On Tue, Oct 13, 2020 at 4:03 AM Bernd Petrovitsch <bernd@xxxxxxxxxxxxxxxxxxx> wrote: > > Hi all! > > On 12/10/2020 18:42, Ujjwal Kumar wrote: > > On 12/10/20 11:50 pm, Lukas Bulwahn wrote: > >> > >> > >> On Mon, 12 Oct 2020, Ujjwal Kumar wrote: > >> > >>> We cannot rely on execute bits to be set on files in the repository. > >>> The build script should use the explicit interpreter when invoking any > >>> script from the repository. > >>> > >>> Link: https://lore.kernel.org/lkml/20200830174409.c24c3f67addcce0cea9a9d4c@xxxxxxxxxxxxxxxxxxxx/ > >>> Link: https://lore.kernel.org/lkml/202008271102.FEB906C88@keescook/ > >>> > >>> Suggested-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > >>> Suggested-by: Kees Cook <keescook@xxxxxxxxxxxx> > >>> Suggested-by: Lukas Bulwahn <lukas.bulwahn@xxxxxxxxx> > >>> Signed-off-by: Ujjwal Kumar <ujjwalkumar0501@xxxxxxxxx> > >>> --- > >>> Makefile | 4 ++-- > >>> arch/arm64/kernel/vdso/Makefile | 2 +- > >>> arch/arm64/kernel/vdso32/Makefile | 2 +- > >>> arch/ia64/Makefile | 4 ++-- > >>> arch/nds32/kernel/vdso/Makefile | 2 +- > >>> scripts/Makefile.build | 2 +- > >>> scripts/Makefile.package | 4 ++-- > >>> 7 files changed, 10 insertions(+), 10 deletions(-) > >>> > >>> diff --git a/Makefile b/Makefile > >>> index 0af7945caa61..df20e71dd7c8 100644 > >>> --- a/Makefile > >>> +++ b/Makefile > >>> @@ -1256,7 +1256,7 @@ include/generated/utsrelease.h: include/config/kernel.release FORCE > >>> PHONY += headerdep > >>> headerdep: > >>> $(Q)find $(srctree)/include/ -name '*.h' | xargs --max-args 1 \ > >>> - $(srctree)/scripts/headerdep.pl -I$(srctree)/include > >>> + $(PERL) $(srctree)/scripts/headerdep.pl -I$(srctree)/include > >>> > >>> # --------------------------------------------------------------------------- > >>> # Kernel headers > >>> @@ -1312,7 +1312,7 @@ PHONY += kselftest-merge > >>> kselftest-merge: > >>> $(if $(wildcard $(objtree)/.config),, $(error No .config exists, config your kernel first!)) > >>> $(Q)find $(srctree)/tools/testing/selftests -name config | \ > >>> - xargs $(srctree)/scripts/kconfig/merge_config.sh -m $(objtree)/.config > >>> + xargs $(CONFIG_SHELL) $(srctree)/scripts/kconfig/merge_config.sh -m $(objtree)/.config > >>> $(Q)$(MAKE) -f $(srctree)/Makefile olddefconfig > >>> > >>> # --------------------------------------------------------------------------- > >>> diff --git a/arch/arm64/kernel/vdso/Makefile b/arch/arm64/kernel/vdso/Makefile > >>> index edccdb77c53e..fb07804b7fc1 100644 > >>> --- a/arch/arm64/kernel/vdso/Makefile > >>> +++ b/arch/arm64/kernel/vdso/Makefile > >>> @@ -65,7 +65,7 @@ $(obj)/%.so: $(obj)/%.so.dbg FORCE > >>> # Generate VDSO offsets using helper script > >>> gen-vdsosym := $(srctree)/$(src)/gen_vdso_offsets.sh > >>> quiet_cmd_vdsosym = VDSOSYM $@ > >>> - cmd_vdsosym = $(NM) $< | $(gen-vdsosym) | LC_ALL=C sort > $@ > >>> + cmd_vdsosym = $(NM) $< | $(CONFIG_SHELL) $(gen-vdsosym) | LC_ALL=C sort > $@ > >>> > >>> include/generated/vdso-offsets.h: $(obj)/vdso.so.dbg FORCE > >>> $(call if_changed,vdsosym) > >>> diff --git a/arch/arm64/kernel/vdso32/Makefile b/arch/arm64/kernel/vdso32/Makefile > >>> index 7f96a1a9f68c..617c9ac58156 100644 > >>> --- a/arch/arm64/kernel/vdso32/Makefile > >>> +++ b/arch/arm64/kernel/vdso32/Makefile > >>> @@ -205,7 +205,7 @@ quiet_cmd_vdsomunge = MUNGE $@ > >>> gen-vdsosym := $(srctree)/$(src)/../vdso/gen_vdso_offsets.sh > >>> quiet_cmd_vdsosym = VDSOSYM $@ > >>> # The AArch64 nm should be able to read an AArch32 binary > >>> - cmd_vdsosym = $(NM) $< | $(gen-vdsosym) | LC_ALL=C sort > $@ > >>> + cmd_vdsosym = $(NM) $< | $(CONFIG_SHELL) $(gen-vdsosym) | LC_ALL=C sort > $@ > >>> > >>> # Install commands for the unstripped file > >>> quiet_cmd_vdso_install = INSTALL32 $@ > >>> diff --git a/arch/ia64/Makefile b/arch/ia64/Makefile > >>> index 703b1c4f6d12..86d42a2d09cb 100644 > >>> --- a/arch/ia64/Makefile > >>> +++ b/arch/ia64/Makefile > >>> @@ -27,8 +27,8 @@ cflags-y := -pipe $(EXTRA) -ffixed-r13 -mfixed-range=f12-f15,f32-f127 \ > >>> -falign-functions=32 -frename-registers -fno-optimize-sibling-calls > >>> KBUILD_CFLAGS_KERNEL := -mconstant-gp > >>> > >>> -GAS_STATUS = $(shell $(srctree)/arch/ia64/scripts/check-gas "$(CC)" "$(OBJDUMP)") > >>> -KBUILD_CPPFLAGS += $(shell $(srctree)/arch/ia64/scripts/toolchain-flags "$(CC)" "$(OBJDUMP)" "$(READELF)") > >>> +GAS_STATUS = $(shell $(CONFIG_SHELL) $(srctree)/arch/ia64/scripts/check-gas "$(CC)" "$(OBJDUMP)") > >>> +KBUILD_CPPFLAGS += $(shell $(CONFIG_SHELL) $(srctree)/arch/ia64/scripts/toolchain-flags "$(CC)" "$(OBJDUMP)" "$(READELF)") > >> > >> Here is an instance of what Masahiro-san pointed out being wrong. > >> > >> Ujjwal, will you send a v3? > > > > Following is the quoted text from the reply mail from Masahiro > > > >>> -GAS_STATUS = $(shell $(srctree)/arch/ia64/scripts/check-gas "$(CC)" "$(OBJDUMP)") > >>> -KBUILD_CPPFLAGS += $(shell $(srctree)/arch/ia64/scripts/toolchain-flags "$(CC)" "$(OBJDUMP)" "$(READELF)") > >>> +GAS_STATUS = $($(CONFIG_SHELL) $(srctree)/arch/ia64/scripts/check-gas "$(CC)" "$(OBJDUMP)") > >>> +KBUILD_CPPFLAGS += $($(CONFIG_SHELL) $(srctree)/arch/ia64/scripts/toolchain-flags "$(CC)" "$(OBJDUMP)" "$(READELF)") > >> > >> > >> > >> These changes look wrong to me. > >> > >> $($(CONFIG_SHELL) -> $(shell $(CONFIG_SHELL) > >> > > > > From the above text, I understand as follows: > > Did you actually *test* that (expecially) these lines work > afterwards as good as before? > > > That my proposed change: > > $(shell $(src...) -> $($(CONFIG_SHELL) $(src...) > > > > is WRONG > > Yup, as it's in a Makefile and that's a Makefile construct. > > > and in the next line he suggested the required correction. > > That being: > > $($(CONFIG_SHELL) -> $(shell $(CONFIG_SHELL) > > Such stuff should generally not be needed as the to-be-used > shell can be set in Makefiles via a "SHELL = " assignment > (defaulting to /bin/sh - what else;-). > Flags for the shell can BTW set with ".SHELLFLAGS = ". You are talking about a different thing. Take the current code as an example: $(shell $(srctree)/arch/ia64/scripts/check-gas "$(CC)" "$(OBJDUMP)") Here are two shell invocations. [1] The command $(srctree)/arch/ia64/scripts/check-gas "$(CC)" "$(OBJDUMP)" is run in /bin/sh because the default value of SHELL is /bin/sh. [2] The script, arch/ia64/scripts/check-gas, is run in /bin/sh because the hash-bang (the first line of check-gas) specifies #!/bin/sh Bernd is talking about [1]. In contrast, this patch is addressing [2] because Andrew Morton suggested to run scripts without relying on the executable bit. (and, after this patch, we run scripts without relying on the hash-bang because we now specify the interpreter.) Of course, [1] and [2] can be different. I always want to use /bin/sh for [1], so please do not use bash-extension inside $(shell ...) You have more choices for [2]. If arch/ia64/scripts/check-gas had been written with bash-extension, the code would have been changed into: $(shell $(BASH) $(srctree)/arch/ia64/scripts/check-gas "$(CC)" "$(OBJDUMP)") I hope this will be clearer. > So please > -) learn basic "Makefile" + "make" before brainlessly patching > a Makefile. > -) actually testy your changes to make sure the patch didn't > broke anything > -) and - last but not least - check if there isn't a shell > already set (and which). > > MfG, > Bernd > -- > There is no cloud, just other people computers. > -- https://static.fsf.org/nosvn/stickers/thereisnocloud.svg -- Best Regards Masahiro Yamada
