From c39afe624853e39af243dd9832640bf9c80b6554 Mon Sep 17 00:00:00 2001 From: Josh Triplett Date: Sun, 17 Oct 2021 19:43:13 +0200 Subject: kconfig: Add `make mod2noconfig` to disable module options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When converting a modular kernel to a monolithic kernel, once the kernel works without loading any modules, this helps to quickly disable all the modules before turning off module support entirely. Refactor conf_rewrite_mod_or_yes to a more general conf_rewrite_tristates that accepts an old and new state. Signed-off-by: Josh Triplett Tested-by: Björn Töpel Signed-off-by: Masahiro Yamada --- scripts/kconfig/Makefile | 3 ++- scripts/kconfig/conf.c | 17 ++++++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) (limited to 'scripts') diff --git a/scripts/kconfig/Makefile b/scripts/kconfig/Makefile index 5a215880b268..b8ef0fb4bbef 100644 --- a/scripts/kconfig/Makefile +++ b/scripts/kconfig/Makefile @@ -69,7 +69,7 @@ localyesconfig localmodconfig: $(obj)/conf # deprecated for external use simple-targets := oldconfig allnoconfig allyesconfig allmodconfig \ alldefconfig randconfig listnewconfig olddefconfig syncconfig \ - helpnewconfig yes2modconfig mod2yesconfig + helpnewconfig yes2modconfig mod2yesconfig mod2noconfig PHONY += $(simple-targets) @@ -134,6 +134,7 @@ help: @echo ' randconfig - New config with random answer to all options' @echo ' yes2modconfig - Change answers from yes to mod if possible' @echo ' mod2yesconfig - Change answers from mod to yes if possible' + @echo ' mod2noconfig - Change answers from mod to no if possible' @echo ' listnewconfig - List new options' @echo ' helpnewconfig - List new options and help text' @echo ' olddefconfig - Same as oldconfig but sets new symbols to their' diff --git a/scripts/kconfig/conf.c b/scripts/kconfig/conf.c index 971da3598fe4..4178065ca27f 100644 --- a/scripts/kconfig/conf.c +++ b/scripts/kconfig/conf.c @@ -35,6 +35,7 @@ enum input_mode { olddefconfig, yes2modconfig, mod2yesconfig, + mod2noconfig, }; static enum input_mode input_mode = oldaskconfig; static int input_mode_opt; @@ -163,8 +164,6 @@ enum conf_def_mode { def_default, def_yes, def_mod, - def_y2m, - def_m2y, def_no, def_random }; @@ -302,12 +301,10 @@ static bool conf_set_all_new_symbols(enum conf_def_mode mode) return has_changed; } -static void conf_rewrite_mod_or_yes(enum conf_def_mode mode) +static void conf_rewrite_tristates(tristate old_val, tristate new_val) { struct symbol *sym; int i; - tristate old_val = (mode == def_y2m) ? yes : mod; - tristate new_val = (mode == def_y2m) ? mod : yes; for_all_symbols(i, sym) { if (sym_get_type(sym) == S_TRISTATE && @@ -685,6 +682,7 @@ static const struct option long_opts[] = { {"olddefconfig", no_argument, &input_mode_opt, olddefconfig}, {"yes2modconfig", no_argument, &input_mode_opt, yes2modconfig}, {"mod2yesconfig", no_argument, &input_mode_opt, mod2yesconfig}, + {"mod2noconfig", no_argument, &input_mode_opt, mod2noconfig}, {NULL, 0, NULL, 0} }; @@ -713,6 +711,7 @@ static void conf_usage(const char *progname) printf(" --randconfig New config with random answer to all options\n"); printf(" --yes2modconfig Change answers from yes to mod if possible\n"); printf(" --mod2yesconfig Change answers from mod to yes if possible\n"); + printf(" --mod2noconfig Change answers from mod to no if possible\n"); printf(" (If none of the above is given, --oldaskconfig is the default)\n"); } @@ -788,6 +787,7 @@ int main(int ac, char **av) case olddefconfig: case yes2modconfig: case mod2yesconfig: + case mod2noconfig: conf_read(NULL); break; case allnoconfig: @@ -862,10 +862,13 @@ int main(int ac, char **av) case savedefconfig: break; case yes2modconfig: - conf_rewrite_mod_or_yes(def_y2m); + conf_rewrite_tristates(yes, mod); break; case mod2yesconfig: - conf_rewrite_mod_or_yes(def_m2y); + conf_rewrite_tristates(mod, yes); + break; + case mod2noconfig: + conf_rewrite_tristates(mod, no); break; case oldaskconfig: rootEntry = &rootmenu; -- cgit v1.2.3 From 0431acd87a6c1785e47eb9762904d964f7a031e9 Mon Sep 17 00:00:00 2001 From: Łukasz Stelmach Date: Thu, 25 Nov 2021 17:20:54 +0100 Subject: streamline_config.pl: show the full Kconfig name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Show the very same file name that was passed to open() in case the operation failed. Signed-off-by: Łukasz Stelmach --- scripts/kconfig/streamline_config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/kconfig/streamline_config.pl b/scripts/kconfig/streamline_config.pl index 1a5fea0519eb..3387ad7508f7 100755 --- a/scripts/kconfig/streamline_config.pl +++ b/scripts/kconfig/streamline_config.pl @@ -170,7 +170,7 @@ sub read_kconfig { $source =~ s/\$\($env\)/$ENV{$env}/; } - open(my $kinfile, '<', $source) || die "Can't open $kconfig"; + open(my $kinfile, '<', $source) || die "Can't open $source"; while (<$kinfile>) { chomp; -- cgit v1.2.3 From df05c0e9496ce1e28b51f79f9fae94479a37fa60 Mon Sep 17 00:00:00 2001 From: Nathan Chancellor Date: Mon, 29 Nov 2021 09:57:58 -0700 Subject: Documentation: Raise the minimum supported version of LLVM to 11.0.0 LLVM versions prior to 11.0.0 have a harder time with dead code elimination, which can cause issues with commonly used expressions such as BUILD_BUG_ON and the bitmask functions/macros in bitfield.h (see the first two issues links below). Whenever there is an issue within LLVM that has been resolved in a later release, the only course of action is to gate the problematic configuration or source code on the toolchain verson or raise the minimum supported version of LLVM for building the kernel, as LLVM has a limited support lifetime compared to GCC. GCC major releases will typically see a few point releases across a two year period on average whereas LLVM major releases are only supported until the next major release and will only see one or two point releases within that timeframe. For example, GCC 8.1 was released in May 2018 and GCC 8.5 was released in May 2021, whereas LLVM 12.0.0 was released in April 2021 and its only point release, 12.0.1, was released in July 2021, giving a minimal window for fixes to be backported. To resolve these build errors around improper dead code elimination, raise the minimum supported version of LLVM for building the kernel to 11.0.0. Doing so is a more proper solution than mucking around with core kernel macros that have always worked with GCC or disabling drivers for using these macros in a proper manner. This type of issue may continue to crop up and require patching, which creates more debt for bumping the minimum supported version in the future. This should have a minimal impact to distributions. Using a script to pull several different Docker images and check the output of 'clang --version': archlinux:latest: clang version 13.0.0 debian:oldoldstable-slim: clang version 3.8.1-24 (tags/RELEASE_381/final) debian:oldstable-slim: clang version 7.0.1-8+deb10u2 (tags/RELEASE_701/final) debian:stable-slim: Debian clang version 11.0.1-2 debian:testing-slim: Debian clang version 11.1.0-4 debian:unstable-slim: Debian clang version 11.1.0-4 fedora:34: clang version 12.0.1 (Fedora 12.0.1-1.fc34) fedora:latest: clang version 13.0.0 (Fedora 13.0.0-3.fc35) fedora:rawhide: clang version 13.0.0 (Fedora 13.0.0-5.fc36) opensuse/leap:15.2: clang version 9.0.1 opensuse/leap:latest: clang version 11.0.1 opensuse/tumbleweed:latest: clang version 13.0.0 ubuntu:bionic: clang version 6.0.0-1ubuntu2 (tags/RELEASE_600/final) ubuntu:latest: clang version 10.0.0-4ubuntu1 ubuntu:hirsute: Ubuntu clang version 12.0.0-3ubuntu1~21.04.2 ubuntu:rolling: Ubuntu clang version 13.0.0-2 ubuntu:devel: Ubuntu clang version 13.0.0-9 In every case, the distribution's version of clang is either older than the current minimum supported version of LLVM 10.0.1 or equal to or greater than the proposed 11.0.0 so nothing should change. Another benefit of this change is LLVM=1 works better with arm64 and x86_64 since commit f12b034afeb3 ("scripts/Makefile.clang: default to LLVM_IAS=1") enabled the integrated assembler by default, which only works well with clang 11+ (clang-10 required it to be disabled to successfully build a kernel). Link: https://github.com/ClangBuiltLinux/linux/issues/1293 Link: https://github.com/ClangBuiltLinux/linux/issues/1506 Link: https://github.com/ClangBuiltLinux/linux/issues/1511 Link: https://github.com/llvm/llvm-project/commit/fa496ce3c6774097080c8a9cb808da56f383b938 Link: https://groups.google.com/g/clang-built-linux/c/mPQb9_ZWW0s/m/W7o6S-QTBAAJ Link: https://github.com/ClangBuiltLinux/misc-scripts Signed-off-by: Nathan Chancellor Reviewed-by: Miguel Ojeda Reviewed-by: Mark Brown Reviewed-by: Nick Desaulniers Reviewed-by: Kees Cook Signed-off-by: Masahiro Yamada --- Documentation/process/changes.rst | 2 +- scripts/min-tool-version.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/Documentation/process/changes.rst b/Documentation/process/changes.rst index b398b8576417..17182b537141 100644 --- a/Documentation/process/changes.rst +++ b/Documentation/process/changes.rst @@ -30,7 +30,7 @@ you probably needn't concern yourself with pcmciautils. Program Minimal version Command to check the version ====================== =============== ======================================== GNU C 5.1 gcc --version -Clang/LLVM (optional) 10.0.1 clang --version +Clang/LLVM (optional) 11.0.0 clang --version GNU make 3.81 make --version binutils 2.23 ld -v flex 2.5.35 flex --version diff --git a/scripts/min-tool-version.sh b/scripts/min-tool-version.sh index 4edc708baa63..7c20252a90c6 100755 --- a/scripts/min-tool-version.sh +++ b/scripts/min-tool-version.sh @@ -28,7 +28,7 @@ llvm) if [ "$SRCARCH" = s390 ]; then echo 13.0.0 else - echo 10.0.1 + echo 11.0.0 fi ;; *) -- cgit v1.2.3 From 50a483405c420f5f35b8dbb71425459835ae44eb Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Mon, 6 Dec 2021 11:35:06 +0900 Subject: kbuild: move headers_check.pl to usr/include/ This script is only used by usr/include/Makefile. Make it local to the directory. Update the comment in include/uapi/linux/soundcard.h because 'make headers_check' is no longer functional. Signed-off-by: Masahiro Yamada --- include/uapi/linux/soundcard.h | 2 +- scripts/headers_check.pl | 171 ----------------------------------------- usr/include/Makefile | 6 +- usr/include/headers_check.pl | 171 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 176 insertions(+), 174 deletions(-) delete mode 100755 scripts/headers_check.pl create mode 100755 usr/include/headers_check.pl (limited to 'scripts') diff --git a/include/uapi/linux/soundcard.h b/include/uapi/linux/soundcard.h index f3b21f989872..ac1318793a86 100644 --- a/include/uapi/linux/soundcard.h +++ b/include/uapi/linux/soundcard.h @@ -1051,7 +1051,7 @@ typedef struct mixer_vol_table { * the GPL version of OSS-4.x and build against that version * of the header. * - * We redefine the extern keyword so that make headers_check + * We redefine the extern keyword so that usr/include/headers_check.pl * does not complain about SEQ_USE_EXTBUF. */ #define SEQ_DECLAREBUF() SEQ_USE_EXTBUF() diff --git a/scripts/headers_check.pl b/scripts/headers_check.pl deleted file mode 100755 index b6aec5e4365f..000000000000 --- a/scripts/headers_check.pl +++ /dev/null @@ -1,171 +0,0 @@ -#!/usr/bin/env perl -# SPDX-License-Identifier: GPL-2.0 -# -# headers_check.pl execute a number of trivial consistency checks -# -# Usage: headers_check.pl dir arch [files...] -# dir: dir to look for included files -# arch: architecture -# files: list of files to check -# -# The script reads the supplied files line by line and: -# -# 1) for each include statement it checks if the -# included file actually exists. -# Only include files located in asm* and linux* are checked. -# The rest are assumed to be system include files. -# -# 2) It is checked that prototypes does not use "extern" -# -# 3) Check for leaked CONFIG_ symbols - -use warnings; -use strict; -use File::Basename; - -my ($dir, $arch, @files) = @ARGV; - -my $ret = 0; -my $line; -my $lineno = 0; -my $filename; - -foreach my $file (@files) { - $filename = $file; - - open(my $fh, '<', $filename) - or die "$filename: $!\n"; - $lineno = 0; - while ($line = <$fh>) { - $lineno++; - &check_include(); - &check_asm_types(); - &check_sizetypes(); - &check_declarations(); - # Dropped for now. Too much noise &check_config(); - } - close $fh; -} -exit $ret; - -sub check_include -{ - if ($line =~ m/^\s*#\s*include\s+<((asm|linux).*)>/) { - my $inc = $1; - my $found; - $found = stat($dir . "/" . $inc); - if (!$found) { - $inc =~ s#asm/#asm-$arch/#; - $found = stat($dir . "/" . $inc); - } - if (!$found) { - printf STDERR "$filename:$lineno: included file '$inc' is not exported\n"; - $ret = 1; - } - } -} - -sub check_declarations -{ - # soundcard.h is what it is - if ($line =~ m/^void seqbuf_dump\(void\);/) { - return; - } - # drm headers are being C++ friendly - if ($line =~ m/^extern "C"/) { - return; - } - if ($line =~ m/^(\s*extern|unsigned|char|short|int|long|void)\b/) { - printf STDERR "$filename:$lineno: " . - "userspace cannot reference function or " . - "variable defined in the kernel\n"; - } -} - -sub check_config -{ - if ($line =~ m/[^a-zA-Z0-9_]+CONFIG_([a-zA-Z0-9_]+)[^a-zA-Z0-9_]/) { - printf STDERR "$filename:$lineno: leaks CONFIG_$1 to userspace where it is not valid\n"; - } -} - -my $linux_asm_types; -sub check_asm_types -{ - if ($filename =~ /types.h|int-l64.h|int-ll64.h/o) { - return; - } - if ($lineno == 1) { - $linux_asm_types = 0; - } elsif ($linux_asm_types >= 1) { - return; - } - if ($line =~ m/^\s*#\s*include\s+/) { - $linux_asm_types = 1; - printf STDERR "$filename:$lineno: " . - "include of is preferred over \n" - # Warn until headers are all fixed - #$ret = 1; - } -} - -my $linux_types; -my %import_stack = (); -sub check_include_typesh -{ - my $path = $_[0]; - my $import_path; - - my $fh; - my @file_paths = ($path, $dir . "/" . $path, dirname($filename) . "/" . $path); - for my $possible ( @file_paths ) { - if (not $import_stack{$possible} and open($fh, '<', $possible)) { - $import_path = $possible; - $import_stack{$import_path} = 1; - last; - } - } - if (eof $fh) { - return; - } - - my $line; - while ($line = <$fh>) { - if ($line =~ m/^\s*#\s*include\s+/) { - $linux_types = 1; - last; - } - if (my $included = ($line =~ /^\s*#\s*include\s+[<"](\S+)[>"]/)[0]) { - check_include_typesh($included); - } - } - close $fh; - delete $import_stack{$import_path}; -} - -sub check_sizetypes -{ - if ($filename =~ /types.h|int-l64.h|int-ll64.h/o) { - return; - } - if ($lineno == 1) { - $linux_types = 0; - } elsif ($linux_types >= 1) { - return; - } - if ($line =~ m/^\s*#\s*include\s+/) { - $linux_types = 1; - return; - } - if (my $included = ($line =~ /^\s*#\s*include\s+[<"](\S+)[>"]/)[0]) { - check_include_typesh($included); - } - if ($line =~ m/__[us](8|16|32|64)\b/) { - printf STDERR "$filename:$lineno: " . - "found __[us]{8,16,32,64} type " . - "without #include \n"; - $linux_types = 2; - # Warn until headers are all fixed - #$ret = 1; - } -} diff --git a/usr/include/Makefile b/usr/include/Makefile index 1c2ae1368079..94403806ea56 100644 --- a/usr/include/Makefile +++ b/usr/include/Makefile @@ -99,10 +99,12 @@ quiet_cmd_hdrtest = HDRTEST $< cmd_hdrtest = \ $(CC) $(c_flags) -S -o /dev/null -x c /dev/null \ $(if $(filter-out $(no-header-test), $*.h), -include $< -include $<); \ - $(PERL) $(srctree)/scripts/headers_check.pl $(obj) $(SRCARCH) $<; \ + $(PERL) $(srctree)/$(src)/headers_check.pl $(obj) $(SRCARCH) $<; \ touch $@ $(obj)/%.hdrtest: $(obj)/%.h FORCE $(call if_changed_dep,hdrtest) -clean-files += $(filter-out Makefile, $(notdir $(wildcard $(obj)/*))) +# Since GNU Make 4.3, $(patsubst $(obj)/%/,%,$(wildcard $(obj)/*/)) works. +# To support older Make versions, use a somewhat tedious way. +clean-files += $(filter-out Makefile headers_check.pl, $(notdir $(wildcard $(obj)/*))) diff --git a/usr/include/headers_check.pl b/usr/include/headers_check.pl new file mode 100755 index 000000000000..b6aec5e4365f --- /dev/null +++ b/usr/include/headers_check.pl @@ -0,0 +1,171 @@ +#!/usr/bin/env perl +# SPDX-License-Identifier: GPL-2.0 +# +# headers_check.pl execute a number of trivial consistency checks +# +# Usage: headers_check.pl dir arch [files...] +# dir: dir to look for included files +# arch: architecture +# files: list of files to check +# +# The script reads the supplied files line by line and: +# +# 1) for each include statement it checks if the +# included file actually exists. +# Only include files located in asm* and linux* are checked. +# The rest are assumed to be system include files. +# +# 2) It is checked that prototypes does not use "extern" +# +# 3) Check for leaked CONFIG_ symbols + +use warnings; +use strict; +use File::Basename; + +my ($dir, $arch, @files) = @ARGV; + +my $ret = 0; +my $line; +my $lineno = 0; +my $filename; + +foreach my $file (@files) { + $filename = $file; + + open(my $fh, '<', $filename) + or die "$filename: $!\n"; + $lineno = 0; + while ($line = <$fh>) { + $lineno++; + &check_include(); + &check_asm_types(); + &check_sizetypes(); + &check_declarations(); + # Dropped for now. Too much noise &check_config(); + } + close $fh; +} +exit $ret; + +sub check_include +{ + if ($line =~ m/^\s*#\s*include\s+<((asm|linux).*)>/) { + my $inc = $1; + my $found; + $found = stat($dir . "/" . $inc); + if (!$found) { + $inc =~ s#asm/#asm-$arch/#; + $found = stat($dir . "/" . $inc); + } + if (!$found) { + printf STDERR "$filename:$lineno: included file '$inc' is not exported\n"; + $ret = 1; + } + } +} + +sub check_declarations +{ + # soundcard.h is what it is + if ($line =~ m/^void seqbuf_dump\(void\);/) { + return; + } + # drm headers are being C++ friendly + if ($line =~ m/^extern "C"/) { + return; + } + if ($line =~ m/^(\s*extern|unsigned|char|short|int|long|void)\b/) { + printf STDERR "$filename:$lineno: " . + "userspace cannot reference function or " . + "variable defined in the kernel\n"; + } +} + +sub check_config +{ + if ($line =~ m/[^a-zA-Z0-9_]+CONFIG_([a-zA-Z0-9_]+)[^a-zA-Z0-9_]/) { + printf STDERR "$filename:$lineno: leaks CONFIG_$1 to userspace where it is not valid\n"; + } +} + +my $linux_asm_types; +sub check_asm_types +{ + if ($filename =~ /types.h|int-l64.h|int-ll64.h/o) { + return; + } + if ($lineno == 1) { + $linux_asm_types = 0; + } elsif ($linux_asm_types >= 1) { + return; + } + if ($line =~ m/^\s*#\s*include\s+/) { + $linux_asm_types = 1; + printf STDERR "$filename:$lineno: " . + "include of is preferred over \n" + # Warn until headers are all fixed + #$ret = 1; + } +} + +my $linux_types; +my %import_stack = (); +sub check_include_typesh +{ + my $path = $_[0]; + my $import_path; + + my $fh; + my @file_paths = ($path, $dir . "/" . $path, dirname($filename) . "/" . $path); + for my $possible ( @file_paths ) { + if (not $import_stack{$possible} and open($fh, '<', $possible)) { + $import_path = $possible; + $import_stack{$import_path} = 1; + last; + } + } + if (eof $fh) { + return; + } + + my $line; + while ($line = <$fh>) { + if ($line =~ m/^\s*#\s*include\s+/) { + $linux_types = 1; + last; + } + if (my $included = ($line =~ /^\s*#\s*include\s+[<"](\S+)[>"]/)[0]) { + check_include_typesh($included); + } + } + close $fh; + delete $import_stack{$import_path}; +} + +sub check_sizetypes +{ + if ($filename =~ /types.h|int-l64.h|int-ll64.h/o) { + return; + } + if ($lineno == 1) { + $linux_types = 0; + } elsif ($linux_types >= 1) { + return; + } + if ($line =~ m/^\s*#\s*include\s+/) { + $linux_types = 1; + return; + } + if (my $included = ($line =~ /^\s*#\s*include\s+[<"](\S+)[>"]/)[0]) { + check_include_typesh($included); + } + if ($line =~ m/__[us](8|16|32|64)\b/) { + printf STDERR "$filename:$lineno: " . + "found __[us]{8,16,32,64} type " . + "without #include \n"; + $linux_types = 2; + # Warn until headers are all fixed + #$ret = 1; + } +} -- cgit v1.2.3 From 4db9c2e3d055cc11e64b5c9bbaa70b5a552adf0f Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Tue, 14 Dec 2021 11:53:50 +0900 Subject: kbuild: stop using config_filename in scripts/Makefile.modsign Toward the goal of removing the config_filename macro, drop the double-quotes and add $(srctree)/ prefix in an ad hoc way. Signed-off-by: Masahiro Yamada Reviewed-by: Nicolas Schier --- scripts/Makefile.modinst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst index ff9b09e4cfca..df7e3d578ef5 100644 --- a/scripts/Makefile.modinst +++ b/scripts/Makefile.modinst @@ -66,9 +66,10 @@ endif # Don't stop modules_install even if we can't sign external modules. # ifeq ($(CONFIG_MODULE_SIG_ALL),y) +CONFIG_MODULE_SIG_KEY := $(CONFIG_MODULE_SIG_KEY:"%"=%) +sig-key := $(if $(wildcard $(CONFIG_MODULE_SIG_KEY)),,$(srctree)/)$(CONFIG_MODULE_SIG_KEY) quiet_cmd_sign = SIGN $@ -$(eval $(call config_filename,MODULE_SIG_KEY)) - cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY) certs/signing_key.x509 $@ \ + cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(sig-key) certs/signing_key.x509 $@ \ $(if $(KBUILD_EXTMOD),|| true) else quiet_cmd_sign := -- cgit v1.2.3 From b8c96a6b466ca3b91530a4ec7f7404f40f8f4d0b Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Tue, 14 Dec 2021 11:53:51 +0900 Subject: certs: simplify $(srctree)/ handling and remove config_filename macro The complex macro, config_filename, was introduced to do: [1] drop double-quotes from the string value [2] add $(srctree)/ prefix in case the file is not found in $(objtree) [3] escape spaces and more [1] will be more generally handled by Kconfig later. As for [2], Kbuild uses VPATH to search for files in $(objtree), $(srctree) in this order. GNU Make can natively handle it. As for [3], converting $(space) to $(space_escape) back and forth looks questionable to me. It is well-known that GNU Make cannot handle file paths with spaces in the first place. Instead of using the complex macro, use $< so it will be expanded to the file path of the key. Remove config_filename, finally. Signed-off-by: Masahiro Yamada --- certs/Makefile | 32 +++++++++++++------------------- scripts/Kbuild.include | 47 ----------------------------------------------- 2 files changed, 13 insertions(+), 66 deletions(-) (limited to 'scripts') diff --git a/certs/Makefile b/certs/Makefile index c3c8da03b04b..69c1404152ef 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -15,15 +15,12 @@ endif quiet_cmd_extract_certs = CERT $@ cmd_extract_certs = scripts/extract-cert $(2) $@ -ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y) - -$(eval $(call config_filename,SYSTEM_TRUSTED_KEYS)) - $(obj)/system_certificates.o: $(obj)/x509_certificate_list -$(obj)/x509_certificate_list: scripts/extract-cert $(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(SYSTEM_TRUSTED_KEYS_FILENAME) FORCE - $(call if_changed,extract_certs,$(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_TRUSTED_KEYS)) -endif # CONFIG_SYSTEM_TRUSTED_KEYRING +CONFIG_SYSTEM_TRUSTED_KEYS := $(CONFIG_SYSTEM_TRUSTED_KEYS:"%"=%) + +$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) scripts/extract-cert FORCE + $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,"")) targets += x509_certificate_list @@ -72,29 +69,26 @@ $(obj)/x509.genkey: endif # CONFIG_MODULE_SIG_KEY -$(eval $(call config_filename,MODULE_SIG_KEY)) +CONFIG_MODULE_SIG_KEY := $(CONFIG_MODULE_SIG_KEY:"%"=%) # If CONFIG_MODULE_SIG_KEY isn't a PKCS#11 URI, depend on it -ifeq ($(patsubst pkcs11:%,%,$(firstword $(MODULE_SIG_KEY_FILENAME))),$(firstword $(MODULE_SIG_KEY_FILENAME))) -X509_DEP := $(MODULE_SIG_KEY_SRCPREFIX)$(MODULE_SIG_KEY_FILENAME) +ifneq ($(filter-out pkcs11:%, %(CONFIG_MODULE_SIG_KEY)),) +X509_DEP := $(CONFIG_MODULE_SIG_KEY) endif $(obj)/system_certificates.o: $(obj)/signing_key.x509 -$(obj)/signing_key.x509: scripts/extract-cert $(X509_DEP) FORCE - $(call if_changed,extract_certs,$(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY)) +$(obj)/signing_key.x509: $(X509_DEP) scripts/extract-cert FORCE + $(call if_changed,extract_certs,$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY))) endif # CONFIG_MODULE_SIG targets += signing_key.x509 -ifeq ($(CONFIG_SYSTEM_REVOCATION_LIST),y) - -$(eval $(call config_filename,SYSTEM_REVOCATION_KEYS)) - $(obj)/revocation_certificates.o: $(obj)/x509_revocation_list -$(obj)/x509_revocation_list: scripts/extract-cert $(SYSTEM_REVOCATION_KEYS_SRCPREFIX)$(SYSTEM_REVOCATION_KEYS_FILENAME) FORCE - $(call if_changed,extract_certs,$(SYSTEM_REVOCATION_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_REVOCATION_KEYS)) -endif +CONFIG_SYSTEM_REVOCATION_KEYS := $(CONFIG_SYSTEM_REVOCATION_KEYS:"%"=%) + +$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) scripts/extract-cert FORCE + $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,"")) targets += x509_revocation_list diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include index cdec22088423..3514c2149e9d 100644 --- a/scripts/Kbuild.include +++ b/scripts/Kbuild.include @@ -195,53 +195,6 @@ why = \ echo-why = $(call escsq, $(strip $(why))) endif -############################################################################### -# -# When a Kconfig string contains a filename, it is suitable for -# passing to shell commands. It is surrounded by double-quotes, and -# any double-quotes or backslashes within it are escaped by -# backslashes. -# -# This is no use for dependencies or $(wildcard). We need to strip the -# surrounding quotes and the escaping from quotes and backslashes, and -# we *do* need to escape any spaces in the string. So, for example: -# -# Usage: $(eval $(call config_filename,FOO)) -# -# Defines FOO_FILENAME based on the contents of the CONFIG_FOO option, -# transformed as described above to be suitable for use within the -# makefile. -# -# Also, if the filename is a relative filename and exists in the source -# tree but not the build tree, define FOO_SRCPREFIX as $(srctree)/ to -# be prefixed to *both* command invocation and dependencies. -# -# Note: We also print the filenames in the quiet_cmd_foo text, and -# perhaps ought to have a version specially escaped for that purpose. -# But it's only cosmetic, and $(patsubst "%",%,$(CONFIG_FOO)) is good -# enough. It'll strip the quotes in the common case where there's no -# space and it's a simple filename, and it'll retain the quotes when -# there's a space. There are some esoteric cases in which it'll print -# the wrong thing, but we don't really care. The actual dependencies -# and commands *do* get it right, with various combinations of single -# and double quotes, backslashes and spaces in the filenames. -# -############################################################################### -# -define config_filename -ifneq ($$(CONFIG_$(1)),"") -$(1)_FILENAME := $$(subst \\,\,$$(subst \$$(quote),$$(quote),$$(subst $$(space_escape),\$$(space),$$(patsubst "%",%,$$(subst $$(space),$$(space_escape),$$(CONFIG_$(1))))))) -ifneq ($$(patsubst /%,%,$$(firstword $$($(1)_FILENAME))),$$(firstword $$($(1)_FILENAME))) -else -ifeq ($$(wildcard $$($(1)_FILENAME)),) -ifneq ($$(wildcard $$(srctree)/$$($(1)_FILENAME)),) -$(1)_SRCPREFIX := $(srctree)/ -endif -endif -endif -endif -endef -# ############################################################################### # delete partially updated (i.e. corrupted) files on error -- cgit v1.2.3 From 7d153696e5db1e37387c2f7ec06ffc8d4aac70a4 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Tue, 14 Dec 2021 11:53:52 +0900 Subject: kbuild: do not include include/config/auto.conf from shell scripts Richard Weinberger pointed out the risk of sourcing the kernel config from shell scripts [1], and proposed some patches [2], [3]. It is a good point, but it took a long time because I was wondering how to fix this. This commit goes with simple grep approach because there are only a few scripts including the kernel configuration. scripts/link_vmlinux.sh has references to a bunch of CONFIG options, all of which are boolean. I added is_enabled() helper as scripts/package/{mkdebian,builddeb} do. scripts/gen_autoksyms.sh uses 'eval', stating "to expand the whitelist path". I removed it since it is the issue we are trying to fix. I was a bit worried about the cost of invoking the grep command over again. I extracted the grep parts from it, and measured the cost. It was approximately 0.03 sec, which I hope is acceptable. [test code] $ cat test-grep.sh #!/bin/sh is_enabled() { grep -q "^$1=y" include/config/auto.conf } is_enabled CONFIG_LTO_CLANG is_enabled CONFIG_LTO_CLANG is_enabled CONFIG_STACK_VALIDATION is_enabled CONFIG_UNWINDER_ORC is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL is_enabled CONFIG_VMLINUX_VALIDATION is_enabled CONFIG_FRAME_POINTER is_enabled CONFIG_GCOV_KERNEL is_enabled CONFIG_LTO_CLANG is_enabled CONFIG_RETPOLINE is_enabled CONFIG_X86_SMAP is_enabled CONFIG_LTO_CLANG is_enabled CONFIG_VMLINUX_MAP is_enabled CONFIG_KALLSYMS_ALL is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU is_enabled CONFIG_KALLSYMS_BASE_RELATIVE is_enabled CONFIG_DEBUG_INFO_BTF is_enabled CONFIG_KALLSYMS is_enabled CONFIG_DEBUG_INFO_BTF is_enabled CONFIG_BPF is_enabled CONFIG_BUILDTIME_TABLE_SORT is_enabled CONFIG_KALLSYMS $ time ./test-grep.sh real 0m0.036s user 0m0.027s sys m0.009s [1]: https://lore.kernel.org/all/1919455.eZKeABUfgV@blindfold/ [2]: https://lore.kernel.org/all/20180219092245.26404-1-richard@nod.at/ [3]: https://lore.kernel.org/all/20210920213957.1064-2-richard@nod.at/ Signed-off-by: Masahiro Yamada Reviewed-by: Nicolas Schier --- scripts/gen_autoksyms.sh | 11 +++-------- scripts/link-vmlinux.sh | 47 ++++++++++++++++++++++++----------------------- scripts/setlocalversion | 9 ++++----- 3 files changed, 31 insertions(+), 36 deletions(-) (limited to 'scripts') diff --git a/scripts/gen_autoksyms.sh b/scripts/gen_autoksyms.sh index 6ed0d225c8b1..949d6a054034 100755 --- a/scripts/gen_autoksyms.sh +++ b/scripts/gen_autoksyms.sh @@ -16,20 +16,15 @@ case "$KBUILD_VERBOSE" in ;; esac -# We need access to CONFIG_ symbols -. include/config/auto.conf - needed_symbols= # Special case for modversions (see modpost.c) -if [ -n "$CONFIG_MODVERSIONS" ]; then +if grep -q "^CONFIG_MODVERSIONS=y$" include/config/auto.conf; then needed_symbols="$needed_symbols module_layout" fi -ksym_wl= -if [ -n "$CONFIG_UNUSED_KSYMS_WHITELIST" ]; then - # Use 'eval' to expand the whitelist path and check if it is relative - eval ksym_wl="$CONFIG_UNUSED_KSYMS_WHITELIST" +ksym_wl=$(sed -n 's/^CONFIG_UNUSED_KSYMS_WHITELIST="\(.*\)"$/\1/p' include/config/auto.conf) +if [ -n "$ksym_wl" ]; then [ "${ksym_wl}" != "${ksym_wl#/}" ] || ksym_wl="$abs_srctree/$ksym_wl" if [ ! -f "$ksym_wl" ] || [ ! -r "$ksym_wl" ]; then echo "ERROR: '$ksym_wl' whitelist file not found" >&2 diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh index 5cdd9bc5c385..a4b61a2f65db 100755 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh @@ -34,6 +34,10 @@ LD="$1" KBUILD_LDFLAGS="$2" LDFLAGS_vmlinux="$3" +is_enabled() { + grep -q "^$1=y" include/config/auto.conf +} + # Nice output in kbuild format # Will be supressed by "make -s" info() @@ -80,11 +84,11 @@ modpost_link() ${KBUILD_VMLINUX_LIBS} \ --end-group" - if [ -n "${CONFIG_LTO_CLANG}" ]; then + if is_enabled CONFIG_LTO_CLANG; then gen_initcalls lds="-T .tmp_initcalls.lds" - if [ -n "${CONFIG_MODVERSIONS}" ]; then + if is_enabled CONFIG_MODVERSIONS; then gen_symversions lds="${lds} -T .tmp_symversions.lds" fi @@ -104,21 +108,21 @@ objtool_link() local objtoolcmd; local objtoolopt; - if [ "${CONFIG_LTO_CLANG} ${CONFIG_STACK_VALIDATION}" = "y y" ]; then + if is_enabled CONFIG_LTO_CLANG && is_enabled CONFIG_STACK_VALIDATION; then # Don't perform vmlinux validation unless explicitly requested, # but run objtool on vmlinux.o now that we have an object file. - if [ -n "${CONFIG_UNWINDER_ORC}" ]; then + if is_enabled CONFIG_UNWINDER_ORC; then objtoolcmd="orc generate" fi objtoolopt="${objtoolopt} --duplicate" - if [ -n "${CONFIG_FTRACE_MCOUNT_USE_OBJTOOL}" ]; then + if is_enabled CONFIG_FTRACE_MCOUNT_USE_OBJTOOL; then objtoolopt="${objtoolopt} --mcount" fi fi - if [ -n "${CONFIG_VMLINUX_VALIDATION}" ]; then + if is_enabled CONFIG_VMLINUX_VALIDATION; then objtoolopt="${objtoolopt} --noinstr" fi @@ -127,16 +131,16 @@ objtool_link() objtoolcmd="check" fi objtoolopt="${objtoolopt} --vmlinux" - if [ -z "${CONFIG_FRAME_POINTER}" ]; then + if ! is_enabled CONFIG_FRAME_POINTER; then objtoolopt="${objtoolopt} --no-fp" fi - if [ -n "${CONFIG_GCOV_KERNEL}" ] || [ -n "${CONFIG_LTO_CLANG}" ]; then + if is_enabled CONFIG_GCOV_KERNEL || is_enabled CONFIG_LTO_CLANG; then objtoolopt="${objtoolopt} --no-unreachable" fi - if [ -n "${CONFIG_RETPOLINE}" ]; then + if is_enabled CONFIG_RETPOLINE; then objtoolopt="${objtoolopt} --retpoline" fi - if [ -n "${CONFIG_X86_SMAP}" ]; then + if is_enabled CONFIG_X86_SMAP; then objtoolopt="${objtoolopt} --uaccess" fi info OBJTOOL ${1} @@ -161,7 +165,7 @@ vmlinux_link() # skip output file argument shift - if [ -n "${CONFIG_LTO_CLANG}" ]; then + if is_enabled CONFIG_LTO_CLANG; then # Use vmlinux.o instead of performing the slow LTO link again. objs=vmlinux.o libs= @@ -189,7 +193,7 @@ vmlinux_link() ldflags="${ldflags} ${wl}--strip-debug" fi - if [ -n "${CONFIG_VMLINUX_MAP}" ]; then + if is_enabled CONFIG_VMLINUX_MAP; then ldflags="${ldflags} ${wl}-Map=${output}.map" fi @@ -239,15 +243,15 @@ kallsyms() { local kallsymopt; - if [ -n "${CONFIG_KALLSYMS_ALL}" ]; then + if is_enabled CONFIG_KALLSYMS_ALL; then kallsymopt="${kallsymopt} --all-symbols" fi - if [ -n "${CONFIG_KALLSYMS_ABSOLUTE_PERCPU}" ]; then + if is_enabled CONFIG_KALLSYMS_ABSOLUTE_PERCPU; then kallsymopt="${kallsymopt} --absolute-percpu" fi - if [ -n "${CONFIG_KALLSYMS_BASE_RELATIVE}" ]; then + if is_enabled CONFIG_KALLSYMS_BASE_RELATIVE; then kallsymopt="${kallsymopt} --base-relative" fi @@ -312,9 +316,6 @@ if [ "$1" = "clean" ]; then exit 0 fi -# We need access to CONFIG_ symbols -. include/config/auto.conf - # Update version info GEN .version if [ -r .version ]; then @@ -343,7 +344,7 @@ tr '\0' '\n' < modules.builtin.modinfo | sed -n 's/^[[:alnum:]:_]*\.file=//p' | tr ' ' '\n' | uniq | sed -e 's:^:kernel/:' -e 's/$/.ko/' > modules.builtin btf_vmlinux_bin_o="" -if [ -n "${CONFIG_DEBUG_INFO_BTF}" ]; then +if is_enabled CONFIG_DEBUG_INFO_BTF; then btf_vmlinux_bin_o=.btf.vmlinux.bin.o if ! gen_btf .tmp_vmlinux.btf $btf_vmlinux_bin_o ; then echo >&2 "Failed to generate BTF for vmlinux" @@ -355,7 +356,7 @@ fi kallsymso="" kallsymso_prev="" kallsyms_vmlinux="" -if [ -n "${CONFIG_KALLSYMS}" ]; then +if is_enabled CONFIG_KALLSYMS; then # kallsyms support # Generate section listing all symbols and add it into vmlinux @@ -395,12 +396,12 @@ fi vmlinux_link vmlinux "${kallsymso}" ${btf_vmlinux_bin_o} # fill in BTF IDs -if [ -n "${CONFIG_DEBUG_INFO_BTF}" -a -n "${CONFIG_BPF}" ]; then +if is_enabled CONFIG_DEBUG_INFO_BTF && is_enabled CONFIG_BPF; then info BTFIDS vmlinux ${RESOLVE_BTFIDS} vmlinux fi -if [ -n "${CONFIG_BUILDTIME_TABLE_SORT}" ]; then +if is_enabled CONFIG_BUILDTIME_TABLE_SORT; then info SORTTAB vmlinux if ! sorttable vmlinux; then echo >&2 Failed to sort kernel tables @@ -412,7 +413,7 @@ info SYSMAP System.map mksysmap vmlinux System.map # step a (see comment above) -if [ -n "${CONFIG_KALLSYMS}" ]; then +if is_enabled CONFIG_KALLSYMS; then mksysmap ${kallsyms_vmlinux} .tmp_System.map if ! cmp -s System.map .tmp_System.map; then diff --git a/scripts/setlocalversion b/scripts/setlocalversion index 6b54e46a0f12..d06137405190 100755 --- a/scripts/setlocalversion +++ b/scripts/setlocalversion @@ -111,9 +111,7 @@ if $scm_only; then exit fi -if test -e include/config/auto.conf; then - . include/config/auto.conf -else +if ! test -e include/config/auto.conf; then echo "Error: kernelrelease not valid - run 'make prepare' to update it" >&2 exit 1 fi @@ -125,10 +123,11 @@ if test ! "$srctree" -ef .; then fi # CONFIG_LOCALVERSION and LOCALVERSION (if set) -res="${res}${CONFIG_LOCALVERSION}${LOCALVERSION}" +config_localversion=$(sed -n 's/^CONFIG_LOCALVERSION="\(.*\)"$/\1/p' include/config/auto.conf) +res="${res}${config_localversion}${LOCALVERSION}" # scm version string if not at a tagged commit -if test "$CONFIG_LOCALVERSION_AUTO" = "y"; then +if grep -q "^CONFIG_LOCALVERSION_AUTO=y$" include/config/auto.conf; then # full scm version string res="$res$(scm_version)" elif [ "${LOCALVERSION+set}" != "set" ]; then -- cgit v1.2.3 From 129ab0d2d9f38b9d43df35235fc66c6740d6928b Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Tue, 14 Dec 2021 11:53:53 +0900 Subject: kbuild: do not quote string values in include/config/auto.conf The previous commit fixed up all shell scripts to not include include/config/auto.conf. Now that include/config/auto.conf is only included by Makefiles, we can change it into a more Make-friendly form. Previously, Kconfig output string values enclosed with double-quotes (both in the .config and include/config/auto.conf): CONFIG_X="foo bar" Unlike shell, Make handles double-quotes (and single-quotes as well) verbatim. We must rip them off when used. There are some patterns: [1] $(patsubst "%",%,$(CONFIG_X)) [2] $(CONFIG_X:"%"=%) [3] $(subst ",,$(CONFIG_X)) [4] $(shell echo $(CONFIG_X)) These are not only ugly, but also fragile. [1] and [2] do not work if the value contains spaces, like CONFIG_X=" foo bar " [3] does not work correctly if the value contains double-quotes like CONFIG_X="foo\"bar" [4] seems to work better, but has a cost of forking a process. Anyway, quoted strings were always PITA for our Makefiles. This commit changes Kconfig to stop quoting in include/config/auto.conf. These are the string type symbols referenced in Makefiles or scripts: ACPI_CUSTOM_DSDT_FILE ARC_BUILTIN_DTB_NAME ARC_TUNE_MCPU BUILTIN_DTB_SOURCE CC_IMPLICIT_FALLTHROUGH CC_VERSION_TEXT CFG80211_EXTRA_REGDB_KEYDIR EXTRA_FIRMWARE EXTRA_FIRMWARE_DIR EXTRA_TARGETS H8300_BUILTIN_DTB INITRAMFS_SOURCE LOCALVERSION MODULE_SIG_HASH MODULE_SIG_KEY NDS32_BUILTIN_DTB NIOS2_DTB_SOURCE OPENRISC_BUILTIN_DTB SOC_CANAAN_K210_DTB_SOURCE SYSTEM_BLACKLIST_HASH_LIST SYSTEM_REVOCATION_KEYS SYSTEM_TRUSTED_KEYS TARGET_CPU UNUSED_KSYMS_WHITELIST XILINX_MICROBLAZE0_FAMILY XILINX_MICROBLAZE0_HW_VER XTENSA_VARIANT_NAME I checked them one by one, and fixed up the code where necessary. Signed-off-by: Masahiro Yamada --- Makefile | 4 ++-- arch/arc/Makefile | 4 ++-- arch/arc/boot/dts/Makefile | 4 ++-- arch/h8300/boot/dts/Makefile | 6 +----- arch/microblaze/Makefile | 2 +- arch/nds32/boot/dts/Makefile | 7 +------ arch/nios2/boot/dts/Makefile | 2 +- arch/openrisc/boot/dts/Makefile | 7 +------ arch/powerpc/boot/Makefile | 2 +- arch/riscv/boot/dts/canaan/Makefile | 4 +--- arch/sh/boot/dts/Makefile | 4 +--- arch/xtensa/Makefile | 2 +- arch/xtensa/boot/dts/Makefile | 5 +---- certs/Makefile | 10 ++-------- drivers/acpi/Makefile | 2 +- drivers/base/firmware_loader/builtin/Makefile | 4 ++-- init/Makefile | 2 +- net/wireless/Makefile | 4 ++-- scripts/Makefile.modinst | 1 - scripts/gen_autoksyms.sh | 2 +- scripts/kconfig/confdata.c | 24 +++++++++++++----------- scripts/setlocalversion | 2 +- usr/Makefile | 2 +- 23 files changed, 40 insertions(+), 66 deletions(-) (limited to 'scripts') diff --git a/Makefile b/Makefile index f1e3bb73bb74..3c44b08220bf 100644 --- a/Makefile +++ b/Makefile @@ -1720,9 +1720,9 @@ PHONY += prepare # now expand this into a simple variable to reduce the cost of shell evaluations prepare: CC_VERSION_TEXT := $(CC_VERSION_TEXT) prepare: - @if [ "$(CC_VERSION_TEXT)" != $(CONFIG_CC_VERSION_TEXT) ]; then \ + @if [ "$(CC_VERSION_TEXT)" != "$(CONFIG_CC_VERSION_TEXT)" ]; then \ echo >&2 "warning: the compiler differs from the one used to build the kernel"; \ - echo >&2 " The kernel was built by: "$(CONFIG_CC_VERSION_TEXT); \ + echo >&2 " The kernel was built by: $(CONFIG_CC_VERSION_TEXT)"; \ echo >&2 " You are using: $(CC_VERSION_TEXT)"; \ fi diff --git a/arch/arc/Makefile b/arch/arc/Makefile index f252e7b924e9..efc54f3e35e0 100644 --- a/arch/arc/Makefile +++ b/arch/arc/Makefile @@ -14,10 +14,10 @@ cflags-y += -fno-common -pipe -fno-builtin -mmedium-calls -D__linux__ tune-mcpu-def-$(CONFIG_ISA_ARCOMPACT) := -mcpu=arc700 tune-mcpu-def-$(CONFIG_ISA_ARCV2) := -mcpu=hs38 -ifeq ($(CONFIG_ARC_TUNE_MCPU),"") +ifeq ($(CONFIG_ARC_TUNE_MCPU),) cflags-y += $(tune-mcpu-def-y) else -tune-mcpu := $(shell echo $(CONFIG_ARC_TUNE_MCPU)) +tune-mcpu := $(CONFIG_ARC_TUNE_MCPU) ifneq ($(call cc-option,$(tune-mcpu)),) cflags-y += $(tune-mcpu) else diff --git a/arch/arc/boot/dts/Makefile b/arch/arc/boot/dts/Makefile index 8483a86c743d..4237aa5de3a3 100644 --- a/arch/arc/boot/dts/Makefile +++ b/arch/arc/boot/dts/Makefile @@ -2,8 +2,8 @@ # Built-in dtb builtindtb-y := nsim_700 -ifneq ($(CONFIG_ARC_BUILTIN_DTB_NAME),"") - builtindtb-y := $(patsubst "%",%,$(CONFIG_ARC_BUILTIN_DTB_NAME)) +ifneq ($(CONFIG_ARC_BUILTIN_DTB_NAME),) + builtindtb-y := $(CONFIG_ARC_BUILTIN_DTB_NAME) endif obj-y += $(builtindtb-y).dtb.o diff --git a/arch/h8300/boot/dts/Makefile b/arch/h8300/boot/dts/Makefile index 69fcd817892c..c36bbd1f2592 100644 --- a/arch/h8300/boot/dts/Makefile +++ b/arch/h8300/boot/dts/Makefile @@ -1,9 +1,5 @@ # SPDX-License-Identifier: GPL-2.0 -ifneq '$(CONFIG_H8300_BUILTIN_DTB)' '""' -BUILTIN_DTB := $(patsubst "%",%,$(CONFIG_H8300_BUILTIN_DTB)).dtb.o -endif - -obj-y += $(BUILTIN_DTB) +obj-y += $(addsuffix .dtb.o, $(CONFIG_H8300_BUILTIN_DTB)) dtb-$(CONFIG_H8300H_SIM) := h8300h_sim.dtb dtb-$(CONFIG_H8S_SIM) := h8s_sim.dtb diff --git a/arch/microblaze/Makefile b/arch/microblaze/Makefile index e775a696aa6f..a25e76d89e86 100644 --- a/arch/microblaze/Makefile +++ b/arch/microblaze/Makefile @@ -5,7 +5,7 @@ UTS_SYSNAME = -DUTS_SYSNAME=\"Linux\" # What CPU version are we building for, and crack it open # as major.minor.rev -CPU_VER := $(shell echo $(CONFIG_XILINX_MICROBLAZE0_HW_VER)) +CPU_VER := $(CONFIG_XILINX_MICROBLAZE0_HW_VER) CPU_MAJOR := $(shell echo $(CPU_VER) | cut -d '.' -f 1) CPU_MINOR := $(shell echo $(CPU_VER) | cut -d '.' -f 2) CPU_REV := $(shell echo $(CPU_VER) | cut -d '.' -f 3) diff --git a/arch/nds32/boot/dts/Makefile b/arch/nds32/boot/dts/Makefile index f84bd529b6fd..4fc69562eae8 100644 --- a/arch/nds32/boot/dts/Makefile +++ b/arch/nds32/boot/dts/Makefile @@ -1,7 +1,2 @@ # SPDX-License-Identifier: GPL-2.0-only -ifneq '$(CONFIG_NDS32_BUILTIN_DTB)' '""' -BUILTIN_DTB := $(patsubst "%",%,$(CONFIG_NDS32_BUILTIN_DTB)).dtb.o -else -BUILTIN_DTB := -endif -obj-$(CONFIG_OF) += $(BUILTIN_DTB) +obj-$(CONFIG_OF) += $(addsuffix .dtb.o, $(CONFIG_NDS32_BUILTIN_DTB)) diff --git a/arch/nios2/boot/dts/Makefile b/arch/nios2/boot/dts/Makefile index a91a0b09be63..e9e31bb40df8 100644 --- a/arch/nios2/boot/dts/Makefile +++ b/arch/nios2/boot/dts/Makefile @@ -1,6 +1,6 @@ # SPDX-License-Identifier: GPL-2.0 -obj-y := $(patsubst "%.dts",%.dtb.o,$(CONFIG_NIOS2_DTB_SOURCE)) +obj-y := $(patsubst %.dts,%.dtb.o,$(CONFIG_NIOS2_DTB_SOURCE)) dtstree := $(srctree)/$(src) dtb-$(CONFIG_OF_ALL_DTBS) := $(patsubst $(dtstree)/%.dts,%.dtb, $(wildcard $(dtstree)/*.dts)) diff --git a/arch/openrisc/boot/dts/Makefile b/arch/openrisc/boot/dts/Makefile index 17dd791a833f..13db5a2aab52 100644 --- a/arch/openrisc/boot/dts/Makefile +++ b/arch/openrisc/boot/dts/Makefile @@ -1,9 +1,4 @@ # SPDX-License-Identifier: GPL-2.0 -ifneq '$(CONFIG_OPENRISC_BUILTIN_DTB)' '""' -BUILTIN_DTB := $(patsubst "%",%,$(CONFIG_OPENRISC_BUILTIN_DTB)).dtb.o -else -BUILTIN_DTB := -endif -obj-y += $(BUILTIN_DTB) +obj-y += $(addsuffix .dtb.o, $(CONFIG_OPENRISC_BUILTIN_DTB)) #DTC_FLAGS ?= -p 1024 diff --git a/arch/powerpc/boot/Makefile b/arch/powerpc/boot/Makefile index 9993c6256ad2..4b4827c475c6 100644 --- a/arch/powerpc/boot/Makefile +++ b/arch/powerpc/boot/Makefile @@ -365,7 +365,7 @@ image-$(CONFIG_PPC_PMAC) += zImage.coff zImage.miboot endif # Allow extra targets to be added to the defconfig -image-y += $(subst ",,$(CONFIG_EXTRA_TARGETS)) +image-y += $(CONFIG_EXTRA_TARGETS) initrd- := $(patsubst zImage%, zImage.initrd%, $(image-)) initrd-y := $(patsubst zImage%, zImage.initrd%, \ diff --git a/arch/riscv/boot/dts/canaan/Makefile b/arch/riscv/boot/dts/canaan/Makefile index 9ee7156c0c31..c61b08ac8554 100644 --- a/arch/riscv/boot/dts/canaan/Makefile +++ b/arch/riscv/boot/dts/canaan/Makefile @@ -1,5 +1,3 @@ # SPDX-License-Identifier: GPL-2.0 -ifneq ($(CONFIG_SOC_CANAAN_K210_DTB_SOURCE),"") -dtb-y += $(strip $(shell echo $(CONFIG_SOC_CANAAN_K210_DTB_SOURCE))).dtb +dtb-$(CONFIG_SOC_CANAAN_K210_DTB_BUILTIN) += $(addsuffix .dtb, $(CONFIG_SOC_CANAAN_K210_DTB_SOURCE)) obj-$(CONFIG_SOC_CANAAN_K210_DTB_BUILTIN) += $(addsuffix .o, $(dtb-y)) -endif diff --git a/arch/sh/boot/dts/Makefile b/arch/sh/boot/dts/Makefile index c17d65b82abe..4a6dec9714a9 100644 --- a/arch/sh/boot/dts/Makefile +++ b/arch/sh/boot/dts/Makefile @@ -1,4 +1,2 @@ # SPDX-License-Identifier: GPL-2.0-only -ifneq ($(CONFIG_BUILTIN_DTB_SOURCE),"") -obj-$(CONFIG_USE_BUILTIN_DTB) += $(patsubst "%",%,$(CONFIG_BUILTIN_DTB_SOURCE)).dtb.o -endif +obj-$(CONFIG_USE_BUILTIN_DTB) += $(addsuffix .dtb.o, $(CONFIG_BUILTIN_DTB_SOURCE)) diff --git a/arch/xtensa/Makefile b/arch/xtensa/Makefile index 9778216d6e09..ee2769519eaf 100644 --- a/arch/xtensa/Makefile +++ b/arch/xtensa/Makefile @@ -12,7 +12,7 @@ # Core configuration. # (Use VAR= to use another default compiler.) -variant-y := $(patsubst "%",%,$(CONFIG_XTENSA_VARIANT_NAME)) +variant-y := $(CONFIG_XTENSA_VARIANT_NAME) VARIANT = $(variant-y) diff --git a/arch/xtensa/boot/dts/Makefile b/arch/xtensa/boot/dts/Makefile index 0b8d00cdae7c..720628c0d8b9 100644 --- a/arch/xtensa/boot/dts/Makefile +++ b/arch/xtensa/boot/dts/Makefile @@ -7,10 +7,7 @@ # # -BUILTIN_DTB_SOURCE := $(patsubst "%",%,$(CONFIG_BUILTIN_DTB_SOURCE)).dtb.o -ifneq ($(CONFIG_BUILTIN_DTB_SOURCE),"") -obj-$(CONFIG_OF) += $(BUILTIN_DTB_SOURCE) -endif +obj-$(CONFIG_OF) += $(addsuffix .dtb.o, $(CONFIG_BUILTIN_DTB_SOURCE)) # for CONFIG_OF_ALL_DTBS test dtstree := $(srctree)/$(src) diff --git a/certs/Makefile b/certs/Makefile index 69c1404152ef..7b48445d71f6 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -6,7 +6,7 @@ obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o common.o obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o common.o obj-$(CONFIG_SYSTEM_REVOCATION_LIST) += revocation_certificates.o -ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),"") +ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),) obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o else obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o @@ -17,8 +17,6 @@ quiet_cmd_extract_certs = CERT $@ $(obj)/system_certificates.o: $(obj)/x509_certificate_list -CONFIG_SYSTEM_TRUSTED_KEYS := $(CONFIG_SYSTEM_TRUSTED_KEYS:"%"=%) - $(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) scripts/extract-cert FORCE $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,"")) @@ -46,7 +44,7 @@ ifdef SIGN_KEY # We do it this way rather than having a boolean option for enabling an # external private key, because 'make randconfig' might enable such a # boolean option and we unfortunately can't make it depend on !RANDCONFIG. -ifeq ($(CONFIG_MODULE_SIG_KEY),"certs/signing_key.pem") +ifeq ($(CONFIG_MODULE_SIG_KEY),certs/signing_key.pem) keytype-$(CONFIG_MODULE_SIG_KEY_TYPE_ECDSA) := -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 @@ -69,8 +67,6 @@ $(obj)/x509.genkey: endif # CONFIG_MODULE_SIG_KEY -CONFIG_MODULE_SIG_KEY := $(CONFIG_MODULE_SIG_KEY:"%"=%) - # If CONFIG_MODULE_SIG_KEY isn't a PKCS#11 URI, depend on it ifneq ($(filter-out pkcs11:%, %(CONFIG_MODULE_SIG_KEY)),) X509_DEP := $(CONFIG_MODULE_SIG_KEY) @@ -86,8 +82,6 @@ targets += signing_key.x509 $(obj)/revocation_certificates.o: $(obj)/x509_revocation_list -CONFIG_SYSTEM_REVOCATION_KEYS := $(CONFIG_SYSTEM_REVOCATION_KEYS:"%"=%) - $(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) scripts/extract-cert FORCE $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,"")) diff --git a/drivers/acpi/Makefile b/drivers/acpi/Makefile index 3018714e87d9..da0cdd1e9380 100644 --- a/drivers/acpi/Makefile +++ b/drivers/acpi/Makefile @@ -9,7 +9,7 @@ ccflags-$(CONFIG_ACPI_DEBUG) += -DACPI_DEBUG_OUTPUT # ACPI Boot-Time Table Parsing # ifeq ($(CONFIG_ACPI_CUSTOM_DSDT),y) -tables.o: $(src)/../../include/$(subst $\",,$(CONFIG_ACPI_CUSTOM_DSDT_FILE)) ; +tables.o: $(src)/../../include/$(CONFIG_ACPI_CUSTOM_DSDT_FILE) ; endif diff --git a/drivers/base/firmware_loader/builtin/Makefile b/drivers/base/firmware_loader/builtin/Makefile index eb4be452062a..6c067dedc01e 100644 --- a/drivers/base/firmware_loader/builtin/Makefile +++ b/drivers/base/firmware_loader/builtin/Makefile @@ -3,10 +3,10 @@ obj-y += main.o # Create $(fwdir) from $(CONFIG_EXTRA_FIRMWARE_DIR) -- if it doesn't have a # leading /, it's relative to $(srctree). -fwdir := $(subst $(quote),,$(CONFIG_EXTRA_FIRMWARE_DIR)) +fwdir := $(CONFIG_EXTRA_FIRMWARE_DIR) fwdir := $(addprefix $(srctree)/,$(filter-out /%,$(fwdir)))$(filter /%,$(fwdir)) -firmware := $(addsuffix .gen.o, $(subst $(quote),,$(CONFIG_EXTRA_FIRMWARE))) +firmware := $(addsuffix .gen.o, $(CONFIG_EXTRA_FIRMWARE)) obj-y += $(firmware) FWNAME = $(patsubst $(obj)/%.gen.S,%,$@) diff --git a/init/Makefile b/init/Makefile index 04eeee12c076..06326e304384 100644 --- a/init/Makefile +++ b/init/Makefile @@ -31,7 +31,7 @@ quiet_cmd_compile.h = CHK $@ cmd_compile.h = \ $(CONFIG_SHELL) $(srctree)/scripts/mkcompile_h $@ \ "$(UTS_MACHINE)" "$(CONFIG_SMP)" "$(CONFIG_PREEMPT_BUILD)" \ - "$(CONFIG_PREEMPT_RT)" $(CONFIG_CC_VERSION_TEXT) "$(LD)" + "$(CONFIG_PREEMPT_RT)" "$(CONFIG_CC_VERSION_TEXT)" "$(LD)" include/generated/compile.h: FORCE $(call cmd,compile.h) diff --git a/net/wireless/Makefile b/net/wireless/Makefile index 756e7de7e33f..1e9be50469ce 100644 --- a/net/wireless/Makefile +++ b/net/wireless/Makefile @@ -33,8 +33,8 @@ $(obj)/shipped-certs.c: $(wildcard $(srctree)/$(src)/certs/*.hex) echo 'unsigned int shipped_regdb_certs_len = sizeof(shipped_regdb_certs);'; \ ) > $@ -$(obj)/extra-certs.c: $(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR:"%"=%) \ - $(wildcard $(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR:"%"=%)/*.x509) +$(obj)/extra-certs.c: $(CONFIG_CFG80211_EXTRA_REGDB_KEYDI) \ + $(wildcard $(CONFIG_CFG80211_EXTRA_REGDB_KEYDIR)/*.x509) @$(kecho) " GEN $@" $(Q)(set -e; \ allf=""; \ diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst index df7e3d578ef5..c2c43a0ecfe0 100644 --- a/scripts/Makefile.modinst +++ b/scripts/Makefile.modinst @@ -66,7 +66,6 @@ endif # Don't stop modules_install even if we can't sign external modules. # ifeq ($(CONFIG_MODULE_SIG_ALL),y) -CONFIG_MODULE_SIG_KEY := $(CONFIG_MODULE_SIG_KEY:"%"=%) sig-key := $(if $(wildcard $(CONFIG_MODULE_SIG_KEY)),,$(srctree)/)$(CONFIG_MODULE_SIG_KEY) quiet_cmd_sign = SIGN $@ cmd_sign = scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(sig-key) certs/signing_key.x509 $@ \ diff --git a/scripts/gen_autoksyms.sh b/scripts/gen_autoksyms.sh index 949d6a054034..120225c541c5 100755 --- a/scripts/gen_autoksyms.sh +++ b/scripts/gen_autoksyms.sh @@ -23,7 +23,7 @@ if grep -q "^CONFIG_MODVERSIONS=y$" include/config/auto.conf; then needed_symbols="$needed_symbols module_layout" fi -ksym_wl=$(sed -n 's/^CONFIG_UNUSED_KSYMS_WHITELIST="\(.*\)"$/\1/p' include/config/auto.conf) +ksym_wl=$(sed -n 's/^CONFIG_UNUSED_KSYMS_WHITELIST=\(.*\)$/\1/p' include/config/auto.conf) if [ -n "$ksym_wl" ]; then [ "${ksym_wl}" != "${ksym_wl#/}" ] || ksym_wl="$abs_srctree/$ksym_wl" if [ ! -f "$ksym_wl" ] || [ ! -r "$ksym_wl" ]; then diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c index 42bc56ee238c..59717be31210 100644 --- a/scripts/kconfig/confdata.c +++ b/scripts/kconfig/confdata.c @@ -244,19 +244,21 @@ static int conf_set_sym_val(struct symbol *sym, int def, int def_flags, char *p) p, sym->name); return 1; case S_STRING: - if (*p++ != '"') - break; - for (p2 = p; (p2 = strpbrk(p2, "\"\\")); p2++) { - if (*p2 == '"') { - *p2 = 0; + /* No escaping for S_DEF_AUTO (include/config/auto.conf) */ + if (def != S_DEF_AUTO) { + if (*p++ != '"') break; + for (p2 = p; (p2 = strpbrk(p2, "\"\\")); p2++) { + if (*p2 == '"') { + *p2 = 0; + break; + } + memmove(p2, p2 + 1, strlen(p2)); } - memmove(p2, p2 + 1, strlen(p2)); - } - if (!p2) { - if (def != S_DEF_AUTO) + if (!p2) { conf_warning("invalid string found"); - return 1; + return 1; + } } /* fall through */ case S_INT: @@ -700,7 +702,7 @@ static void print_symbol_for_dotconfig(FILE *fp, struct symbol *sym) static void print_symbol_for_autoconf(FILE *fp, struct symbol *sym) { - __print_symbol(fp, sym, OUTPUT_N_NONE, true); + __print_symbol(fp, sym, OUTPUT_N_NONE, false); } void print_symbol_for_listconfig(struct symbol *sym) diff --git a/scripts/setlocalversion b/scripts/setlocalversion index d06137405190..af4754a35e66 100755 --- a/scripts/setlocalversion +++ b/scripts/setlocalversion @@ -123,7 +123,7 @@ if test ! "$srctree" -ef .; then fi # CONFIG_LOCALVERSION and LOCALVERSION (if set) -config_localversion=$(sed -n 's/^CONFIG_LOCALVERSION="\(.*\)"$/\1/p' include/config/auto.conf) +config_localversion=$(sed -n 's/^CONFIG_LOCALVERSION=\(.*\)$/\1/p' include/config/auto.conf) res="${res}${config_localversion}${LOCALVERSION}" # scm version string if not at a tagged commit diff --git a/usr/Makefile b/usr/Makefile index b1a81a40eab1..7374873a539f 100644 --- a/usr/Makefile +++ b/usr/Makefile @@ -21,7 +21,7 @@ obj-$(CONFIG_BLK_DEV_INITRD) := initramfs_data.o $(obj)/initramfs_data.o: $(obj)/initramfs_inc_data -ramfs-input := $(strip $(shell echo $(CONFIG_INITRAMFS_SOURCE))) +ramfs-input := $(CONFIG_INITRAMFS_SOURCE) cpio-data := # If CONFIG_INITRAMFS_SOURCE is empty, generate a small initramfs with the -- cgit v1.2.3 From 340a02535ee785c64c62a9c45706597a0139e972 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Tue, 14 Dec 2021 11:53:54 +0900 Subject: certs: move scripts/extract-cert to certs/ extract-cert is only used in certs/Makefile. Move it there and build extract-cert on demand. Signed-off-by: Masahiro Yamada --- MAINTAINERS | 1 - certs/.gitignore | 1 + certs/Makefile | 13 ++-- certs/extract-cert.c | 162 +++++++++++++++++++++++++++++++++++++++++++++ scripts/.gitignore | 1 - scripts/Makefile | 11 +-- scripts/extract-cert.c | 162 --------------------------------------------- scripts/remove-stale-files | 2 + 8 files changed, 176 insertions(+), 177 deletions(-) create mode 100644 certs/extract-cert.c delete mode 100644 scripts/extract-cert.c (limited to 'scripts') diff --git a/MAINTAINERS b/MAINTAINERS index 360e9aa0205d..f321ddbb1ab0 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -4410,7 +4410,6 @@ L: keyrings@vger.kernel.org S: Maintained F: Documentation/admin-guide/module-signing.rst F: certs/ -F: scripts/extract-cert.c F: scripts/sign-file.c CFAG12864B LCD DRIVER diff --git a/certs/.gitignore b/certs/.gitignore index 8c3763f80be3..9e42fe3e02f5 100644 --- a/certs/.gitignore +++ b/certs/.gitignore @@ -1,3 +1,4 @@ # SPDX-License-Identifier: GPL-2.0-only +/extract-cert /x509_certificate_list /x509_revocation_list diff --git a/certs/Makefile b/certs/Makefile index 7b48445d71f6..f7041c29a2e0 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -13,11 +13,11 @@ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_nohashes.o endif quiet_cmd_extract_certs = CERT $@ - cmd_extract_certs = scripts/extract-cert $(2) $@ + cmd_extract_certs = $(obj)/extract-cert $(2) $@ $(obj)/system_certificates.o: $(obj)/x509_certificate_list -$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) scripts/extract-cert FORCE +$(obj)/x509_certificate_list: $(CONFIG_SYSTEM_TRUSTED_KEYS) $(obj)/extract-cert FORCE $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_TRUSTED_KEYS),$<,"")) targets += x509_certificate_list @@ -74,7 +74,7 @@ endif $(obj)/system_certificates.o: $(obj)/signing_key.x509 -$(obj)/signing_key.x509: $(X509_DEP) scripts/extract-cert FORCE +$(obj)/signing_key.x509: $(X509_DEP) $(obj)/extract-cert FORCE $(call if_changed,extract_certs,$(if $(X509_DEP),$<,$(CONFIG_MODULE_SIG_KEY))) endif # CONFIG_MODULE_SIG @@ -82,7 +82,12 @@ targets += signing_key.x509 $(obj)/revocation_certificates.o: $(obj)/x509_revocation_list -$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) scripts/extract-cert FORCE +$(obj)/x509_revocation_list: $(CONFIG_SYSTEM_REVOCATION_KEYS) $(obj)/extract-cert FORCE $(call if_changed,extract_certs,$(if $(CONFIG_SYSTEM_REVOCATION_KEYS),$<,"")) targets += x509_revocation_list + +hostprogs := extract-cert + +HOSTCFLAGS_extract-cert.o = $(shell pkg-config --cflags libcrypto 2> /dev/null) +HOSTLDLIBS_extract-cert = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto) diff --git a/certs/extract-cert.c b/certs/extract-cert.c new file mode 100644 index 000000000000..f7ef7862f207 --- /dev/null +++ b/certs/extract-cert.c @@ -0,0 +1,162 @@ +/* Extract X.509 certificate in DER form from PKCS#11 or PEM. + * + * Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved. + * Copyright © 2015 Intel Corporation. + * + * Authors: David Howells + * David Woodhouse + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 + * of the licence, or (at your option) any later version. + */ +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define PKEY_ID_PKCS7 2 + +static __attribute__((noreturn)) +void format(void) +{ + fprintf(stderr, + "Usage: extract-cert \n"); + exit(2); +} + +static void display_openssl_errors(int l) +{ + const char *file; + char buf[120]; + int e, line; + + if (ERR_peek_error() == 0) + return; + fprintf(stderr, "At main.c:%d:\n", l); + + while ((e = ERR_get_error_line(&file, &line))) { + ERR_error_string(e, buf); + fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line); + } +} + +static void drain_openssl_errors(void) +{ + const char *file; + int line; + + if (ERR_peek_error() == 0) + return; + while (ERR_get_error_line(&file, &line)) {} +} + +#define ERR(cond, fmt, ...) \ + do { \ + bool __cond = (cond); \ + display_openssl_errors(__LINE__); \ + if (__cond) { \ + err(1, fmt, ## __VA_ARGS__); \ + } \ + } while(0) + +static const char *key_pass; +static BIO *wb; +static char *cert_dst; +static int kbuild_verbose; + +static void write_cert(X509 *x509) +{ + char buf[200]; + + if (!wb) { + wb = BIO_new_file(cert_dst, "wb"); + ERR(!wb, "%s", cert_dst); + } + X509_NAME_oneline(X509_get_subject_name(x509), buf, sizeof(buf)); + ERR(!i2d_X509_bio(wb, x509), "%s", cert_dst); + if (kbuild_verbose) + fprintf(stderr, "Extracted cert: %s\n", buf); +} + +int main(int argc, char **argv) +{ + char *cert_src; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + ERR_clear_error(); + + kbuild_verbose = atoi(getenv("KBUILD_VERBOSE")?:"0"); + + key_pass = getenv("KBUILD_SIGN_PIN"); + + if (argc != 3) + format(); + + cert_src = argv[1]; + cert_dst = argv[2]; + + if (!cert_src[0]) { + /* Invoked with no input; create empty file */ + FILE *f = fopen(cert_dst, "wb"); + ERR(!f, "%s", cert_dst); + fclose(f); + exit(0); + } else if (!strncmp(cert_src, "pkcs11:", 7)) { + ENGINE *e; + struct { + const char *cert_id; + X509 *cert; + } parms; + + parms.cert_id = cert_src; + parms.cert = NULL; + + ENGINE_load_builtin_engines(); + drain_openssl_errors(); + e = ENGINE_by_id("pkcs11"); + ERR(!e, "Load PKCS#11 ENGINE"); + if (ENGINE_init(e)) + drain_openssl_errors(); + else + ERR(1, "ENGINE_init"); + if (key_pass) + ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN"); + ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); + ERR(!parms.cert, "Get X.509 from PKCS#11"); + write_cert(parms.cert); + } else { + BIO *b; + X509 *x509; + + b = BIO_new_file(cert_src, "rb"); + ERR(!b, "%s", cert_src); + + while (1) { + x509 = PEM_read_bio_X509(b, NULL, NULL, NULL); + if (wb && !x509) { + unsigned long err = ERR_peek_last_error(); + if (ERR_GET_LIB(err) == ERR_LIB_PEM && + ERR_GET_REASON(err) == PEM_R_NO_START_LINE) { + ERR_clear_error(); + break; + } + } + ERR(!x509, "%s", cert_src); + write_cert(x509); + } + } + + BIO_free(wb); + + return 0; +} diff --git a/scripts/.gitignore b/scripts/.gitignore index e83c620ef52c..eed308bef604 100644 --- a/scripts/.gitignore +++ b/scripts/.gitignore @@ -1,7 +1,6 @@ # SPDX-License-Identifier: GPL-2.0-only /asn1_compiler /bin2c -/extract-cert /insert-sys-cert /kallsyms /module.lds diff --git a/scripts/Makefile b/scripts/Makefile index 9adb6d247818..e198b22dc476 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -3,25 +3,18 @@ # scripts contains sources for various helper programs used throughout # the kernel for the build process. -CRYPTO_LIBS = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto) -CRYPTO_CFLAGS = $(shell pkg-config --cflags libcrypto 2> /dev/null) - hostprogs-always-$(CONFIG_BUILD_BIN2C) += bin2c hostprogs-always-$(CONFIG_KALLSYMS) += kallsyms hostprogs-always-$(BUILD_C_RECORDMCOUNT) += recordmcount hostprogs-always-$(CONFIG_BUILDTIME_TABLE_SORT) += sorttable hostprogs-always-$(CONFIG_ASN1) += asn1_compiler hostprogs-always-$(CONFIG_MODULE_SIG_FORMAT) += sign-file -hostprogs-always-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += extract-cert hostprogs-always-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-sys-cert -hostprogs-always-$(CONFIG_SYSTEM_REVOCATION_LIST) += extract-cert HOSTCFLAGS_sorttable.o = -I$(srctree)/tools/include HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include -HOSTCFLAGS_sign-file.o = $(CRYPTO_CFLAGS) -HOSTLDLIBS_sign-file = $(CRYPTO_LIBS) -HOSTCFLAGS_extract-cert.o = $(CRYPTO_CFLAGS) -HOSTLDLIBS_extract-cert = $(CRYPTO_LIBS) +HOSTCFLAGS_sign-file.o = $(shell pkg-config --cflags libcrypto 2> /dev/null) +HOSTLDLIBS_sign-file = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto) ifdef CONFIG_UNWINDER_ORC ifeq ($(ARCH),x86_64) diff --git a/scripts/extract-cert.c b/scripts/extract-cert.c deleted file mode 100644 index 3bc48c726c41..000000000000 --- a/scripts/extract-cert.c +++ /dev/null @@ -1,162 +0,0 @@ -/* Extract X.509 certificate in DER form from PKCS#11 or PEM. - * - * Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved. - * Copyright © 2015 Intel Corporation. - * - * Authors: David Howells - * David Woodhouse - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 - * of the licence, or (at your option) any later version. - */ -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define PKEY_ID_PKCS7 2 - -static __attribute__((noreturn)) -void format(void) -{ - fprintf(stderr, - "Usage: scripts/extract-cert \n"); - exit(2); -} - -static void display_openssl_errors(int l) -{ - const char *file; - char buf[120]; - int e, line; - - if (ERR_peek_error() == 0) - return; - fprintf(stderr, "At main.c:%d:\n", l); - - while ((e = ERR_get_error_line(&file, &line))) { - ERR_error_string(e, buf); - fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line); - } -} - -static void drain_openssl_errors(void) -{ - const char *file; - int line; - - if (ERR_peek_error() == 0) - return; - while (ERR_get_error_line(&file, &line)) {} -} - -#define ERR(cond, fmt, ...) \ - do { \ - bool __cond = (cond); \ - display_openssl_errors(__LINE__); \ - if (__cond) { \ - err(1, fmt, ## __VA_ARGS__); \ - } \ - } while(0) - -static const char *key_pass; -static BIO *wb; -static char *cert_dst; -static int kbuild_verbose; - -static void write_cert(X509 *x509) -{ - char buf[200]; - - if (!wb) { - wb = BIO_new_file(cert_dst, "wb"); - ERR(!wb, "%s", cert_dst); - } - X509_NAME_oneline(X509_get_subject_name(x509), buf, sizeof(buf)); - ERR(!i2d_X509_bio(wb, x509), "%s", cert_dst); - if (kbuild_verbose) - fprintf(stderr, "Extracted cert: %s\n", buf); -} - -int main(int argc, char **argv) -{ - char *cert_src; - - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); - ERR_clear_error(); - - kbuild_verbose = atoi(getenv("KBUILD_VERBOSE")?:"0"); - - key_pass = getenv("KBUILD_SIGN_PIN"); - - if (argc != 3) - format(); - - cert_src = argv[1]; - cert_dst = argv[2]; - - if (!cert_src[0]) { - /* Invoked with no input; create empty file */ - FILE *f = fopen(cert_dst, "wb"); - ERR(!f, "%s", cert_dst); - fclose(f); - exit(0); - } else if (!strncmp(cert_src, "pkcs11:", 7)) { - ENGINE *e; - struct { - const char *cert_id; - X509 *cert; - } parms; - - parms.cert_id = cert_src; - parms.cert = NULL; - - ENGINE_load_builtin_engines(); - drain_openssl_errors(); - e = ENGINE_by_id("pkcs11"); - ERR(!e, "Load PKCS#11 ENGINE"); - if (ENGINE_init(e)) - drain_openssl_errors(); - else - ERR(1, "ENGINE_init"); - if (key_pass) - ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN"); - ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); - ERR(!parms.cert, "Get X.509 from PKCS#11"); - write_cert(parms.cert); - } else { - BIO *b; - X509 *x509; - - b = BIO_new_file(cert_src, "rb"); - ERR(!b, "%s", cert_src); - - while (1) { - x509 = PEM_read_bio_X509(b, NULL, NULL, NULL); - if (wb && !x509) { - unsigned long err = ERR_peek_last_error(); - if (ERR_GET_LIB(err) == ERR_LIB_PEM && - ERR_GET_REASON(err) == PEM_R_NO_START_LINE) { - ERR_clear_error(); - break; - } - } - ERR(!x509, "%s", cert_src); - write_cert(x509); - } - } - - BIO_free(wb); - - return 0; -} diff --git a/scripts/remove-stale-files b/scripts/remove-stale-files index 0114c41e6938..dd230792056a 100755 --- a/scripts/remove-stale-files +++ b/scripts/remove-stale-files @@ -34,3 +34,5 @@ if [ -n "${building_out_of_srctree}" ]; then rm -f arch/mips/boot/compressed/${f} done fi + +rm -f scripts/extract-cert -- cgit v1.2.3 From 64d8aaa4ef388b22372de4dc9ce3b9b3e5f45b6c Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Mon, 10 Jan 2022 03:15:26 +0900 Subject: kbuild: drop $(size_append) from cmd_zstd The appended file size is only used by the decompressors, which some architectures support. As the comment "zstd22 is used for kernel compression" says, cmd_zstd22 is used in arch/{mips,s390,x86}/boot/compressed/Makefile. On the other hand, there is no good reason to append the file size to cmd_zstd since it is used for other purposes. Actually cmd_zstd is only used in usr/Makefile, where the appended file size is rather harmful. The initramfs with its file size appended is considered as corrupted data, so commit 65e00e04e5ae ("initramfs: refactor the initramfs build rules") added 'override size_append := :' to make it no-op. As a conclusion, this $(size_append) should not exist here. Signed-off-by: Masahiro Yamada Reviewed-by: Nicolas Schier --- scripts/Makefile.lib | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index d1f865b8c0cb..5366466ea0e4 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -473,7 +473,7 @@ quiet_cmd_xzmisc = XZMISC $@ # be used because it would require zstd to allocate a 128 MB buffer. quiet_cmd_zstd = ZSTD $@ - cmd_zstd = { cat $(real-prereqs) | $(ZSTD) -19; $(size_append); } > $@ + cmd_zstd = cat $(real-prereqs) | $(ZSTD) -19 > $@ quiet_cmd_zstd22 = ZSTD22 $@ cmd_zstd22 = { cat $(real-prereqs) | $(ZSTD) -22 --ultra; $(size_append); } > $@ -- cgit v1.2.3 From 7ce7e984ab2b218d6e92d5165629022fe2daf9ee Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Mon, 10 Jan 2022 03:15:27 +0900 Subject: kbuild: rename cmd_{bzip2,lzma,lzo,lz4,xzkern,zstd22} GZIP-compressed files end with 4 byte data that represents the size of the original input. The decompressors (the self-extracting kernel) exploit it to know the vmlinux size beforehand. To mimic the GZIP's trailer, Kbuild provides cmd_{bzip2,lzma,lzo,lz4,xzkern,zstd22}. Unfortunately these macros are used everywhere despite the appended size data is only useful for the decompressors. There is no guarantee that such hand-crafted trailers are safely ignored. In fact, the kernel refuses compressed initramdfs with the garbage data. That is why usr/Makefile overrides size_append to make it no-op. To limit the use of such broken compressed files, this commit renames the existing macros as follows: cmd_bzip2 --> cmd_bzip2_with_size cmd_lzma --> cmd_lzma_with_size cmd_lzo --> cmd_lzo_with_size cmd_lz4 --> cmd_lz4_with_size cmd_xzkern --> cmd_xzkern_with_size cmd_zstd22 --> cmd_zstd22_with_size To keep the decompressors working, I updated the following Makefiles accordingly: arch/arm/boot/compressed/Makefile arch/h8300/boot/compressed/Makefile arch/mips/boot/compressed/Makefile arch/parisc/boot/compressed/Makefile arch/s390/boot/compressed/Makefile arch/sh/boot/compressed/Makefile arch/x86/boot/compressed/Makefile I reused the current macro names for the normal usecases; they produce the compressed data in the proper format. I did not touch the following: arch/arc/boot/Makefile arch/arm64/boot/Makefile arch/csky/boot/Makefile arch/mips/boot/Makefile arch/riscv/boot/Makefile arch/sh/boot/Makefile kernel/Makefile This means those Makefiles will stop appending the size data. I dropped the 'override size_append' hack from usr/Makefile. Signed-off-by: Masahiro Yamada Reviewed-by: Nicolas Schier --- arch/arm/boot/compressed/Makefile | 8 ++++---- arch/h8300/boot/compressed/Makefile | 4 +++- arch/mips/boot/compressed/Makefile | 12 ++++++------ arch/parisc/boot/compressed/Makefile | 10 +++++----- arch/s390/boot/compressed/Makefile | 12 ++++++------ arch/sh/boot/compressed/Makefile | 8 ++++---- arch/x86/boot/compressed/Makefile | 12 ++++++------ scripts/Makefile.lib | 30 ++++++++++++++++++++++++------ usr/Makefile | 5 ----- 9 files changed, 58 insertions(+), 43 deletions(-) (limited to 'scripts') diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile index 91265e7ff672..adc0e318a1ea 100644 --- a/arch/arm/boot/compressed/Makefile +++ b/arch/arm/boot/compressed/Makefile @@ -77,10 +77,10 @@ CPPFLAGS_vmlinux.lds += -DTEXT_OFFSET="$(TEXT_OFFSET)" CPPFLAGS_vmlinux.lds += -DMALLOC_SIZE="$(MALLOC_SIZE)" compress-$(CONFIG_KERNEL_GZIP) = gzip -compress-$(CONFIG_KERNEL_LZO) = lzo -compress-$(CONFIG_KERNEL_LZMA) = lzma -compress-$(CONFIG_KERNEL_XZ) = xzkern -compress-$(CONFIG_KERNEL_LZ4) = lz4 +compress-$(CONFIG_KERNEL_LZO) = lzo_with_size +compress-$(CONFIG_KERNEL_LZMA) = lzma_with_size +compress-$(CONFIG_KERNEL_XZ) = xzkern_with_size +compress-$(CONFIG_KERNEL_LZ4) = lz4_with_size libfdt_objs := fdt_rw.o fdt_ro.o fdt_wip.o fdt.o diff --git a/arch/h8300/boot/compressed/Makefile b/arch/h8300/boot/compressed/Makefile index 5942793f77a0..6ab2fa5ba105 100644 --- a/arch/h8300/boot/compressed/Makefile +++ b/arch/h8300/boot/compressed/Makefile @@ -30,9 +30,11 @@ $(obj)/vmlinux.bin: vmlinux FORCE suffix-$(CONFIG_KERNEL_GZIP) := gzip suffix-$(CONFIG_KERNEL_LZO) := lzo +compress-$(CONFIG_KERNEL_GZIP) := gzip +compress-$(CONFIG_KERNEL_LZO) := lzo_with_size $(obj)/vmlinux.bin.$(suffix-y): $(obj)/vmlinux.bin FORCE - $(call if_changed,$(suffix-y)) + $(call if_changed,$(compress-y)) LDFLAGS_piggy.o := -r --format binary --oformat elf32-h8300-linux -T OBJCOPYFLAGS := -O binary diff --git a/arch/mips/boot/compressed/Makefile b/arch/mips/boot/compressed/Makefile index f27cf31b4140..832f8001d7d9 100644 --- a/arch/mips/boot/compressed/Makefile +++ b/arch/mips/boot/compressed/Makefile @@ -64,12 +64,12 @@ $(obj)/vmlinux.bin: $(KBUILD_IMAGE) FORCE $(call if_changed,objcopy) tool_$(CONFIG_KERNEL_GZIP) = gzip -tool_$(CONFIG_KERNEL_BZIP2) = bzip2 -tool_$(CONFIG_KERNEL_LZ4) = lz4 -tool_$(CONFIG_KERNEL_LZMA) = lzma -tool_$(CONFIG_KERNEL_LZO) = lzo -tool_$(CONFIG_KERNEL_XZ) = xzkern -tool_$(CONFIG_KERNEL_ZSTD) = zstd22 +tool_$(CONFIG_KERNEL_BZIP2) = bzip2_with_size +tool_$(CONFIG_KERNEL_LZ4) = lz4_with_size +tool_$(CONFIG_KERNEL_LZMA) = lzma_with_size +tool_$(CONFIG_KERNEL_LZO) = lzo_with_size +tool_$(CONFIG_KERNEL_XZ) = xzkern_with_size +tool_$(CONFIG_KERNEL_ZSTD) = zstd22_with_size targets += vmlinux.bin.z diff --git a/arch/parisc/boot/compressed/Makefile b/arch/parisc/boot/compressed/Makefile index bf4f2891d0b7..2640f72d69ce 100644 --- a/arch/parisc/boot/compressed/Makefile +++ b/arch/parisc/boot/compressed/Makefile @@ -70,15 +70,15 @@ suffix-$(CONFIG_KERNEL_XZ) := xz $(obj)/vmlinux.bin.gz: $(vmlinux.bin.all-y) FORCE $(call if_changed,gzip) $(obj)/vmlinux.bin.bz2: $(vmlinux.bin.all-y) FORCE - $(call if_changed,bzip2) + $(call if_changed,bzip2_with_size) $(obj)/vmlinux.bin.lz4: $(vmlinux.bin.all-y) FORCE - $(call if_changed,lz4) + $(call if_changed,lz4_with_size) $(obj)/vmlinux.bin.lzma: $(vmlinux.bin.all-y) FORCE - $(call if_changed,lzma) + $(call if_changed,lzma_with_size) $(obj)/vmlinux.bin.lzo: $(vmlinux.bin.all-y) FORCE - $(call if_changed,lzo) + $(call if_changed,lzo_with_size) $(obj)/vmlinux.bin.xz: $(vmlinux.bin.all-y) FORCE - $(call if_changed,xzkern) + $(call if_changed,xzkern_with_size) LDFLAGS_piggy.o := -r --format binary --oformat $(LD_BFD) -T $(obj)/piggy.o: $(obj)/vmlinux.scr $(obj)/vmlinux.bin.$(suffix-y) FORCE diff --git a/arch/s390/boot/compressed/Makefile b/arch/s390/boot/compressed/Makefile index 3b860061e84d..8ea880b7c3ec 100644 --- a/arch/s390/boot/compressed/Makefile +++ b/arch/s390/boot/compressed/Makefile @@ -71,17 +71,17 @@ suffix-$(CONFIG_KERNEL_ZSTD) := .zst $(obj)/vmlinux.bin.gz: $(vmlinux.bin.all-y) FORCE $(call if_changed,gzip) $(obj)/vmlinux.bin.bz2: $(vmlinux.bin.all-y) FORCE - $(call if_changed,bzip2) + $(call if_changed,bzip2_with_size) $(obj)/vmlinux.bin.lz4: $(vmlinux.bin.all-y) FORCE - $(call if_changed,lz4) + $(call if_changed,lz4_with_size) $(obj)/vmlinux.bin.lzma: $(vmlinux.bin.all-y) FORCE - $(call if_changed,lzma) + $(call if_changed,lzma_with_size) $(obj)/vmlinux.bin.lzo: $(vmlinux.bin.all-y) FORCE - $(call if_changed,lzo) + $(call if_changed,lzo_with_size) $(obj)/vmlinux.bin.xz: $(vmlinux.bin.all-y) FORCE - $(call if_changed,xzkern) + $(call if_changed,xzkern_with_size) $(obj)/vmlinux.bin.zst: $(vmlinux.bin.all-y) FORCE - $(call if_changed,zstd22) + $(call if_changed,zstd22_with_size) OBJCOPYFLAGS_piggy.o := -I binary -O elf64-s390 -B s390:64-bit --rename-section .data=.vmlinux.bin.compressed $(obj)/piggy.o: $(obj)/vmlinux.bin$(suffix-y) FORCE diff --git a/arch/sh/boot/compressed/Makefile b/arch/sh/boot/compressed/Makefile index c1eb9a62de55..a6808a403f4b 100644 --- a/arch/sh/boot/compressed/Makefile +++ b/arch/sh/boot/compressed/Makefile @@ -52,13 +52,13 @@ vmlinux.bin.all-y := $(obj)/vmlinux.bin $(obj)/vmlinux.bin.gz: $(vmlinux.bin.all-y) FORCE $(call if_changed,gzip) $(obj)/vmlinux.bin.bz2: $(vmlinux.bin.all-y) FORCE - $(call if_changed,bzip2) + $(call if_changed,bzip2_with_size) $(obj)/vmlinux.bin.lzma: $(vmlinux.bin.all-y) FORCE - $(call if_changed,lzma) + $(call if_changed,lzma_with_size) $(obj)/vmlinux.bin.xz: $(vmlinux.bin.all-y) FORCE - $(call if_changed,xzkern) + $(call if_changed,xzkern_with_size) $(obj)/vmlinux.bin.lzo: $(vmlinux.bin.all-y) FORCE - $(call if_changed,lzo) + $(call if_changed,lzo_with_size) OBJCOPYFLAGS += -R .empty_zero_page diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 431bf7f846c3..2825c74bcae3 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -123,17 +123,17 @@ vmlinux.bin.all-$(CONFIG_X86_NEED_RELOCS) += $(obj)/vmlinux.relocs $(obj)/vmlinux.bin.gz: $(vmlinux.bin.all-y) FORCE $(call if_changed,gzip) $(obj)/vmlinux.bin.bz2: $(vmlinux.bin.all-y) FORCE - $(call if_changed,bzip2) + $(call if_changed,bzip2_with_size) $(obj)/vmlinux.bin.lzma: $(vmlinux.bin.all-y) FORCE - $(call if_changed,lzma) + $(call if_changed,lzma_with_size) $(obj)/vmlinux.bin.xz: $(vmlinux.bin.all-y) FORCE - $(call if_changed,xzkern) + $(call if_changed,xzkern_with_size) $(obj)/vmlinux.bin.lzo: $(vmlinux.bin.all-y) FORCE - $(call if_changed,lzo) + $(call if_changed,lzo_with_size) $(obj)/vmlinux.bin.lz4: $(vmlinux.bin.all-y) FORCE - $(call if_changed,lz4) + $(call if_changed,lz4_with_size) $(obj)/vmlinux.bin.zst: $(vmlinux.bin.all-y) FORCE - $(call if_changed,zstd22) + $(call if_changed,zstd22_with_size) suffix-$(CONFIG_KERNEL_GZIP) := gz suffix-$(CONFIG_KERNEL_BZIP2) := bz2 diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 5366466ea0e4..4207a72d429f 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -395,19 +395,31 @@ printf "%08x\n" $$dec_size | \ ) quiet_cmd_bzip2 = BZIP2 $@ - cmd_bzip2 = { cat $(real-prereqs) | $(KBZIP2) -9; $(size_append); } > $@ + cmd_bzip2 = cat $(real-prereqs) | $(KBZIP2) -9 > $@ + +quiet_cmd_bzip2_with_size = BZIP2 $@ + cmd_bzip2_with_size = { cat $(real-prereqs) | $(KBZIP2) -9; $(size_append); } > $@ # Lzma # --------------------------------------------------------------------------- quiet_cmd_lzma = LZMA $@ - cmd_lzma = { cat $(real-prereqs) | $(LZMA) -9; $(size_append); } > $@ + cmd_lzma = cat $(real-prereqs) | $(LZMA) -9 > $@ + +quiet_cmd_lzma_with_size = LZMA $@ + cmd_lzma_with_size = { cat $(real-prereqs) | $(LZMA) -9; $(size_append); } > $@ quiet_cmd_lzo = LZO $@ - cmd_lzo = { cat $(real-prereqs) | $(KLZOP) -9; $(size_append); } > $@ + cmd_lzo = cat $(real-prereqs) | $(KLZOP) -9 > $@ + +quiet_cmd_lzo_with_size = LZO $@ + cmd_lzo_with_size = { cat $(real-prereqs) | $(KLZOP) -9; $(size_append); } > $@ quiet_cmd_lz4 = LZ4 $@ - cmd_lz4 = { cat $(real-prereqs) | $(LZ4) -l -c1 stdin stdout; \ + cmd_lz4 = cat $(real-prereqs) | $(LZ4) -l -c1 stdin stdout > $@ + +quiet_cmd_lz4_with_size = LZ4 $@ + cmd_lz4_with_size = { cat $(real-prereqs) | $(LZ4) -l -c1 stdin stdout; \ $(size_append); } > $@ # U-Boot mkimage @@ -450,7 +462,10 @@ quiet_cmd_uimage = UIMAGE $@ # big dictionary would increase the memory usage too much in the multi-call # decompression mode. A BCJ filter isn't used either. quiet_cmd_xzkern = XZKERN $@ - cmd_xzkern = { cat $(real-prereqs) | sh $(srctree)/scripts/xz_wrap.sh; \ + cmd_xzkern = cat $(real-prereqs) | sh $(srctree)/scripts/xz_wrap.sh > $@ + +quiet_cmd_xzkern_with_size = XZKERN $@ + cmd_xzkern_with_size = { cat $(real-prereqs) | sh $(srctree)/scripts/xz_wrap.sh; \ $(size_append); } > $@ quiet_cmd_xzmisc = XZMISC $@ @@ -476,7 +491,10 @@ quiet_cmd_zstd = ZSTD $@ cmd_zstd = cat $(real-prereqs) | $(ZSTD) -19 > $@ quiet_cmd_zstd22 = ZSTD22 $@ - cmd_zstd22 = { cat $(real-prereqs) | $(ZSTD) -22 --ultra; $(size_append); } > $@ + cmd_zstd22 = cat $(real-prereqs) | $(ZSTD) -22 --ultra > $@ + +quiet_cmd_zstd22_with_size = ZSTD22 $@ + cmd_zstd22_with_size = { cat $(real-prereqs) | $(ZSTD) -22 --ultra; $(size_append); } > $@ # ASM offsets # --------------------------------------------------------------------------- diff --git a/usr/Makefile b/usr/Makefile index 7374873a539f..cc0d2824e100 100644 --- a/usr/Makefile +++ b/usr/Makefile @@ -3,11 +3,6 @@ # kbuild file for usr/ - including initramfs image # -# cmd_bzip2, cmd_lzma, cmd_lzo, cmd_lz4 from scripts/Makefile.lib appends the -# size at the end of the compressed file, which unfortunately does not work -# with unpack_to_rootfs(). Make size_append no-op. -override size_append := : - compress-y := shipped compress-$(CONFIG_INITRAMFS_COMPRESSION_GZIP) := gzip compress-$(CONFIG_INITRAMFS_COMPRESSION_BZIP2) := bzip2 -- cgit v1.2.3 From c4d7f40b250c1a4d74ed259e84807f58032507b6 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Mon, 10 Jan 2022 03:15:29 +0900 Subject: kbuild: add cmd_file_size Some architectures support self-extracting kernel, which embeds the compressed vmlinux. It has 4 byte data at the end so the decompressor can know the vmlinux size beforehand. GZIP natively has it in the trailer, but for the other compression algorithms, the hand-crafted trailer is added. It is unneeded to generate such _corrupted_ compressed files because it is possible to pass the size data as a separate file. For example, the assembly code: .incbin "compressed-vmlinux-with-size-data" can be transformed to: .incbin "compressed-vmlinux" .incbin "size-data" My hope is, after some reworks of the decompressors, the macros cmd_{bzip2,lzma,lzo,lz4,xzkern,zstd22}_with_size will go away. This new macro, cmd_file_size, will be useful to generate a separate size-data file. Signed-off-by: Masahiro Yamada Reviewed-by: Nicolas Schier --- scripts/Makefile.lib | 3 +++ 1 file changed, 3 insertions(+) (limited to 'scripts') diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 4207a72d429f..05ca77706f6b 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -394,6 +394,9 @@ printf "%08x\n" $$dec_size | \ } \ ) +quiet_cmd_file_size = GEN $@ + cmd_file_size = $(size_append) > $@ + quiet_cmd_bzip2 = BZIP2 $@ cmd_bzip2 = cat $(real-prereqs) | $(KBZIP2) -9 > $@ -- cgit v1.2.3