From cb77f0d623ff33a7899cb945f4f5a4825fbb2ea1 Mon Sep 17 00:00:00 2001 From: Kamil Rytarowski Date: Sun, 7 May 2017 23:25:26 +0200 Subject: scripts: Switch to more portable Perl shebang The default NetBSD package manager is pkgsrc and it installs Perl along other third party programs under custom and configurable prefix. The default prefix for binary prebuilt packages is /usr/pkg, and the Perl executable lands in /usr/pkg/bin/perl. This change switches "/usr/bin/perl" to "/usr/bin/env perl" as it's the most portable solution that should work for almost everybody. Perl's executable is detected automatically. This change switches -w option passed to the executable with more modern "use warnings;" approach. There is no functional change to the default behavior. While there, drop "require 5" from scripts/namespace.pl (Perl from 1994?). Signed-off-by: Kamil Rytarowski Signed-off-by: Masahiro Yamada --- scripts/bootgraph.pl | 2 +- scripts/checkincludes.pl | 2 +- scripts/checkpatch.pl | 3 ++- scripts/checkstack.pl | 2 +- scripts/checkversion.pl | 2 +- scripts/cleanfile | 3 ++- scripts/cleanpatch | 3 ++- scripts/dtc/dt_to_config | 2 +- scripts/export_report.pl | 3 ++- scripts/extract-module-sig.pl | 3 ++- scripts/extract-sys-certs.pl | 3 ++- scripts/extract_xc3028.pl | 2 +- scripts/get_dvb_firmware | 2 +- scripts/get_maintainer.pl | 3 ++- scripts/headerdep.pl | 2 +- scripts/headers_check.pl | 3 ++- scripts/kconfig/streamline_config.pl | 3 ++- scripts/kernel-doc | 3 ++- scripts/kernel-doc-xml-ref | 3 ++- scripts/markup_oops.pl | 2 +- scripts/namespace.pl | 4 ++-- scripts/profile2linkerlist.pl | 2 +- scripts/recordmcount.pl | 3 ++- scripts/stackdelta | 2 +- 24 files changed, 37 insertions(+), 25 deletions(-) (limited to 'scripts') diff --git a/scripts/bootgraph.pl b/scripts/bootgraph.pl index 9ca667bcaee9..594c55541b16 100755 --- a/scripts/bootgraph.pl +++ b/scripts/bootgraph.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # Copyright 2008, Intel Corporation # diff --git a/scripts/checkincludes.pl b/scripts/checkincludes.pl index 381c018a4612..ce9edefd6e0b 100755 --- a/scripts/checkincludes.pl +++ b/scripts/checkincludes.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # # checkincludes: find/remove files included more than once # diff --git a/scripts/checkpatch.pl b/scripts/checkpatch.pl index 4b9569fa931b..3465a7c5a154 100755 --- a/scripts/checkpatch.pl +++ b/scripts/checkpatch.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl # (c) 2001, Dave Jones. (the file handling bit) # (c) 2005, Joel Schopp (the ugly bit) # (c) 2007,2008, Andy Whitcroft (new conditions, test suite) @@ -6,6 +6,7 @@ # Licensed under the terms of the GNU GPL License version 2 use strict; +use warnings; use POSIX; use File::Basename; use Cwd 'abs_path'; diff --git a/scripts/checkstack.pl b/scripts/checkstack.pl index 9d37aa4faf5c..7f4c41717e26 100755 --- a/scripts/checkstack.pl +++ b/scripts/checkstack.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # Check the stack usage of functions # diff --git a/scripts/checkversion.pl b/scripts/checkversion.pl index 5e490a8ceca5..8b4f205234b5 100755 --- a/scripts/checkversion.pl +++ b/scripts/checkversion.pl @@ -1,4 +1,4 @@ -#! /usr/bin/perl +#! /usr/bin/env perl # # checkversion find uses of LINUX_VERSION_CODE or KERNEL_VERSION # without including , or cases of diff --git a/scripts/cleanfile b/scripts/cleanfile index cefd29e52298..72e3755327ae 100755 --- a/scripts/cleanfile +++ b/scripts/cleanfile @@ -1,9 +1,10 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl # # Clean a text file -- or directory of text files -- of stealth whitespace. # WARNING: this can be a highly destructive operation. Use with caution. # +use warnings; use bytes; use File::Basename; diff --git a/scripts/cleanpatch b/scripts/cleanpatch index 9680d03ad2b8..3e5a2303dc0e 100755 --- a/scripts/cleanpatch +++ b/scripts/cleanpatch @@ -1,9 +1,10 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl # # Clean a patch file -- or directory of patch files -- of stealth whitespace. # WARNING: this can be a highly destructive operation. Use with caution. # +use warnings; use bytes; use File::Basename; diff --git a/scripts/dtc/dt_to_config b/scripts/dtc/dt_to_config index 9a248b505c58..5dfd1bff351f 100755 --- a/scripts/dtc/dt_to_config +++ b/scripts/dtc/dt_to_config @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # Copyright 2016 by Frank Rowand # Copyright 2016 by Gaurav Minocha diff --git a/scripts/export_report.pl b/scripts/export_report.pl index 8f79b701de87..68ff426b347c 100755 --- a/scripts/export_report.pl +++ b/scripts/export_report.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl # # (C) Copyright IBM Corporation 2006. # Released under GPL v2. @@ -7,6 +7,7 @@ # Usage: export_report.pl -k Module.symvers [-o report_file ] -f *.mod.c # +use warnings; use Getopt::Std; use strict; diff --git a/scripts/extract-module-sig.pl b/scripts/extract-module-sig.pl index faac6f2e377f..0f161ea41261 100755 --- a/scripts/extract-module-sig.pl +++ b/scripts/extract-module-sig.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl # # extract-mod-sig # @@ -12,6 +12,7 @@ # -k: Just the key ID # -s: Just the crypto signature or PKCS#7 message # +use warnings; use strict; die "Format: $0 -[0adnks] module-file >out\n" diff --git a/scripts/extract-sys-certs.pl b/scripts/extract-sys-certs.pl index 8227ca10a494..2aa873b944e0 100755 --- a/scripts/extract-sys-certs.pl +++ b/scripts/extract-sys-certs.pl @@ -1,5 +1,6 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl # +use warnings; use strict; use Math::BigInt; use Fcntl "SEEK_SET"; diff --git a/scripts/extract_xc3028.pl b/scripts/extract_xc3028.pl index 47877deae6d7..61d9b256c658 100755 --- a/scripts/extract_xc3028.pl +++ b/scripts/extract_xc3028.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # Copyright (c) Mauro Carvalho Chehab # Released under GPLv2 diff --git a/scripts/get_dvb_firmware b/scripts/get_dvb_firmware index 1a0a04125f71..f3f230225aba 100755 --- a/scripts/get_dvb_firmware +++ b/scripts/get_dvb_firmware @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # DVB firmware extractor # # (c) 2004 Andrew de Quincey diff --git a/scripts/get_maintainer.pl b/scripts/get_maintainer.pl index 633f2dd3de27..3bd5f4f30235 100755 --- a/scripts/get_maintainer.pl +++ b/scripts/get_maintainer.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl # (c) 2007, Joe Perches # created from checkpatch.pl # @@ -10,6 +10,7 @@ # # Licensed under the terms of the GNU GPL License version 2 +use warnings; use strict; my $P = $0; diff --git a/scripts/headerdep.pl b/scripts/headerdep.pl index 8dd019bc5a73..86ebb9ee7570 100755 --- a/scripts/headerdep.pl +++ b/scripts/headerdep.pl @@ -1,4 +1,4 @@ -#! /usr/bin/perl +#! /usr/bin/env perl # # Detect cycles in the header file dependency graph # Vegard Nossum diff --git a/scripts/headers_check.pl b/scripts/headers_check.pl index 8b2da054cdc3..3091e4ee6ee1 100755 --- a/scripts/headers_check.pl +++ b/scripts/headers_check.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl # # headers_check.pl execute a number of trivial consistency checks # @@ -18,6 +18,7 @@ # # 3) Check for leaked CONFIG_ symbols +use warnings; use strict; use File::Basename; diff --git a/scripts/kconfig/streamline_config.pl b/scripts/kconfig/streamline_config.pl index b8c7b29affc5..a2e83ab17de3 100755 --- a/scripts/kconfig/streamline_config.pl +++ b/scripts/kconfig/streamline_config.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl # # Copyright 2005-2009 - Steven Rostedt # Licensed under the terms of the GNU GPL License version 2 @@ -42,6 +42,7 @@ # mv config_strip .config # make oldconfig # +use warnings; use strict; use Getopt::Long; diff --git a/scripts/kernel-doc b/scripts/kernel-doc index a26a5f2dce39..7b0a8f01fed5 100755 --- a/scripts/kernel-doc +++ b/scripts/kernel-doc @@ -1,5 +1,6 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl +use warnings; use strict; ## Copyright (c) 1998 Michael Zucchi, All Rights Reserved ## diff --git a/scripts/kernel-doc-xml-ref b/scripts/kernel-doc-xml-ref index 104a5a5ba2c8..e3b24bfc804c 100755 --- a/scripts/kernel-doc-xml-ref +++ b/scripts/kernel-doc-xml-ref @@ -1,5 +1,6 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl +use warnings; use strict; ## Copyright (C) 2015 Intel Corporation ## diff --git a/scripts/markup_oops.pl b/scripts/markup_oops.pl index c21d16328d3f..70dcfb6b3de1 100755 --- a/scripts/markup_oops.pl +++ b/scripts/markup_oops.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl use File::Basename; use Math::BigInt; diff --git a/scripts/namespace.pl b/scripts/namespace.pl index 9f3c9d47a4a5..729c547fc9e1 100755 --- a/scripts/namespace.pl +++ b/scripts/namespace.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl # # namespace.pl. Mon Aug 30 2004 # @@ -62,7 +62,7 @@ # result. # -require 5; # at least perl 5 +use warnings; use strict; use File::Find; diff --git a/scripts/profile2linkerlist.pl b/scripts/profile2linkerlist.pl index 6943fa7cc95b..f23d7be94394 100755 --- a/scripts/profile2linkerlist.pl +++ b/scripts/profile2linkerlist.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # # Takes a (sorted) output of readprofile and turns it into a list suitable for diff --git a/scripts/recordmcount.pl b/scripts/recordmcount.pl index 1633c3e6c0b9..2033af758173 100755 --- a/scripts/recordmcount.pl +++ b/scripts/recordmcount.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/usr/bin/env perl # (c) 2008, Steven Rostedt # Licensed under the terms of the GNU GPL License version 2 # @@ -106,6 +106,7 @@ # 9) Move the result back to the original object. # +use warnings; use strict; my $P = $0; diff --git a/scripts/stackdelta b/scripts/stackdelta index 48eabf2f48f8..20a79f19a111 100755 --- a/scripts/stackdelta +++ b/scripts/stackdelta @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # Read two files produced by the stackusage script, and show the # delta between them. -- cgit v1.2.3 From cb43fb5775dffb36416067be87327966200ee3b6 Mon Sep 17 00:00:00 2001 From: Mauro Carvalho Chehab Date: Sun, 14 May 2017 11:50:01 -0300 Subject: docs: remove DocBook from the building system Now that we don't have any DocBook anymore, remove it from the building system. Signed-off-by: Mauro Carvalho Chehab --- scripts/Makefile | 9 +++------ scripts/check-lc_ctype.c | 11 ----------- 2 files changed, 3 insertions(+), 17 deletions(-) delete mode 100644 scripts/check-lc_ctype.c (limited to 'scripts') diff --git a/scripts/Makefile b/scripts/Makefile index 1d80897a9644..55550e4141c4 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -6,8 +6,7 @@ # pnmttologo: Convert pnm files to logo files # conmakehash: Create chartable # conmakehash: Create arrays for initializing the kernel console tables -# docproc: Used in Documentation/DocBook -# check-lc_ctype: Used in Documentation/DocBook +# docproc: Used in Documentation/ HOST_EXTRACFLAGS += -I$(srctree)/tools/include @@ -29,16 +28,14 @@ HOSTLOADLIBES_extract-cert = -lcrypto always := $(hostprogs-y) $(hostprogs-m) # The following hostprogs-y programs are only build on demand -hostprogs-y += unifdef docproc check-lc_ctype +hostprogs-y += unifdef docproc # These targets are used internally to avoid "is up to date" messages -PHONY += build_unifdef build_docproc build_check-lc_ctype +PHONY += build_unifdef build_docproc build_unifdef: $(obj)/unifdef @: build_docproc: $(obj)/docproc @: -build_check-lc_ctype: $(obj)/check-lc_ctype - @: subdir-$(CONFIG_MODVERSIONS) += genksyms subdir-y += mod diff --git a/scripts/check-lc_ctype.c b/scripts/check-lc_ctype.c deleted file mode 100644 index 9097ff5449fb..000000000000 --- a/scripts/check-lc_ctype.c +++ /dev/null @@ -1,11 +0,0 @@ -/* - * Check that a specified locale works as LC_CTYPE. Used by the - * DocBook build system to probe for C.UTF-8 support. - */ - -#include - -int main(void) -{ - return !setlocale(LC_CTYPE, ""); -} -- cgit v1.2.3 From 229fd05c565eb931aa7c59c9d740e2047701a4ad Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Sat, 13 May 2017 04:51:44 -0700 Subject: doc: ReSTify SELinux.txt Adjusts for ReST markup and moves under LSM admin guide. Cc: Paul Moore Signed-off-by: Kees Cook Signed-off-by: Jonathan Corbet --- scripts/selinux/README | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/selinux/README b/scripts/selinux/README index 4d020ecb7524..5ba679c5be18 100644 --- a/scripts/selinux/README +++ b/scripts/selinux/README @@ -1,2 +1,2 @@ -Please see Documentation/security/SELinux.txt for information on +Please see Documentation/admin-guide/LSM/SELinux.rst for information on installing a dummy SELinux policy. -- cgit v1.2.3 From 3e2e857f9c3a19d55ee0ba7b428b8be5008960bf Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Fri, 21 Apr 2017 15:35:27 -0700 Subject: module: Add module name to modinfo Accessing the mod structure (e.g. for mod->name) prior to having completed check_modstruct_version() can result in writing garbage to the error logs if the layout of the mod structure loaded from disk doesn't match the running kernel's mod structure layout. This kind of mismatch will become much more likely if a kernel is built with different randomization seed for the struct layout randomization plugin. Instead, add and use a new modinfo string for logging the module name. Signed-off-by: Kees Cook Signed-off-by: Jessica Yu --- scripts/mod/modpost.c | 1 + 1 file changed, 1 insertion(+) (limited to 'scripts') diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index 30d752a4a6a6..48397feb08fb 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -2126,6 +2126,7 @@ static void add_header(struct buffer *b, struct module *mod) buf_printf(b, "#include \n"); buf_printf(b, "\n"); buf_printf(b, "MODULE_INFO(vermagic, VERMAGIC_STRING);\n"); + buf_printf(b, "MODULE_INFO(name, KBUILD_MODNAME);\n"); buf_printf(b, "\n"); buf_printf(b, "__visible struct module __this_module\n"); buf_printf(b, "__attribute__((section(\".gnu.linkonce.this_module\"))) = {\n"); -- cgit v1.2.3 From 1132e1e448ce51e3b51fc7afdf661633abc4f202 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Sat, 15 Apr 2017 11:45:20 -0700 Subject: gcc-plugins: Detail c-common.h location for GCC 4.6 The c-common.h file moved in stock gcc 4.7, not gcc 4.6. However, most people building plugins with gcc 4.6 are using the Debian or Ubuntu version, which includes a patch to move the headers to the 4.7 location. In case anyone trips over this with a stock gcc 4.6, add a pointer to the patch used by Debian/Ubuntu. Signed-off-by: Kees Cook --- scripts/gcc-plugins/gcc-common.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'scripts') diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h index b232ab15624c..918953ca4527 100644 --- a/scripts/gcc-plugins/gcc-common.h +++ b/scripts/gcc-plugins/gcc-common.h @@ -63,6 +63,13 @@ #endif #if BUILDING_GCC_VERSION >= 4006 +/* + * The c-family headers were moved into a subdirectory in GCC version + * 4.7, but most plugin-building users of GCC 4.6 are using the Debian + * or Ubuntu package, which has an out-of-tree patch to move this to the + * same location as found in 4.7 and later: + * https://sources.debian.net/src/gcc-4.6/4.6.3-14/debian/patches/pr45078.diff/ + */ #include "c-family/c-common.h" #else #include "c-common.h" -- cgit v1.2.3 From d21832e212d2613c0a0f3e5f09967cb3402c8a53 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Thu, 1 Jun 2017 16:57:07 +0200 Subject: kbuild: speed up checksyscalls.sh checksyscalls.sh is run at every "make" run while building the kernel, even if no files have changed. I looked at where we spend time in a trivial empty rebuild and found checksyscalls.sh to be a source of noticeable overhead, as it spawns a lot of child processes just to call 'cat' copying from stdin to stdout, once for each of the over 400 x86 syscalls. Using a shell-builtin (echo) instead of the external command gives us a 13x speedup: Before After real 0m1.018s real 0m0.077s user 0m0.068s user 0m0.048s sys 0m0.156s sys 0m0.024s The time it took to rebuild a single file on my machine dropped from 5.5 seconds to 4.5 seconds. Signed-off-by: Arnd Bergmann Signed-off-by: Masahiro Yamada --- scripts/checksyscalls.sh | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'scripts') diff --git a/scripts/checksyscalls.sh b/scripts/checksyscalls.sh index 116b7735ee9f..5a387a264201 100755 --- a/scripts/checksyscalls.sh +++ b/scripts/checksyscalls.sh @@ -202,15 +202,12 @@ EOF } syscall_list() { - grep '^[0-9]' "$1" | sort -n | ( + grep '^[0-9]' "$1" | sort -n | while read nr abi name entry ; do - cat < Date: Mon, 12 Jun 2017 18:23:17 +1000 Subject: scripts/mkcompile_h: Remove trailing spaces from compiler version Improves the output of "cat /proc/version" by getting rid of the trailing space at the end of the compiler version when the kernel is compiled using GCC. Signed-off-by: Jonathan Liu Signed-off-by: Masahiro Yamada --- scripts/mkcompile_h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/mkcompile_h b/scripts/mkcompile_h index 6fdc97ef6023..fd8fdb91581d 100755 --- a/scripts/mkcompile_h +++ b/scripts/mkcompile_h @@ -76,7 +76,7 @@ UTS_TRUNCATE="cut -b -$UTS_LEN" echo \#define LINUX_COMPILE_BY \"`echo $LINUX_COMPILE_BY | $UTS_TRUNCATE`\" echo \#define LINUX_COMPILE_HOST \"`echo $LINUX_COMPILE_HOST | $UTS_TRUNCATE`\" - echo \#define LINUX_COMPILER \"`$CC -v 2>&1 | grep ' version '`\" + echo \#define LINUX_COMPILER \"`$CC -v 2>&1 | grep ' version ' | sed 's/[[:space:]]*$//'`\" ) > .tmpcompile # Only replace the real compile.h if the new one is different, -- cgit v1.2.3 From ae3f4151737d2aad271e5b1f2553c5d56e52850c Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Fri, 9 Jun 2017 17:29:52 +0900 Subject: kbuild: replace genhdr-y with generated-y Originally, generated-y and genhdr-y had different meaning, like follows: - generated-y: generated headers (other than asm-generic wrappers) - header-y : headers to be exported - genhdr-y : generated headers to be exported (generated-y + header-y) Since commit fcc8487d477a ("uapi: export all headers under uapi directories"), headers under UAPI directories are all exported. So, there is no more difference between generated-y and genhdr-y. We see two users of genhdr-y, arch/{arm,x86}/include/uapi/asm/Kbuild. They generate some headers in arch/{arm,x86}/include/generated/uapi/asm directories, which are obviously exported. Replace them with generated-y, and abolish genhdr-y. Signed-off-by: Masahiro Yamada Acked-by: Nicolas Dichtel --- scripts/Makefile.asm-generic | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/Makefile.asm-generic b/scripts/Makefile.asm-generic index e4d017d53819..95f7d8090152 100644 --- a/scripts/Makefile.asm-generic +++ b/scripts/Makefile.asm-generic @@ -15,7 +15,7 @@ _dummy := $(shell [ -d $(obj) ] || mkdir -p $(obj)) # Stale wrappers when the corresponding files are removed from generic-y # need removing. -generated-y := $(generic-y) $(genhdr-y) $(generated-y) +generated-y := $(generic-y) $(generated-y) all-files := $(patsubst %, $(obj)/%, $(generated-y)) old-headers := $(wildcard $(obj)/*.h) unwanted := $(filter-out $(all-files),$(old-headers)) -- cgit v1.2.3 From 7782b1444645768f5f213eaff6994604c6c0e635 Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven Date: Thu, 22 Jun 2017 15:07:06 +0200 Subject: scripts/dtc: dtx_diff - Show real file names in diff header As the comparison uses process substitution to pass files after conversion to DTS format, the diff header doesn't show the real filenames, but the names of the file descriptors used: --- /dev/fd/63 2017-06-22 11:21:47.531637188 +0200 +++ /dev/fd/62 2017-06-22 11:21:47.531637188 +0200 This is especially annoying when comparing a bunch of DT files in a loop, as the output doesn't show a clue about which files it refers to. Fix this by explicitly passing the original file names to the diff command using the --label option, giving e.g.: --- arch/arm/boot/dts/r8a7791-koelsch.dtb +++ arch/arm/boot/dts/r8a7791-porter.dtb Signed-off-by: Geert Uytterhoeven Reviewed-by: Frank Rowand Signed-off-by: Rob Herring --- scripts/dtc/dtx_diff | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/dtc/dtx_diff b/scripts/dtc/dtx_diff index ec47f95991a3..fb86f3899e16 100755 --- a/scripts/dtc/dtx_diff +++ b/scripts/dtc/dtx_diff @@ -338,7 +338,7 @@ DTC="${DTC} ${dtc_flags} -O dts -qq -f ${dtc_sort} -o -" if (( ${cmd_diff} )) ; then - diff ${diff_flags} \ + diff ${diff_flags} --label "${dtx_file_1}" --label "${dtx_file_2}" \ <(compile_to_dts "${dtx_file_1}") \ <(compile_to_dts "${dtx_file_2}") -- cgit v1.2.3 From 313dd1b629219db50cad532dba6a3b3b22ffe622 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Fri, 5 May 2017 23:37:45 -0700 Subject: gcc-plugins: Add the randstruct plugin This randstruct plugin is modified from Brad Spengler/PaX Team's code in the last public patch of grsecurity/PaX based on my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. The randstruct GCC plugin randomizes the layout of selected structures at compile time, as a probabilistic defense against attacks that need to know the layout of structures within the kernel. This is most useful for "in-house" kernel builds where neither the randomization seed nor other build artifacts are made available to an attacker. While less useful for distribution kernels (where the randomization seed must be exposed for third party kernel module builds), it still has some value there since now all kernel builds would need to be tracked by an attacker. In more performance sensitive scenarios, GCC_PLUGIN_RANDSTRUCT_PERFORMANCE can be selected to make a best effort to restrict randomization to cacheline-sized groups of elements, and will not randomize bitfields. This comes at the cost of reduced randomization. Two annotations are defined,__randomize_layout and __no_randomize_layout, which respectively tell the plugin to either randomize or not to randomize instances of the struct in question. Follow-on patches enable the auto-detection logic for selecting structures for randomization that contain only function pointers. It is disabled here to assist with bisection. Since any randomized structs must be initialized using designated initializers, __randomize_layout includes the __designated_init annotation even when the plugin is disabled so that all builds will require the needed initialization. (With the plugin enabled, annotations for automatically chosen structures are marked as well.) The main differences between this implemenation and grsecurity are: - disable automatic struct selection (to be enabled in follow-up patch) - add designated_init attribute at runtime and for manual marking - clarify debugging output to differentiate bad cast warnings - add whitelisting infrastructure - support gcc 7's DECL_ALIGN and DECL_MODE changes (Laura Abbott) - raise minimum required GCC version to 4.7 Earlier versions of this patch series were ported by Michael Leibowitz. Signed-off-by: Kees Cook --- scripts/Makefile.gcc-plugins | 4 + scripts/gcc-plugins/.gitignore | 1 + scripts/gcc-plugins/Makefile | 8 + scripts/gcc-plugins/gcc-common.h | 5 + scripts/gcc-plugins/gen-random-seed.sh | 8 + scripts/gcc-plugins/randomize_layout_plugin.c | 1020 +++++++++++++++++++++++++ 6 files changed, 1046 insertions(+) create mode 100644 scripts/gcc-plugins/.gitignore create mode 100644 scripts/gcc-plugins/gen-random-seed.sh create mode 100644 scripts/gcc-plugins/randomize_layout_plugin.c (limited to 'scripts') diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins index 82335533620e..2e0e2eaa397f 100644 --- a/scripts/Makefile.gcc-plugins +++ b/scripts/Makefile.gcc-plugins @@ -29,6 +29,10 @@ ifdef CONFIG_GCC_PLUGINS gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE) += -fplugin-arg-structleak_plugin-verbose gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) += -DSTRUCTLEAK_PLUGIN + gcc-plugin-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) += randomize_layout_plugin.so + gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) += -DRANDSTRUCT_PLUGIN + gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE) += -fplugin-arg-randomize_layout_plugin-performance-mode + GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y)) export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGIN GCC_PLUGIN_SUBDIR diff --git a/scripts/gcc-plugins/.gitignore b/scripts/gcc-plugins/.gitignore new file mode 100644 index 000000000000..de92ed9e3d83 --- /dev/null +++ b/scripts/gcc-plugins/.gitignore @@ -0,0 +1 @@ +randomize_layout_seed.h diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile index 8b29dc17c73c..214eb2335c31 100644 --- a/scripts/gcc-plugins/Makefile +++ b/scripts/gcc-plugins/Makefile @@ -18,6 +18,14 @@ endif export HOSTLIBS +$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h +quiet_cmd_create_randomize_layout_seed = GENSEED $@ +cmd_create_randomize_layout_seed = \ + $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h +$(objtree)/$(obj)/randomize_layout_seed.h: FORCE + $(call if_changed,create_randomize_layout_seed) +targets = randomize_layout_seed.h randomize_layout_hash.h + $(HOSTLIBS)-y := $(foreach p,$(GCC_PLUGIN),$(if $(findstring /,$(p)),,$(p))) always := $($(HOSTLIBS)-y) diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h index 918953ca4527..6948898b3cdf 100644 --- a/scripts/gcc-plugins/gcc-common.h +++ b/scripts/gcc-plugins/gcc-common.h @@ -953,4 +953,9 @@ static inline void debug_gimple_stmt(const_gimple s) get_inner_reference(exp, pbitsize, pbitpos, poffset, pmode, punsignedp, preversep, pvolatilep) #endif +#if BUILDING_GCC_VERSION < 7000 +#define SET_DECL_ALIGN(decl, align) DECL_ALIGN(decl) = (align) +#define SET_DECL_MODE(decl, mode) DECL_MODE(decl) = (mode) +#endif + #endif diff --git a/scripts/gcc-plugins/gen-random-seed.sh b/scripts/gcc-plugins/gen-random-seed.sh new file mode 100644 index 000000000000..7514850f4815 --- /dev/null +++ b/scripts/gcc-plugins/gen-random-seed.sh @@ -0,0 +1,8 @@ +#!/bin/sh + +if [ ! -f "$1" ]; then + SEED=`od -A n -t x8 -N 32 /dev/urandom | tr -d ' \n'` + echo "const char *randstruct_seed = \"$SEED\";" > "$1" + HASH=`echo -n "$SEED" | sha256sum | cut -d" " -f1 | tr -d ' \n'` + echo "#define RANDSTRUCT_HASHED_SEED \"$HASH\"" > "$2" +fi diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c new file mode 100644 index 000000000000..e1d1ba28739f --- /dev/null +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -0,0 +1,1020 @@ +/* + * Copyright 2014-2016 by Open Source Security, Inc., Brad Spengler + * and PaX Team + * Licensed under the GPL v2 + * + * Note: the choice of the license means that the compilation process is + * NOT 'eligible' as defined by gcc's library exception to the GPL v3, + * but for the kernel it doesn't matter since it doesn't link against + * any of the gcc libraries + * + * Usage: + * $ # for 4.5/4.6/C based 4.7 + * $ gcc -I`gcc -print-file-name=plugin`/include -I`gcc -print-file-name=plugin`/include/c-family -fPIC -shared -O2 -o randomize_layout_plugin.so randomize_layout_plugin.c + * $ # for C++ based 4.7/4.8+ + * $ g++ -I`g++ -print-file-name=plugin`/include -I`g++ -print-file-name=plugin`/include/c-family -fPIC -shared -O2 -o randomize_layout_plugin.so randomize_layout_plugin.c + * $ gcc -fplugin=./randomize_layout_plugin.so test.c -O2 + */ + +#include "gcc-common.h" +#include "randomize_layout_seed.h" + +#if BUILDING_GCC_MAJOR < 4 || (BUILDING_GCC_MAJOR == 4 && BUILDING_GCC_MINOR < 7) +#error "The RANDSTRUCT plugin requires GCC 4.7 or newer." +#endif + +#define ORIG_TYPE_NAME(node) \ + (TYPE_NAME(TYPE_MAIN_VARIANT(node)) != NULL_TREE ? ((const unsigned char *)IDENTIFIER_POINTER(TYPE_NAME(TYPE_MAIN_VARIANT(node)))) : (const unsigned char *)"anonymous") + +#define INFORM(loc, msg, ...) inform(loc, "randstruct: " msg, ##__VA_ARGS__) +#define MISMATCH(loc, how, ...) INFORM(loc, "casting between randomized structure pointer types (" how "): %qT and %qT\n", __VA_ARGS__) + +__visible int plugin_is_GPL_compatible; + +static int performance_mode; + +static struct plugin_info randomize_layout_plugin_info = { + .version = "201402201816vanilla", + .help = "disable\t\t\tdo not activate plugin\n" + "performance-mode\tenable cacheline-aware layout randomization\n" +}; + +struct whitelist_entry { + const char *pathname; + const char *lhs; + const char *rhs; +}; + +static const struct whitelist_entry whitelist[] = { + { } +}; + +/* from old Linux dcache.h */ +static inline unsigned long +partial_name_hash(unsigned long c, unsigned long prevhash) +{ + return (prevhash + (c << 4) + (c >> 4)) * 11; +} +static inline unsigned int +name_hash(const unsigned char *name) +{ + unsigned long hash = 0; + unsigned int len = strlen((const char *)name); + while (len--) + hash = partial_name_hash(*name++, hash); + return (unsigned int)hash; +} + +static tree handle_randomize_layout_attr(tree *node, tree name, tree args, int flags, bool *no_add_attrs) +{ + tree type; + + *no_add_attrs = true; + if (TREE_CODE(*node) == FUNCTION_DECL) { + error("%qE attribute does not apply to functions (%qF)", name, *node); + return NULL_TREE; + } + + if (TREE_CODE(*node) == PARM_DECL) { + error("%qE attribute does not apply to function parameters (%qD)", name, *node); + return NULL_TREE; + } + + if (TREE_CODE(*node) == VAR_DECL) { + error("%qE attribute does not apply to variables (%qD)", name, *node); + return NULL_TREE; + } + + if (TYPE_P(*node)) { + type = *node; + } else { + gcc_assert(TREE_CODE(*node) == TYPE_DECL); + type = TREE_TYPE(*node); + } + + if (TREE_CODE(type) != RECORD_TYPE) { + error("%qE attribute used on %qT applies to struct types only", name, type); + return NULL_TREE; + } + + if (lookup_attribute(IDENTIFIER_POINTER(name), TYPE_ATTRIBUTES(type))) { + error("%qE attribute is already applied to the type %qT", name, type); + return NULL_TREE; + } + + *no_add_attrs = false; + + return NULL_TREE; +} + +/* set on complete types that we don't need to inspect further at all */ +static tree handle_randomize_considered_attr(tree *node, tree name, tree args, int flags, bool *no_add_attrs) +{ + *no_add_attrs = false; + return NULL_TREE; +} + +/* + * set on types that we've performed a shuffle on, to prevent re-shuffling + * this does not preclude us from inspecting its fields for potential shuffles + */ +static tree handle_randomize_performed_attr(tree *node, tree name, tree args, int flags, bool *no_add_attrs) +{ + *no_add_attrs = false; + return NULL_TREE; +} + +/* + * 64bit variant of Bob Jenkins' public domain PRNG + * 256 bits of internal state + */ + +typedef unsigned long long u64; + +typedef struct ranctx { u64 a; u64 b; u64 c; u64 d; } ranctx; + +#define rot(x,k) (((x)<<(k))|((x)>>(64-(k)))) +static u64 ranval(ranctx *x) { + u64 e = x->a - rot(x->b, 7); + x->a = x->b ^ rot(x->c, 13); + x->b = x->c + rot(x->d, 37); + x->c = x->d + e; + x->d = e + x->a; + return x->d; +} + +static void raninit(ranctx *x, u64 *seed) { + int i; + + x->a = seed[0]; + x->b = seed[1]; + x->c = seed[2]; + x->d = seed[3]; + + for (i=0; i < 30; ++i) + (void)ranval(x); +} + +static u64 shuffle_seed[4]; + +struct partition_group { + tree tree_start; + unsigned long start; + unsigned long length; +}; + +static void partition_struct(tree *fields, unsigned long length, struct partition_group *size_groups, unsigned long *num_groups) +{ + unsigned long i; + unsigned long accum_size = 0; + unsigned long accum_length = 0; + unsigned long group_idx = 0; + + gcc_assert(length < INT_MAX); + + memset(size_groups, 0, sizeof(struct partition_group) * length); + + for (i = 0; i < length; i++) { + if (size_groups[group_idx].tree_start == NULL_TREE) { + size_groups[group_idx].tree_start = fields[i]; + size_groups[group_idx].start = i; + accum_length = 0; + accum_size = 0; + } + accum_size += (unsigned long)int_size_in_bytes(TREE_TYPE(fields[i])); + accum_length++; + if (accum_size >= 64) { + size_groups[group_idx].length = accum_length; + accum_length = 0; + group_idx++; + } + } + + if (size_groups[group_idx].tree_start != NULL_TREE && + !size_groups[group_idx].length) { + size_groups[group_idx].length = accum_length; + group_idx++; + } + + *num_groups = group_idx; +} + +static void performance_shuffle(tree *newtree, unsigned long length, ranctx *prng_state) +{ + unsigned long i, x; + struct partition_group size_group[length]; + unsigned long num_groups = 0; + unsigned long randnum; + + partition_struct(newtree, length, (struct partition_group *)&size_group, &num_groups); + for (i = num_groups - 1; i > 0; i--) { + struct partition_group tmp; + randnum = ranval(prng_state) % (i + 1); + tmp = size_group[i]; + size_group[i] = size_group[randnum]; + size_group[randnum] = tmp; + } + + for (x = 0; x < num_groups; x++) { + for (i = size_group[x].start + size_group[x].length - 1; i > size_group[x].start; i--) { + tree tmp; + if (DECL_BIT_FIELD_TYPE(newtree[i])) + continue; + randnum = ranval(prng_state) % (i + 1); + // we could handle this case differently if desired + if (DECL_BIT_FIELD_TYPE(newtree[randnum])) + continue; + tmp = newtree[i]; + newtree[i] = newtree[randnum]; + newtree[randnum] = tmp; + } + } +} + +static void full_shuffle(tree *newtree, unsigned long length, ranctx *prng_state) +{ + unsigned long i, randnum; + + for (i = length - 1; i > 0; i--) { + tree tmp; + randnum = ranval(prng_state) % (i + 1); + tmp = newtree[i]; + newtree[i] = newtree[randnum]; + newtree[randnum] = tmp; + } +} + +/* modern in-place Fisher-Yates shuffle */ +static void shuffle(const_tree type, tree *newtree, unsigned long length) +{ + unsigned long i; + u64 seed[4]; + ranctx prng_state; + const unsigned char *structname; + + if (length == 0) + return; + + gcc_assert(TREE_CODE(type) == RECORD_TYPE); + + structname = ORIG_TYPE_NAME(type); + +#ifdef __DEBUG_PLUGIN + fprintf(stderr, "Shuffling struct %s %p\n", (const char *)structname, type); +#ifdef __DEBUG_VERBOSE + debug_tree((tree)type); +#endif +#endif + + for (i = 0; i < 4; i++) { + seed[i] = shuffle_seed[i]; + seed[i] ^= name_hash(structname); + } + + raninit(&prng_state, (u64 *)&seed); + + if (performance_mode) + performance_shuffle(newtree, length, &prng_state); + else + full_shuffle(newtree, length, &prng_state); +} + +static bool is_flexible_array(const_tree field) +{ + const_tree fieldtype; + const_tree typesize; + const_tree elemtype; + const_tree elemsize; + + fieldtype = TREE_TYPE(field); + typesize = TYPE_SIZE(fieldtype); + + if (TREE_CODE(fieldtype) != ARRAY_TYPE) + return false; + + elemtype = TREE_TYPE(fieldtype); + elemsize = TYPE_SIZE(elemtype); + + /* size of type is represented in bits */ + + if (typesize == NULL_TREE && TYPE_DOMAIN(fieldtype) != NULL_TREE && + TYPE_MAX_VALUE(TYPE_DOMAIN(fieldtype)) == NULL_TREE) + return true; + + if (typesize != NULL_TREE && + (TREE_CONSTANT(typesize) && (!tree_to_uhwi(typesize) || + tree_to_uhwi(typesize) == tree_to_uhwi(elemsize)))) + return true; + + return false; +} + +static int relayout_struct(tree type) +{ + unsigned long num_fields = (unsigned long)list_length(TYPE_FIELDS(type)); + unsigned long shuffle_length = num_fields; + tree field; + tree newtree[num_fields]; + unsigned long i; + tree list; + tree variant; + tree main_variant; + expanded_location xloc; + bool has_flexarray = false; + + if (TYPE_FIELDS(type) == NULL_TREE) + return 0; + + if (num_fields < 2) + return 0; + + gcc_assert(TREE_CODE(type) == RECORD_TYPE); + + gcc_assert(num_fields < INT_MAX); + + if (lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(type)) || + lookup_attribute("no_randomize_layout", TYPE_ATTRIBUTES(TYPE_MAIN_VARIANT(type)))) + return 0; + + /* Workaround for 3rd-party VirtualBox source that we can't modify ourselves */ + if (!strcmp((const char *)ORIG_TYPE_NAME(type), "INTNETTRUNKFACTORY") || + !strcmp((const char *)ORIG_TYPE_NAME(type), "RAWPCIFACTORY")) + return 0; + + /* throw out any structs in uapi */ + xloc = expand_location(DECL_SOURCE_LOCATION(TYPE_FIELDS(type))); + + if (strstr(xloc.file, "/uapi/")) + error(G_("attempted to randomize userland API struct %s"), ORIG_TYPE_NAME(type)); + + for (field = TYPE_FIELDS(type), i = 0; field; field = TREE_CHAIN(field), i++) { + gcc_assert(TREE_CODE(field) == FIELD_DECL); + newtree[i] = field; + } + + /* + * enforce that we don't randomize the layout of the last + * element of a struct if it's a 0 or 1-length array + * or a proper flexible array + */ + if (is_flexible_array(newtree[num_fields - 1])) { + has_flexarray = true; + shuffle_length--; + } + + shuffle(type, (tree *)newtree, shuffle_length); + + /* + * set up a bogus anonymous struct field designed to error out on unnamed struct initializers + * as gcc provides no other way to detect such code + */ + list = make_node(FIELD_DECL); + TREE_CHAIN(list) = newtree[0]; + TREE_TYPE(list) = void_type_node; + DECL_SIZE(list) = bitsize_zero_node; + DECL_NONADDRESSABLE_P(list) = 1; + DECL_FIELD_BIT_OFFSET(list) = bitsize_zero_node; + DECL_SIZE_UNIT(list) = size_zero_node; + DECL_FIELD_OFFSET(list) = size_zero_node; + DECL_CONTEXT(list) = type; + // to satisfy the constify plugin + TREE_READONLY(list) = 1; + + for (i = 0; i < num_fields - 1; i++) + TREE_CHAIN(newtree[i]) = newtree[i+1]; + TREE_CHAIN(newtree[num_fields - 1]) = NULL_TREE; + + main_variant = TYPE_MAIN_VARIANT(type); + for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) { + TYPE_FIELDS(variant) = list; + TYPE_ATTRIBUTES(variant) = copy_list(TYPE_ATTRIBUTES(variant)); + TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("randomize_performed"), NULL_TREE, TYPE_ATTRIBUTES(variant)); + TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("designated_init"), NULL_TREE, TYPE_ATTRIBUTES(variant)); + if (has_flexarray) + TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("has_flexarray"), NULL_TREE, TYPE_ATTRIBUTES(type)); + } + + /* + * force a re-layout of the main variant + * the TYPE_SIZE for all variants will be recomputed + * by finalize_type_size() + */ + TYPE_SIZE(main_variant) = NULL_TREE; + layout_type(main_variant); + gcc_assert(TYPE_SIZE(main_variant) != NULL_TREE); + + return 1; +} + +/* from constify plugin */ +static const_tree get_field_type(const_tree field) +{ + return strip_array_types(TREE_TYPE(field)); +} + +/* from constify plugin */ +static bool is_fptr(const_tree fieldtype) +{ + if (TREE_CODE(fieldtype) != POINTER_TYPE) + return false; + + return TREE_CODE(TREE_TYPE(fieldtype)) == FUNCTION_TYPE; +} + +/* derived from constify plugin */ +static int is_pure_ops_struct(const_tree node) +{ + const_tree field; + + gcc_assert(TREE_CODE(node) == RECORD_TYPE || TREE_CODE(node) == UNION_TYPE); + + /* XXX: Do not apply randomization to all-ftpr structs yet. */ + return 0; + + for (field = TYPE_FIELDS(node); field; field = TREE_CHAIN(field)) { + const_tree fieldtype = get_field_type(field); + enum tree_code code = TREE_CODE(fieldtype); + + if (node == fieldtype) + continue; + + if (!is_fptr(fieldtype)) + return 0; + + if (code != RECORD_TYPE && code != UNION_TYPE) + continue; + + if (!is_pure_ops_struct(fieldtype)) + return 0; + } + + return 1; +} + +static void randomize_type(tree type) +{ + tree variant; + + gcc_assert(TREE_CODE(type) == RECORD_TYPE); + + if (lookup_attribute("randomize_considered", TYPE_ATTRIBUTES(type))) + return; + + if (lookup_attribute("randomize_layout", TYPE_ATTRIBUTES(TYPE_MAIN_VARIANT(type))) || is_pure_ops_struct(type)) + relayout_struct(type); + + for (variant = TYPE_MAIN_VARIANT(type); variant; variant = TYPE_NEXT_VARIANT(variant)) { + TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); + TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("randomize_considered"), NULL_TREE, TYPE_ATTRIBUTES(type)); + } +#ifdef __DEBUG_PLUGIN + fprintf(stderr, "Marking randomize_considered on struct %s\n", ORIG_TYPE_NAME(type)); +#ifdef __DEBUG_VERBOSE + debug_tree(type); +#endif +#endif +} + +static void update_decl_size(tree decl) +{ + tree lastval, lastidx, field, init, type, flexsize; + unsigned HOST_WIDE_INT len; + + type = TREE_TYPE(decl); + + if (!lookup_attribute("has_flexarray", TYPE_ATTRIBUTES(type))) + return; + + init = DECL_INITIAL(decl); + if (init == NULL_TREE || init == error_mark_node) + return; + + if (TREE_CODE(init) != CONSTRUCTOR) + return; + + len = CONSTRUCTOR_NELTS(init); + if (!len) + return; + + lastval = CONSTRUCTOR_ELT(init, CONSTRUCTOR_NELTS(init) - 1)->value; + lastidx = CONSTRUCTOR_ELT(init, CONSTRUCTOR_NELTS(init) - 1)->index; + + for (field = TYPE_FIELDS(TREE_TYPE(decl)); TREE_CHAIN(field); field = TREE_CHAIN(field)) + ; + + if (lastidx != field) + return; + + if (TREE_CODE(lastval) != STRING_CST) { + error("Only string constants are supported as initializers " + "for randomized structures with flexible arrays"); + return; + } + + flexsize = bitsize_int(TREE_STRING_LENGTH(lastval) * + tree_to_uhwi(TYPE_SIZE(TREE_TYPE(TREE_TYPE(lastval))))); + + DECL_SIZE(decl) = size_binop(PLUS_EXPR, TYPE_SIZE(type), flexsize); + + return; +} + + +static void randomize_layout_finish_decl(void *event_data, void *data) +{ + tree decl = (tree)event_data; + tree type; + + if (decl == NULL_TREE || decl == error_mark_node) + return; + + type = TREE_TYPE(decl); + + if (TREE_CODE(decl) != VAR_DECL) + return; + + if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE) + return; + + if (!lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(type))) + return; + + DECL_SIZE(decl) = 0; + DECL_SIZE_UNIT(decl) = 0; + SET_DECL_ALIGN(decl, 0); + SET_DECL_MODE (decl, VOIDmode); + SET_DECL_RTL(decl, 0); + update_decl_size(decl); + layout_decl(decl, 0); +} + +static void finish_type(void *event_data, void *data) +{ + tree type = (tree)event_data; + + if (type == NULL_TREE || type == error_mark_node) + return; + + if (TREE_CODE(type) != RECORD_TYPE) + return; + + if (TYPE_FIELDS(type) == NULL_TREE) + return; + + if (lookup_attribute("randomize_considered", TYPE_ATTRIBUTES(type))) + return; + +#ifdef __DEBUG_PLUGIN + fprintf(stderr, "Calling randomize_type on %s\n", ORIG_TYPE_NAME(type)); +#endif +#ifdef __DEBUG_VERBOSE + debug_tree(type); +#endif + randomize_type(type); + + return; +} + +static struct attribute_spec randomize_layout_attr = { + .name = "randomize_layout", + // related to args + .min_length = 0, + .max_length = 0, + .decl_required = false, + // need type declaration + .type_required = true, + .function_type_required = false, + .handler = handle_randomize_layout_attr, +#if BUILDING_GCC_VERSION >= 4007 + .affects_type_identity = true +#endif +}; + +static struct attribute_spec no_randomize_layout_attr = { + .name = "no_randomize_layout", + // related to args + .min_length = 0, + .max_length = 0, + .decl_required = false, + // need type declaration + .type_required = true, + .function_type_required = false, + .handler = handle_randomize_layout_attr, +#if BUILDING_GCC_VERSION >= 4007 + .affects_type_identity = true +#endif +}; + +static struct attribute_spec randomize_considered_attr = { + .name = "randomize_considered", + // related to args + .min_length = 0, + .max_length = 0, + .decl_required = false, + // need type declaration + .type_required = true, + .function_type_required = false, + .handler = handle_randomize_considered_attr, +#if BUILDING_GCC_VERSION >= 4007 + .affects_type_identity = false +#endif +}; + +static struct attribute_spec randomize_performed_attr = { + .name = "randomize_performed", + // related to args + .min_length = 0, + .max_length = 0, + .decl_required = false, + // need type declaration + .type_required = true, + .function_type_required = false, + .handler = handle_randomize_performed_attr, +#if BUILDING_GCC_VERSION >= 4007 + .affects_type_identity = false +#endif +}; + +static void register_attributes(void *event_data, void *data) +{ + register_attribute(&randomize_layout_attr); + register_attribute(&no_randomize_layout_attr); + register_attribute(&randomize_considered_attr); + register_attribute(&randomize_performed_attr); +} + +static void check_bad_casts_in_constructor(tree var, tree init) +{ + unsigned HOST_WIDE_INT idx; + tree field, val; + tree field_type, val_type; + + FOR_EACH_CONSTRUCTOR_ELT(CONSTRUCTOR_ELTS(init), idx, field, val) { + if (TREE_CODE(val) == CONSTRUCTOR) { + check_bad_casts_in_constructor(var, val); + continue; + } + + /* pipacs' plugin creates franken-arrays that differ from those produced by + normal code which all have valid 'field' trees. work around this */ + if (field == NULL_TREE) + continue; + field_type = TREE_TYPE(field); + val_type = TREE_TYPE(val); + + if (TREE_CODE(field_type) != POINTER_TYPE || TREE_CODE(val_type) != POINTER_TYPE) + continue; + + if (field_type == val_type) + continue; + + field_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(field_type)))); + val_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(val_type)))); + + if (field_type == void_type_node) + continue; + if (field_type == val_type) + continue; + if (TREE_CODE(val_type) != RECORD_TYPE) + continue; + + if (!lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(val_type))) + continue; + MISMATCH(DECL_SOURCE_LOCATION(var), "constructor\n", TYPE_MAIN_VARIANT(field_type), TYPE_MAIN_VARIANT(val_type)); + } +} + +/* derived from the constify plugin */ +static void check_global_variables(void *event_data, void *data) +{ + struct varpool_node *node; + tree init; + + FOR_EACH_VARIABLE(node) { + tree var = NODE_DECL(node); + init = DECL_INITIAL(var); + if (init == NULL_TREE) + continue; + + if (TREE_CODE(init) != CONSTRUCTOR) + continue; + + check_bad_casts_in_constructor(var, init); + } +} + +static bool dominated_by_is_err(const_tree rhs, basic_block bb) +{ + basic_block dom; + gimple dom_stmt; + gimple call_stmt; + const_tree dom_lhs; + const_tree poss_is_err_cond; + const_tree poss_is_err_func; + const_tree is_err_arg; + + dom = get_immediate_dominator(CDI_DOMINATORS, bb); + if (!dom) + return false; + + dom_stmt = last_stmt(dom); + if (!dom_stmt) + return false; + + if (gimple_code(dom_stmt) != GIMPLE_COND) + return false; + + if (gimple_cond_code(dom_stmt) != NE_EXPR) + return false; + + if (!integer_zerop(gimple_cond_rhs(dom_stmt))) + return false; + + poss_is_err_cond = gimple_cond_lhs(dom_stmt); + + if (TREE_CODE(poss_is_err_cond) != SSA_NAME) + return false; + + call_stmt = SSA_NAME_DEF_STMT(poss_is_err_cond); + + if (gimple_code(call_stmt) != GIMPLE_CALL) + return false; + + dom_lhs = gimple_get_lhs(call_stmt); + poss_is_err_func = gimple_call_fndecl(call_stmt); + if (!poss_is_err_func) + return false; + if (dom_lhs != poss_is_err_cond) + return false; + if (strcmp(DECL_NAME_POINTER(poss_is_err_func), "IS_ERR")) + return false; + + is_err_arg = gimple_call_arg(call_stmt, 0); + if (!is_err_arg) + return false; + + if (is_err_arg != rhs) + return false; + + return true; +} + +static void handle_local_var_initializers(void) +{ + tree var; + unsigned int i; + + FOR_EACH_LOCAL_DECL(cfun, i, var) { + tree init = DECL_INITIAL(var); + if (!init) + continue; + if (TREE_CODE(init) != CONSTRUCTOR) + continue; + check_bad_casts_in_constructor(var, init); + } +} + +static bool type_name_eq(gimple stmt, const_tree type_tree, const char *wanted_name) +{ + const char *type_name; + + if (type_tree == NULL_TREE) + return false; + + switch (TREE_CODE(type_tree)) { + case RECORD_TYPE: + type_name = TYPE_NAME_POINTER(type_tree); + break; + case INTEGER_TYPE: + if (TYPE_PRECISION(type_tree) == CHAR_TYPE_SIZE) + type_name = "char"; + else { + INFORM(gimple_location(stmt), "found non-char INTEGER_TYPE cast comparison: %qT\n", type_tree); + debug_tree(type_tree); + return false; + } + break; + case POINTER_TYPE: + if (TREE_CODE(TREE_TYPE(type_tree)) == VOID_TYPE) { + type_name = "void *"; + break; + } else { + INFORM(gimple_location(stmt), "found non-void POINTER_TYPE cast comparison %qT\n", type_tree); + debug_tree(type_tree); + return false; + } + default: + INFORM(gimple_location(stmt), "unhandled cast comparison: %qT\n", type_tree); + debug_tree(type_tree); + return false; + } + + return strcmp(type_name, wanted_name) == 0; +} + +static bool whitelisted_cast(gimple stmt, const_tree lhs_tree, const_tree rhs_tree) +{ + const struct whitelist_entry *entry; + expanded_location xloc = expand_location(gimple_location(stmt)); + + for (entry = whitelist; entry->pathname; entry++) { + if (!strstr(xloc.file, entry->pathname)) + continue; + + if (type_name_eq(stmt, lhs_tree, entry->lhs) && type_name_eq(stmt, rhs_tree, entry->rhs)) + return true; + } + + return false; +} + +/* + * iterate over all statements to find "bad" casts: + * those where the address of the start of a structure is cast + * to a pointer of a structure of a different type, or a + * structure pointer type is cast to a different structure pointer type + */ +static unsigned int find_bad_casts_execute(void) +{ + basic_block bb; + + handle_local_var_initializers(); + + FOR_EACH_BB_FN(bb, cfun) { + gimple_stmt_iterator gsi; + + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { + gimple stmt; + const_tree lhs; + const_tree lhs_type; + const_tree rhs1; + const_tree rhs_type; + const_tree ptr_lhs_type; + const_tree ptr_rhs_type; + const_tree op0; + const_tree op0_type; + enum tree_code rhs_code; + + stmt = gsi_stmt(gsi); + +#ifdef __DEBUG_PLUGIN +#ifdef __DEBUG_VERBOSE + debug_gimple_stmt(stmt); + debug_tree(gimple_get_lhs(stmt)); +#endif +#endif + + if (gimple_code(stmt) != GIMPLE_ASSIGN) + continue; + +#ifdef __DEBUG_PLUGIN +#ifdef __DEBUG_VERBOSE + debug_tree(gimple_assign_rhs1(stmt)); +#endif +#endif + + + rhs_code = gimple_assign_rhs_code(stmt); + + if (rhs_code != ADDR_EXPR && rhs_code != SSA_NAME) + continue; + + lhs = gimple_get_lhs(stmt); + lhs_type = TREE_TYPE(lhs); + rhs1 = gimple_assign_rhs1(stmt); + rhs_type = TREE_TYPE(rhs1); + + if (TREE_CODE(rhs_type) != POINTER_TYPE || + TREE_CODE(lhs_type) != POINTER_TYPE) + continue; + + ptr_lhs_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(lhs_type)))); + ptr_rhs_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(rhs_type)))); + + if (ptr_rhs_type == void_type_node) + continue; + + if (ptr_lhs_type == void_type_node) + continue; + + if (dominated_by_is_err(rhs1, bb)) + continue; + + if (TREE_CODE(ptr_rhs_type) != RECORD_TYPE) { +#ifndef __DEBUG_PLUGIN + if (lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(ptr_lhs_type))) +#endif + { + if (!whitelisted_cast(stmt, ptr_lhs_type, ptr_rhs_type)) + MISMATCH(gimple_location(stmt), "rhs", ptr_lhs_type, ptr_rhs_type); + } + continue; + } + + if (rhs_code == SSA_NAME && ptr_lhs_type == ptr_rhs_type) + continue; + + if (rhs_code == ADDR_EXPR) { + op0 = TREE_OPERAND(rhs1, 0); + + if (op0 == NULL_TREE) + continue; + + if (TREE_CODE(op0) != VAR_DECL) + continue; + + op0_type = TYPE_MAIN_VARIANT(strip_array_types(TYPE_MAIN_VARIANT(TREE_TYPE(op0)))); + if (op0_type == ptr_lhs_type) + continue; + +#ifndef __DEBUG_PLUGIN + if (lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(op0_type))) +#endif + { + if (!whitelisted_cast(stmt, ptr_lhs_type, op0_type)) + MISMATCH(gimple_location(stmt), "op0", ptr_lhs_type, op0_type); + } + } else { + const_tree ssa_name_var = SSA_NAME_VAR(rhs1); + /* skip bogus type casts introduced by container_of */ + if (ssa_name_var != NULL_TREE && DECL_NAME(ssa_name_var) && + !strcmp((const char *)DECL_NAME_POINTER(ssa_name_var), "__mptr")) + continue; +#ifndef __DEBUG_PLUGIN + if (lookup_attribute("randomize_performed", TYPE_ATTRIBUTES(ptr_rhs_type))) +#endif + { + if (!whitelisted_cast(stmt, ptr_lhs_type, ptr_rhs_type)) + MISMATCH(gimple_location(stmt), "ssa", ptr_lhs_type, ptr_rhs_type); + } + } + + } + } + return 0; +} + +#define PASS_NAME find_bad_casts +#define NO_GATE +#define TODO_FLAGS_FINISH TODO_dump_func +#include "gcc-generate-gimple-pass.h" + +__visible int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) +{ + int i; + const char * const plugin_name = plugin_info->base_name; + const int argc = plugin_info->argc; + const struct plugin_argument * const argv = plugin_info->argv; + bool enable = true; + int obtained_seed = 0; + struct register_pass_info find_bad_casts_pass_info; + + find_bad_casts_pass_info.pass = make_find_bad_casts_pass(); + find_bad_casts_pass_info.reference_pass_name = "ssa"; + find_bad_casts_pass_info.ref_pass_instance_number = 1; + find_bad_casts_pass_info.pos_op = PASS_POS_INSERT_AFTER; + + if (!plugin_default_version_check(version, &gcc_version)) { + error(G_("incompatible gcc/plugin versions")); + return 1; + } + + if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) { + inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name); + enable = false; + } + + for (i = 0; i < argc; ++i) { + if (!strcmp(argv[i].key, "disable")) { + enable = false; + continue; + } + if (!strcmp(argv[i].key, "performance-mode")) { + performance_mode = 1; + continue; + } + error(G_("unknown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); + } + + if (strlen(randstruct_seed) != 64) { + error(G_("invalid seed value supplied for %s plugin"), plugin_name); + return 1; + } + obtained_seed = sscanf(randstruct_seed, "%016llx%016llx%016llx%016llx", + &shuffle_seed[0], &shuffle_seed[1], &shuffle_seed[2], &shuffle_seed[3]); + if (obtained_seed != 4) { + error(G_("Invalid seed supplied for %s plugin"), plugin_name); + return 1; + } + + register_callback(plugin_name, PLUGIN_INFO, NULL, &randomize_layout_plugin_info); + if (enable) { + register_callback(plugin_name, PLUGIN_ALL_IPA_PASSES_START, check_global_variables, NULL); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &find_bad_casts_pass_info); + register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL); + register_callback(plugin_name, PLUGIN_FINISH_DECL, randomize_layout_finish_decl, NULL); + } + register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL); + + return 0; +} -- cgit v1.2.3 From fd466e068e5adef5922b76f24374c96ba01faaa2 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 4 Apr 2017 16:50:45 -0700 Subject: randstruct: Whitelist struct security_hook_heads cast MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The LSM initialization routines walk security_hook_heads as an array of struct list_head instead of via names to avoid a ton of needless source. Whitelist this to avoid the false positive warning from the plugin: security/security.c: In function ‘security_init’: security/security.c:59:20: note: found mismatched op0 struct pointer types: ‘struct list_head’ and ‘struct security_hook_heads’ struct list_head *list = (struct list_head *) &security_hook_heads; ^ Cc: Tetsuo Handa Cc: James Morris Signed-off-by: Kees Cook --- scripts/gcc-plugins/randomize_layout_plugin.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'scripts') diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index e1d1ba28739f..dc0df3765a8f 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -46,6 +46,8 @@ struct whitelist_entry { }; static const struct whitelist_entry whitelist[] = { + /* walk struct security_hook_heads as an array of struct list_head */ + { "security/security.c", "list_head", "security_hook_heads" }, { } }; -- cgit v1.2.3 From b07b65846ba33a4deba03eb6e39043c8bc70903b Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Tue, 4 Apr 2017 21:35:22 -0700 Subject: randstruct: Whitelist UNIXCB cast MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is another false positive in bad cast detection: net/unix/af_unix.c: In function ‘unix_skb_scm_eq’: net/unix/af_unix.c:1621:31: note: found mismatched rhs struct pointer types: ‘struct unix_skb_parms’ and ‘char’ const struct unix_skb_parms *u = &UNIXCB(skb); ^ UNIXCB is: #define UNIXCB(skb) (*(struct unix_skb_parms *)&((skb)->cb)) And ->cb is: char cb[48] __aligned(8); This is a rather crazy cast, but appears to be safe in the face of randomization, so whitelist it in the plugin. Cc: Hannes Frederic Sowa Cc: David S. Miller Signed-off-by: Kees Cook --- scripts/gcc-plugins/randomize_layout_plugin.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'scripts') diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index dc0df3765a8f..2e710bf29699 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -46,6 +46,8 @@ struct whitelist_entry { }; static const struct whitelist_entry whitelist[] = { + /* unix_skb_parms via UNIXCB() buffer */ + { "net/unix/af_unix.c", "unix_skb_parms", "char" }, /* walk struct security_hook_heads as an array of struct list_head */ { "security/security.c", "list_head", "security_hook_heads" }, { } -- cgit v1.2.3 From 802762cdfff256b6bf3fdb624ac2c56ec043c4f0 Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Thu, 25 May 2017 21:40:22 -0700 Subject: randstruct: Whitelist big_key path struct overloading MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The big_key payload structure intentionally stores a struct path in two void pointers to avoid header soup. Whitelist this case: security/keys/big_key.c: In function ‘big_key_read’: security/keys/big_key.c:293:16: note: found mismatched rhs struct pointer types: ‘struct path’ and ‘void *’ struct path *path = (struct path *)&key->payload.data[big_key_path]; ^~~~ Cc: David Howells Signed-off-by: Kees Cook --- scripts/gcc-plugins/randomize_layout_plugin.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'scripts') diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index 2e710bf29699..c07818dac401 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -48,6 +48,8 @@ struct whitelist_entry { static const struct whitelist_entry whitelist[] = { /* unix_skb_parms via UNIXCB() buffer */ { "net/unix/af_unix.c", "unix_skb_parms", "char" }, + /* big_key payload.data struct splashing */ + { "security/keys/big_key.c", "path", "void *" }, /* walk struct security_hook_heads as an array of struct list_head */ { "security/security.c", "list_head", "security_hook_heads" }, { } -- cgit v1.2.3 From 1854c19cae0d108637c40f90ee0bb9b7c1adbc0a Mon Sep 17 00:00:00 2001 From: Kees Cook Date: Thu, 25 May 2017 21:44:38 -0700 Subject: randstruct: Whitelist NIU struct page overloading MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The NIU ethernet driver intentionally stores a page struct pointer on top of the "mapping" field. Whitelist this case: drivers/net/ethernet/sun/niu.c: In function ‘niu_rx_pkt_ignore’: drivers/net/ethernet/sun/niu.c:3402:10: note: found mismatched ssa struct pointer types: ‘struct page’ and ‘struct address_space’ *link = (struct page *) page->mapping; ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cc: David S. Miller Signed-off-by: Kees Cook --- scripts/gcc-plugins/randomize_layout_plugin.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'scripts') diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index c07818dac401..cdaac8c66734 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -46,6 +46,8 @@ struct whitelist_entry { }; static const struct whitelist_entry whitelist[] = { + /* NIU overloads mapping with page struct */ + { "drivers/net/ethernet/sun/niu.c", "page", "address_space" }, /* unix_skb_parms via UNIXCB() buffer */ { "net/unix/af_unix.c", "unix_skb_parms", "char" }, /* big_key payload.data struct splashing */ -- cgit v1.2.3 From 52b3f239bb692d9b3a68461798fb15c011e4108e Mon Sep 17 00:00:00 2001 From: Jonathan Corbet Date: Fri, 23 Jun 2017 14:17:38 -0600 Subject: Docs: clean up some DocBook loose ends There were a few bits and pieces left over from the now-disused DocBook toolchain; git rid of them. Reported-by: Markus Heiser Signed-off-by: Jonathan Corbet --- scripts/.gitignore | 1 - scripts/Makefile | 7 +- scripts/docproc.c | 681 --------------------------------------------- scripts/kernel-doc-xml-ref | 198 ------------- 4 files changed, 2 insertions(+), 885 deletions(-) delete mode 100644 scripts/docproc.c delete mode 100755 scripts/kernel-doc-xml-ref (limited to 'scripts') diff --git a/scripts/.gitignore b/scripts/.gitignore index e063daa3ec4a..0442c06eefcb 100644 --- a/scripts/.gitignore +++ b/scripts/.gitignore @@ -7,7 +7,6 @@ pnmtologo unifdef ihex2fw recordmcount -docproc check-lc_ctype sortextable asn1_compiler diff --git a/scripts/Makefile b/scripts/Makefile index 55550e4141c4..c06f4997d700 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -6,7 +6,6 @@ # pnmttologo: Convert pnm files to logo files # conmakehash: Create chartable # conmakehash: Create arrays for initializing the kernel console tables -# docproc: Used in Documentation/ HOST_EXTRACFLAGS += -I$(srctree)/tools/include @@ -28,14 +27,12 @@ HOSTLOADLIBES_extract-c