Bug 204333
| Summary: | arch/x86/boot/compressed/kaslr_64.c embeds build paths in kernel binary | ||
|---|---|---|---|
| Product: | Platform Specific/Hardware | Reporter: | Ross Burton (ross.burton) |
| Component: | x86-64 | Assignee: | platform_x86_64 (platform_x86_64) |
| Status: | RESOLVED CODE_FIX | ||
| Severity: | normal | CC: | bp |
| Priority: | P1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | 5.0.19 | Subsystem: | |
| Regression: | No | Bisected commit-id: | |
Both arch/x86/boot/compressed/Makefile and arch/x86/boot/Makefile start from clean KBUILD_CFLAGS so I think you should simply add the -fmacro-prefix-map line to both of them. Care to send a fix? Thx. Patch posted. Upstream commit:
9e2276fa6eb3 ("arch/x86/boot: Use prefix map to avoid embedded paths")
Closing.
|
A built kernel can contain build paths: $ strings bzImage-5.0.19-yocto-standard |grep tmp/ out of pgt_buf in /data/poky-tmp/reproducible/tmp/work-shared/qemux86-64/kernel-source/arch/x86/boot/compressed/kaslr_64.c!? Easy enough to find that in the kernel: $ git grep 'out of pgt_buf' arch/x86/boot/compressed/kaslr_64.c: debug_putstr("out of pgt_buf in " __FILE__ "!?\n"); But what's this in the top-level Makefile: $ git grep prefix-map Makefile:KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=) So the __FILE__ shouldn't be using the full path. However arch/x86/boot/compressed/Makefile has this: KBUILD_CFLAGS := -m$(BITS) -O2 So that clears KBUILD_FLAGS, removing the -fmacro-prefix-map option. I've now hit the edge of my knowledge. Is the build in arch/x86/boot/compressed sufficiently special that it *should* start from a clean KBUILD_CFLAGS, so it needs this added: +KBUILD_CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=) Or, should it *not* clear the KBUILD_CFLAGS and instead just extend or prune. Of not is that none of the other architectures reset KBUILD_CFLAGS but prune it first, so I'm guessing that is what the x86 Makefile should do too.