[UNSTABLE][PATCH 5/5] UBUNTU: [Packaging] Remove all custom retpoline-extract code
Dimitri John Ledkov
dimitri.ledkov at canonical.com
Thu Dec 14 12:49:40 UTC 2023
BugLink: https://bugs.launchpad.net/bugs/2046440
Now that retpoline & SLS mitigration checks are enforced during build
via objtool patch, drop all custom retpoline packaging, abi files, and
checks.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
---
debian.master/abi/amd64/generic.retpoline | 1 -
debian.master/abi/arm64/generic-64k.retpoline | 1 -
debian.master/abi/arm64/generic.retpoline | 1 -
debian.master/abi/armhf/generic.retpoline | 1 -
debian.master/abi/ppc64el/generic.retpoline | 1 -
debian.master/abi/riscv64/generic.retpoline | 0
debian.master/abi/riscv64/ignore.retpoline | 1 -
debian.master/abi/s390x/generic.retpoline | 1 -
debian/rules | 6 +-
debian/rules.d/2-binary-arch.mk | 15 -
debian/rules.d/4-checks.mk | 8 +-
debian/scripts/checks/final-checks | 7 -
debian/scripts/checks/retpoline-check | 52 ----
debian/scripts/dkms-build | 2 +-
debian/scripts/dkms-build--nvidia-N | 7 +-
debian/scripts/helpers/open | 3 +-
debian/scripts/misc/getabis | 7 +-
debian/scripts/retpoline-extract | 23 --
debian/scripts/retpoline-extract-one | 270 ------------------
snapcraft.yaml | 4 -
20 files changed, 8 insertions(+), 403 deletions(-)
delete mode 100644 debian.master/abi/amd64/generic.retpoline
delete mode 100644 debian.master/abi/arm64/generic-64k.retpoline
delete mode 100644 debian.master/abi/arm64/generic.retpoline
delete mode 100644 debian.master/abi/armhf/generic.retpoline
delete mode 100644 debian.master/abi/ppc64el/generic.retpoline
delete mode 100644 debian.master/abi/riscv64/generic.retpoline
delete mode 100644 debian.master/abi/riscv64/ignore.retpoline
delete mode 100644 debian.master/abi/s390x/generic.retpoline
delete mode 100755 debian/scripts/checks/retpoline-check
delete mode 100755 debian/scripts/retpoline-extract
delete mode 100755 debian/scripts/retpoline-extract-one
diff --git a/debian.master/abi/amd64/generic.retpoline b/debian.master/abi/amd64/generic.retpoline
deleted file mode 100644
index 945dc3fef7..0000000000
--- a/debian.master/abi/amd64/generic.retpoline
+++ /dev/null
@@ -1 +0,0 @@
-# retpoline v1.0
diff --git a/debian.master/abi/arm64/generic-64k.retpoline b/debian.master/abi/arm64/generic-64k.retpoline
deleted file mode 100644
index 7f959eb917..0000000000
--- a/debian.master/abi/arm64/generic-64k.retpoline
+++ /dev/null
@@ -1 +0,0 @@
-# RETPOLINE NOT ENABLED
diff --git a/debian.master/abi/arm64/generic.retpoline b/debian.master/abi/arm64/generic.retpoline
deleted file mode 100644
index 7f959eb917..0000000000
--- a/debian.master/abi/arm64/generic.retpoline
+++ /dev/null
@@ -1 +0,0 @@
-# RETPOLINE NOT ENABLED
diff --git a/debian.master/abi/armhf/generic.retpoline b/debian.master/abi/armhf/generic.retpoline
deleted file mode 100644
index 7f959eb917..0000000000
--- a/debian.master/abi/armhf/generic.retpoline
+++ /dev/null
@@ -1 +0,0 @@
-# RETPOLINE NOT ENABLED
diff --git a/debian.master/abi/ppc64el/generic.retpoline b/debian.master/abi/ppc64el/generic.retpoline
deleted file mode 100644
index 7f959eb917..0000000000
--- a/debian.master/abi/ppc64el/generic.retpoline
+++ /dev/null
@@ -1 +0,0 @@
-# RETPOLINE NOT ENABLED
diff --git a/debian.master/abi/riscv64/generic.retpoline b/debian.master/abi/riscv64/generic.retpoline
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/debian.master/abi/riscv64/ignore.retpoline b/debian.master/abi/riscv64/ignore.retpoline
deleted file mode 100644
index d00491fd7e..0000000000
--- a/debian.master/abi/riscv64/ignore.retpoline
+++ /dev/null
@@ -1 +0,0 @@
-1
diff --git a/debian.master/abi/s390x/generic.retpoline b/debian.master/abi/s390x/generic.retpoline
deleted file mode 100644
index 7f959eb917..0000000000
--- a/debian.master/abi/s390x/generic.retpoline
+++ /dev/null
@@ -1 +0,0 @@
-# RETPOLINE NOT ENABLED
diff --git a/debian/rules b/debian/rules
index b4b5678af5..8b43928900 100755
--- a/debian/rules
+++ b/debian/rules
@@ -146,9 +146,6 @@ clean: debian/control debian/canonical-certs.pem debian/canonical-revoked-certs.
# Install the copyright information.
cp $(DEBIAN)/copyright debian/copyright
- # Install the retpoline extractor.
- cp $(DROOT)/scripts/retpoline-extract-one scripts/ubuntu-retpoline-extract-one
-
# If we have a reconstruct script use it.
[ -f $(DEBIAN)/reconstruct ] && bash $(DEBIAN)/reconstruct || true
@@ -159,8 +156,7 @@ clean: debian/control debian/canonical-certs.pem debian/canonical-revoked-certs.
.PHONY: distclean
distclean: clean
rm -rf $(DROOT)/control debian/changelog \
- debian/control debian/control.stub debian/copyright \
- scripts/ubuntu-retpoline-extract-one
+ debian/control debian/control.stub debian/copyright
# Builds the image, arch headers and debug packages
include $(DROOT)/rules.d/2-binary-arch.mk
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index f0478c9198..510103d1b5 100644
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -281,8 +281,6 @@ endif
grep '^HOSTCC .*$(gcc)$$' $(hdrdir)/Makefile
grep '^CC .*$(gcc)$$' $(hdrdir)/Makefile
rm -rf $(hdrdir)/include2 $(hdrdir)/source
- # We do not need the retpoline information.
- find $(hdrdir) -name \*.o.ur-\* -exec rm -f {} \;
# Copy over the compilation version.
cp "$(builddir)/build-$*/include/generated/compile.h" \
"$(hdrdir)/include/generated/compile.h"
@@ -301,8 +299,6 @@ ifeq ($(build_arch),s390)
endif
# Copy over scripts/module.lds for building external modules
cp $(builddir)/build-$*/scripts/module.lds $(hdrdir)/scripts
- # Copy over the new retpoline extractor.
- cp scripts/ubuntu-retpoline-extract-one $(hdrdir)/scripts
# Script to symlink everything up
$(SHELL) $(DROOT)/scripts/link-headers "$(hdrdir)" "$(indeppkg)" "$*"
# The build symlink
@@ -461,15 +457,6 @@ endif
print "" \
}' | sort -u >$(abidir)/$*.compiler
- # Build the final ABI retpoline information.
- if grep -q CONFIG_RETPOLINE=y $(builddir)/build-$*/.config; then \
- echo "# retpoline v1.0" >$(abidir)/$*.retpoline; \
- $(SHELL) $(DROOT)/scripts/retpoline-extract $(builddir)/build-$* $(CURDIR) | \
- sort >>$(abidir)/$*.retpoline; \
- else \
- echo "# RETPOLINE NOT ENABLED" >$(abidir)/$*.retpoline; \
- fi
-
# Build the buildinfo package content.
install -d $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*
install -m644 $(builddir)/build-$*/.config \
@@ -480,8 +467,6 @@ endif
$(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/modules
install -m644 $(abidir)/$*.fwinfo \
$(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/fwinfo
- install -m644 $(abidir)/$*.retpoline \
- $(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/retpoline
install -m644 $(abidir)/$*.compiler \
$(pkgdir_bldinfo)/usr/lib/linux/$(abi_release)-$*/compiler
if [ -f $(abidir)/$*.modules.builtin ] ; then \
diff --git a/debian/rules.d/4-checks.mk b/debian/rules.d/4-checks.mk
index 34b343189d..6e2d4f8524 100644
--- a/debian/rules.d/4-checks.mk
+++ b/debian/rules.d/4-checks.mk
@@ -18,13 +18,7 @@ module-signature-check-%: $(stampdir)/stamp-install-%
"$(DROOT)/$(mods_extra_pkg_name)-$*" \
$(do_skip_checks)
-# Check the reptoline jmp/call functions against the last release.
-retpoline-check-%: $(stampdir)/stamp-install-%
- @echo Debug: $@
- $(DROOT)/scripts/checks/retpoline-check "$*" \
- "$(prev_abidir)" "$(abidir)" $(do_skip_checks)
-
-checks-%: module-check-% module-signature-check-% abi-check-% retpoline-check-%
+checks-%: module-check-% module-signature-check-% abi-check-%
@echo Debug: $@
# Check the config against the known options list.
diff --git a/debian/scripts/checks/final-checks b/debian/scripts/checks/final-checks
index 37067f90be..4602cb5c34 100755
--- a/debian/scripts/checks/final-checks
+++ b/debian/scripts/checks/final-checks
@@ -40,13 +40,6 @@ abi_check()
then
failure "$arch/$flavour ABI modules file missing"
fi
-
- if [ ! -f "$abidir/$flavour.retpoline" ] && \
- [ ! -f "$abidir/$flavour.ignore.retpoline" ] && \
- [ ! -f "$abidir/ignore.retpoline" ]
- then
- failure "$arch/$flavour ABI retpoline file missing"
- fi
}
abi_version="$debian/abi/version"
diff --git a/debian/scripts/checks/retpoline-check b/debian/scripts/checks/retpoline-check
deleted file mode 100755
index 5a0f870a74..0000000000
--- a/debian/scripts/checks/retpoline-check
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/bash
-
-flavour="$1"
-prev_abidir="$2"
-curr_abidir="$3"
-
-skipretpoline=${4:-}
-case "${skipretpoline,,}" in
- 1|true|yes) skipretpoline=true ;;
- *) skipretpoline=false ;;
-esac
-
-echo "II: Checking retpoline indirections for $flavour...";
-
-if [ "$skipretpoline" = 'true' ]; then
- echo "manual request ignoring retpoline delta"
-fi
-
-if [ -f "$prev_abidir/ignore.retpoline" -o \
- -f "$prev_abidir/$flavour.ignore.retpoline" ]; then
- echo "explicitly ignoring retpoline delta"
- skipretpoline='true'
-fi
-
-prev="$prev_abidir/$flavour.retpoline"
-curr="$curr_abidir/$flavour.retpoline"
-if [ ! -f "$prev" ]; then
- echo "previous retpoline file missing!"
- echo " $prev"
- prev="/dev/null"
-fi
-if [ ! -f "$curr" ]; then
- echo "current retpoline file missing!"
- echo " $curr"
- curr="/dev/null"
-fi
-
-echo "II: retpoline delta in this package..."
-rc=0
-diff -u "$prev" "$curr" || true
-count=$( diff -u "$prev" "$curr" | grep '^+[^+]' | wc -l )
-if [ "$count" != 0 ]; then
- rc=1
- echo "WW: $count new retpoline sequences detected"
-fi
-
-echo "II: Done";
-if [ "$skipretpoline" = 'true' -a "$rc" -ne 0 ]; then
- echo "II: ignoring errors"
- exit 0
-fi
-exit "$rc"
diff --git a/debian/scripts/dkms-build b/debian/scripts/dkms-build
index f85a6557a8..de97466d58 100755
--- a/debian/scripts/dkms-build
+++ b/debian/scripts/dkms-build
@@ -144,7 +144,7 @@ shift 2
# Copy the objects.
echo "II: copying objects to '$to'"
mkdir -p "$to"
-(cd "$from" && find -name \*.o -o -name \*.o.ur-\* -o -name \*.mod | cpio -Lpd "$to")
+(cd "$from" && find -name \*.o -o -name \*.mod | cpio -Lpd "$to")
# Call the original post_install script if there is one.
[ "$script" = '' ] && exit 0
diff --git a/debian/scripts/dkms-build--nvidia-N b/debian/scripts/dkms-build--nvidia-N
index 383af59327..22e60cafa0 100755
--- a/debian/scripts/dkms-build--nvidia-N
+++ b/debian/scripts/dkms-build--nvidia-N
@@ -17,10 +17,9 @@ shift 7
build="$( dirname "$objects" )/build"
-# Copy over the objects ready for reconstruction. The objects copy contains
-# the *.o files and the *.o-ur* retpoline files to allow the kernel to track
-# any retpoline sequences therein. For our purposes we only want the *.o
-# files, elide the rest. And .mod files for ld linking in recentish kernels.
+# Copy over the objects ready for reconstruction. The objects copy
+# contains the *.o files. For our purposes we only want the *.o files,
+# elide the rest. And .mod files for ld linking in recentish kernels.
mkdir -p "$pkgdir/bits/scripts"
(
gcc_variant1=$(gcc --version | head -1 | sed -e 's/^gcc/GCC:/')
diff --git a/debian/scripts/helpers/open b/debian/scripts/helpers/open
index 797d778d29..5902842af3 100755
--- a/debian/scripts/helpers/open
+++ b/debian/scripts/helpers/open
@@ -44,8 +44,7 @@ Optional arguments:
-r, --reuse-abi Do not download the previous release ABI files
for the new release and just rename the
current ABI directory. This might cause the
- build to fail if the module list or the
- retpoline information has changed.
+ build to fail if the module list has changed.
-h, --help Show this help message and exit.
Environment variable:
diff --git a/debian/scripts/misc/getabis b/debian/scripts/misc/getabis
index 819824f616..1f2851c59f 100755
--- a/debian/scripts/misc/getabis
+++ b/debian/scripts/misc/getabis
@@ -126,11 +126,6 @@ getall_set()
else
echo " NO ABI FILE"
fi
- if [ -f tmp/boot/retpoline-* ]; then
- mv tmp/boot/retpoline-* $abidir/$arch/$sub.retpoline
- else
- echo " NO RETPOLINE FILE"
- fi
(cd tmp; find lib/modules/$verabi-$sub/kernel -name '*.ko') | \
sed -e 's/.*\/\([^\/]*\)\.ko/\1/' | sort > \
$abidir/$arch/$sub.modules
@@ -157,7 +152,7 @@ getall_set()
echo " buildinfo..."
base="tmp/usr/lib/linux/${verabi}-${sub}"
mv "$base/abi" "$abidir/$arch/$sub"
- for comp in 'modules' 'retpoline' 'compiler'
+ for comp in 'modules' 'compiler'
do
mv "$base/$comp" "$abidir/$arch/$sub.$comp"
done
diff --git a/debian/scripts/retpoline-extract b/debian/scripts/retpoline-extract
deleted file mode 100755
index cf13a30b1c..0000000000
--- a/debian/scripts/retpoline-extract
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/bash
-
-cd "$1" || exit 1
-
-# Find all valid retpoline information, collate the detected and
-# safe information together. Join the result to find the detected
-# but non-safe elements. These are our concern.
-ur_detected=$(mktemp --tmpdir "retpoline-check-XXXXXX.ur-detected")
-ur_safe=$(mktemp --tmpdir "retpoline-check-XXXXXX.ur-safe")
-
-find "." -path './drivers/firmware/efi/libstub' -prune -o \
- -path './arch/x86/boot' -prune -o \
- -path './arch/x86/purgatory' -prune -o \
- -name \*.ur-detected -print0 | xargs -0 cat | \
- sed -e "s@^$1@@" -e "s@ $2/@ @" -e "s@^/@@" | \
- sort -k 1b,1 >"$ur_detected"
-find "." -name \*.ur-safe -print0 | xargs -0 cat | \
- sed -e "s@^$1@@" -e "s@^/@@" | \
- sort -k 1b,1 >"$ur_safe"
-
-join -v 1 -j 1 "$ur_detected" "$ur_safe" | sed -s 's/[^ ]* *//'
-
-rm -f "$ur_detected" "$ur_safe"
diff --git a/debian/scripts/retpoline-extract-one b/debian/scripts/retpoline-extract-one
deleted file mode 100755
index b203bfbf8d..0000000000
--- a/debian/scripts/retpoline-extract-one
+++ /dev/null
@@ -1,270 +0,0 @@
-#!/bin/bash
-
-exec </dev/null
-
-object="$1"
-src="$2"
-bit16="$3"
-
-SECTION=".discard.retpoline_safe"
-
-# Form an associative lookup for the symbol numbers in the ELF symbol table.
-# Uses 8 character 0 expanded hexadecimal key for ease of consumption.
-__symbolmap_init()
-{
- readelf -W --syms "$1" |
- awk '($4 == "SECTION" && $1 ~ /^[0-9]*:/) { printf("%08x %08x\n", int($1), int($7)); }' | \
- while read symbol_num section_num
- do
- echo "symbolmap_$symbol_num='$section_num'"
- done
-}
-symbolmap_init()
-{
- eval $(__symbolmap_init "$1")
-}
-symbolmap()
-{
- eval RET="\$symbolmap_$1"
- if [ "$RET" = '' ]; then
- echo "symbolmap: $1: invalid section" 1>&2
- exit 1
- fi
-}
-
-# Form an associative lookup for the section numbers in the ELF symbol table.
-# Uses 8 character 0 expanded hexadecimal key for ease of consumption.
-__sectionmap_init()
-{
- readelf -W --headers "$1" | \
- awk '
- { sub("\\[", ""); sub("\\]", ""); }
- ($1 ~ /^[0-9][0-9]*/) { printf("%08x %s %s %s\n", int($1), $2, $3, $4); }
- ' | \
- {
- while read section_num section_name section_type section_vma
- do
- echo "sectionmap_$section_num='$section_name'"
- echo "sectionvma_$section_num='$section_vma'"
- case "$section_type" in
- REL|RELA) section_relocation="$section_type" ;;
- esac
- done
- echo "section_relocation='$section_relocation'"
- }
-}
-sectionmap_init()
-{
- eval $(__sectionmap_init "$1")
-}
-sectionmap()
-{
- eval RET="\$sectionmap_$1"
- if [ "$RET" = '' ]; then
- echo "sectionmap: $1: invalid section" 1>&2
- exit 1
- fi
-}
-sectionvma()
-{
- eval RET="\$sectionvma_$1"
- if [ "$RET" = '' ]; then
- echo "sectionvma: $1: invalid section" 1>&2
- exit 1
- fi
-}
-
-# Read and parse the hex-dump output.
-hex="[0-9a-f]"
-hex_8="$hex$hex$hex$hex$hex$hex$hex$hex"
-hexspc="[0-9a-f ]"
-hexspc_8="$hexspc$hexspc$hexspc$hexspc$hexspc$hexspc$hexspc$hexspc"
-
-raw32()
-{
- readelf --hex-dump "$2" "$1" 2>/dev/null |
- sed \
- -e '/^Hex/d' -e '/^$/d' -e '/^ *NOTE/d' \
- -e 's/ *[^ ][^ ]* *\('"$hex_8"'\) \('"$hexspc_8"'\) \('"$hexspc_8"'\) \('"$hexspc_8"'\) .*/\1 \2 \3 \4 /' \
- -e 's/\('"$hex$hex"'\)\('"$hex$hex"'\)\('"$hex$hex"'\)\('"$hex$hex"'\) /\4\3\2\1 /g' \
- -e 's/ $//g' -e 's/ /\n/g'
-}
-#-e 's/\([^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\) \([^ ][^ ][^ ][^ ][^ ][^ ][^ ][^ ]\) /\2\1 /g' \
-
-rela()
-{
- #file="$(basename "$1")"
- file="$1"
-
- # Read relocation information for a 64bit binary. Each relocation entry
- # is 3 long longs so we collect 6 quads here. Note that the dump is in
- # listed in increasing byte order not withstanding the quad split.
- #
- # The record says to take the value of <symbol> add <symbol offset> and
- # shove that into <write offset> in the segment of the <symbol>.
- #
- # Format:
- # <write offset> 64 bits
- # <symbol number> 32 bits
- # <relocation type> 32 bits
- # <symbol offset> 64 bits
- raw32 "$1" ".rela$SECTION" | \
- {
- a1=''; a2=''; a3=''; a4=''; a5=''
- while read a6
- do
- [ "$a1" = '' ] && { a1="$a6"; continue; }
- [ "$a2" = '' ] && { a2="$a6"; continue; }
- [ "$a3" = '' ] && { a3="$a6"; continue; }
- [ "$a4" = '' ] && { a4="$a6"; continue; }
- [ "$a5" = '' ] && { a5="$a6"; continue; }
-
- #echo ">$a1< >$a2< >$a3< >$a4< >$a5< >$a6<" 1>&2
- #echo "type<$a3> symbol<$a4> offset<$a2$a1> addr<$a6a5>" 1>&2
-
- symbolmap "$a4"; section_num="$RET"
- #echo "section_num<$section_num>" 1>&2
-
- sectionmap "$section_num"; section="$RET"
- sectionvma "$section_num"; vma="$RET"
- #echo "section<$section> vma<$vma>" 1>&2
-
- # Adjust the segment addressing by the segment offset.
- printf -v addr "%u" "0x$a6$a5"
- printf -v vma "%u" "0x$vma"
- let offset="$addr + $vma"
- printf -v offset "%x" "$offset"
-
- echo "$file-$section-$offset"
-
- a1=''; a2=''; a3=''; a4=''; a5=''
- done
- } | sed -e 's/-00*\([0-9a-f]\)/-\1/'
-}
-
-# Form an associative lookup for the raw contents for an ELF section.
-# Uses 8 character 0 expanded hexadecimal key for ease of consumption.
-contentmap_init()
-{
- raw32 "$1" "$2" >"$tmp"
- let offset=0
- while read value
- do
- printf -v offset_hex "%08x" $offset
- eval contentmap_$offset_hex=\'$value\'
-
- let offset="$offset + 4"
- done <"$tmp"
- rm -f "$tmp"
-}
-contentmap()
-{
- eval RET="\$contentmap_$1"
- if [ "$RET" = '' ]; then
- echo "contentmap: $1: invalid offset" 1>&2
- exit 1
- fi
-}
-
-rel()
-{
- # Load up the current contents of the $SECTION segment
- # as the offsets (see below) are recorded there and we will need
- # those to calculate the actuall address.
- contentmap_init "$1" "$SECTION"
-
- #file="$(basename "$1")"
- file="$1"
-
- # Read relocation information for a 32bit binary. Each relocation entry
- # is 3 longs so we collect 3 quads here. Note that the dump is in
- # listed in increasing byte order not withstanding the quad split.
- #
- # The record says to take the value of <symbol> and add that to the
- # existing contents of <write offset> in the segment of the <symbol>.
- #
- # Format:
- # <write offset> 32 bits
- # <symbol number> 24 bits
- # <relocation type> 8 bits
- raw32 "$1" ".rel$SECTION" | \
- {
- a1=''
- while read a2
- do
- [ "$a1" = '' ] && { a1="$a2"; continue; }
-
- #echo ">$a1< >$a2<"
- contentmap "$a1"; offset="$RET"
- symbolmap "00${a2%??}"; section_num="$RET"
-
- sectionmap "$section_num"; section="$RET"
- sectionvma "$section_num"; vma="$RET"
- #echo ">$a1< >$a2< >$offset< >$section<"
-
- echo "$file-$section-$offset"
-
- a1=''
- done
- } | sed -e 's/-00*\([0-9a-f]\)/-\1/'
-}
-
-tmp=$(mktemp --tmpdir "retpoline-extract-XXXXXX")
-
-disassemble()
-{
- local object="$1"
- local src="$2"
- local options="$3"
- local selector="$4"
-
- objdump $options --disassemble --no-show-raw-insn "$object" | \
- awk -F' ' '
- BEGIN { file="'"$object"'"; src="'"$src"'"; }
- /Disassembly of section/ { segment=$4; sub(":", "", segment); }
- /^[0-9a-f][0-9a-f]* <.*>:/ { tag=$0; sub(".*<", "", tag); sub(">.*", "", tag); }
- $0 ~ /(call|jmp)q? *\*0x[0-9a-f]*\(%rip\)/ {
- next
- }
- $0 ~ /(call|jmp)q? *\*.*%/ {
- sub(":", "", $1);
- if ('"$selector"') {
- offset=$1
- $1=tag
- print(file "-" segment "-" offset " " src " " segment " " $0);
- }
- }
- '
-}
-
-# Accumulate potentially vunerable indirect call/jmp sequences. We do this
-# by examining the raw disassembly for affected forms, recording the location
-# of each.
-case "$bit16" in
-'') disassemble "$object" "$src" '' 'segment != ".init.text"' ;;
-*) disassemble "$object" "$src" '--disassembler-options=i8086' 'segment != ".init.text" && segment != ".text32" && segment != ".text64"'
- disassemble "$object" "$src" '--disassembler-options=i386' 'segment == ".text32"'
- disassemble "$object" "$src" '--disassembler-options=x86-64' 'segment == ".text64"'
- ;;
-esac | sort -k 1b,1 >"$object.ur-detected"
-[ ! -s "$object.ur-detected" ] && rm -f "$object.ur-detected"
-
-# Load up the symbol table and section mappings.
-symbolmap_init "$object"
-sectionmap_init "$object"
-
-# Accumulate annotated safe indirect call/jmp sequences. We do this by examining
-# the $SECTION sections (and their associated relocation information),
-# each entry represents the address of an instruction which has been marked
-# as ok.
-case "$section_relocation" in
-REL) rel "$object" ;;
-RELA) rela "$object" ;;
-esac | sort -k 1b,1 >"$object.ur-safe"
-[ ! -s "$object.ur-safe" ] && rm -f "$object.ur-safe"
-
-# We will perform the below join on the summarised and sorted fragments
-# formed above. This is performed in retpoline-check.
-#join -v 1 -j 1 "$tmp.extracted" "$tmp.safe" | sed -s 's/[^ ]* *//'
-
-rm -f "$tmp"
diff --git a/snapcraft.yaml b/snapcraft.yaml
index 2452c40310..2530be0a9d 100644
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@@ -17,10 +17,6 @@ parts:
kconfigflavour: generic
kconfigs:
- CONFIG_DEBUG_INFO=n
- override-build: |
- cp debian/scripts/retpoline-extract-one \
- $SNAPCRAFT_PART_BUILD/scripts/ubuntu-retpoline-extract-one
- snapcraftctl build
kernel-with-firmware: false
firmware:
plugin: nil
--
2.34.1
More information about the kernel-team
mailing list