From c9cf4137e72273c37d74221cbdca8ebe70d80894 Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Sun, 23 Feb 2025 15:33:46 -0600 Subject: [PATCH] linuxkm/Kbuild and linuxkm/module_exports.c.template: refactor using .ONESHELL, and in recipe for generating linuxkm/module_exports.c, render the namespace with a literal, with or without quotes as dictated by target kernel version. remove EXPORT_SYMBOL_NS_Q(), which didn't work right on old (pre-6.13) kernels with namespace support. wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM section, define NO_OLD_WC_NAMES, OPENSSL_COEXIST, etc., to avoid collisions with in-tree crypto in application sources that include both wolfssl and linux kernel native headers. --- linuxkm/Kbuild | 63 +++++++++++++++++-------------- linuxkm/module_exports.c.template | 6 --- wolfssl/wolfcrypt/settings.h | 16 ++++++++ 3 files changed, 51 insertions(+), 34 deletions(-) diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild index efc5e783f..0198d04da 100644 --- a/linuxkm/Kbuild +++ b/linuxkm/Kbuild @@ -18,6 +18,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +.ONESHELL: SHELL=bash ifeq "$(WOLFSSL_OBJ_FILES)" "" @@ -158,30 +159,30 @@ rename-pie-text-and-data-sections: ifneq "$(quiet)" "silent_" @echo -n ' Checking wolfCrypt for unresolved symbols and forbidden relocations... ' endif - @cd "$(obj)" || exit $$?; \ - $(LD) -relocatable -o wolfcrypt_test_link.o $(WOLFCRYPT_PIE_FILES) || exit $$?; \ - undefined=$$($(NM) --undefined-only wolfcrypt_test_link.o) || exit $$?; \ - GOT_relocs=$$($(READELF) --relocs --wide wolfcrypt_test_link.o | egrep '^[^ ]+ +[^ ]+ +[^ ]*GOT[^ ]* ') || [ $$? = 1 ] || exit 2; \ - rm wolfcrypt_test_link.o; \ - if [ -n "$$undefined" ]; then \ - echo "wolfCrypt container has unresolved symbols:" 1>&2; \ - echo "$$undefined" 1>&2; \ - exit 1; \ - fi; \ - if [ -n "$$GOT_relocs" ]; then \ - echo "wolfCrypt container has GOT relocations (non-local function address used as operand?):" 1>&2; \ - echo "$$GOT_relocs" 1>&2; \ - exit 1; \ + @cd "$(obj)" || exit $$? + $(LD) -relocatable -o wolfcrypt_test_link.o $(WOLFCRYPT_PIE_FILES) || exit $$? + undefined=$$($(NM) --undefined-only wolfcrypt_test_link.o) || exit $$? + GOT_relocs=$$($(READELF) --relocs --wide wolfcrypt_test_link.o | egrep '^[^ ]+ +[^ ]+ +[^ ]*GOT[^ ]* ') || [ $$? = 1 ] || exit 2 + rm wolfcrypt_test_link.o + if [ -n "$$undefined" ]; then + echo "wolfCrypt container has unresolved symbols:" 1>&2 + echo "$$undefined" 1>&2 + exit 1 + fi + if [ -n "$$GOT_relocs" ]; then + echo "wolfCrypt container has GOT relocations (non-local function address used as operand?):" 1>&2 + echo "$$GOT_relocs" 1>&2 + exit 1 fi ifneq "$(quiet)" "silent_" - @echo 'OK.' + echo 'OK.' endif - @cd "$(obj)" || exit $$?; \ - for file in $(WOLFCRYPT_PIE_FILES); do \ - $(OBJCOPY) --rename-section .text=.text.wolfcrypt --rename-section .data=.data.wolfcrypt --rename-section .rodata=.rodata.wolfcrypt "$$file" || exit $$?; \ + cd "$(obj)" || exit $$? + for file in $(WOLFCRYPT_PIE_FILES); do + $(OBJCOPY) --rename-section .text=.text.wolfcrypt --rename-section .data=.data.wolfcrypt --rename-section .rodata=.rodata.wolfcrypt "$$file" || exit $$? done ifneq "$(quiet)" "silent_" - @echo ' wolfCrypt .{text,data,rodata} sections containerized to .{text,data,rodata}.wolfcrypt' + echo ' wolfCrypt .{text,data,rodata} sections containerized to .{text,data,rodata}.wolfcrypt' endif $(obj)/linuxkm/module_exports.c: rename-pie-text-and-data-sections @@ -192,14 +193,20 @@ endif # auto-generate the exported symbol list, leveraging the WOLFSSL_API visibility tags. # exclude symbols that don't match wc_* or wolf*. $(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS) - @cp $< $@ - @$(READELF) --symbols --wide $(WOLFSSL_OBJ_TARGETS) | \ - $(AWK) '/^ *[0-9]+: / { \ - if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;} \ - if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) { \ - print "EXPORT_SYMBOL_NS_GPL(" $$8 ", EXPORT_SYMBOL_NS_Q(WOLFSSL));";\ - } \ - }' >> $@ - @echo -e '#ifndef NO_CRYPT_TEST\nEXPORT_SYMBOL_NS_GPL(wolfcrypt_test, EXPORT_SYMBOL_NS_Q(WOLFSSL));\n#endif' >> $@ + @cp $< $@ || exit $$? + if [[ "$${VERSION}" -gt 6 || ("$${VERSION}" -eq 6 && "$${PATCHLEVEL}" -ge 13) ]]; then + # use ASCII octal escape to avoid syntax disruption in the awk script. + ns='\042WOLFSSL\042' + else + ns='WOLFSSL' + fi + $(READELF) --symbols --wide $(WOLFSSL_OBJ_TARGETS) | + $(AWK) '/^ *[0-9]+: / { + if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;} + if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) { + print "EXPORT_SYMBOL_NS_GPL(" $$8 ", '"$$ns"');"; + } + }' >> $@ || exit $$? + echo -e "#ifndef NO_CRYPT_TEST\nEXPORT_SYMBOL_NS_GPL(wolfcrypt_test, $${ns});\n#endif" >> $@ clean-files := linuxkm src wolfcrypt diff --git a/linuxkm/module_exports.c.template b/linuxkm/module_exports.c.template index 5ea8c1984..699f83c45 100644 --- a/linuxkm/module_exports.c.template +++ b/linuxkm/module_exports.c.template @@ -47,12 +47,6 @@ #define EXPORT_SYMBOL_NS_GPL(sym, ns) EXPORT_SYMBOL_GPL(sym) #endif -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0)) -#define EXPORT_SYMBOL_NS_Q(x) #x -#else -#define EXPORT_SYMBOL_NS_Q(x) x -#endif - #include #include #include diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index e7452de4c..e614276f4 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3620,6 +3620,22 @@ extern void uITRON4_free(void *p) ; #ifdef __PIE__ #define WC_NO_INTERNAL_FUNCTION_POINTERS #endif + + #ifndef NO_OLD_WC_NAMES + #define NO_OLD_WC_NAMES + #endif + #ifndef NO_OLD_SHA_NAMES + #define NO_OLD_SHA_NAMES + #endif + #ifndef NO_OLD_MD5_NAME + #define NO_OLD_MD5_NAME + #endif + #ifndef OPENSSL_COEXIST + #define OPENSSL_COEXIST + #endif + #ifndef NO_OLD_SSL_NAMES + #define NO_OLD_SSL_NAMES + #endif #endif