Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 0bcaaee19dc2338751705a83126cec40a1b8a2e8^! / . / core / build / linux_kernel / kbuild-add--fcf-protection-none-to-retpoline-flags.patch
commit0bcaaee19dc2338751705a83126cec40a1b8a2e8[log] [tgz]
authorLorenz Brun <lorenz@brun.one>Wed Nov 06 12:42:39 2019 +0100
committerLorenz Brun <lorenz@brun.one>Wed Nov 06 12:42:39 2019 +0100
tree00b3015ea5085c7a66aa8f27cd71e750a8745bf2
parentf08704a6a47e9a0cdbf7b9173c24f2f8eca581d5 [diff] [blame]
Build core with separate initramfs

Build the initramfs separately and include it via mkimage. Also includes
a patch to the kernel which adds support for hardcoded cmdline
to the Linux efistub.

This lowers build times by a lot, for normal changes they are now
below 5s

Test Plan: Ran `bazel run //core/scripts:launch`

X-Origin-Diff: phab/D245
GitOrigin-RevId: 206c7c5c979c10ffd25c36dfefd8b9290a6a3f43

diff --git a/core/build/linux_kernel/kbuild-add--fcf-protection-none-to-retpoline-flags.patch b/core/build/linux_kernel/kbuild-add--fcf-protection-none-to-retpoline-flags.patch
new file mode 100644
index 0000000..23f8920
--- /dev/null
+++ b/core/build/linux_kernel/kbuild-add--fcf-protection-none-to-retpoline-flags.patch

@@ -0,0 +1,126 @@
+Copyright 2020 The Monogon Project Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+From patchwork Tue Jul  9 18:49:19 2019
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+X-Patchwork-Submitter: Seth Forshee <seth.forshee@canonical.com>
+X-Patchwork-Id: 11037379
+Return-Path: <linux-kbuild-owner@kernel.org>
+Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
+ [172.30.200.125])
+	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EFE1413A4
+	for <patchwork-linux-kbuild@patchwork.kernel.org>;
+ Tue,  9 Jul 2019 18:49:26 +0000 (UTC)
+Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
+	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D0B0528871
+	for <patchwork-linux-kbuild@patchwork.kernel.org>;
+ Tue,  9 Jul 2019 18:49:26 +0000 (UTC)
+Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
+	id C0AE028874; Tue,  9 Jul 2019 18:49:26 +0000 (UTC)
+X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
+	pdx-wl-mail.web.codeaurora.org
+X-Spam-Level: 
+X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI,
+	RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
+Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
+	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5F01228871
+	for <patchwork-linux-kbuild@patchwork.kernel.org>;
+ Tue,  9 Jul 2019 18:49:26 +0000 (UTC)
+Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
+        id S1727063AbfGIStZ (ORCPT
+        <rfc822;patchwork-linux-kbuild@patchwork.kernel.org>);
+        Tue, 9 Jul 2019 14:49:25 -0400
+Received: from youngberry.canonical.com ([91.189.89.112]:56934 "EHLO
+        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
+        with ESMTP id S1726133AbfGIStY (ORCPT
+        <rfc822;linux-kbuild@vger.kernel.org>);
+        Tue, 9 Jul 2019 14:49:24 -0400
+Received: from mail-io1-f69.google.com ([209.85.166.69])
+        by youngberry.canonical.com with esmtps
+ (TLS1.0:RSA_AES_128_CBC_SHA1:16)
+        (Exim 4.76)
+        (envelope-from <seth.forshee@canonical.com>)
+        id 1hkvB4-0006CP-8Q
+        for linux-kbuild@vger.kernel.org; Tue, 09 Jul 2019 18:49:22 +0000
+Received: by mail-io1-f69.google.com with SMTP id f22so24034402ioj.9
+        for <linux-kbuild@vger.kernel.org>;
+ Tue, 09 Jul 2019 11:49:22 -0700 (PDT)
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+        d=1e100.net; s=20161025;
+        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
+         :content-transfer-encoding;
+        bh=PxPSNMyhSc6n3DVu8+8initQj1WYg71cqa7Dt37YRsc=;
+        b=qHbylZ43xDRjDzcyh6+tvI1FHfj4WWHEfu1q+lcIS5ZnHVkD+Kbs8AvvnQbbzxW/NR
+         G5bnmNRaECN8JpHIl04cEI7ac7X80G/RsTvZqaUhHIcipFo9G//4rbS6wNQXfykAT3s5
+         4Hisn0RwUl/P8ih0rv6GpSKQ42sePwKiFDn1OB/IA5yfeRnBdMX/Yz9fa8WZw5WcyKrx
+         QbHW2Sbh4a+KtOUdW4077l90jaFdGYK0jCi2cbxYZaLaUqlGp7sGOdeCkL0kH04J5Xc+
+         OBSB1sPYyMeJnzD9zgEyFrWZhVqRzutyx8+h6ED5lutxRxcUrJZTcN0t92zjaT7PUK3M
+         6+Cw==
+X-Gm-Message-State: APjAAAV4mJS0j+NGxACnw/Q7oaf1hS+0yO8jvXFLrfIEZr2fl43yGiC5
+        iqZe/xI2zc/WW4hGVu4k4R0nB7XEWLM7muvOK/0zpYsskk7IUOTlyEDFjiMgPSrKYhwVIEpUEAr
+        Rt4W8ClWJWmC7rMIlFISjq8AY8E7Vj6mrgybzttx8sg==
+X-Received: by 2002:a02:cc50:: with SMTP id i16mr3728956jaq.50.1562698161275;
+        Tue, 09 Jul 2019 11:49:21 -0700 (PDT)
+X-Google-Smtp-Source: 
+ APXvYqww71No87FKb3rA8fwT+GlZqF9MtRtPIDfWtG04OMqHpUZRPq3+YiRqWPLQiJMSyPtIx7hDRg==
+X-Received: by 2002:a02:cc50:: with SMTP id i16mr3728928jaq.50.1562698160978;
+        Tue, 09 Jul 2019 11:49:20 -0700 (PDT)
+Received: from localhost ([2605:a601:ac2:fb20:b0e0:a018:77ee:9817])
+        by smtp.gmail.com with ESMTPSA id
+ n17sm20052182iog.63.2019.07.09.11.49.20
+        (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
+        Tue, 09 Jul 2019 11:49:20 -0700 (PDT)
+From: Seth Forshee <seth.forshee@canonical.com>
+To: Masahiro Yamada <yamada.masahiro@socionext.com>,
+        Michal Marek <michal.lkml@markovi.net>
+Cc: linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org
+Subject: [PATCH] kbuild: add -fcf-protection=none to retpoline flags
+Date: Tue,  9 Jul 2019 13:49:19 -0500
+Message-Id: <20190709184919.20178-1-seth.forshee@canonical.com>
+X-Mailer: git-send-email 2.20.1
+MIME-Version: 1.0
+Sender: linux-kbuild-owner@vger.kernel.org
+Precedence: bulk
+List-ID: <linux-kbuild.vger.kernel.org>
+X-Mailing-List: linux-kbuild@vger.kernel.org
+X-Virus-Scanned: ClamAV using ClamSMTP
+
+-mindirect-branch and -fcf-protection are not compatible, and
+so kernel builds fail with a gcc build where -fcf-protection is
+enabled by default. Add -fcf-protection=none to the retpoline
+flags to fix this.
+
+Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
+---
+ Makefile | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/Makefile b/Makefile
+index 3e4868a6498b..050f11d19777 100644
+--- a/Makefile
++++ b/Makefile
+@@ -636,6 +636,10 @@ RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk
+ RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline
+ RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG)))
+ RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG)))
++# -mindirect-branch is incompatible with -fcf-protection, so ensure the
++# latter is disabled
++RETPOLINE_CFLAGS += $(call cc-option,-fcf-protection=none,)
++RETPOLINE_VDSO_CFLAGS += $(call cc-option,-fcf-protection=none,)
+ export RETPOLINE_CFLAGS
+ export RETPOLINE_VDSO_CFLAGS
+