZJeKm3FtVfDCDplYFwyGFtBx93H7tZ3+IBGrBTq7Y=; b=JzPPbknxG90B0A4JhFsIr93nGSIwaCHyOeN6+0FQvtV55gXCRmO2QwHJQmRNx67V4C 8/E989UF2MgWwtMfDeQh4zoijagtqbKx8imbw53MveAftSSAnElB+NMe5KQ1g1h3ghV8 07hM1XFLblRcQRSUN6pMHmFuiNJl3Oz2H6isUliRqYMQFOQ+O0/33J5LCJY1YzRujUF6 vSdkGoavper4tYGuRIo2sni3FCMwVqgTpyqeLFTrqK7IYWVAcpeFivUjT3x/w/+1/9g5 8baOuGqBRHkB98ub6qYFrBnPQxiDL9t9U88xHsF6J81CLeG6OnYwRjBnnyEFlgSxioSJ 2C5w== X-Gm-Message-State: AOJu0YzrjhfayurNIhyPNeuSls/AV4GFv1G3saVgapBECeG5gCA6TPNG AFwxxH7lZp4XQzpjiq1qs4TEzw6eUY+C2rgispDYxSKNh7veIwYk6+Gc0EY9syp0jXe5giNTjs3 PIxSp/JlWI5OqA59GhgxhTu6R1KBTqfXGEkWXZ2JHU2vc4wGSFw== X-Received: by 2002:a5d:4442:0:b0:336:3eaa:ba1a with SMTP id x2-20020a5d4442000000b003363eaaba1amr1327317wrr.68.1702558188994; Thu, 14 Dec 2023 04:49:48 -0800 (PST) X-Google-Smtp-Source: AGHT+IHWFYqTIqdKz5h9lfJxQ4JFiiLTvhefWp83L4HTHYXQhYmQcipPEII23kl1k+ysGXVRasOJLA== X-Received: by 2002:a5d:4442:0:b0:336:3eaa:ba1a with SMTP id x2-20020a5d4442000000b003363eaaba1amr1327304wrr.68.1702558188293; Thu, 14 Dec 2023 04:49:48 -0800 (PST) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id m23-20020adfa3d7000000b00334b2272a7asm16344181wrb.2.2023.12.14.04.49.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:49:48 -0800 (PST) From: Dimitri John Ledkov To: kernel-team@lists.ubuntu.com Subject: [UNSTABLE][PATCH 1/5] UBUNTU: SAUCE: objtool: Make objtool check actually fatal upon fatal errors Date: Thu, 14 Dec 2023 12:49:36 +0000 Message-Id: <20231214124940.3281278-2-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231214124940.3281278-1-dimitri.ledkov@canonical.com> References: <20231214124940.3281278-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/2046440 Currently function calls within check() are sensitive to fatal errors (negative return codes) and abort execution prematurely. However, in all such cases the check() function still returns 0, and thus resulting in a successful kernel build. The only correct code paths were the ones that escpae the control flow with `return ret`. Make the check() function return `ret` status code, and make all negative return codes goto that instruction. This makes fatal errors (not warnings) from various function calls actually fail the build. E.g. if create_retpoline_sites_sections() fails to create elf section pair retpoline_sites the tool now exits with an error code. Signed-off-by: Dimitri John Ledkov Link: https://lore.kernel.org/all/20231213134303.2302285-2-dimitri.ledkov@canonical.com/ --- tools/objtool/check.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index e94756e09c..15df4afae2 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -4677,8 +4677,10 @@ int check(struct objtool_file *file) init_cfi_state(&force_undefined_cfi); force_undefined_cfi.force_undefined = true; - if (!cfi_hash_alloc(1UL << (file->elf->symbol_bits - 3))) + if (!cfi_hash_alloc(1UL << (file->elf->symbol_bits - 3))) { + ret = -1; goto out; + } cfi_hash_add(&init_cfi); cfi_hash_add(&func_cfi); @@ -4695,7 +4697,7 @@ int check(struct objtool_file *file) if (opts.retpoline) { ret = validate_retpoline(file); if (ret < 0) - return ret; + goto out; warnings += ret; } @@ -4731,7 +4733,7 @@ int check(struct objtool_file *file) */ ret = validate_unrets(file); if (ret < 0) - return ret; + goto out; warnings += ret; } @@ -4794,7 +4796,7 @@ int check(struct objtool_file *file) if (opts.prefix) { ret = add_prefix_symbols(file); if (ret < 0) - return ret; + goto out; warnings += ret; } @@ -4825,10 +4827,5 @@ int check(struct objtool_file *file) } out: - /* - * For now, don't fail the kernel build on fatal warnings. These - * errors are still fairly common due to the growing matrix of - * supported toolchains and their recent pace of change. - */ - return 0; + return ret < 0 ? ret : 0; } From patchwork Thu Dec 14 12:49:37 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 1876172 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SrXJ31f4gz23nF for ; Thu, 14 Dec 2023 23:50:10 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rDlA3-0003Mn-0s; Thu, 14 Dec 2023 12:49:55 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rDl9z-0003LP-21 for kernel-team@lists.ubuntu.com; Thu, 14 Dec 2023 12:49:51 +0000 Received: from mail-lj1-f198.google.com (mail-lj1-f198.google.com [209.85.208.198]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id B76E63F18B for ; Thu, 14 Dec 2023 12:49:50 +0000 (UTC) Received: by mail-lj1-f198.google.com with SMTP id 38308e7fff4ca-2c9ef4b6ce4so66682921fa.1 for ; Thu, 14 Dec 2023 04:49:50 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558190; x=1703162990; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Y3h2JD/5korM0cOMwmuNhwueZGO5HQVJsOZTb25enjc=; b=GiFk5/cmkz2WrXukwwxBPgjUJegzge4N6ese/bp7hFli/+xvxHMX9bOqwlUv6qJtYJ wMepkKXQY/rPEl5iMVpvQVDzn1KtVKFI/JMGtbzBLgg3z3zM4nOtVY9wota9HPijGlsn wg8VSVV6+lXovY1ErN1pPk7qcnKNwjyTiMIDFFQ2tuNa1GYFbk9wBgHkdURzAP+iFDKx KuXmtxzQvlliCiE6FcNDyEf8MSKxaPUAp0W7djPu6FlkxPcPAoCuoruY1vMncBBVY4s3 zoKtCxMHkrPlmWSmhQxLGFrQpIMEL2U1SMFrYyodWvI+Hfzn4HNYcugB/WFvWDCb52wu g2qA== X-Gm-Message-State: AOJu0YzhQsoi5RdZuMTpoj4OTMqyqmOFAbJQ3qTko7t9KXWUZGGkrAV/ fUBGmRqoa8WC2yxIfJ3JC9qx9FkEWT8AhjgIXwMROkzJSFgI004KTab8FFFp6tKqQoAUlBxuetb 7WMzVakbsyJmbRzzh6oC8ta0/r5a93iiU3i90vLiqb9xTznqpvw== X-Received: by 2002:a2e:ab09:0:b0:2cc:208b:98c5 with SMTP id ce9-20020a2eab09000000b002cc208b98c5mr5695007ljb.44.1702558189799; Thu, 14 Dec 2023 04:49:49 -0800 (PST) X-Google-Smtp-Source: AGHT+IF0WSy5YUQVFk8sSUNUEwLKvgjOJaW9eRrvftxihq2Lp8Kw3XiE2t/gaZ2qB0OH/L9N7YymqA== X-Received: by 2002:a2e:ab09:0:b0:2cc:208b:98c5 with SMTP id ce9-20020a2eab09000000b002cc208b98c5mr5694997ljb.44.1702558189435; Thu, 14 Dec 2023 04:49:49 -0800 (PST) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id j12-20020a5d452c000000b003363db0399asm4014040wra.94.2023.12.14.04.49.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:49:48 -0800 (PST) From: Dimitri John Ledkov To: kernel-team@lists.ubuntu.com Subject: [UNSTABLE][PATCH 2/5] UBUNTU: SAUCE: objtool: make objtool SLS validation fatal when building with CONFIG_SLS=y Date: Thu, 14 Dec 2023 12:49:37 +0000 Message-Id: <20231214124940.3281278-3-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231214124940.3281278-1-dimitri.ledkov@canonical.com> References: <20231214124940.3281278-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/2046440 Make objtool SLS validation fatal when building with CONFIG_SLS=y, currently it is a build.log warning only. This is a standalone patch, such that if regressions are identified (with any config or toolchain configuration) it can be reverted until relevant identified code is fixed up or otherwise ignored/silecned/marked as safe. Signed-off-by: Dimitri John Ledkov Link: https://lore.kernel.org/all/20231213134303.2302285-3-dimitri.ledkov@canonical.com/ --- tools/objtool/check.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 15df4afae2..9709f037f1 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -4500,7 +4500,9 @@ static int validate_sls(struct objtool_file *file) } } - return warnings; + /* SLS is an optional security safety feature, make it fatal + * to ensure no new code is introduced that fails SLS */ + return -warnings; } static bool ignore_noreturn_call(struct instruction *insn) From patchwork Thu Dec 14 12:49:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 1876175 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SrXJ46CSVz23nF for ; Thu, 14 Dec 2023 23:50:12 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rDlA8-0003Oz-3u; Thu, 14 Dec 2023 12:50:00 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rDl9z-0003Ln-Rh for kernel-team@lists.ubuntu.com; Thu, 14 Dec 2023 12:49:52 +0000 Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 8FDBB3F29F for ; Thu, 14 Dec 2023 12:49:51 +0000 (UTC) Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-40c28da6667so48597135e9.3 for ; Thu, 14 Dec 2023 04:49:51 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558190; x=1703162990; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=J601pioQcpX+Qn91hQ5nEh7bl54tE+v0HVuofQ4teRI=; b=HgThTgijPKmwXCxi+h0I5aaZ6OU+A1sd4ewJC702Kp3HKl4hd0r7NUg+YCQL1zM13u clbdSvblMRMcLQUrty7lBzYZTF1o8DUekP/lVr6CLFeD8Aa09gD31qW07digJSGRJfOs YcJgC2Jzt1bS1G3GDPOoLQl4TcV2e958+d9BpzBh9FRFvwhlOJROAwqIBWyILgCzwZv5 ok2EBchfsV2ub3VqKLSwfZuLQsXEdfx3X2DyEwXBofdU7b1sAYL/zgEaHTfF0rNyeO6T wzuZ5io81sUPcvYKtCCYtla/tL7TS9rE/kLchzx8xSuZvUdBcEoeJrNrfVitu46TcLLT Sf1Q== X-Gm-Message-State: AOJu0YzbmpmnrKO+4MHFrF4OSG0YNLcpl9xmSMuPnPxUAvBf9uAfHYki dKIIXw/yGExWtsYx6kYX9muQKADZrUS0bGWZfDi5HvN2ngha8GzZ4U3srACSNRE7syclc4pP6u6 rjOp29Tgc0hG/ox5Vp3lN5h10Ut/5fZMbU0GNzw3iV5VcV1qazw== X-Received: by 2002:a05:600c:4f11:b0:40b:5f03:b3f2 with SMTP id l17-20020a05600c4f1100b0040b5f03b3f2mr2281696wmq.276.1702558190467; Thu, 14 Dec 2023 04:49:50 -0800 (PST) X-Google-Smtp-Source: AGHT+IENNNRBmauVe/4okjC31io8bl1RNlIf4J5Y/qQCW5twzlcpDIfeoM7R+F1ZrIcWE9BHlUbaQA== X-Received: by 2002:a05:600c:4f11:b0:40b:5f03:b3f2 with SMTP id l17-20020a05600c4f1100b0040b5f03b3f2mr2281693wmq.276.1702558190256; Thu, 14 Dec 2023 04:49:50 -0800 (PST) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id jb4-20020a05600c54e400b0040c5cf930e6sm5830702wmb.19.2023.12.14.04.49.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:49:49 -0800 (PST) From: Dimitri John Ledkov To: kernel-team@lists.ubuntu.com Subject: [UNSTABLE][PATCH 3/5] UBUNTU: SAUCE: objtool: make objtool RETPOLINE validation fatal when building with CONFIG_RETPOLINE=y Date: Thu, 14 Dec 2023 12:49:38 +0000 Message-Id: <20231214124940.3281278-4-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231214124940.3281278-1-dimitri.ledkov@canonical.com> References: <20231214124940.3281278-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/2046440 Make objtool RETPOLINE validation fatal when building with CONFIG_RETPOLINE=y, currently it is a build.log warning only. This is a standalone patch, such that if regressions are identified (with any config or toolchain configuration) it can be reverted until relevant identified code is fixed up or otherwise ignored/silecned/marked as safe. Signed-off-by: Dimitri John Ledkov Link: https://lore.kernel.org/all/20231213134303.2302285-4-dimitri.ledkov@canonical.com/ --- tools/objtool/check.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 9709f037f1..c21258e109 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -3991,7 +3991,10 @@ static int validate_retpoline(struct objtool_file *file) warnings++; } - return warnings; + /* RETPOLINE is an optional security safety feature, make it + * fatal to ensure no new code is introduced that fails + * RETPOLINE */ + return -warnings; } static bool is_kasan_insn(struct instruction *insn) From patchwork Thu Dec 14 12:49:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 1876176 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SrXJB6M63z23nF for ; Thu, 14 Dec 2023 23:50:18 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rDlAF-0003Tx-T0; Thu, 14 Dec 2023 12:50:07 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rDlA0-0003M1-3s for kernel-team@lists.ubuntu.com; Thu, 14 Dec 2023 12:49:52 +0000 Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id CEE173F15F for ; Thu, 14 Dec 2023 12:49:51 +0000 (UTC) Received: by mail-wm1-f71.google.com with SMTP id 5b1f17b1804b1-40c28da6667so48597175e9.3 for ; Thu, 14 Dec 2023 04:49:51 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558191; x=1703162991; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OQLvfYlwDM5sVZn2SRNkuxgk1lNAZeK8xHuZJWP/NDk=; b=s50+BeLRbG7gj3fSRir8GShhbCW0pv0Tq8wPUPQpR+pUD5ZDE+P/jlADk16CHX6PL0 65No0CyOsU6iEfrZcSL7R/epD5d9EtiHJpzZ3U7Ym7qpv8Iog3+JGiLTtv7LyljDIKTY kDRYUC8HTH+5IkF9CwINf0WXAc0PsfWmx1rOgiWfHDjnKYx4noyj6MaWzwhsK9SEpId1 UwbuaNwe034AzVicdt0xw6jkxCcOeJIFwzEHpK1SfvkUaBqzD5LO2cGkQzlKPf5vgm1P y2mF88c5dRy6rLycOSn8W/7xE1zSInMPYnOMq6gE1IO6ghCjXrQu5ztGcVATjXAWL4tp 3ZiQ== X-Gm-Message-State: AOJu0YxVv1lzV0T33WXrvI8dRajjT0gWo1I4yU8xtBfiKcDKUxJ5XrCg ru/iof34RbT0HzYDunD/dTQYS/jNZkvVyqr4chhYZAQ+8a9xyjmOfSHR4fCNb4Y5oJB4fRdSbqa p6NVEyRBEC3fgWYfx5RpS2q4NhokU5397ghXYj/SKnBUyiCFsXQ== X-Received: by 2002:a05:600c:20a:b0:40b:5f03:b44c with SMTP id 10-20020a05600c020a00b0040b5f03b44cmr2237341wmi.366.1702558191208; Thu, 14 Dec 2023 04:49:51 -0800 (PST) X-Google-Smtp-Source: AGHT+IG5fJ/chxQRm5Ind6FfpLYgDUjcRQ6ZTFXHnrTSUjewN3/Ox5qgn1mptXHIpQl+JMLr+TFzYA== X-Received: by 2002:a05:600c:20a:b0:40b:5f03:b44c with SMTP id 10-20020a05600c020a00b0040b5f03b44cmr2237337wmi.366.1702558190912; Thu, 14 Dec 2023 04:49:50 -0800 (PST) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id n9-20020a05600c4f8900b0040c41846923sm18415509wmq.26.2023.12.14.04.49.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:49:50 -0800 (PST) From: Dimitri John Ledkov To: kernel-team@lists.ubuntu.com Subject: [UNSTABLE][PATCH 4/5] UBUNTU: SAUCE: scripts: remove generating .o-ur objects Date: Thu, 14 Dec 2023 12:49:39 +0000 Message-Id: <20231214124940.3281278-5-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231214124940.3281278-1-dimitri.ledkov@canonical.com> References: <20231214124940.3281278-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/2046440 Remove patch to upstream build system to generate Ubuntu retpoline data files, as used to be used for a defunct retpoline build time check. Signed-off-by: Dimitri John Ledkov --- scripts/Makefile.build | 8 -------- 1 file changed, 8 deletions(-) diff --git a/scripts/Makefile.build b/scripts/Makefile.build index 381bdc8001..9a3063735e 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -221,19 +221,12 @@ ifneq ($(findstring 1, $(KBUILD_EXTRA_WARN)),) cmd_warn_shared_object = $(if $(word 2, $(modname-multi)),$(warning $(kbuild-file): $*.o is added to multiple modules: $(modname-multi))) endif -ifdef CONFIG_RETPOLINE -cmd_ubuntu_retpoline = $(CONFIG_SHELL) $(srctree)/scripts/ubuntu-retpoline-extract-one $(@) $(<) "$(filter -m16 %code16gcc.h,$(a_flags))"; -else -cmd_ubuntu_retpoline = -endif - define rule_cc_o_c $(call cmd_and_fixdep,cc_o_c) $(call cmd,checksrc) $(call cmd,checkdoc) $(call cmd,gen_objtooldep) $(call cmd,gen_symversions_c) - $(call cmd,ubuntu-retpoline) $(call cmd,record_mcount) $(call cmd,warn_shared_object) endef @@ -242,7 +235,6 @@ define rule_as_o_S $(call cmd_and_fixdep,as_o_S) $(call cmd,gen_objtooldep) $(call cmd,gen_symversions_S) - $(call cmd,ubuntu-retpoline) $(call cmd,warn_shared_object) endef From patchwork Thu Dec 14 12:49:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dimitri John Ledkov X-Patchwork-Id: 1876177 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SrXJD1KpBz23nF for ; Thu, 14 Dec 2023 23:50:20 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1rDlAI-0003Ws-W9; Thu, 14 Dec 2023 12:50:11 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1rDlA2-0003Mm-6w for kernel-team@lists.ubuntu.com; Thu, 14 Dec 2023 12:49:54 +0000 Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id F1BF93F29F for ; Thu, 14 Dec 2023 12:49:53 +0000 (UTC) Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-40c3826d6feso37833785e9.0 for ; Thu, 14 Dec 2023 04:49:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702558193; x=1703162993; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=L+koNZZFYHGb4d2yaaxHDr5QoEqjn0tfo6bxOijiTxs=; b=EH9uxfxhxpy41VgK3DOQWVcuRqbRVc8C9zc+SNEG+zPotKYacjzz5fGs8b8LQtbpYn m5CVsY4ybXHp1z93o85eQyx8g5o9DJPgffMAocgs+Upa4vZs8yke7ctn+fr+JtfFrIDS 0Z57v8lOd/tYuu+/Umep9HiPLxUcAzWGWSNcHyGoDSXR12/RqK1UGRJRt3sNh3R7Teph OZlz0KedeQClIoOCo6zRsh5KmuNBpkUuI5O6CnH3jrhKjkte/FeBcaE758PZ0ug+CnFe hQuOHDUVYQo2zUhYkHy6npwJAPANh8AsZhb0kreM2mo//GsOBTv6/JGZaDoVDzYYRdfC rBeg== X-Gm-Message-State: AOJu0Yz9LQbjR/4JWwCbxPx8cXuLKl60rUEh9yDYXgLBMgunyCRY3tcD R1KGV98apJtIK0GJCuIDCCyCmeymH2MhmklantL71FDM69cQ4SK554vvgzYzKNqUWam0+utsiCM 2mdVWY9dZ0cP0lAAdnsuvY5NjxrkFE1CB2hoqpkKzeLiaRP1ARw== X-Received: by 2002:a05:600c:378d:b0:40c:2b29:1bbe with SMTP id o13-20020a05600c378d00b0040c2b291bbemr5695660wmr.54.1702558192650; Thu, 14 Dec 2023 04:49:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IFiFgsOvdS7Zc87ZxVpH6HREiUHbflAlY+GqL3xtYEL9cSECD5nZweT57p+FwjiX/067KRksA== X-Received: by 2002:a05:600c:378d:b0:40c:2b29:1bbe with SMTP id o13-20020a05600c378d00b0040c2b291bbemr5695649wmr.54.1702558191963; Thu, 14 Dec 2023 04:49:51 -0800 (PST) Received: from localhost ([2001:67c:1560:8007::aac:c15c]) by smtp.gmail.com with ESMTPSA id o3-20020a05600c4fc300b004042dbb8925sm26771364wmq.38.2023.12.14.04.49.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 04:49:51 -0800 (PST) From: Dimitri John Ledkov To: kernel-team@lists.ubuntu.com Subject: [UNSTABLE][PATCH 5/5] UBUNTU: [Packaging] Remove all custom retpoline-extract code Date: Thu, 14 Dec 2023 12:49:40 +0000 Message-Id: <20231214124940.3281278-6-dimitri.ledkov@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231214124940.3281278-1-dimitri.ledkov@canonical.com> References: <20231214124940.3281278-1-dimitri.ledkov@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/2046440 Now that retpoline & SLS mitigration checks are enforced during build via objtool patch, drop all custom retpoline packaging, abi files, and checks. Signed-off-by: Dimitri John Ledkov --- debian.master/abi/amd64/generic.retpoline | 1 - debian.master/abi/arm64/generic-64k.retpoline | 1 - debian.master/abi/arm64/generic.retpoline | 1 - debian.master/abi/armhf/generic.retpoline | 1 - debian.master/abi/ppc64el/generic.retpoline | 1 - debian.master/abi/riscv64/generic.retpoline | 0 debian.master/abi/riscv64/ignore.retpoline | 1 - debian.master/abi/s390x/generic.retpoline | 1 - debian/rules | 6 +- debian/rules.d/2-binary-arch.mk | 15 - debian/rules.d/4-checks.mk | 8 +- debian/scripts/checks/final-checks | 7 - debian/scripts/checks/retpoline-check | 52 ---- debian/scripts/dkms-build | 2 +- debian/scripts/dkms-build--nvidia-N | 7 +- debian/scripts/helpers/open | 3 +- debian/scripts/misc/getabis | 7 +- debian/scripts/retpoline-extract | 23 -- debian/scripts/retpoline-extract-one | 270 ------------------ snapcraft.yaml | 4 - 20 files changed, 8 insertions(+), 403 deletions(-) delete mode 100644 debian.master/abi/amd64/generic.retpoline delete mode 100644 debian.master/abi/arm64/generic-64k.retpoline delete mode 100644 debian.master/abi/arm64/generic.retpoline delete mode 100644 debian.master/abi/armhf/generic.retpoline delete mode 100644 debian.master/abi/ppc64el/generic.retpoline delete mode 100644 debian.master/abi/riscv64/generic.retpoline delete mode 100644 debian.master/abi/riscv64/ignore.retpoline delete mode 100644 debian.master/abi/s390x/generic.retpoline delete mode 100755 debian/scripts/checks/retpoline-check delete mode 100755 debian/scripts/retpoline-extract delete mode 100755 debian/scripts/retpoline-extract-one diff --git a/debian.master/abi/amd64/generic.retpoline b/debian.master/abi/amd64/generic.retpoline deleted file mode 100644 index 945dc3fef7..0000000000 --- a/debian.master/abi/amd64/generic.retpoline +++ /dev/null @@ -1 +0,0 @@ -# retpoline v1.0 diff --git a/debian.master/abi/arm64/generic-64k.retpoline b/debian.master/abi/arm64/generic-64k.retpoline deleted file mode 100644 index 7f959eb917..0000000000 --- a/debian.master/abi/arm64/generic-64k.retpoline +++ /dev/null @@ -1 +0,0 @@ -# RETPOLINE NOT ENABLED diff --git a/debian.master/abi/arm64/generic.retpoline b/debian.master/abi/arm64/generic.retpoline deleted file mode 100644 index 7f959eb917..0000000000 --- a/debian.master/abi/arm64/generic.retpoline +++ /dev/null @@ -1 +0,0 @@ -# RETPOLINE NOT ENABLED diff --git a/debian.master/abi/armhf/generic.retpoline b/debian.master/abi/armhf/generic.retpoline deleted file mode 100644 index 7f959eb917..0000000000 --- a/debian.master/abi/armhf/generic.retpoline +++ /dev/null @@ -1 +0,0 @@ -# RETPOLINE NOT ENABLED diff --git a/debian.master/abi/ppc64el/generic.retpoline b/debian.master/abi/ppc64el/generic.retpoline deleted file mode 100644 index 7f959eb917..0000000000 --- a/debian.master/abi/ppc64el/generic.retpoline +++ /dev/null @@ -1 +0,0 @@ -# RETPOLINE NOT ENABLED diff --git a/debian.master/abi/riscv64/generic.retpoline b/debian.master/abi/riscv64/generic.retpoline deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/debian.master/abi/riscv64/ignore.retpoline b/debian.master/abi/riscv64/ignore.retpoline deleted file mode 100644 index d00491fd7e..0000000000 --- a/debian.master/abi/riscv64/ignore.retpoline +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/debian.master/abi/s390x/generic.retpoline b/debian.master/abi/s390x/generic.retpoline deleted file mode 100644 index 7f959eb917..0000000000 --- a/debian.master/abi/s390x/generic.retpoline +++ /dev/null @@ -1 +0,0 @@ -# RETPOLINE NOT ENABLED diff --git a/debian/rules b/debian/rules index b4b5678af5..8b43928900 100755 --- a/debian/rules +++ b/debian/rules @@ -146,9 +146,6 @@ clean: debian/control debian/canonical-certs.pem debian/canonical-revoked-certs. # Install the copyright information. cp $(DEBIAN)/copyright debian/copyright - # Install the retpoline extractor. - cp $(DROOT)/scripts/retpoline-extract-one scripts/ubuntu-retpoline-extract-one - # If we have a reconstruct script use it. [ -f $(DEBIAN)/reconstruct ] && bash $(DEBIAN)/reconstruct || true @@ -159,8 +156,7 @@ clean: debian/control debian/canonical-certs.pem debian/canonical-revoked-certs. .PHONY: distclean distclean: clean rm -rf $(DROOT)/control debian/changelog \ - debian/control debian/control.stub debian/copyright \ - scripts/ubuntu-retpoline-extract-one + debian/control debian/control.stub debian/copyright # Builds the image, arch headers and debug packages include $(DROOT)/rules.d/2-binary-arch.mk diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk index f0478c9198..510103d1b5 100644 --- a/debian/rules.d/2-binary-arch.mk +++ b/debian/rules.d/2-binary-arch.mk @@ -281,8 +281,6 @@ endif grep '^HOSTCC .*$(gcc)$$' $(hdrdir)/Makefile grep '^CC .*$(gcc)$$' $(hdrdir)/Makefile rm -rf $(hdrdir)/include2 $(hdrdir)/source - # We do not need the retpoline information. - find $(hdrdir) -name \*.o.ur-\* -exec rm -f {} \; # Copy over the compilation version. cp "$(builddir)/build-$*/include/generated/compile.h" \ "$(hdrdir)/include/generated/compile.h" @@ -301,8 +299,6 @@ ifeq ($(build_arch),s390) endif # Copy over scripts/module.lds for building external modules cp $(builddir)/build-$*/scripts/module.lds $(hdrdir)/scripts - # Copy over the new retpoline extractor. - cp scripts/ubuntu-retpoline-extract-one $(hdrdir)/scripts # Script to symlink everything up $(SHELL) $(DROOT)/scripts/link-headers "$(hdrdir)" "$(indeppkg)" "$*" # The build symlink @@ -461,15 +457,6 @@ endif print "" \ }' | sort -u >$(abidir)/$*.compiler - # Build the final ABI retpoline information. - if grep -q CONFIG_RETPOLINE=y $(builddir)/build-$*/.config; then \ - echo "# retpoline v1.0" >$(abidir)/$*.retpoline; \ - $(SHELL) $(DROOT)/scripts/retpoline-extract $(builddir)/build-$* $(CURDIR) | \ - sort >>$(abidir)/$*.retpoline; \ - else \ - echo "# RETPOLINE NOT ENABLED" >$(abidir)/$*.retpoline; \ - fi - # Build the buildinfo package content. install -d $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$* install -m644 $(builddir)/build-$*/.config \ @@ -480,8 +467,6 @@ endif $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/modules install -m644 $(abidir)/$*.fwinfo \ $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/fwinfo - install -m644 $(abidir)/$*.retpoline \ - $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/retpoline install -m644 $(abidir)/$*.compiler \ $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/compiler if [ -f $(abidir)/$*.modules.builtin ] ; then \ diff --git a/debian/rules.d/4-checks.mk b/debian/rules.d/4-checks.mk index 34b343189d..6e2d4f8524 100644 --- a/debian/rules.d/4-checks.mk +++ b/debian/rules.d/4-checks.mk @@ -18,13 +18,7 @@ module-signature-check-%: $(stampdir)/stamp-install-% "$(DROOT)/$(mods_extra_pkg_name)-$*" \ $(do_skip_checks) -# Check the reptoline jmp/call functions against the last release. -retpoline-check-%: $(stampdir)/stamp-install-% - @echo Debug: $@ - $(DROOT)/scripts/checks/retpoline-check "$*" \ - "$(prev_abidir)" "$(abidir)" $(do_skip_checks) - -checks-%: module-check-% module-signature-check-% abi-check-% retpoline-check-% +checks-%: module-check-% module-signature-check-% abi-check-% @echo Debug: $@ # Check the config against the known options list. diff --git a/debian/scripts/checks/final-checks b/debian/scripts/checks/final-checks index 37067f90be..4602cb5c34 100755 --- a/debian/scripts/checks/final-checks +++ b/debian/scripts/checks/final-checks @@ -40,13 +40,6 @@ abi_check() then failure "$arch/$flavour ABI modules file missing" fi - - if [ ! -f "$abidir/$flavour.retpoline" ] && \ - [ ! -f "$abidir/$flavour.ignore.retpoline" ] && \ - [ ! -f "$abidir/ignore.retpoline" ] - then - failure "$arch/$flavour ABI retpoline file missing" - fi } abi_version="$debian/abi/version" diff --git a/debian/scripts/checks/retpoline-check b/debian/scripts/checks/retpoline-check deleted file mode 100755 index 5a0f870a74..0000000000 --- a/debian/scripts/checks/retpoline-check +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash - -flavour="$1" -prev_abidir="$2" -curr_abidir="$3" - -skipretpoline=${4:-} -case "${skipretpoline,,}" in - 1|true|yes) skipretpoline=true ;; - *) skipretpoline=false ;; -esac - -echo "II: Checking retpoline indirections for $flavour..."; - -if [ "$skipretpoline" = 'true' ]; then - echo "manual request ignoring retpoline delta" -fi - -if [ -f "$prev_abidir/ignore.retpoline" -o \ - -f "$prev_abidir/$flavour.ignore.retpoline" ]; then - echo "explicitly ignoring retpoline delta" - skipretpoline='true' -fi - -prev="$prev_abidir/$flavour.retpoline" -curr="$curr_abidir/$flavour.retpoline" -if [ ! -f "$prev" ]; then - echo "previous retpoline file missing!" - echo " $prev" - prev="/dev/null" -fi -if [ ! -f "$curr" ]; then - echo "current retpoline file missing!" - echo " $curr" - curr="/dev/null" -fi - -echo "II: retpoline delta in this package..." -rc=0 -diff -u "$prev" "$curr" || true -count=$( diff -u "$prev" "$curr" | grep '^+[^+]' | wc -l ) -if [ "$count" != 0 ]; then - rc=1 - echo "WW: $count new retpoline sequences detected" -fi - -echo "II: Done"; -if [ "$skipretpoline" = 'true' -a "$rc" -ne 0 ]; then - echo "II: ignoring errors" - exit 0 -fi -exit "$rc" diff --git a/debian/scripts/dkms-build b/debian/scripts/dkms-build index f85a6557a8..de97466d58 100755 --- a/debian/scripts/dkms-build +++ b/debian/scripts/dkms-build @@ -144,7 +144,7 @@ shift 2 # Copy the objects. echo "II: copying objects to '$to'" mkdir -p "$to" -(cd "$from" && find -name \*.o -o -name \*.o.ur-\* -o -name \*.mod | cpio -Lpd "$to") +(cd "$from" && find -name \*.o -o -name \*.mod | cpio -Lpd "$to") # Call the original post_install script if there is one. [ "$script" = '' ] && exit 0 diff --git a/debian/scripts/dkms-build--nvidia-N b/debian/scripts/dkms-build--nvidia-N index 383af59327..22e60cafa0 100755 --- a/debian/scripts/dkms-build--nvidia-N +++ b/debian/scripts/dkms-build--nvidia-N @@ -17,10 +17,9 @@ shift 7 build="$( dirname "$objects" )/build" -# Copy over the objects ready for reconstruction. The objects copy contains -# the *.o files and the *.o-ur* retpoline files to allow the kernel to track -# any retpoline sequences therein. For our purposes we only want the *.o -# files, elide the rest. And .mod files for ld linking in recentish kernels. +# Copy over the objects ready for reconstruction. The objects copy +# contains the *.o files. For our purposes we only want the *.o files, +# elide the rest. And .mod files for ld linking in recentish kernels. mkdir -p "$pkgdir/bits/scripts" ( gcc_variant1=$(gcc --version | head -1 | sed -e 's/^gcc/GCC:/') diff --git a/debian/scripts/helpers/open b/debian/scripts/helpers/open index 797d778d29..5902842af3 100755 --- a/debian/scripts/helpers/open +++ b/debian/scripts/helpers/open @@ -44,8 +44,7 @@ Optional arguments: -r, --reuse-abi Do not download the previous release ABI files for the new release and just rename the current ABI directory. This might cause the - build to fail if the module list or the - retpoline information has changed. + build to fail if the module list has changed. -h, --help Show this help message and exit. Environment variable: diff --git a/debian/scripts/misc/getabis b/debian/scripts/misc/getabis index 819824f616..1f2851c59f 100755 --- a/debian/scripts/misc/getabis +++ b/debian/scripts/misc/getabis @@ -126,11 +126,6 @@ getall_set() else echo " NO ABI FILE" fi - if [ -f tmp/boot/retpoline-* ]; then - mv tmp/boot/retpoline-* $abidir/$arch/$sub.retpoline - else - echo " NO RETPOLINE FILE" - fi (cd tmp; find lib/modules/$verabi-$sub/kernel -name '*.ko') | \ sed -e 's/.*\/\([^\/]*\)\.ko/\1/' | sort > \ $abidir/$arch/$sub.modules @@ -157,7 +152,7 @@ getall_set() echo " buildinfo..." base="tmp/usr/lib/linux/${verabi}-${sub}" mv "$base/abi" "$abidir/$arch/$sub" - for comp in 'modules' 'retpoline' 'compiler' + for comp in 'modules' 'compiler' do mv "$base/$comp" "$abidir/$arch/$sub.$comp" done diff --git a/debian/scripts/retpoline-extract b/debian/scripts/retpoline-extract deleted file mode 100755 index cf13a30b1c..0000000000 --- a/debian/scripts/retpoline-extract +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -cd "$1" || exit 1 - -# Find all valid retpoline information, collate the detected and -# safe information together. Join the result to find the detected -# but non-safe elements. These are our concern. -ur_detected=$(mktemp --tmpdir "retpoline-check-XXXXXX.ur-detected") -ur_safe=$(mktemp --tmpdir "retpoline-check-XXXXXX.ur-safe") - -find "." -path './drivers/firmware/efi/libstub' -prune -o \ - -path './arch/x86/boot' -prune -o \ - -path './arch/x86/purgatory' -prune -o \ - -name \*.ur-detected -print0 | xargs -0 cat | \ - sed -e "s@^$1@@" -e "s@ $2/@ @" -e "s@^/@@" | \ - sort -k 1b,1 >"$ur_detected" -find "." -name \*.ur-safe -print0 | xargs -0 cat | \ - sed -e "s@^$1@@" -e "s@^/@@" | \ - sort -k 1b,1 >"$ur_safe" - -join -v 1 -j 1 "$ur_detected" "$ur_safe" | sed -s 's/[^ ]* *//' - -rm -f "$ur_detected" "$ur_safe" diff --git a/debian/scripts/retpoline-extract-one b/debian/scripts/retpoline-extract-one deleted file mode 100755 index b203bfbf8d..0000000000 --- a/debian/scripts/retpoline-extract-one +++ /dev/null @@ -1,270 +0,0 @@ -#!/bin/bash - -exec &2 - exit 1 - fi -} - -# Form an associative lookup for the section numbers in the ELF symbol table. -# Uses 8 character 0 expanded hexadecimal key for ease of consumption. -__sectionmap_init() -{ - readelf -W --headers "$1" | \ - awk ' - { sub("\\[", ""); sub("\\]", ""); } - ($1 ~ /^[0-9][0-9]*/) { printf("%08x %s %s %s\n", int($1), $2, $3, $4); } - ' | \ - { - while read section_num section_name section_type section_vma - do - echo "sectionmap_$section_num='$section_name'" - echo "sectionvma_$section_num='$section_vma'" - case "$section_type" in - REL|RELA) section_relocation="$section_type" ;; - esac - done - echo "section_relocation='$section_relocation'" - } -} -sectionmap_init() -{ - eval $(__sectionmap_init "$1") -} -sectionmap() -{ - eval RET="\$sectionmap_$1" - if [ "$RET" = '' ]; then - echo "sectionmap: $1: invalid section" 1>&2 - exit 1 - fi -} -sectionvma() -{ - eval RET="\$sectionvma_$1" - if [ "$RET" = '' ]; then - echo "sectionvma: $1: invalid section" 1>&2 - exit 1 - fi -} - -# Read and parse the hex-dump output. -hex="[0-9a-f]" -hex_8="$hex$hex$hex$hex$hex$hex$hex$hex" -hexspc="[0-9a-f ]" -hexspc_8="$hexspc$hexspc$hexspc$hexspc$hexspc$hexspc$hexspc$hexspc" - -raw32() -{ - readelf --hex-dump "$2" "$1" 2>/dev/null | - sed \ - -e '/^Hex/d' -e '/^$/d' -e '/^ *NOTE/d' \ - -e 's/ *[^ ][^ ]* *\('"$hex_8"'\) \('"$hexspc_8"'\) \('"$hexspc_8"'\) \('"$hexspc_8"'\) .*/\1 \2 \3 \4 /' \ - -e 's/\('"$hex$hex"'\)\('"$hex$hex"'\)\('"$hex$hex"'\)\('"$hex$hex"'\) /\4\3\2\1 /g' \ - -e 's/ $//g' -e 's/ /\n/g' -} -#-e 's/\([^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\) \([^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\) /\2\1 /g' \ - -rela() -{ - #file="$(basename "$1")" - file="$1" - - # Read relocation information for a 64bit binary. Each relocation entry - # is 3 long longs so we collect 6 quads here. Note that the dump is in - # listed in increasing byte order not withstanding the quad split. - # - # The record says to take the value of add and - # shove that into in the segment of the . - # - # Format: - # 64 bits - # 32 bits - # 32 bits - # 64 bits - raw32 "$1" ".rela$SECTION" | \ - { - a1=''; a2=''; a3=''; a4=''; a5='' - while read a6 - do - [ "$a1" = '' ] && { a1="$a6"; continue; } - [ "$a2" = '' ] && { a2="$a6"; continue; } - [ "$a3" = '' ] && { a3="$a6"; continue; } - [ "$a4" = '' ] && { a4="$a6"; continue; } - [ "$a5" = '' ] && { a5="$a6"; continue; } - - #echo ">$a1< >$a2< >$a3< >$a4< >$a5< >$a6<" 1>&2 - #echo "type<$a3> symbol<$a4> offset<$a2$a1> addr<$a6a5>" 1>&2 - - symbolmap "$a4"; section_num="$RET" - #echo "section_num<$section_num>" 1>&2 - - sectionmap "$section_num"; section="$RET" - sectionvma "$section_num"; vma="$RET" - #echo "section<$section> vma<$vma>" 1>&2 - - # Adjust the segment addressing by the segment offset. - printf -v addr "%u" "0x$a6$a5" - printf -v vma "%u" "0x$vma" - let offset="$addr + $vma" - printf -v offset "%x" "$offset" - - echo "$file-$section-$offset" - - a1=''; a2=''; a3=''; a4=''; a5='' - done - } | sed -e 's/-00*\([0-9a-f]\)/-\1/' -} - -# Form an associative lookup for the raw contents for an ELF section. -# Uses 8 character 0 expanded hexadecimal key for ease of consumption. -contentmap_init() -{ - raw32 "$1" "$2" >"$tmp" - let offset=0 - while read value - do - printf -v offset_hex "%08x" $offset - eval contentmap_$offset_hex=\'$value\' - - let offset="$offset + 4" - done <"$tmp" - rm -f "$tmp" -} -contentmap() -{ - eval RET="\$contentmap_$1" - if [ "$RET" = '' ]; then - echo "contentmap: $1: invalid offset" 1>&2 - exit 1 - fi -} - -rel() -{ - # Load up the current contents of the $SECTION segment - # as the offsets (see below) are recorded there and we will need - # those to calculate the actuall address. - contentmap_init "$1" "$SECTION" - - #file="$(basename "$1")" - file="$1" - - # Read relocation information for a 32bit binary. Each relocation entry - # is 3 longs so we collect 3 quads here. Note that the dump is in - # listed in increasing byte order not withstanding the quad split. - # - # The record says to take the value of and add that to the - # existing contents of in the segment of the . - # - # Format: - # 32 bits - # 24 bits - # 8 bits - raw32 "$1" ".rel$SECTION" | \ - { - a1='' - while read a2 - do - [ "$a1" = '' ] && { a1="$a2"; continue; } - - #echo ">$a1< >$a2<" - contentmap "$a1"; offset="$RET" - symbolmap "00${a2%??}"; section_num="$RET" - - sectionmap "$section_num"; section="$RET" - sectionvma "$section_num"; vma="$RET" - #echo ">$a1< >$a2< >$offset< >$section<" - - echo "$file-$section-$offset" - - a1='' - done - } | sed -e 's/-00*\([0-9a-f]\)/-\1/' -} - -tmp=$(mktemp --tmpdir "retpoline-extract-XXXXXX") - -disassemble() -{ - local object="$1" - local src="$2" - local options="$3" - local selector="$4" - - objdump $options --disassemble --no-show-raw-insn "$object" | \ - awk -F' ' ' - BEGIN { file="'"$object"'"; src="'"$src"'"; } - /Disassembly of section/ { segment=$4; sub(":", "", segment); } - /^[0-9a-f][0-9a-f]* <.*>:/ { tag=$0; sub(".*<", "", tag); sub(">.*", "", tag); } - $0 ~ /(call|jmp)q? *\*0x[0-9a-f]*\(%rip\)/ { - next - } - $0 ~ /(call|jmp)q? *\*.*%/ { - sub(":", "", $1); - if ('"$selector"') { - offset=$1 - $1=tag - print(file "-" segment "-" offset " " src " " segment " " $0); - } - } - ' -} - -# Accumulate potentially vunerable indirect call/jmp sequences. We do this -# by examining the raw disassembly for affected forms, recording the location -# of each. -case "$bit16" in -'') disassemble "$object" "$src" '' 'segment != ".init.text"' ;; -*) disassemble "$object" "$src" '--disassembler-options=i8086' 'segment != ".init.text" && segment != ".text32" && segment != ".text64"' - disassemble "$object" "$src" '--disassembler-options=i386' 'segment == ".text32"' - disassemble "$object" "$src" '--disassembler-options=x86-64' 'segment == ".text64"' - ;; -esac | sort -k 1b,1 >"$object.ur-detected" -[ ! -s "$object.ur-detected" ] && rm -f "$object.ur-detected" - -# Load up the symbol table and section mappings. -symbolmap_init "$object" -sectionmap_init "$object" - -# Accumulate annotated safe indirect call/jmp sequences. We do this by examining -# the $SECTION sections (and their associated relocation information), -# each entry represents the address of an instruction which has been marked -# as ok. -case "$section_relocation" in -REL) rel "$object" ;; -RELA) rela "$object" ;; -esac | sort -k 1b,1 >"$object.ur-safe" -[ ! -s "$object.ur-safe" ] && rm -f "$object.ur-safe" - -# We will perform the below join on the summarised and sorted fragments -# formed above. This is performed in retpoline-check. -#join -v 1 -j 1 "$tmp.extracted" "$tmp.safe" | sed -s 's/[^ ]* *//' - -rm -f "$tmp" diff --git a/snapcraft.yaml b/snapcraft.yaml index 2452c40310..2530be0a9d 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -17,10 +17,6 @@ parts: kconfigflavour: generic kconfigs: - CONFIG_DEBUG_INFO=n - override-build: | - cp debian/scripts/retpoline-extract-one \ - $SNAPCRAFT_PART_BUILD/scripts/ubuntu-retpoline-extract-one - snapcraftctl build kernel-with-firmware: false firmware: plugin: nil