From 98b1cf0710f4fd613c578e014e62ebaff181ea44 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Fri, 13 Jul 2018 00:14:35 +0100 Subject: [PATCH] Fix file conflicts between debug packages where a vDSO is identical Closes: #872263 - kbuild: Add build salt to the kernel and modules - [arm64,powerpc,x86] Add build salt to the vDSO - Set BUILD_SALT equal to the release string --- debian/changelog | 5 + ...build-salt-to-the-kernel-and-modules.patch | 105 ++++++++++++++++++ .../arm64-add-build-salt-to-the-vdso.patch | 29 +++++ .../powerpc-add-build-salt-to-the-vdso.patch | 31 ++++++ .../x86/x86-add-build-salt-to-the-vdso.patch | 52 +++++++++ debian/patches/series | 4 + debian/rules.real | 7 +- 7 files changed, 231 insertions(+), 2 deletions(-) create mode 100644 debian/patches/features/all/kbuild-add-build-salt-to-the-kernel-and-modules.patch create mode 100644 debian/patches/features/arm64/arm64-add-build-salt-to-the-vdso.patch create mode 100644 debian/patches/features/powerpc/powerpc-add-build-salt-to-the-vdso.patch create mode 100644 debian/patches/features/x86/x86-add-build-salt-to-the-vdso.patch diff --git a/debian/changelog b/debian/changelog index 87ed82abe..d0981a94b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,11 @@ linux (4.17.6-2) UNRELEASED; urgency=medium * linux-kbuild: Fix the assumed host architecture for cross-built objtool * [ppc64] linux-bootwrapper: Work around compiler include path quirk (fixes FTBFS) + * Fix file conflicts between debug packages where a vDSO is identical + (Closes: #872263): + - kbuild: Add build salt to the kernel and modules + - [arm64,powerpc,x86] Add build salt to the vDSO + - Set BUILD_SALT equal to the release string -- Ben Hutchings Thu, 12 Jul 2018 15:16:15 +0100 diff --git a/debian/patches/features/all/kbuild-add-build-salt-to-the-kernel-and-modules.patch b/debian/patches/features/all/kbuild-add-build-salt-to-the-kernel-and-modules.patch new file mode 100644 index 000000000..6e1ca5c91 --- /dev/null +++ b/debian/patches/features/all/kbuild-add-build-salt-to-the-kernel-and-modules.patch @@ -0,0 +1,105 @@ +From: Laura Abbott +Date: Thu, 5 Jul 2018 17:49:37 -0700 +Subject: kbuild: Add build salt to the kernel and modules +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git/commit?id=8bc0ab58aca8a96fed7e9a38e21025d1737f4a4f +Bug-Debian: https://bugs.debian.org/872263 + +In Fedora, the debug information is packaged separately (foo-debuginfo) and +can be installed separately. There's been a long standing issue where only +one version of a debuginfo info package can be installed at a time. There's +been an effort for Fedora for parallel debuginfo to rectify this problem. + +Part of the requirement to allow parallel debuginfo to work is that build ids +are unique between builds. The existing upstream rpm implementation ensures +this by re-calculating the build-id using the version and release as a +seed. This doesn't work 100% for the kernel because of the vDSO which is +its own binary and doesn't get updated when embedded. + +Fix this by adding some data in an ELF note for both the kernel and modules. +The data is controlled via a Kconfig option so distributions can set it +to an appropriate value to ensure uniqueness between builds. + +Suggested-by: Masahiro Yamada +Signed-off-by: Laura Abbott +Signed-off-by: Masahiro Yamada +--- + include/linux/build-salt.h | 20 ++++++++++++++++++++ + init/Kconfig | 9 +++++++++ + init/version.c | 3 +++ + scripts/mod/modpost.c | 3 +++ + 4 files changed, 35 insertions(+) + create mode 100644 include/linux/build-salt.h + +--- /dev/null ++++ b/include/linux/build-salt.h +@@ -0,0 +1,20 @@ ++#ifndef __BUILD_SALT_H ++#define __BUILD_SALT_H ++ ++#include ++ ++#define LINUX_ELFNOTE_BUILD_SALT 0x100 ++ ++#ifdef __ASSEMBLER__ ++ ++#define BUILD_SALT \ ++ ELFNOTE(Linux, LINUX_ELFNOTE_BUILD_SALT, .asciz CONFIG_BUILD_SALT) ++ ++#else ++ ++#define BUILD_SALT \ ++ ELFNOTE32("Linux", LINUX_ELFNOTE_BUILD_SALT, CONFIG_BUILD_SALT) ++ ++#endif ++ ++#endif /* __BUILD_SALT_H */ +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -109,6 +109,15 @@ config LOCALVERSION_AUTO + + which is done within the script "scripts/setlocalversion".) + ++config BUILD_SALT ++ string "Build ID Salt" ++ default "" ++ help ++ The build ID is used to link binaries and their debug info. Setting ++ this option will use the value in the calculation of the build id. ++ This is mostly useful for distributions which want to ensure the ++ build is unique between builds. It's safe to leave the default. ++ + config HAVE_KERNEL_GZIP + bool + +--- a/init/version.c ++++ b/init/version.c +@@ -7,6 +7,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -49,3 +50,5 @@ const char linux_proc_banner[] = + "%s version %s" + " (" LINUX_COMPILE_BY "@" LINUX_COMPILE_HOST ")" + " (" LINUX_COMPILER ") %s\n"; ++ ++BUILD_SALT; +--- a/scripts/mod/modpost.c ++++ b/scripts/mod/modpost.c +@@ -2137,10 +2137,13 @@ static int check_modname_len(struct modu + **/ + static void add_header(struct buffer *b, struct module *mod) + { ++ buf_printf(b, "#include \n"); + buf_printf(b, "#include \n"); + buf_printf(b, "#include \n"); + buf_printf(b, "#include \n"); + buf_printf(b, "\n"); ++ buf_printf(b, "BUILD_SALT;\n"); ++ buf_printf(b, "\n"); + buf_printf(b, "MODULE_INFO(vermagic, VERMAGIC_STRING);\n"); + buf_printf(b, "MODULE_INFO(name, KBUILD_MODNAME);\n"); + buf_printf(b, "\n"); diff --git a/debian/patches/features/arm64/arm64-add-build-salt-to-the-vdso.patch b/debian/patches/features/arm64/arm64-add-build-salt-to-the-vdso.patch new file mode 100644 index 000000000..99e745fd1 --- /dev/null +++ b/debian/patches/features/arm64/arm64-add-build-salt-to-the-vdso.patch @@ -0,0 +1,29 @@ +From: Laura Abbott +Date: Thu, 5 Jul 2018 17:49:40 -0700 +Subject: arm64: Add build salt to the vDSO +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git/commit?id=13351cdf75405e38c1b7bb927624d910d328be2b +Bug-Debian: https://bugs.debian.org/872263 + +The vDSO needs to have a unique build id in a similar manner +to the kernel and modules. Use the build salt macro. + +Acked-by: Will Deacon +Signed-off-by: Laura Abbott +Signed-off-by: Masahiro Yamada +--- + arch/arm64/kernel/vdso/note.S | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/arm64/kernel/vdso/note.S ++++ b/arch/arm64/kernel/vdso/note.S +@@ -22,7 +22,10 @@ + #include + #include + #include ++#include + + ELFNOTE_START(Linux, 0, "a") + .long LINUX_VERSION_CODE + ELFNOTE_END ++ ++BUILD_SALT diff --git a/debian/patches/features/powerpc/powerpc-add-build-salt-to-the-vdso.patch b/debian/patches/features/powerpc/powerpc-add-build-salt-to-the-vdso.patch new file mode 100644 index 000000000..1d7c5cd1c --- /dev/null +++ b/debian/patches/features/powerpc/powerpc-add-build-salt-to-the-vdso.patch @@ -0,0 +1,31 @@ +From: Laura Abbott +Date: Thu, 5 Jul 2018 17:49:39 -0700 +Subject: powerpc: Add build salt to the vDSO +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git/commit?id=29f07b97416a95d28ee62e70fd91b44956d3c8ce +Bug-Debian: https://bugs.debian.org/872263 + +The vDSO needs to have a unique build id in a similar manner +to the kernel and modules. Use the build salt macro. + +Signed-off-by: Laura Abbott +Signed-off-by: Masahiro Yamada +--- + arch/powerpc/kernel/vdso32/note.S | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/powerpc/kernel/vdso32/note.S ++++ b/arch/powerpc/kernel/vdso32/note.S +@@ -5,6 +5,7 @@ + + #include + #include ++#include + + #define ASM_ELF_NOTE_BEGIN(name, flags, vendor, type) \ + .section name, flags; \ +@@ -23,3 +24,5 @@ + ASM_ELF_NOTE_BEGIN(".note.kernel-version", "a", UTS_SYSNAME, 0) + .long LINUX_VERSION_CODE + ASM_ELF_NOTE_END ++ ++BUILD_SALT diff --git a/debian/patches/features/x86/x86-add-build-salt-to-the-vdso.patch b/debian/patches/features/x86/x86-add-build-salt-to-the-vdso.patch new file mode 100644 index 000000000..2284e5e74 --- /dev/null +++ b/debian/patches/features/x86/x86-add-build-salt-to-the-vdso.patch @@ -0,0 +1,52 @@ +From: Laura Abbott +Date: Thu, 5 Jul 2018 17:49:38 -0700 +Subject: x86: Add build salt to the vDSO +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git/commit?id=fdc3ae38182c7f983f4f8b97c86b753a3c16e269 +Bug-Debian: https://bugs.debian.org/872263 + +The vDSO needs to have a unique build id in a similar manner +to the kernel and modules. Use the build salt macro. + +Acked-by: Andy Lutomirski +Signed-off-by: Laura Abbott +Signed-off-by: Masahiro Yamada +--- + arch/x86/entry/vdso/vdso-note.S | 3 +++ + arch/x86/entry/vdso/vdso32/note.S | 3 +++ + 2 files changed, 6 insertions(+) + +--- a/arch/x86/entry/vdso/vdso-note.S ++++ b/arch/x86/entry/vdso/vdso-note.S +@@ -3,6 +3,7 @@ + * Here we can supply some information useful to userland. + */ + ++#include + #include + #include + #include +@@ -10,3 +11,5 @@ + ELFNOTE_START(Linux, 0, "a") + .long LINUX_VERSION_CODE + ELFNOTE_END ++ ++BUILD_SALT +--- a/arch/x86/entry/vdso/vdso32/note.S ++++ b/arch/x86/entry/vdso/vdso32/note.S +@@ -4,6 +4,7 @@ + * Here we can supply some information useful to userland. + */ + ++#include + #include + #include + +@@ -14,6 +15,8 @@ ELFNOTE_START(Linux, 0, "a") + .long LINUX_VERSION_CODE + ELFNOTE_END + ++BUILD_SALT ++ + #ifdef CONFIG_XEN + /* + * Add a special note telling glibc's dynamic linker a fake hardware diff --git a/debian/patches/series b/debian/patches/series index db045dd78..02ee750f3 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -96,6 +96,10 @@ bugfix/all/i40e-build-for-64-bit-targets-only.patch bugfix/all/ib-fix-rdma_rxe-and-infiniband_rdmavt-dependencies-f.patch # Miscellaneous features +features/all/kbuild-add-build-salt-to-the-kernel-and-modules.patch +features/x86/x86-add-build-salt-to-the-vdso.patch +features/powerpc/powerpc-add-build-salt-to-the-vdso.patch +features/arm64/arm64-add-build-salt-to-the-vdso.patch # Lockdown (formerly 'securelevel') patchset features/all/lockdown/0001-Add-the-ability-to-lock-down-access-to-the-running-k.patch diff --git a/debian/rules.real b/debian/rules.real index 692ed70bd..987aaeddb 100644 --- a/debian/rules.real +++ b/debian/rules.real @@ -172,6 +172,8 @@ $(STAMPS_DIR)/setup_$(ARCH)_$(FEATURESET)_$(FLAVOUR): $(STAMPS_DIR)/source_$(FEA rm -rf '$(DIR)' mkdir '$(DIR)' cp '$(CONFIG)' '$(DIR)/.config' +# Add "salt" to fix #872263 + echo 'CONFIG_BUILD_SALT="$(ABINAME)$(LOCALVERSION_IMAGE)"' >> '$(DIR)/.config' echo 'override ARCH = $(KERNEL_ARCH)' >> '$(DIR)/.kernelvariables' echo 'override KERNELRELEASE = $(ABINAME)$(LOCALVERSION_IMAGE)' >> '$(DIR)/.kernelvariables' echo 'CCACHE = ccache' >> '$(DIR)/.kernelvariables' @@ -570,9 +572,10 @@ install-source: $(BUILD_DIR)/$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION).tar.xz dh_installdirs /usr/src/linux-config-$(UPSTREAMVERSION) dh_install $^ /usr/src # Include our kernel config files, but with the module signing -# configuration fixed to work for custom kernels. +# configuration fixed to work for custom kernels. Also delete +# CONFIG_BUILD_SALT which makes no sense for custom kernels. for triplet in $(ALL_TRIPLETS); do \ - sed '/CONFIG_\(MODULE_SIG_\(ALL\|KEY\)\|SYSTEM_TRUSTED_KEYS\)[ =]/d' $(BUILD_DIR)/build_$$triplet/.config | xz -c >debian/$(PACKAGE_NAME)/usr/src/linux-config-$(UPSTREAMVERSION)/config.$$triplet.xz; \ + sed '/CONFIG_\(MODULE_SIG_\(ALL\|KEY\)\|SYSTEM_TRUSTED_KEYS\|BUILD_SALT\)[ =]/d' $(BUILD_DIR)/build_$$triplet/.config | xz -c >debian/$(PACKAGE_NAME)/usr/src/linux-config-$(UPSTREAMVERSION)/config.$$triplet.xz; \ done # We don't want to recompress, but -Znone is not compatible with older # tools and is currently rejected by dak. -Zgzip -z0 (uncompressed