Fix file conflicts between debug packages where a vDSO is identical

Closes: #872263

- kbuild: Add build salt to the kernel and modules
- [arm64,powerpc,x86] Add build salt to the vDSO
- Set BUILD_SALT equal to the release string

debian/changelog

@@ -8,6 +8,11 @@ linux (4.17.6-2) UNRELEASED; urgency=medium
   * linux-kbuild: Fix the assumed host architecture for cross-built objtool
   * [ppc64] linux-bootwrapper: Work around compiler include path quirk
     (fixes FTBFS)
+  * Fix file conflicts between debug packages where a vDSO is identical
+    (Closes: #872263):
+    - kbuild: Add build salt to the kernel and modules
+    - [arm64,powerpc,x86] Add build salt to the vDSO
+    - Set BUILD_SALT equal to the release string
 
  -- Ben Hutchings <ben@decadent.org.uk>  Thu, 12 Jul 2018 15:16:15 +0100
 

debian/patches/features/all/kbuild-add-build-salt-to-the-kernel-and-modules.patch

@@ -0,0 +1,105 @@
+From: Laura Abbott <labbott@redhat.com>
+Date: Thu, 5 Jul 2018 17:49:37 -0700
+Subject: kbuild: Add build salt to the kernel and modules
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git/commit?id=8bc0ab58aca8a96fed7e9a38e21025d1737f4a4f
+Bug-Debian: https://bugs.debian.org/872263
+
+In Fedora, the debug information is packaged separately (foo-debuginfo) and
+can be installed separately. There's been a long standing issue where only
+one version of a debuginfo info package can be installed at a time. There's
+been an effort for Fedora for parallel debuginfo to rectify this problem.
+
+Part of the requirement to allow parallel debuginfo to work is that build ids
+are unique between builds. The existing upstream rpm implementation ensures
+this by re-calculating the build-id using the version and release as a
+seed. This doesn't work 100% for the kernel because of the vDSO which is
+its own binary and doesn't get updated when embedded.
+
+Fix this by adding some data in an ELF note for both the kernel and modules.
+The data is controlled via a Kconfig option so distributions can set it
+to an appropriate value to ensure uniqueness between builds.
+
+Suggested-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+Signed-off-by: Laura Abbott <labbott@redhat.com>
+Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+---
+ include/linux/build-salt.h | 20 ++++++++++++++++++++
+ init/Kconfig               |  9 +++++++++
+ init/version.c             |  3 +++
+ scripts/mod/modpost.c      |  3 +++
+ 4 files changed, 35 insertions(+)
+ create mode 100644 include/linux/build-salt.h
+
+--- /dev/null
++++ b/include/linux/build-salt.h
+@@ -0,0 +1,20 @@
++#ifndef __BUILD_SALT_H
++#define __BUILD_SALT_H
++
++#include <linux/elfnote.h>
++
++#define LINUX_ELFNOTE_BUILD_SALT       0x100
++
++#ifdef __ASSEMBLER__
++
++#define BUILD_SALT \
++       ELFNOTE(Linux, LINUX_ELFNOTE_BUILD_SALT, .asciz CONFIG_BUILD_SALT)
++
++#else
++
++#define BUILD_SALT \
++       ELFNOTE32("Linux", LINUX_ELFNOTE_BUILD_SALT, CONFIG_BUILD_SALT)
++
++#endif
++
++#endif /* __BUILD_SALT_H */
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -109,6 +109,15 @@ config LOCALVERSION_AUTO
+ 
+ 	  which is done within the script "scripts/setlocalversion".)
+ 
++config BUILD_SALT
++       string "Build ID Salt"
++       default ""
++       help
++          The build ID is used to link binaries and their debug info. Setting
++          this option will use the value in the calculation of the build id.
++          This is mostly useful for distributions which want to ensure the
++          build is unique between builds. It's safe to leave the default.
++
+ config HAVE_KERNEL_GZIP
+ 	bool
+ 
+--- a/init/version.c
++++ b/init/version.c
+@@ -7,6 +7,7 @@
+  */
+ 
+ #include <generated/compile.h>
++#include <linux/build-salt.h>
+ #include <linux/export.h>
+ #include <linux/uts.h>
+ #include <linux/utsname.h>
+@@ -49,3 +50,5 @@ const char linux_proc_banner[] =
+ 	"%s version %s"
+ 	" (" LINUX_COMPILE_BY "@" LINUX_COMPILE_HOST ")"
+ 	" (" LINUX_COMPILER ") %s\n";
++
++BUILD_SALT;
+--- a/scripts/mod/modpost.c
++++ b/scripts/mod/modpost.c
+@@ -2137,10 +2137,13 @@ static int check_modname_len(struct modu
+  **/
+ static void add_header(struct buffer *b, struct module *mod)
+ {
++	buf_printf(b, "#include <linux/build-salt.h>\n");
+ 	buf_printf(b, "#include <linux/module.h>\n");
+ 	buf_printf(b, "#include <linux/vermagic.h>\n");
+ 	buf_printf(b, "#include <linux/compiler.h>\n");
+ 	buf_printf(b, "\n");
++	buf_printf(b, "BUILD_SALT;\n");
++	buf_printf(b, "\n");
+ 	buf_printf(b, "MODULE_INFO(vermagic, VERMAGIC_STRING);\n");
+ 	buf_printf(b, "MODULE_INFO(name, KBUILD_MODNAME);\n");
+ 	buf_printf(b, "\n");

debian/patches/features/arm64/arm64-add-build-salt-to-the-vdso.patch

@@ -0,0 +1,29 @@
+From: Laura Abbott <labbott@redhat.com>
+Date: Thu, 5 Jul 2018 17:49:40 -0700
+Subject: arm64: Add build salt to the vDSO
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git/commit?id=13351cdf75405e38c1b7bb927624d910d328be2b
+Bug-Debian: https://bugs.debian.org/872263
+
+The vDSO needs to have a unique build id in a similar manner
+to the kernel and modules. Use the build salt macro.
+
+Acked-by: Will Deacon <will.deacon@arm.com>
+Signed-off-by: Laura Abbott <labbott@redhat.com>
+Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+---
+ arch/arm64/kernel/vdso/note.S | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/arm64/kernel/vdso/note.S
++++ b/arch/arm64/kernel/vdso/note.S
+@@ -22,7 +22,10 @@
+ #include <linux/uts.h>
+ #include <linux/version.h>
+ #include <linux/elfnote.h>
++#include <linux/build-salt.h>
+ 
+ ELFNOTE_START(Linux, 0, "a")
+ 	.long LINUX_VERSION_CODE
+ ELFNOTE_END
++
++BUILD_SALT

debian/patches/features/powerpc/powerpc-add-build-salt-to-the-vdso.patch

@@ -0,0 +1,31 @@
+From: Laura Abbott <labbott@redhat.com>
+Date: Thu, 5 Jul 2018 17:49:39 -0700
+Subject: powerpc: Add build salt to the vDSO
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git/commit?id=29f07b97416a95d28ee62e70fd91b44956d3c8ce
+Bug-Debian: https://bugs.debian.org/872263
+
+The vDSO needs to have a unique build id in a similar manner
+to the kernel and modules. Use the build salt macro.
+
+Signed-off-by: Laura Abbott <labbott@redhat.com>
+Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+---
+ arch/powerpc/kernel/vdso32/note.S | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/arch/powerpc/kernel/vdso32/note.S
++++ b/arch/powerpc/kernel/vdso32/note.S
+@@ -5,6 +5,7 @@
+ 
+ #include <linux/uts.h>
+ #include <linux/version.h>
++#include <linux/build-salt.h>
+ 
+ #define ASM_ELF_NOTE_BEGIN(name, flags, vendor, type)			      \
+ 	.section name, flags;						      \
+@@ -23,3 +24,5 @@
+ 	ASM_ELF_NOTE_BEGIN(".note.kernel-version", "a", UTS_SYSNAME, 0)
+ 	.long LINUX_VERSION_CODE
+ 	ASM_ELF_NOTE_END
++
++BUILD_SALT

debian/patches/features/x86/x86-add-build-salt-to-the-vdso.patch

@@ -0,0 +1,52 @@
+From: Laura Abbott <labbott@redhat.com>
+Date: Thu, 5 Jul 2018 17:49:38 -0700
+Subject: x86: Add build salt to the vDSO
+Origin: https://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git/commit?id=fdc3ae38182c7f983f4f8b97c86b753a3c16e269
+Bug-Debian: https://bugs.debian.org/872263
+
+The vDSO needs to have a unique build id in a similar manner
+to the kernel and modules. Use the build salt macro.
+
+Acked-by: Andy Lutomirski <luto@kernel.org>
+Signed-off-by: Laura Abbott <labbott@redhat.com>
+Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
+---
+ arch/x86/entry/vdso/vdso-note.S   | 3 +++
+ arch/x86/entry/vdso/vdso32/note.S | 3 +++
+ 2 files changed, 6 insertions(+)
+
+--- a/arch/x86/entry/vdso/vdso-note.S
++++ b/arch/x86/entry/vdso/vdso-note.S
+@@ -3,6 +3,7 @@
+  * Here we can supply some information useful to userland.
+  */
+ 
++#include <linux/build-salt.h>
+ #include <linux/uts.h>
+ #include <linux/version.h>
+ #include <linux/elfnote.h>
+@@ -10,3 +11,5 @@
+ ELFNOTE_START(Linux, 0, "a")
+ 	.long LINUX_VERSION_CODE
+ ELFNOTE_END
++
++BUILD_SALT
+--- a/arch/x86/entry/vdso/vdso32/note.S
++++ b/arch/x86/entry/vdso/vdso32/note.S
+@@ -4,6 +4,7 @@
+  * Here we can supply some information useful to userland.
+  */
+ 
++#include <linux/build-salt.h>
+ #include <linux/version.h>
+ #include <linux/elfnote.h>
+ 
+@@ -14,6 +15,8 @@ ELFNOTE_START(Linux, 0, "a")
+ 	.long LINUX_VERSION_CODE
+ ELFNOTE_END
+ 
++BUILD_SALT
++
+ #ifdef CONFIG_XEN
+ /*
+  * Add a special note telling glibc's dynamic linker a fake hardware

debian/patches/series

@@ -96,6 +96,10 @@ bugfix/all/i40e-build-for-64-bit-targets-only.patch
 bugfix/all/ib-fix-rdma_rxe-and-infiniband_rdmavt-dependencies-f.patch
 
 # Miscellaneous features
+features/all/kbuild-add-build-salt-to-the-kernel-and-modules.patch
+features/x86/x86-add-build-salt-to-the-vdso.patch
+features/powerpc/powerpc-add-build-salt-to-the-vdso.patch
+features/arm64/arm64-add-build-salt-to-the-vdso.patch
 
 # Lockdown (formerly 'securelevel') patchset
 features/all/lockdown/0001-Add-the-ability-to-lock-down-access-to-the-running-k.patch

debian/rules.real

@@ -172,6 +172,8 @@ $(STAMPS_DIR)/setup_$(ARCH)_$(FEATURESET)_$(FLAVOUR): $(STAMPS_DIR)/source_$(FEA
 	rm -rf '$(DIR)'
 	mkdir '$(DIR)'
 	cp '$(CONFIG)' '$(DIR)/.config'
+# Add "salt" to fix #872263
+	echo 'CONFIG_BUILD_SALT="$(ABINAME)$(LOCALVERSION_IMAGE)"' >> '$(DIR)/.config'
 	echo 'override ARCH = $(KERNEL_ARCH)' >> '$(DIR)/.kernelvariables'
 	echo 'override KERNELRELEASE = $(ABINAME)$(LOCALVERSION_IMAGE)' >> '$(DIR)/.kernelvariables'
 	echo 'CCACHE = ccache' >> '$(DIR)/.kernelvariables'
@@ -570,9 +572,10 @@ install-source: $(BUILD_DIR)/$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION).tar.xz
 	dh_installdirs /usr/src/linux-config-$(UPSTREAMVERSION)
 	dh_install $^ /usr/src
 # Include our kernel config files, but with the module signing
-# configuration fixed to work for custom kernels.
+# configuration fixed to work for custom kernels.  Also delete
+# CONFIG_BUILD_SALT which makes no sense for custom kernels.
 	for triplet in $(ALL_TRIPLETS); do \
-	  sed '/CONFIG_\(MODULE_SIG_\(ALL\|KEY\)\|SYSTEM_TRUSTED_KEYS\)[ =]/d' $(BUILD_DIR)/build_$$triplet/.config | xz -c >debian/$(PACKAGE_NAME)/usr/src/linux-config-$(UPSTREAMVERSION)/config.$$triplet.xz; \
+	  sed '/CONFIG_\(MODULE_SIG_\(ALL\|KEY\)\|SYSTEM_TRUSTED_KEYS\|BUILD_SALT\)[ =]/d' $(BUILD_DIR)/build_$$triplet/.config | xz -c >debian/$(PACKAGE_NAME)/usr/src/linux-config-$(UPSTREAMVERSION)/config.$$triplet.xz; \
 	done
 # We don't want to recompress, but -Znone is not compatible with older
 # tools and is currently rejected by dak.  -Zgzip -z0 (uncompressed