| Message ID | 20250428134205.900354-4-daniel.turull@ericsson.com |
|---|---|
| State | New |
| Headers | show |
| Series | Check compiled files to filter kernel CVEs | expand |
On Mon, Apr 28, 2025 at 9:42 AM Daniel Turull via lists.openembedded.org <daniel.turull=ericsson.com@lists.openembedded.org> wrote: > From: Daniel Turull <daniel.turull@ericsson.com> > > Use gen_compile_commands.py to extract files used during compilation > for the used kernel configuration. > > CC: Peter Marko <peter.marko@siemens.com> > Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> > --- > meta/classes-recipe/kernel.bbclass | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/meta/classes-recipe/kernel.bbclass > b/meta/classes-recipe/kernel.bbclass > index 36ce659762..56060f2c91 100644 > --- a/meta/classes-recipe/kernel.bbclass > +++ b/meta/classes-recipe/kernel.bbclass > @@ -867,3 +867,14 @@ EXPORT_FUNCTIONS do_deploy > > # Add using Device Tree support > inherit kernel-devicetree > + > +KERNEL_FILES_DIR ?= "${LOG_DIR}/cve/kernel_files" > +KERNEL_SRC_FILES ?= "${KERNEL_FILES_DIR}/compile_commands.json" > + > +do_save_compiled_files() { > + bbdebug 1 "Saving compiled files in ${KERNEL_SRC_FILES}" > + mkdir -p ${KERNEL_FILES_DIR} > + ${S}/scripts/clang-tools/gen_compile_commands.py -o > ${KERNEL_SRC_FILES} -d ${B} > +} > + > +addtask do_save_compiled_files after do_compile do_compile_kernelmodules > This is something that I wouldn't want running in my development environment. I can't tell fully. Is this opt in ? Is there a way to opt-out ? Bruce > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#215604): > https://lists.openembedded.org/g/openembedded-core/message/215604 > Mute This Topic: https://lists.openembedded.org/mt/112499916/1050810 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > bruce.ashfield@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
Hi, I have put it as default, but you have a good point. I’ll add the task conditionally if CVE_CHECK_KERNEL_CONFIG is set to 1 in the next patch version series. Best regards, Daniel From: Bruce Ashfield <bruce.ashfield@gmail.com> Sent: Monday, 28 April 2025 16:25 To: Daniel Turull <daniel.turull@ericsson.com> Cc: openembedded-core@lists.openembedded.org; rybczynska@gmail.com; steve@sakoman.com; Peter.Marko@siemens.com; ross.burton@arm.com; skandigraun@gmail.com Subject: Re: [OE-core] [PATCH v2 3/6] kernel: add support to extract compiled files On Mon, Apr 28, 2025 at 9:42 AM Daniel Turull via lists.openembedded.org<http://lists.openembedded.org/> <daniel.turull=ericsson.com@lists.openembedded.org<mailto:ericsson.com@lists.openembedded.org>> wrote: From: Daniel Turull <daniel.turull@ericsson.com<mailto:daniel.turull@ericsson.com>> Use gen_compile_commands.py to extract files used during compilation for the used kernel configuration. CC: Peter Marko <peter.marko@siemens.com<mailto:peter.marko@siemens.com>> Signed-off-by: Daniel Turull <daniel.turull@ericsson.com<mailto:daniel.turull@ericsson.com>> --- meta/classes-recipe/kernel.bbclass | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/meta/classes-recipe/kernel.bbclass b/meta/classes-recipe/kernel.bbclass index 36ce659762..56060f2c91 100644 --- a/meta/classes-recipe/kernel.bbclass +++ b/meta/classes-recipe/kernel.bbclass @@ -867,3 +867,14 @@ EXPORT_FUNCTIONS do_deploy # Add using Device Tree support inherit kernel-devicetree + +KERNEL_FILES_DIR ?= "${LOG_DIR}/cve/kernel_files" +KERNEL_SRC_FILES ?= "${KERNEL_FILES_DIR}/compile_commands.json" + +do_save_compiled_files() { + bbdebug 1 "Saving compiled files in ${KERNEL_SRC_FILES}" + mkdir -p ${KERNEL_FILES_DIR} + ${S}/scripts/clang-tools/gen_compile_commands.py -o ${KERNEL_SRC_FILES} -d ${B} +} + +addtask do_save_compiled_files after do_compile do_compile_kernelmodules This is something that I wouldn't want running in my development environment. I can't tell fully. Is this opt in ? Is there a way to opt-out ? Bruce -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#215604): https://lists.openembedded.org/g/openembedded-core/message/215604 Mute This Topic: https://lists.openembedded.org/mt/112499916/1050810 Group Owner: openembedded-core+owner@lists.openembedded.org<mailto:openembedded-core%2Bowner@lists.openembedded.org> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [bruce.ashfield@gmail.com<mailto:bruce.ashfield@gmail.com>] -=-=-=-=-=-=-=-=-=-=-=- -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
diff --git a/meta/classes-recipe/kernel.bbclass b/meta/classes-recipe/kernel.bbclass index 36ce659762..56060f2c91 100644 --- a/meta/classes-recipe/kernel.bbclass +++ b/meta/classes-recipe/kernel.bbclass @@ -867,3 +867,14 @@ EXPORT_FUNCTIONS do_deploy # Add using Device Tree support inherit kernel-devicetree + +KERNEL_FILES_DIR ?= "${LOG_DIR}/cve/kernel_files" +KERNEL_SRC_FILES ?= "${KERNEL_FILES_DIR}/compile_commands.json" + +do_save_compiled_files() { + bbdebug 1 "Saving compiled files in ${KERNEL_SRC_FILES}" + mkdir -p ${KERNEL_FILES_DIR} + ${S}/scripts/clang-tools/gen_compile_commands.py -o ${KERNEL_SRC_FILES} -d ${B} +} + +addtask do_save_compiled_files after do_compile do_compile_kernelmodules