linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] arch/x86/boot: use prefix map to avoid embedded paths
@ 2019-09-26  9:11 Ross Burton
  0 siblings, 0 replies; 2+ messages in thread
From: Ross Burton @ 2019-09-26  9:11 UTC (permalink / raw)
  To: linux-kernel; +Cc: tglx, mingo, hpa, bruce.ashfield

From: Bruce Ashfield <bruce.ashfield@gmail.com>

It was observed that the kernel embeds the path in the x86 boot
artifacts.

From https://bugzilla.yoctoproject.org/show_bug.cgi?id=13458:

[
   If you turn on the buildpaths QA test, or try a reproducible build, you
   discover that the kernel image contains build paths.

   $ strings bzImage-5.0.19-yocto-standard |grep tmp/
   out of pgt_buf in
   /data/poky-tmp/reproducible/tmp/work-shared/qemux86-64/kernel-source/arch/x86/boot/compressed/kaslr_64.c!?

   But what's this in the top-level Makefile:

   $ git grep prefix-map
   Makefile:KBUILD_CFLAGS  += $(call
   cc-option,-fmacro-prefix-map=$(srctree)/=)

   So the __FILE__ shouldn't be using the full path.  However
   arch/x86/boot/compressed/Makefile has this:

   KBUILD_CFLAGS := -m$(BITS) -O2

   So that clears KBUILD_FLAGS, removing the -fmacro-prefix-map option.
]

Other architectures do not clear the flags, but instead prune before
adding boot or specific options. There's no obvious reason why x86 isn't
doing the same thing (pruning vs clearing) and no build or boot issues
have been observed.

So we make x86 can do the same thing, and we no longer have embedded paths.

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
---
 arch/x86/boot/compressed/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
index 6b84afdd7538..b246f18c5857 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -38,6 +38,7 @@ KBUILD_CFLAGS += $(call cc-option,-fno-stack-protector)
 KBUILD_CFLAGS += $(call cc-disable-warning, address-of-packed-member)
 KBUILD_CFLAGS += $(call cc-disable-warning, gnu)
 KBUILD_CFLAGS += -Wno-pointer-sign
+KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
 
 KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
 GCOV_PROFILE := n
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] arch/x86/boot: use prefix map to avoid embedded paths
       [not found] <20190926091132.3845-1-ross.burton@intel.com>
@ 2019-09-26  9:25 ` Borislav Petkov
  0 siblings, 0 replies; 2+ messages in thread
From: Borislav Petkov @ 2019-09-26  9:25 UTC (permalink / raw)
  To: Ross Burton; +Cc: x86-ml, lkml

Don't forget to CC: lkml and x86@kernel.org on x86 patches.

On Thu, Sep 26, 2019 at 10:11:32AM +0100, Ross Burton wrote:
> From: Bruce Ashfield <bruce.ashfield@gmail.com>
> 
> It was observed that the kernel embeds the path in the x86 boot
> artifacts.
> 
> From https://bugzilla.yoctoproject.org/show_bug.cgi?id=13458:
> 
> [
>    If you turn on the buildpaths QA test, or try a reproducible build, you
>    discover that the kernel image contains build paths.
> 
>    $ strings bzImage-5.0.19-yocto-standard |grep tmp/
>    out of pgt_buf in
>    /data/poky-tmp/reproducible/tmp/work-shared/qemux86-64/kernel-source/arch/x86/boot/compressed/kaslr_64.c!?
> 
>    But what's this in the top-level Makefile:
> 
>    $ git grep prefix-map
>    Makefile:KBUILD_CFLAGS  += $(call
>    cc-option,-fmacro-prefix-map=$(srctree)/=)
> 
>    So the __FILE__ shouldn't be using the full path.  However
>    arch/x86/boot/compressed/Makefile has this:
> 
>    KBUILD_CFLAGS := -m$(BITS) -O2
> 
>    So that clears KBUILD_FLAGS, removing the -fmacro-prefix-map option.
> ]
> 
> Other architectures do not clear the flags, but instead prune before
> adding boot or specific options. There's no obvious reason why x86 isn't
> doing the same thing (pruning vs clearing) and no build or boot issues
> have been observed.
> 
> So we make x86 can do the same thing, and we no longer have embedded paths.
> 
> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
> Signed-off-by: Ross Burton <ross.burton@intel.com>
> ---
>  arch/x86/boot/compressed/Makefile | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
> index 6b84afdd7538..b246f18c5857 100644
> --- a/arch/x86/boot/compressed/Makefile
> +++ b/arch/x86/boot/compressed/Makefile
> @@ -38,6 +38,7 @@ KBUILD_CFLAGS += $(call cc-option,-fno-stack-protector)
>  KBUILD_CFLAGS += $(call cc-disable-warning, address-of-packed-member)
>  KBUILD_CFLAGS += $(call cc-disable-warning, gnu)
>  KBUILD_CFLAGS += -Wno-pointer-sign
> +KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
>  
>  KBUILD_AFLAGS  := $(KBUILD_CFLAGS) -D__ASSEMBLY__
>  GCOV_PROFILE := n
> -- 

What about arch/x86/boot/Makefile ?

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-09-26  9:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-26  9:11 [PATCH] arch/x86/boot: use prefix map to avoid embedded paths Ross Burton
     [not found] <20190926091132.3845-1-ross.burton@intel.com>
2019-09-26  9:25 ` Borislav Petkov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).