Kbuild 8.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205
  1. # Linux kernel-native Makefile ("Kbuild") for libwolfssl.ko
  2. #
  3. # Copyright (C) 2006-2024 wolfSSL Inc.
  4. #
  5. # This file is part of wolfSSL.
  6. #
  7. # wolfSSL is free software; you can redistribute it and/or modify
  8. # it under the terms of the GNU General Public License as published by
  9. # the Free Software Foundation; either version 2 of the License, or
  10. # (at your option) any later version.
  11. #
  12. # wolfSSL is distributed in the hope that it will be useful,
  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. # GNU General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU General Public License
  18. # along with this program; if not, write to the Free Software
  19. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. SHELL=bash
  21. ifeq "$(WOLFSSL_OBJ_FILES)" ""
  22. $(error $$WOLFSSL_OBJ_FILES is unset.)
  23. endif
  24. ifeq "$(WOLFSSL_CFLAGS)" ""
  25. $(error $$WOLFSSL_CFLAGS is unset.)
  26. endif
  27. WOLFSSL_CFLAGS += -ffreestanding -Wframe-larger-than=$(MAX_STACK_FRAME_SIZE) -isystem $(shell $(CC) -print-file-name=include)
  28. ifeq "$(KERNEL_ARCH)" "x86"
  29. WOLFSSL_CFLAGS += -mpreferred-stack-boundary=4
  30. else ifeq "$(KERNEL_ARCH)" "aarch64"
  31. WOLFSSL_CFLAGS += -mno-outline-atomics
  32. else ifeq "$(KERNEL_ARCH)" "arm64"
  33. WOLFSSL_CFLAGS += -mno-outline-atomics
  34. endif
  35. obj-m := libwolfssl.o
  36. WOLFSSL_OBJ_TARGETS := $(patsubst %, $(obj)/%, $(WOLFSSL_OBJ_FILES))
  37. ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
  38. WOLFCRYPT_PIE_FILES := $(patsubst %, $(obj)/%, $(WOLFCRYPT_PIE_FILES))
  39. endif
  40. $(obj)/linuxkm/module_exports.o: $(WOLFSSL_OBJ_TARGETS)
  41. ifndef KERNEL_THREAD_STACK_SIZE
  42. ifdef CROSS_COMPILE
  43. KERNEL_THREAD_STACK_SIZE=16384
  44. endif
  45. endif
  46. # this mechanism only works in kernel 5.x+ (fallback to hardcoded value)
  47. ifndef KERNEL_THREAD_STACK_SIZE
  48. hostprogs := linuxkm/get_thread_size
  49. always-y := $(hostprogs)
  50. endif
  51. HOST_EXTRACFLAGS += $(NOSTDINC_FLAGS) $(LINUXINCLUDE) $(KBUILD_CFLAGS) -static -fno-omit-frame-pointer
  52. # "-mindirect-branch=keep -mfunction-return=keep" to avoid "undefined reference
  53. # to `__x86_return_thunk'" on CONFIG_RETHUNK kernels (5.19.0-rc7)
  54. ifeq "$(KERNEL_ARCH)" "x86"
  55. HOST_EXTRACFLAGS += -mindirect-branch=keep -mfunction-return=keep
  56. endif
  57. # this rule is needed to get build to succeed in 4.x (get_thread_size still doesn't get built)
  58. $(obj)/linuxkm/get_thread_size: $(src)/linuxkm/get_thread_size.c
  59. ifndef KERNEL_THREAD_STACK_SIZE
  60. $(WOLFSSL_OBJ_TARGETS): | $(obj)/linuxkm/get_thread_size
  61. KERNEL_THREAD_STACK_SIZE=$(shell test -x $(obj)/linuxkm/get_thread_size && $(obj)/linuxkm/get_thread_size || echo 16384)
  62. endif
  63. MAX_STACK_FRAME_SIZE=$(shell echo $$(( $(KERNEL_THREAD_STACK_SIZE) / 4)))
  64. libwolfssl-y := $(WOLFSSL_OBJ_FILES) linuxkm/module_hooks.o linuxkm/module_exports.o
  65. WOLFSSL_CFLAGS_NO_VECTOR_INSNS := $(CFLAGS_SIMD_DISABLE) $(CFLAGS_FPU_DISABLE)
  66. ifeq "$(ENABLED_ASM)" "yes"
  67. WOLFSSL_CFLAGS_YES_VECTOR_INSNS := $(CFLAGS_SIMD_ENABLE) $(CFLAGS_FPU_DISABLE) $(CFLAGS_AUTO_VECTORIZE_DISABLE)
  68. else
  69. WOLFSSL_CFLAGS_YES_VECTOR_INSNS := $(WOLFSSL_CFLAGS_NO_VECTOR_INSNS)
  70. endif
  71. ccflags-y := $(WOLFSSL_CFLAGS) $(WOLFSSL_CFLAGS_NO_VECTOR_INSNS)
  72. $(obj)/libwolfssl.mod.o: ccflags-y :=
  73. $(obj)/wolfcrypt/test/test.o: ccflags-y += -DNO_MAIN_DRIVER -DWOLFSSL_NO_OPTIONS_H
  74. $(obj)/wolfcrypt/src/aes.o: ccflags-y = $(WOLFSSL_CFLAGS) $(WOLFSSL_CFLAGS_YES_VECTOR_INSNS)
  75. ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
  76. PIE_FLAGS := -fPIE -fno-stack-protector -fno-toplevel-reorder
  77. PIE_SUPPORT_FLAGS := -DUSE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE
  78. ifeq "$(KERNEL_ARCH)" "x86"
  79. PIE_FLAGS += -mcmodel=small -mindirect-branch=keep -mfunction-return=keep
  80. endif
  81. ifeq "$(KERNEL_ARCH)" "mips"
  82. PIE_FLAGS += -mabicalls
  83. endif
  84. $(WOLFCRYPT_PIE_FILES): ccflags-y += $(PIE_SUPPORT_FLAGS) $(PIE_FLAGS)
  85. $(WOLFCRYPT_PIE_FILES): ccflags-remove-y += -pg
  86. # disabling retpoline generation leads to profuse warnings without this:
  87. $(WOLFCRYPT_PIE_FILES): OBJECT_FILES_NON_STANDARD := y
  88. $(obj)/linuxkm/module_hooks.o: ccflags-y += $(PIE_SUPPORT_FLAGS)
  89. endif
  90. $(obj)/wolfcrypt/benchmark/benchmark.o: ccflags-y = $(WOLFSSL_CFLAGS) $(CFLAGS_FPU_ENABLE) $(CFLAGS_SIMD_ENABLE) $(PIE_SUPPORT_FLAGS) -DNO_MAIN_FUNCTION -DWOLFSSL_NO_OPTIONS_H
  91. $(obj)/wolfcrypt/benchmark/benchmark.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_ENABLE_SIMD_DISABLE)
  92. asflags-y := $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPUSIMD_DISABLE)
  93. # vectorized implementations that are kernel-safe are listed here.
  94. # these are known kernel-compatible, but need the vector instructions enabled in the assembler,
  95. # and most of them still irritate objtool.
  96. $(obj)/wolfcrypt/src/aes_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
  97. $(obj)/wolfcrypt/src/aes_asm.o: OBJECT_FILES_NON_STANDARD := y
  98. $(obj)/wolfcrypt/src/aes_gcm_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
  99. $(obj)/wolfcrypt/src/aes_gcm_asm.o: OBJECT_FILES_NON_STANDARD := y
  100. $(obj)/wolfcrypt/src/aes_xts_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
  101. $(obj)/wolfcrypt/src/aes_xts_asm.o: OBJECT_FILES_NON_STANDARD := y
  102. $(obj)/wolfcrypt/src/sp_x86_64_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
  103. $(obj)/wolfcrypt/src/sp_x86_64_asm.o: OBJECT_FILES_NON_STANDARD := y
  104. $(obj)/wolfcrypt/src/sha256_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
  105. $(obj)/wolfcrypt/src/sha256_asm.o: OBJECT_FILES_NON_STANDARD := y
  106. $(obj)/wolfcrypt/src/sha512_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
  107. $(obj)/wolfcrypt/src/sha512_asm.o: OBJECT_FILES_NON_STANDARD := y
  108. $(obj)/wolfcrypt/src/sha3_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
  109. $(obj)/wolfcrypt/src/sha3_asm.o: OBJECT_FILES_NON_STANDARD := y
  110. $(obj)/wolfcrypt/src/chacha_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
  111. $(obj)/wolfcrypt/src/chacha_asm.o: OBJECT_FILES_NON_STANDARD := y
  112. $(obj)/wolfcrypt/src/poly1305_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
  113. $(obj)/wolfcrypt/src/poly1305_asm.o: OBJECT_FILES_NON_STANDARD := y
  114. $(obj)/wolfcrypt/src/wc_kyber_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
  115. ifndef READELF
  116. READELF := readelf
  117. endif
  118. ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
  119. rename-pie-text-and-data-sections: $(WOLFSSL_OBJ_TARGETS)
  120. ifndef NM
  121. NM := nm
  122. endif
  123. ifndef OBJCOPY
  124. OBJCOPY := objcopy
  125. endif
  126. .PHONY: rename-pie-text-and-data-sections
  127. rename-pie-text-and-data-sections:
  128. ifneq "$(quiet)" "silent_"
  129. @echo -n ' Checking wolfCrypt for unresolved symbols and forbidden relocations... '
  130. endif
  131. @cd "$(obj)" || exit $$?; \
  132. $(LD) -relocatable -o wolfcrypt_test_link.o $(WOLFCRYPT_PIE_FILES) || exit $$?; \
  133. undefined=$$($(NM) --undefined-only wolfcrypt_test_link.o) || exit $$?; \
  134. GOT_relocs=$$($(READELF) --relocs --wide wolfcrypt_test_link.o | egrep '^[^ ]+ +[^ ]+ +[^ ]*GOT[^ ]* ') || [ $$? = 1 ] || exit 2; \
  135. rm wolfcrypt_test_link.o; \
  136. if [ -n "$$undefined" ]; then \
  137. echo "wolfCrypt container has unresolved symbols:" 1>&2; \
  138. echo "$$undefined" 1>&2; \
  139. exit 1; \
  140. fi; \
  141. if [ -n "$$GOT_relocs" ]; then \
  142. echo "wolfCrypt container has GOT relocations (non-local function address used as operand?):" 1>&2; \
  143. echo "$$GOT_relocs" 1>&2; \
  144. exit 1; \
  145. fi
  146. ifneq "$(quiet)" "silent_"
  147. @echo 'OK.'
  148. endif
  149. @cd "$(obj)" || exit $$?; \
  150. for file in $(WOLFCRYPT_PIE_FILES); do \
  151. $(OBJCOPY) --rename-section .text=.text.wolfcrypt --rename-section .data=.data.wolfcrypt --rename-section .rodata=.rodata.wolfcrypt "$$file" || exit $$?; \
  152. done
  153. ifneq "$(quiet)" "silent_"
  154. @echo ' wolfCrypt .{text,data,rodata} sections containerized to .{text,data,rodata}.wolfcrypt'
  155. endif
  156. $(obj)/linuxkm/module_exports.c: rename-pie-text-and-data-sections
  157. endif
  158. # auto-generate the exported symbol list, leveraging the WOLFSSL_API visibility tags.
  159. # exclude symbols that don't match wc_* or wolf*.
  160. $(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS)
  161. @cp $< $@
  162. @$(READELF) --symbols --wide $(WOLFSSL_OBJ_TARGETS) | \
  163. $(AWK) '/^ *[0-9]+: / { \
  164. if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;} \
  165. if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) { \
  166. print "EXPORT_SYMBOL_NS_GPL(" $$8 ", EXPORT_SYMBOL_NS_Q(WOLFSSL));";\
  167. } \
  168. }' >> $@
  169. @echo -e '#ifndef NO_CRYPT_TEST\nEXPORT_SYMBOL_NS_GPL(wolfcrypt_test, EXPORT_SYMBOL_NS_Q(WOLFSSL));\n#endif' >> $@
  170. clean-files := linuxkm src wolfcrypt