mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-16 13:34:30 +00:00
a09a6e2399
Since entry asm is tricky, add a validation pass that ensures the retbleed mitigation has been done before the first actual RET instruction. Entry points are those that either have UNWIND_HINT_ENTRY, which acts as UNWIND_HINT_EMPTY but marks the instruction as an entry point, or those that have UWIND_HINT_IRET_REGS at +0. This is basically a variant of validate_branch() that is intra-function and it will simply follow all branches from marked entry points and ensures that all paths lead to ANNOTATE_UNRET_END. If a path hits RET or an indirection the path is a fail and will be reported. There are 3 ANNOTATE_UNRET_END instances: - UNTRAIN_RET itself - exception from-kernel; this path doesn't need UNTRAIN_RET - all early exceptions; these also don't need UNTRAIN_RET Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Borislav Petkov <bp@suse.de>
88 lines
2.7 KiB
Makefile
88 lines
2.7 KiB
Makefile
# SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
PHONY := __default
|
|
__default: vmlinux.o
|
|
|
|
include include/config/auto.conf
|
|
include $(srctree)/scripts/Kbuild.include
|
|
|
|
# for objtool
|
|
include $(srctree)/scripts/Makefile.lib
|
|
|
|
# Generate a linker script to ensure correct ordering of initcalls for Clang LTO
|
|
# ---------------------------------------------------------------------------
|
|
|
|
quiet_cmd_gen_initcalls_lds = GEN $@
|
|
cmd_gen_initcalls_lds = \
|
|
$(PYTHON3) $(srctree)/scripts/jobserver-exec \
|
|
$(PERL) $(real-prereqs) > $@
|
|
|
|
.tmp_initcalls.lds: $(srctree)/scripts/generate_initcall_order.pl \
|
|
$(KBUILD_VMLINUX_OBJS) $(KBUILD_VMLINUX_LIBS) FORCE
|
|
$(call if_changed,gen_initcalls_lds)
|
|
|
|
targets := .tmp_initcalls.lds
|
|
|
|
ifdef CONFIG_LTO_CLANG
|
|
initcalls-lds := .tmp_initcalls.lds
|
|
endif
|
|
|
|
# objtool for vmlinux.o
|
|
# ---------------------------------------------------------------------------
|
|
#
|
|
# For LTO and IBT, objtool doesn't run on individual translation units.
|
|
# Run everything on vmlinux instead.
|
|
|
|
objtool-enabled := $(or $(delay-objtool),$(CONFIG_NOINSTR_VALIDATION))
|
|
|
|
# Reuse objtool_args defined in scripts/Makefile.lib if LTO or IBT is enabled.
|
|
#
|
|
# Add some more flags as needed.
|
|
# --no-unreachable and --link might be added twice, but it is fine.
|
|
#
|
|
# Expand objtool_args to a simple variable to avoid circular reference.
|
|
|
|
objtool_args := \
|
|
$(if $(delay-objtool),$(objtool_args)) \
|
|
$(if $(CONFIG_NOINSTR_VALIDATION), --noinstr $(if $(CONFIG_RETPOLINE), --unret)) \
|
|
$(if $(CONFIG_GCOV_KERNEL), --no-unreachable) \
|
|
--link
|
|
|
|
# Link of vmlinux.o used for section mismatch analysis
|
|
# ---------------------------------------------------------------------------
|
|
|
|
quiet_cmd_ld_vmlinux.o = LD $@
|
|
cmd_ld_vmlinux.o = \
|
|
$(LD) ${KBUILD_LDFLAGS} -r -o $@ \
|
|
$(addprefix -T , $(initcalls-lds)) \
|
|
--whole-archive $(KBUILD_VMLINUX_OBJS) --no-whole-archive \
|
|
--start-group $(KBUILD_VMLINUX_LIBS) --end-group \
|
|
$(cmd_objtool)
|
|
|
|
define rule_ld_vmlinux.o
|
|
$(call cmd_and_savecmd,ld_vmlinux.o)
|
|
$(call cmd,gen_objtooldep)
|
|
endef
|
|
|
|
vmlinux.o: $(initcalls-lds) $(KBUILD_VMLINUX_OBJS) $(KBUILD_VMLINUX_LIBS) FORCE
|
|
$(call if_changed_rule,ld_vmlinux.o)
|
|
|
|
targets += vmlinux.o
|
|
|
|
# Add FORCE to the prequisites of a target to force it to be always rebuilt.
|
|
# ---------------------------------------------------------------------------
|
|
|
|
PHONY += FORCE
|
|
FORCE:
|
|
|
|
# Read all saved command lines and dependencies for the $(targets) we
|
|
# may be building above, using $(if_changed{,_dep}). As an
|
|
# optimization, we don't need to read them if the target does not
|
|
# exist, we will rebuild anyway in that case.
|
|
|
|
existing-targets := $(wildcard $(sort $(targets)))
|
|
|
|
-include $(foreach f,$(existing-targets),$(dir $(f)).$(notdir $(f)).cmd)
|
|
|
|
.PHONY: $(PHONY)
|