[v3,2/2] x86/purgatory: use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS

KBUILD_CFLAGS is very carefully built up in the top level Makefile,
particularly when cross compiling or using different build tools.
Resetting KBUILD_CFLAGS via := assignment is an antipattern.

The comment above the reset mentions that -pg is problematic.  Other
Makefiles use `CFLAGS_REMOVE_file.o = $(CC_FLAGS_FTRACE)` when
CONFIG_FUNCTION_TRACER is set. Prefer that pattern to wiping out all of
the important KBUILD_CFLAGS then manually having to re-add them. Seems
also that __stack_chk_fail references are generated when using
CONFIG_STACKPROTECTOR or CONFIG_STACKPROTECTOR_STRONG.

Cc: stable@vger.kernel.org
Fixes: 8fc5b4d4121c ("purgatory: core purgatory functionality")
Reported-by: Vaibhav Rustagi <vaibhavrustagi@google.com>
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>

---
Alternatively, we could put these in all in one variable and remove it
without any conditional checks (I think that's ok to do so with
CFLAGS_REMOVE).

Changes v2 -> v3:
* Prefer $(CC_FLAGS_FTRACE) which is exported to -pg.
* Also check CONFIG_STACKPROTECTOR and CONFIG_STACKPROTECTOR_STRONG.
* Cc stable.
Changes v1 -> v2:
Rather than manually add -mno-sse, -mno-mmx, -mno-sse2, prefer to filter
-pg flags.

 arch/x86/purgatory/Makefile | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

-- 
2.22.0.709.g102302147b-goog

On Tue, 23 Jul 2019, Nick Desaulniers wrote:
> +ifdef CONFIG_FUNCTION_TRACER

> +CFLAGS_REMOVE_sha256.o += $(CC_FLAGS_FTRACE)

> +CFLAGS_REMOVE_purgatory.o += $(CC_FLAGS_FTRACE)

> +CFLAGS_REMOVE_string.o += $(CC_FLAGS_FTRACE)

> +CFLAGS_REMOVE_kexec-purgatory.o += $(CC_FLAGS_FTRACE)


Nit. Can you please make that tabular?

CFLAGS_REMOVE_sha256.o		+= $(CC_FLAGS_FTRACE)
CFLAGS_REMOVE_purgatory.o	+= $(CC_FLAGS_FTRACE)
CFLAGS_REMOVE_string.o		+= $(CC_FLAGS_FTRACE)
CFLAGS_REMOVE_kexec-purgatory.o	+= $(CC_FLAGS_FTRACE)

The above confused my pattern recognition engine :)

Thanks,

	tglx

On Tue, Jul 23, 2019 at 2:24 PM Nick Desaulniers
<ndesaulniers@google.com> wrote:
>

> KBUILD_CFLAGS is very carefully built up in the top level Makefile,

> particularly when cross compiling or using different build tools.

> Resetting KBUILD_CFLAGS via := assignment is an antipattern.

>

> The comment above the reset mentions that -pg is problematic.  Other

> Makefiles use `CFLAGS_REMOVE_file.o = $(CC_FLAGS_FTRACE)` when

> CONFIG_FUNCTION_TRACER is set. Prefer that pattern to wiping out all of

> the important KBUILD_CFLAGS then manually having to re-add them. Seems

> also that __stack_chk_fail references are generated when using

> CONFIG_STACKPROTECTOR or CONFIG_STACKPROTECTOR_STRONG.

>

> Cc: stable@vger.kernel.org

> Fixes: 8fc5b4d4121c ("purgatory: core purgatory functionality")

> Reported-by: Vaibhav Rustagi <vaibhavrustagi@google.com>

> Suggested-by: Peter Zijlstra <peterz@infradead.org>

> Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>

> ---

> Alternatively, we could put these in all in one variable and remove it

> without any conditional checks (I think that's ok to do so with

> CFLAGS_REMOVE).

>

> Changes v2 -> v3:

> * Prefer $(CC_FLAGS_FTRACE) which is exported to -pg.

> * Also check CONFIG_STACKPROTECTOR and CONFIG_STACKPROTECTOR_STRONG.

> * Cc stable.

> Changes v1 -> v2:

> Rather than manually add -mno-sse, -mno-mmx, -mno-sse2, prefer to filter

> -pg flags.

>

>  arch/x86/purgatory/Makefile | 26 +++++++++++++++++++++-----

>  1 file changed, 21 insertions(+), 5 deletions(-)

>

> diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile

> index 91ef244026d2..6ef0ced59b9c 100644

> --- a/arch/x86/purgatory/Makefile

> +++ b/arch/x86/purgatory/Makefile

> @@ -20,11 +20,27 @@ KCOV_INSTRUMENT := n

>

>  # Default KBUILD_CFLAGS can have -pg option set when FTRACE is enabled. That

>  # in turn leaves some undefined symbols like __fentry__ in purgatory and not

> -# sure how to relocate those. Like kexec-tools, use custom flags.

> -

> -KBUILD_CFLAGS := -fno-strict-aliasing -Wall -Wstrict-prototypes -fno-zero-initialized-in-bss -fno-builtin -ffreestanding -c -Os -mcmodel=large

> -KBUILD_CFLAGS += -m$(BITS)

> -KBUILD_CFLAGS += $(call cc-option,-fno-PIE)

> +# sure how to relocate those.

> +ifdef CONFIG_FUNCTION_TRACER

> +CFLAGS_REMOVE_sha256.o += $(CC_FLAGS_FTRACE)

> +CFLAGS_REMOVE_purgatory.o += $(CC_FLAGS_FTRACE)

> +CFLAGS_REMOVE_string.o += $(CC_FLAGS_FTRACE)

> +CFLAGS_REMOVE_kexec-purgatory.o += $(CC_FLAGS_FTRACE)

> +endif

> +

> +ifdef CONFIG_STACKPROTECTOR

> +CFLAGS_REMOVE_sha256.o += -fstack-protector

> +CFLAGS_REMOVE_purgatory.o += -fstack-protector

> +CFLAGS_REMOVE_string.o += -fstack-protector

> +CFLAGS_REMOVE_kexec-purgatory.o += -fstack-protector

> +endif

> +

> +ifdef CONFIG_STACKPROTECTOR_STRONG

> +CFLAGS_REMOVE_sha256.o += -fstack-protector-strong

> +CFLAGS_REMOVE_purgatory.o += -fstack-protector-strong

> +CFLAGS_REMOVE_string.o += -fstack-protector-strong

> +CFLAGS_REMOVE_kexec-purgatory.o += -fstack-protector-strong

> +endif

>

>  $(obj)/purgatory.ro: $(PURGATORY_OBJS) FORCE

>                 $(call if_changed,ld)

> --

> 2.22.0.709.g102302147b-goog

>


Tested-by: Vaibhav Rustagi <vaibhavrustagi@google.com>


I tested the v3 patch series with clang compiled kernel for below
scenarios:

1. kexec'ing into a new kernel.
2. Purposely crashing the running kernel to generate kdump logs.

Thanks,
Vaibhav