Commit 693c819f authored by H. Peter Anvin's avatar H. Peter Anvin Committed by Dave Hansen
Browse files

x86/entry/vdso: Refactor the vdso build 



- Separate out the vdso sources into common, vdso32, and vdso64
  directories.
- Build the 32- and 64-bit vdsos in their respective subdirectories;
  this greatly simplifies the build flags handling.
- Unify the mangling of Makefile flags between the 32- and 64-bit
  vdso code as much as possible; all common rules are put in
  arch/x86/entry/vdso/common/Makefile.include. The remaining
  is very simple for 32 bits; the 64-bit one is only slightly more
  complicated because it contains the x32 generation rule.
- Define __DISABLE_EXPORTS when building the vdso. This need seems to
  have been masked by different ordering compile flags before.
- Change CONFIG_X86_64 to BUILD_VDSO32_64 in vdso32/system_call.S,
  to make it compatible with including fake_32bit_build.h.
- The -fcf-protection= option was "leaking" from the kernel build,
  for reasons that was not clear to me. Furthermore, several
  distributions ship with it set to a default value other than
  "-fcf-protection=none". Make it match the configuration options
  for *user space*.

Note that this patch may seem large, but the vast majority of it is
simply code movement.

Signed-off-by: default avatarH. Peter Anvin (Intel) <hpa@zytor.com>
Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Link: https://patch.msgid.link/20251216212606.1325678-4-hpa@zytor.com
parent a76108d0

arch/x86/entry/vdso/Makefile

+6 −155
Original line number Diff line number Diff line
@@ -3,159 +3,10 @@ 
# Building vDSO images for x86.

#



# Include the generic Makefile to check the built vDSO:

include $(srctree)/lib/vdso/Makefile.include

# Regular kernel objects

obj-y				:= vma.o extable.o

obj-$(CONFIG_COMPAT_32)		+= vdso32-setup.o



# Files to link into the vDSO:

vobjs-y := vdso-note.o vclock_gettime.o vgetcpu.o vgetrandom.o vgetrandom-chacha.o

vobjs32-y := vdso32/note.o vdso32/system_call.o vdso32/sigreturn.o

vobjs32-y += vdso32/vclock_gettime.o vdso32/vgetcpu.o

vobjs-$(CONFIG_X86_SGX)	+= vsgx.o



# Files to link into the kernel:

obj-y						+= vma.o extable.o



# vDSO images to build:

obj-$(CONFIG_X86_64)				+= vdso64-image.o

obj-$(CONFIG_X86_X32_ABI)			+= vdsox32-image.o

obj-$(CONFIG_COMPAT_32)				+= vdso32-image.o vdso32-setup.o



vobjs := $(addprefix $(obj)/, $(vobjs-y))

vobjs32 := $(addprefix $(obj)/, $(vobjs32-y))



$(obj)/vdso.o: $(obj)/vdso.so



targets += vdso.lds $(vobjs-y)

targets += vdso32/vdso32.lds $(vobjs32-y)



targets += $(foreach x, 64 x32 32, vdso-image-$(x).c vdso$(x).so vdso$(x).so.dbg)



CPPFLAGS_vdso.lds += -P -C



VDSO_LDFLAGS_vdso.lds = -m elf_x86_64 -soname linux-vdso.so.1 \

			-z max-page-size=4096



$(obj)/vdso64.so.dbg: $(obj)/vdso.lds $(vobjs) FORCE

	$(call if_changed,vdso_and_check)



VDSO2C = $(objtree)/arch/x86/tools/vdso2c



quiet_cmd_vdso2c = VDSO2C  $@

      cmd_vdso2c = $(VDSO2C) $< $(<:%.dbg=%) $@



$(obj)/vdso%-image.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(VDSO2C) FORCE

	$(call if_changed,vdso2c)



#

# Don't omit frame pointers for ease of userspace debugging, but do

# optimize sibling calls.

#

CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \

       $(filter -g%,$(KBUILD_CFLAGS)) -fno-stack-protector \

       -fno-omit-frame-pointer -foptimize-sibling-calls \

       -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO



ifdef CONFIG_MITIGATION_RETPOLINE

ifneq ($(RETPOLINE_VDSO_CFLAGS),)

  CFL += $(RETPOLINE_VDSO_CFLAGS)

endif

endif



$(vobjs): KBUILD_CFLAGS := $(filter-out $(PADDING_CFLAGS) $(CC_FLAGS_LTO) $(CC_FLAGS_CFI) $(RANDSTRUCT_CFLAGS) $(KSTACK_ERASE_CFLAGS) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL)

$(vobjs): KBUILD_AFLAGS += -DBUILD_VDSO



#

# vDSO code runs in userspace and -pg doesn't help with profiling anyway.

#

CFLAGS_REMOVE_vclock_gettime.o = -pg

CFLAGS_REMOVE_vdso32/vclock_gettime.o = -pg

CFLAGS_REMOVE_vgetcpu.o = -pg

CFLAGS_REMOVE_vdso32/vgetcpu.o = -pg

CFLAGS_REMOVE_vsgx.o = -pg

CFLAGS_REMOVE_vgetrandom.o = -pg



#

# X32 processes use x32 vDSO to access 64bit kernel data.

#

# Build x32 vDSO image:

# 1. Compile x32 vDSO as 64bit.

# 2. Convert object files to x32.

# 3. Build x32 VDSO image with x32 objects, which contains 64bit codes

# so that it can reach 64bit address space with 64bit pointers.

#



CPPFLAGS_vdsox32.lds = $(CPPFLAGS_vdso.lds)

VDSO_LDFLAGS_vdsox32.lds = -m elf32_x86_64 -soname linux-vdso.so.1 \

			   -z max-page-size=4096



# x32-rebranded versions

vobjx32s-y := $(vobjs-y:.o=-x32.o)



# same thing, but in the output directory

vobjx32s := $(addprefix $(obj)/, $(vobjx32s-y))



# Convert 64bit object file to x32 for x32 vDSO.

quiet_cmd_x32 = X32     $@

      cmd_x32 = $(OBJCOPY) -O elf32-x86-64 $< $@



$(obj)/%-x32.o: $(obj)/%.o FORCE

	$(call if_changed,x32)



targets += vdsox32.lds $(vobjx32s-y)



$(obj)/%.so: OBJCOPYFLAGS := -S --remove-section __ex_table

$(obj)/%.so: $(obj)/%.so.dbg FORCE

	$(call if_changed,objcopy)



$(obj)/vdsox32.so.dbg: $(obj)/vdsox32.lds $(vobjx32s) FORCE

	$(call if_changed,vdso_and_check)



CPPFLAGS_vdso32/vdso32.lds = $(CPPFLAGS_vdso.lds)

VDSO_LDFLAGS_vdso32.lds = -m elf_i386 -soname linux-gate.so.1



KBUILD_AFLAGS_32 := $(filter-out -m64,$(KBUILD_AFLAGS)) -DBUILD_VDSO

$(obj)/vdso32.so.dbg: KBUILD_AFLAGS = $(KBUILD_AFLAGS_32)

$(obj)/vdso32.so.dbg: asflags-$(CONFIG_X86_64) += -m32



KBUILD_CFLAGS_32 := $(filter-out -m64,$(KBUILD_CFLAGS))

KBUILD_CFLAGS_32 := $(filter-out -mcmodel=kernel,$(KBUILD_CFLAGS_32))

KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32))

KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32))

KBUILD_CFLAGS_32 := $(filter-out $(RANDSTRUCT_CFLAGS),$(KBUILD_CFLAGS_32))

KBUILD_CFLAGS_32 := $(filter-out $(KSTACK_ERASE_CFLAGS),$(KBUILD_CFLAGS_32))

KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32))

KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32))

KBUILD_CFLAGS_32 := $(filter-out $(CC_FLAGS_LTO),$(KBUILD_CFLAGS_32))

KBUILD_CFLAGS_32 := $(filter-out $(CC_FLAGS_CFI),$(KBUILD_CFLAGS_32))

KBUILD_CFLAGS_32 := $(filter-out $(PADDING_CFLAGS),$(KBUILD_CFLAGS_32))

KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic

KBUILD_CFLAGS_32 += -fno-stack-protector

KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls)

KBUILD_CFLAGS_32 += -fno-omit-frame-pointer

KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING

KBUILD_CFLAGS_32 += -DBUILD_VDSO



ifdef CONFIG_MITIGATION_RETPOLINE

ifneq ($(RETPOLINE_VDSO_CFLAGS),)

  KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS)

endif

endif



$(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32)



$(obj)/vdso32.so.dbg: $(obj)/vdso32/vdso32.lds $(vobjs32) FORCE

	$(call if_changed,vdso_and_check)



#

# The DSO images are built using a special linker script.

#

quiet_cmd_vdso = VDSO    $@

      cmd_vdso = $(LD) -o $@ \

		       $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \

		       -T $(filter %.lds,$^) $(filter %.o,$^)



VDSO_LDFLAGS = -shared --hash-style=both --build-id=sha1 --no-undefined \

	$(call ld-option, --eh-frame-hdr) -Bsymbolic -z noexecstack



quiet_cmd_vdso_and_check = VDSO    $@

      cmd_vdso_and_check = $(cmd_vdso); $(cmd_vdso_check)
 
# vDSO directories

obj-$(CONFIG_X86_64)		+= vdso64/

obj-$(CONFIG_COMPAT_32)		+= vdso32/

arch/x86/entry/vdso/common/Makefile.include

0 → 100644
+89 −0
Original line number Diff line number Diff line 
# SPDX-License-Identifier: GPL-2.0

#

# Building vDSO images for x86.

#



# Include the generic Makefile to check the built vDSO:

include $(srctree)/lib/vdso/Makefile.include



obj-y    += $(foreach x,$(vdsos-y),vdso$(x)-image.o)



targets  += $(foreach x,$(vdsos-y),vdso$(x)-image.c vdso$(x).so vdso$(x).so.dbg vdso$(x).lds)

targets  += $(vobjs-y)



# vobjs-y with $(obj)/ prepended

vobjs := $(addprefix $(obj)/,$(vobjs-y))



# Options for vdso*.lds

CPPFLAGS_VDSO_LDS := -P -C -I$(src)/..

$(obj)/%.lds : KBUILD_CPPFLAGS += $(CPPFLAGS_VDSO_LDS)



#

# Options from KBUILD_[AC]FLAGS that should *NOT* be kept

#

flags-remove-y += \

	-D__KERNEL__ -mcmodel=kernel -mregparm=3 \

	-fno-pic -fno-PIC -fno-pie fno-PIE \

	-mfentry -pg \

	$(RANDSTRUCT_CFLAGS) $(GCC_PLUGIN_CFLAGS) $(KSTACK_ERASE_CFLAGS) \

	$(RETPOLINE_CFLAGS) $(CC_FLAGS_LTO) $(CC_FLAGS_CFI) \

	$(PADDING_CFLAGS)



#

# Don't omit frame pointers for ease of userspace debugging, but do

# optimize sibling calls.

#

flags-y += -D__DISABLE_EXPORTS

flags-y += -DDISABLE_BRANCH_PROFILING

flags-y += -DBUILD_VDSO

flags-y += -I$(src)/.. -I$(srctree)

flags-y += -O2 -fpic

flags-y += -fno-stack-protector

flags-y += -fno-omit-frame-pointer

flags-y += -foptimize-sibling-calls

flags-y += -fasynchronous-unwind-tables



# Reset cf protections enabled by compiler default

flags-y += $(call cc-option, -fcf-protection=none)

flags-$(X86_USER_SHADOW_STACK) += $(call cc-option, -fcf-protection=return)

# When user space IBT is supported, enable this.

# flags-$(CONFIG_USER_IBT) += $(call cc-option, -fcf-protection=branch)



flags-$(CONFIG_MITIGATION_RETPOLINE) += $(RETPOLINE_VDSO_CFLAGS)



# These need to be conditional on $(vobjs) as they do not apply to

# the output vdso*-image.o files which are standard kernel objects.

$(vobjs) : KBUILD_AFLAGS := \

	$(filter-out $(flags-remove-y),$(KBUILD_AFLAGS)) $(flags-y)

$(vobjs) : KBUILD_CFLAGS := \

	$(filter-out $(flags-remove-y),$(KBUILD_CFLAGS)) $(flags-y)



#

# The VDSO images are built using a special linker script.

#

VDSO_LDFLAGS := -shared --hash-style=both --build-id=sha1 --no-undefined \

	$(call ld-option, --eh-frame-hdr) -Bsymbolic -z noexecstack



quiet_cmd_vdso = VDSO    $@

      cmd_vdso = $(LD) -o $@ \

		       $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$*) \

		       -T $(filter %.lds,$^) $(filter %.o,$^)

quiet_cmd_vdso_and_check = VDSO    $@

      cmd_vdso_and_check = $(cmd_vdso); $(cmd_vdso_check)



$(obj)/vdso%.so.dbg: $(obj)/vdso%.lds FORCE

	$(call if_changed,vdso_and_check)



$(obj)/%.so: OBJCOPYFLAGS := -S --remove-section __ex_table

$(obj)/%.so: $(obj)/%.so.dbg FORCE

	$(call if_changed,objcopy)



VDSO2C = $(objtree)/arch/x86/tools/vdso2c



quiet_cmd_vdso2c = VDSO2C  $@

      cmd_vdso2c = $(VDSO2C) $< $(<:%.dbg=%) $@



$(obj)/%-image.c: $(obj)/%.so.dbg $(obj)/%.so $(VDSO2C) FORCE

	$(call if_changed,vdso2c)



$(obj)/%-image.o: $(obj)/%-image.c

arch/x86/entry/vdso/vdso-note.Sarch/x86/entry/vdso/common/note.S

+4 −1
Original line number Diff line number Diff line 
/* SPDX-License-Identifier: GPL-2.0 */

/*

 * This supplies .note.* sections to go into the PT_NOTE inside the vDSO text.

 * Here we can supply some information useful to userland.

 */



#include <linux/build-salt.h>

#include <linux/uts.h>

#include <linux/version.h>

#include <linux/elfnote.h>



/* Ideally this would use UTS_NAME, but using a quoted string here

   doesn't work. Remember to change this when changing the

   kernel's name. */

ELFNOTE_START(Linux, 0, "a")

	.long LINUX_VERSION_CODE

ELFNOTE_END