mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-01 10:42:11 +00:00
32e8eaf263
Using clone will not undo features that have been enabled by libc. An example of this already happening is rseq, which could cause the kernel to read/write memory of the userspace process. In the future the standard library might also use mseal by default to protect itself, which would also thwart our attempts at unmapping everything. Solve all this by taking a step back and doing an execve into a tiny static binary that sets up the minimal environment required for the stub without using any standard library. That way we have a clean execution environment that is fully under the control of UML. Note that this changes things a bit as the FDs are not anymore shared with the kernel. Instead, we explicitly share the FDs for the physical memory and all existing iomem regions. Doing this is fine, as iomem regions cannot be added at runtime. Signed-off-by: Benjamin Berg <benjamin.berg@intel.com> Link: https://patch.msgid.link/20240919124511.282088-3-benjamin@sipsolutions.net [use pipe() instead of pipe2(), remove unneeded close() calls] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
157 lines
5.0 KiB
Makefile
157 lines
5.0 KiB
Makefile
#
|
|
# This file is included by the global makefile so that you can add your own
|
|
# architecture-specific flags and dependencies.
|
|
#
|
|
# Copyright (C) 2002 - 2007 Jeff Dike (jdike@{addtoit,linux.intel}.com)
|
|
# Licensed under the GPL
|
|
#
|
|
|
|
# select defconfig based on actual architecture
|
|
ifeq ($(SUBARCH),x86)
|
|
ifeq ($(shell uname -m),x86_64)
|
|
KBUILD_DEFCONFIG := x86_64_defconfig
|
|
else
|
|
KBUILD_DEFCONFIG := i386_defconfig
|
|
endif
|
|
else
|
|
KBUILD_DEFCONFIG := $(SUBARCH)_defconfig
|
|
endif
|
|
|
|
ARCH_DIR := arch/um
|
|
# We require bash because the vmlinux link and loader script cpp use bash
|
|
# features.
|
|
SHELL := bash
|
|
|
|
MODE_INCLUDE += -I$(srctree)/$(ARCH_DIR)/include/shared/skas
|
|
|
|
HEADER_ARCH := $(SUBARCH)
|
|
|
|
ifneq ($(filter $(SUBARCH),x86 x86_64 i386),)
|
|
HEADER_ARCH := x86
|
|
endif
|
|
|
|
ifdef CONFIG_64BIT
|
|
KBUILD_CFLAGS += -mcmodel=large
|
|
endif
|
|
|
|
HOST_DIR := arch/$(HEADER_ARCH)
|
|
|
|
include $(srctree)/$(ARCH_DIR)/Makefile-skas
|
|
include $(srctree)/$(HOST_DIR)/Makefile.um
|
|
|
|
core-y += $(HOST_DIR)/um/
|
|
|
|
SHARED_HEADERS := $(ARCH_DIR)/include/shared
|
|
ARCH_INCLUDE := -I$(srctree)/$(SHARED_HEADERS)
|
|
ARCH_INCLUDE += -I$(srctree)/$(HOST_DIR)/um/shared
|
|
KBUILD_CPPFLAGS += -I$(srctree)/$(HOST_DIR)/um
|
|
|
|
# -Dvmap=kernel_vmap prevents anything from referencing the libpcap.o symbol so
|
|
# named - it's a common symbol in libpcap, so we get a binary which crashes.
|
|
#
|
|
# Same things for in6addr_loopback and mktime - found in libc. For these two we
|
|
# only get link-time error, luckily.
|
|
#
|
|
# -Dlongjmp=kernel_longjmp prevents anything from referencing the libpthread.a
|
|
# embedded copy of longjmp, same thing for setjmp.
|
|
#
|
|
# These apply to USER_CFLAGS to.
|
|
|
|
KBUILD_CFLAGS += $(CFLAGS) $(CFLAGS-y) -D__arch_um__ \
|
|
$(ARCH_INCLUDE) $(MODE_INCLUDE) -Dvmap=kernel_vmap \
|
|
-Dlongjmp=kernel_longjmp -Dsetjmp=kernel_setjmp \
|
|
-Din6addr_loopback=kernel_in6addr_loopback \
|
|
-Din6addr_any=kernel_in6addr_any -Dstrrchr=kernel_strrchr \
|
|
-D__close_range=kernel__close_range
|
|
|
|
KBUILD_RUSTFLAGS += -Crelocation-model=pie
|
|
|
|
KBUILD_AFLAGS += $(ARCH_INCLUDE)
|
|
|
|
USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -I%,,$(KBUILD_CFLAGS))) \
|
|
$(ARCH_INCLUDE) $(MODE_INCLUDE) $(filter -I%,$(CFLAGS)) \
|
|
-D_FILE_OFFSET_BITS=64 -idirafter $(srctree)/include \
|
|
-idirafter $(objtree)/include -D__KERNEL__ -D__UM_HOST__
|
|
|
|
#This will adjust *FLAGS accordingly to the platform.
|
|
include $(srctree)/$(ARCH_DIR)/Makefile-os-Linux
|
|
|
|
KBUILD_CPPFLAGS += -I$(srctree)/$(HOST_DIR)/include \
|
|
-I$(srctree)/$(HOST_DIR)/include/uapi \
|
|
-I$(objtree)/$(HOST_DIR)/include/generated \
|
|
-I$(objtree)/$(HOST_DIR)/include/generated/uapi
|
|
|
|
# -Derrno=kernel_errno - This turns all kernel references to errno into
|
|
# kernel_errno to separate them from the libc errno. This allows -fno-common
|
|
# in KBUILD_CFLAGS. Otherwise, it would cause ld to complain about the two different
|
|
# errnos.
|
|
# These apply to kernelspace only.
|
|
#
|
|
# strip leading and trailing whitespace to make the USER_CFLAGS removal of these
|
|
# defines more robust
|
|
|
|
KERNEL_DEFINES = $(strip -Derrno=kernel_errno -Dsigprocmask=kernel_sigprocmask \
|
|
-Dmktime=kernel_mktime $(ARCH_KERNEL_DEFINES))
|
|
KBUILD_CFLAGS += $(KERNEL_DEFINES)
|
|
|
|
PHONY += linux
|
|
|
|
all: linux
|
|
|
|
linux: vmlinux
|
|
@echo ' LINK $@'
|
|
$(Q)ln -f $< $@
|
|
|
|
define archhelp
|
|
echo '* linux - Binary kernel image (./linux) - for backward'
|
|
echo ' compatibility only, this creates a hard link to the'
|
|
echo ' real kernel binary, the "vmlinux" binary you'
|
|
echo ' find in the kernel root.'
|
|
endef
|
|
|
|
archheaders:
|
|
$(Q)$(MAKE) -f $(srctree)/Makefile ARCH=$(HEADER_ARCH) asm-generic archheaders
|
|
|
|
archprepare:
|
|
$(Q)$(MAKE) $(build)=$(HOST_DIR)/um include/generated/user_constants.h
|
|
|
|
LINK-$(CONFIG_LD_SCRIPT_STATIC) += -static
|
|
ifdef CONFIG_LD_SCRIPT_DYN
|
|
LINK-$(call gcc-min-version, 60100)$(CONFIG_CC_IS_CLANG) += -no-pie
|
|
endif
|
|
LINK-$(CONFIG_LD_SCRIPT_DYN_RPATH) += -Wl,-rpath,/lib
|
|
|
|
CFLAGS_NO_HARDENING := $(call cc-option, -fno-PIC,) $(call cc-option, -fno-pic,) \
|
|
-fno-stack-protector $(call cc-option, -fno-stack-protector-all)
|
|
|
|
# Options used by linker script
|
|
export LDS_START := $(START)
|
|
export LDS_ELF_ARCH := $(ELF_ARCH)
|
|
export LDS_ELF_FORMAT := $(ELF_FORMAT)
|
|
|
|
# The wrappers will select whether using "malloc" or the kernel allocator.
|
|
LINK_WRAPS = -Wl,--wrap,malloc -Wl,--wrap,free -Wl,--wrap,calloc
|
|
|
|
# Avoid binutils 2.39+ warnings by marking the stack non-executable and
|
|
# ignorning warnings for the kallsyms sections.
|
|
LDFLAGS_EXECSTACK = -z noexecstack
|
|
ifeq ($(CONFIG_LD_IS_BFD),y)
|
|
LDFLAGS_EXECSTACK += $(call ld-option,--no-warn-rwx-segments)
|
|
endif
|
|
|
|
LD_FLAGS_CMDLINE = $(foreach opt,$(KBUILD_LDFLAGS) $(LDFLAGS_EXECSTACK),-Wl,$(opt))
|
|
|
|
# Used by link-vmlinux.sh which has special support for um link
|
|
export CFLAGS_vmlinux := $(LINK-y) $(LINK_WRAPS) $(LD_FLAGS_CMDLINE) $(CC_FLAGS_LTO)
|
|
|
|
# When cleaning we don't include .config, so we don't include
|
|
# TT or skas makefiles and don't clean skas_ptregs.h.
|
|
CLEAN_FILES += linux x.i gmon.out
|
|
MRPROPER_FILES += $(HOST_DIR)/include/generated
|
|
|
|
archclean:
|
|
@find . \( -name '*.bb' -o -name '*.bbg' -o -name '*.da' \
|
|
-o -name '*.gcov' \) -type f -print | xargs rm -f
|
|
|
|
export HEADER_ARCH SUBARCH USER_CFLAGS CFLAGS_NO_HARDENING DEV_NULL_PATH
|