linux.git/scripts/Makefile.lib, branch v7.2-rc1 Linux kernel source tree Merge tag 'objtool-core-2026-06-14' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip 2026-06-15T09:01:58+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-06-15T09:01:58+00:00 d8d706a27451c015490d23b4f4764de05e553624 Pull objtool updates from Ingo Molnar: - A large series of KLP fixes and improvements, in preparation of the arm64 port (Josh Poimboeuf) - Fix a number of bugs and issues on specific distro, LTO, FineIBT and kCFI configs (Josh Poimboeuf) - Misc other fixes by Josh Poimboeuf and Joe Lawrence * tag 'objtool-core-2026-06-14' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip: (53 commits) objtool/klp: Cache dont_correlate() result objtool: Improve and simplify prefix symbol detection objtool/klp: Fix kCFI prefix finding/cloning objtool: Grow __cfi_* prefix symbols for all CFI+CALL_PADDING objtool/klp: Fix position-dependent checksums for non-relocated jumps/calls objtool: Add insn_sym() helper objtool/klp: Add correlation debugging output objtool/klp: Rewrite symbol correlation algorithm objtool/klp: Calculate object checksums klp-build: Validate short-circuit prerequisites objtool/klp: Remove "objtool --checksum" klp-build: Use "objtool klp checksum" subcommand objtool/klp: Add "objtool klp checksum" subcommand objtool: Consolidate file decoding into decode_file() objtool/klp: Extricate checksum calculation from validate_branch() objtool: Add is_cold_func() helper objtool: Add is_alias_sym() helper objtool/klp: Handle Clang .data..Lanon anonymous data sections objtool/klp: Create empty checksum sections for function-less object files objtool: Include libsubcmd headers directly from source tree ... 
Pull objtool updates from Ingo Molnar:

 - A large series of KLP fixes and improvements, in preparation of the
   arm64 port (Josh Poimboeuf)

 - Fix a number of bugs and issues on specific distro, LTO, FineIBT and
   kCFI configs (Josh Poimboeuf)

 - Misc other fixes by Josh Poimboeuf and Joe Lawrence

* tag 'objtool-core-2026-06-14' of gitolite.kernel.org:pub/scm/linux/kernel/git/tip/tip: (53 commits)
  objtool/klp: Cache dont_correlate() result
  objtool: Improve and simplify prefix symbol detection
  objtool/klp: Fix kCFI prefix finding/cloning
  objtool: Grow __cfi_* prefix symbols for all CFI+CALL_PADDING
  objtool/klp: Fix position-dependent checksums for non-relocated jumps/calls
  objtool: Add insn_sym() helper
  objtool/klp: Add correlation debugging output
  objtool/klp: Rewrite symbol correlation algorithm
  objtool/klp: Calculate object checksums
  klp-build: Validate short-circuit prerequisites
  objtool/klp: Remove "objtool --checksum"
  klp-build: Use "objtool klp checksum" subcommand
  objtool/klp: Add "objtool klp checksum" subcommand
  objtool: Consolidate file decoding into decode_file()
  objtool/klp: Extricate checksum calculation from validate_branch()
  objtool: Add is_cold_func() helper
  objtool: Add is_alias_sym() helper
  objtool/klp: Handle Clang .data..Lanon anonymous data sections
  objtool/klp: Create empty checksum sections for function-less object files
  objtool: Include libsubcmd headers directly from source tree
  ...
Merge tag 'rust-7.2' of gitolite.kernel.org:pub/scm/linux/kernel/git/ojeda/linux 2026-06-15T03:55:48+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-06-15T03:55:48+00:00 b079329b8691768962aa514b8f8c9077ca352459 Pull Rust updates from Miguel Ojeda: "This one is big due to the vendoring of the `zerocopy` library, which allows us to replace a bunch of `unsafe` code dealing with conversions between byte sequences and other types with safe alternatives. More details on that below (and in its merge commit). Toolchain and infrastructure: - Introduce support for the 'zerocopy' library [1][2]: Fast, safe, compile error. Pick two. Zerocopy makes zero-cost memory manipulation effortless. We write `unsafe` so you don't have to. It essentially provides derivable traits (e.g. 'FromBytes') and macros (e.g. 'transmute!') for safely converting between byte sequences and other types. Having such support allows us to remove some 'unsafe' code. It is among the most downloaded Rust crates and it is also used by the Rust compiler itself. It is licensed under "BSD-2-Clause OR Apache-2.0 OR MIT". The crates are imported essentially as-is (only +2/-3 lines needed to be adapted), plus SPDX identifiers. Upstream has since added the SPDX identifiers as well as one of the tweaks at my request, thus reducing our future diffs on updates -- I keep the details in one of our usual live lists [3]. In total, it is about ~39k lines added, ~32k without counting 'benches/' which are just for documentation purposes. The series includes a few Kbuild and rust-analyzer improvements and an example patch using it in Nova, removing one 'unsafe impl'. I checked that the codegen of an isolated example function (similar to the Nova patch on top) is essentially identical. It also turns out that (for that particular case) the 'zerocopy' version, even with 'debug-assertions' enabled, has no remaining panics, unlike a few in the current code (since the compiler can prove the remaining 'ub_checks' statically). So their "fast, safe" does indeed check out -- at least in that case. - Support AutoFDO. This allows Rust code to be profiled and optimized based on the profile. Tested with Rust Binder: ~13% slower without AutoFDO in the binderAddInts benchmark (using an app-launch benchmark for the profile). - Support Software Tag-Based KASAN. In addition, fix KASAN Kconfig by requiring Clang. - Add Kconfig options for each existing Rust KUnit test suite, such as 'CONFIG_RUST_BITMAP_KUNIT_TEST'. They are placed within a new menu, 'CONFIG_RUST_KUNIT_TESTS', in the new 'rust/kernel/Kconfig.test' file. - Support the upcoming Rust 1.98.0 release (expected 2026-08-20): lint cleanups and an unstable flag rename. - Disable 'rustdoc' documentation inlining for all prelude items, which bloats the generated documentation. - Ignore (in Git) and clean (in Kbuild) the (rarely) 'rustc'-generated '*.long-type-*.txt' files. 'kernel' crate: - Add new 'bitfield' module with the 'bitfield!' macro (extracted from the existing 'register!' one), which declares integer types that are split into distinct bit fields of arbitrary length. Each field is a 'Bounded' of the appropriate bit width (ensuring values are properly validated and avoiding implicit data loss) and gets several generated getters and setters (infallible, 'const' and fallible) as well as associated constants ('_MASK', '_SHIFT' and '_RANGE'). It also supports fields that can be converted from/to custom types, either fallibly ('?=>') or infallibly ('=>'). For instance: bitfield! { struct Rgb(u16) { 15:11 blue; 10:5 green; 4:0 red; } } // Compile-time checks. let color = Rgb::zeroed().with_const_green::<0x1f>(); assert_eq!(color.green(), 0x1f); assert_eq!(color.into_raw(), 0x1f << Rgb::GREEN_SHIFT); Add as well documentation and a test suite for it, as usual; and update the 'register!' macro to use it. It will be maintained by Alexandre Courbot (with Yury Norov as reviewer) under a new 'MAINTAINERS' entry: 'RUST [BITFIELD]'. - 'ptr' module: rework index projection syntax into keyworded syntax and introduce panicking variant. The keyword syntax ('build:', 'try:', 'panic:') is more explicit and paves the way of perhaps adding more flavors in the future, e.g. an 'unsafe' index projection. For instance, projections now look like this: fn f(p: *const [u8; 32]) -> Result { // Ok, within bounds, checked at build time. project!(p, [build: 1]); // Build error. project!(p, [build: 128]); // `OutOfBound` runtime error (convertible to `ERANGE`). project!(p, [try: 128]); // Runtime panic. project!(p, [panic: 128]); Ok(()) } Update as well the users, which now look like e.g. // Pointer to the first entry of the GSP message queue. let data = project!(self.0.as_ptr(), .gspq.msgq.data[build: 0]); - 'build_assert' module: make the module the home of its macros instead of rendering them twice. - 'sync' module: add 'UniqueArc::as_ptr()' associated function. - 'alloc' module: - Fix the 'Vec::reserve()' doctest to properly account for the existing vector length in the capacity assertion. - Fix an incorrect operator in the 'Vec::extend_with()' 'SAFETY' comment; add a doc test demonstrating basic usage and the zero-length case. - Clean imports across several modules to follow the "kernel vertical" import style in order to minimize conflicts. 'pin-init' crate: - User visible changes: - Do not generate 'non_snake_case' warnings for identifiers that are syntactically just users of a field name. This would allow all '#[allow(non_snake_case)]' in nova-core to be removed, which Gary will send to the nova tree next cycle. - Filter non-cfg attributes out properly in derived structs. This improves pin-init compatibility with other derive macros. - Insert projection types' where clause properly. - Other changes: - Bump MSRV to 1.82, plus associated cleanups. - Overhaul how init slots are projected. The new approach is easier to justify with safety comments. - Mark more functions as inline, which should help mitigate the super-long symbol name issue due to lack of inlining. rust-analyzer: - Support '--envs' for passing env vars for crates like 'zerocopy'. 'MAINTAINERS': - Add the following reviewers to the 'RUST' entry: - Daniel Almeida - Tamir Duberstein - Alexandre Courbot - Onur Özkan They have been involved in the Rust for Linux project for about 7 collective years and bring expertise across several domains, which will be very useful to have around in the future. Thanks everyone for stepping up! And some other fixes, cleanups and improvements" Link: https://github.com/google/zerocopy [1] Link: https://docs.rs/zerocopy [2] Link: https://github.com/Rust-for-Linux/linux/issues/1239 [3] * tag 'rust-7.2' of gitolite.kernel.org:pub/scm/linux/kernel/git/ojeda/linux: (86 commits) MAINTAINERS: add Onur Özkan as Rust reviewer MAINTAINERS: add Alexandre Courbot as Rust reviewer MAINTAINERS: add Tamir Duberstein as Rust reviewer MAINTAINERS: add Daniel Almeida as Rust reviewer kbuild: rust: clean `zerocopy-derive` in `mrproper` rust: make `build_assert` module the home of related macros rust: str: clean unused import for Rust >= 1.98 rust: str: use the "kernel vertical" imports style rust: aref: use the "kernel vertical" imports style rust: page: use the "kernel vertical" imports style gpu: nova-core: firmware: parse `FalconUCodeDescV2` via `zerocopy` rust: prelude: add `zerocopy{,_derive}::FromBytes` rust: zerocopy-derive: enable support in kbuild rust: zerocopy-derive: add `README.md` rust: zerocopy-derive: avoid generating non-ASCII identifiers rust: zerocopy-derive: add SPDX License Identifiers rust: zerocopy-derive: import crate rust: zerocopy: enable support in kbuild rust: zerocopy: add `README.md` rust: zerocopy: remove float `Display` support ... 
Pull Rust updates from Miguel Ojeda:
 "This one is big due to the vendoring of the `zerocopy` library, which
  allows us to replace a bunch of `unsafe` code dealing with conversions
  between byte sequences and other types with safe alternatives. More
  details on that below (and in its merge commit).

  Toolchain and infrastructure:

   - Introduce support for the 'zerocopy' library [1][2]:

         Fast, safe, compile error. Pick two.

         Zerocopy makes zero-cost memory manipulation effortless. We write
         `unsafe` so you don't have to.

     It essentially provides derivable traits (e.g. 'FromBytes') and
     macros (e.g. 'transmute!') for safely converting between byte
     sequences and other types. Having such support allows us to remove
     some 'unsafe' code.

     It is among the most downloaded Rust crates and it is also used by
     the Rust compiler itself.

     It is licensed under "BSD-2-Clause OR Apache-2.0 OR MIT".

     The crates are imported essentially as-is (only +2/-3 lines needed
     to be adapted), plus SPDX identifiers. Upstream has since added the
     SPDX identifiers as well as one of the tweaks at my request, thus
     reducing our future diffs on updates -- I keep the details in one
     of our usual live lists [3].

     In total, it is about ~39k lines added, ~32k without counting
     'benches/' which are just for documentation purposes.

     The series includes a few Kbuild and rust-analyzer improvements and
     an example patch using it in Nova, removing one 'unsafe impl'.

     I checked that the codegen of an isolated example function (similar
     to the Nova patch on top) is essentially identical. It also turns
     out that (for that particular case) the 'zerocopy' version, even
     with 'debug-assertions' enabled, has no remaining panics, unlike a
     few in the current code (since the compiler can prove the remaining
     'ub_checks' statically).

     So their "fast, safe" does indeed check out -- at least in that
     case.

   - Support AutoFDO. This allows Rust code to be profiled and optimized
     based on the profile. Tested with Rust Binder: ~13% slower without
     AutoFDO in the binderAddInts benchmark (using an app-launch
     benchmark for the profile).

   - Support Software Tag-Based KASAN.

     In addition, fix KASAN Kconfig by requiring Clang.

   - Add Kconfig options for each existing Rust KUnit test suite, such
     as 'CONFIG_RUST_BITMAP_KUNIT_TEST'.

     They are placed within a new menu, 'CONFIG_RUST_KUNIT_TESTS', in
     the new 'rust/kernel/Kconfig.test' file.

   - Support the upcoming Rust 1.98.0 release (expected 2026-08-20):
     lint cleanups and an unstable flag rename.

   - Disable 'rustdoc' documentation inlining for all prelude items,
     which bloats the generated documentation.

   - Ignore (in Git) and clean (in Kbuild) the (rarely) 'rustc'-generated
     '*.long-type-*.txt' files.

  'kernel' crate:

   - Add new 'bitfield' module with the 'bitfield!' macro (extracted
     from the existing 'register!' one), which declares integer types
     that are split into distinct bit fields of arbitrary length.

     Each field is a 'Bounded' of the appropriate bit width (ensuring
     values are properly validated and avoiding implicit data loss) and
     gets several generated getters and setters (infallible, 'const' and
     fallible) as well as associated constants ('_MASK', '_SHIFT' and
     '_RANGE'). It also supports fields that can be converted from/to
     custom types, either fallibly ('?=>') or infallibly ('=>').

     For instance:

         bitfield! {
             struct Rgb(u16) {
                 15:11 blue;
                 10:5 green;
                 4:0 red;
             }
         }

         // Compile-time checks.
         let color = Rgb::zeroed().with_const_green::<0x1f>();

         assert_eq!(color.green(), 0x1f);
         assert_eq!(color.into_raw(), 0x1f << Rgb::GREEN_SHIFT);

     Add as well documentation and a test suite for it, as usual; and
     update the 'register!' macro to use it.

     It will be maintained by Alexandre Courbot (with Yury Norov as
     reviewer) under a new 'MAINTAINERS' entry: 'RUST [BITFIELD]'.

   - 'ptr' module: rework index projection syntax into keyworded syntax
     and introduce panicking variant.

     The keyword syntax ('build:', 'try:', 'panic:') is more explicit
     and paves the way of perhaps adding more flavors in the future,
     e.g. an 'unsafe' index projection.

     For instance, projections now look like this:

         fn f(p: *const [u8; 32]) -> Result {
             // Ok, within bounds, checked at build time.
             project!(p, [build: 1]);

             // Build error.
             project!(p, [build: 128]);

             // `OutOfBound` runtime error (convertible to `ERANGE`).
             project!(p, [try: 128]);

             // Runtime panic.
             project!(p, [panic: 128]);

             Ok(())
         }

     Update as well the users, which now look like e.g.

         // Pointer to the first entry of the GSP message queue.
         let data = project!(self.0.as_ptr(), .gspq.msgq.data[build: 0]);

   - 'build_assert' module: make the module the home of its macros
     instead of rendering them twice.

   - 'sync' module: add 'UniqueArc::as_ptr()' associated function.

   - 'alloc' module:

       - Fix the 'Vec::reserve()' doctest to properly account for the
         existing vector length in the capacity assertion.

       - Fix an incorrect operator in the 'Vec::extend_with()' 'SAFETY'
         comment; add a doc test demonstrating basic usage and the
         zero-length case.

   - Clean imports across several modules to follow the "kernel
     vertical" import style in order to minimize conflicts.

  'pin-init' crate:

   - User visible changes:

       - Do not generate 'non_snake_case' warnings for identifiers that
         are syntactically just users of a field name. This would allow
         all '#[allow(non_snake_case)]' in nova-core to be removed,
         which Gary will send to the nova tree next cycle.

       - Filter non-cfg attributes out properly in derived structs. This
         improves pin-init compatibility with other derive macros.

       - Insert projection types' where clause properly.

   - Other changes:

       - Bump MSRV to 1.82, plus associated cleanups.

       - Overhaul how init slots are projected. The new approach is
         easier to justify with safety comments.

       - Mark more functions as inline, which should help mitigate the
         super-long symbol name issue due to lack of inlining.

  rust-analyzer:

   - Support '--envs' for passing env vars for crates like 'zerocopy'.

  'MAINTAINERS':

   - Add the following reviewers to the 'RUST' entry:
       - Daniel Almeida
       - Tamir Duberstein
       - Alexandre Courbot
       - Onur Özkan

     They have been involved in the Rust for Linux project for about 7
     collective years and bring expertise across several domains, which
     will be very useful to have around in the future.

     Thanks everyone for stepping up!

  And some other fixes, cleanups and improvements"

Link: https://github.com/google/zerocopy [1]
Link: https://docs.rs/zerocopy [2]
Link: https://github.com/Rust-for-Linux/linux/issues/1239 [3]

* tag 'rust-7.2' of gitolite.kernel.org:pub/scm/linux/kernel/git/ojeda/linux: (86 commits)
  MAINTAINERS: add Onur Özkan as Rust reviewer
  MAINTAINERS: add Alexandre Courbot as Rust reviewer
  MAINTAINERS: add Tamir Duberstein as Rust reviewer
  MAINTAINERS: add Daniel Almeida as Rust reviewer
  kbuild: rust: clean `zerocopy-derive` in `mrproper`
  rust: make `build_assert` module the home of related macros
  rust: str: clean unused import for Rust >= 1.98
  rust: str: use the "kernel vertical" imports style
  rust: aref: use the "kernel vertical" imports style
  rust: page: use the "kernel vertical" imports style
  gpu: nova-core: firmware: parse `FalconUCodeDescV2` via `zerocopy`
  rust: prelude: add `zerocopy{,_derive}::FromBytes`
  rust: zerocopy-derive: enable support in kbuild
  rust: zerocopy-derive: add `README.md`
  rust: zerocopy-derive: avoid generating non-ASCII identifiers
  rust: zerocopy-derive: add SPDX License Identifiers
  rust: zerocopy-derive: import crate
  rust: zerocopy: enable support in kbuild
  rust: zerocopy: add `README.md`
  rust: zerocopy: remove float `Display` support
  ...
kbuild: distributed build support for Clang ThinLTO 2026-05-29T20:44:29+00:00 Rong Xu xur@google.com 2026-05-29T18:53:46+00:00 9f2aee8f7d1842be08da860e45265d30dba0d1f7 Add distributed ThinLTO build support for the Linux kernel. This new mode offers several advantages: (1) Increased flexibility in handling user-specified build options. (2) Improved user-friendliness for developers. (3) Greater convenience for integrating with objtool and livepatch. Note that "distributed" in this context refers to a term that differentiates in-process ThinLTO builds by invoking backend compilation through the linker, not necessarily building in distributed environments. Distributed ThinLTO is enabled via the `CONFIG_LTO_CLANG_THIN_DIST` Kconfig option. For example: > make LLVM=1 defconfig > scripts/config -e LTO_CLANG_THIN_DIST > make LLVM=1 oldconfig > make LLVM=1 vmlinux -j <..> The build flow proceeds in four stages: 1. Perform FE compilation, mirroring the in-process ThinLTO mode. 2. Thin-link the generated IR files and object files. 3. Find all IR files and perform BE compilation, using the flags stored in the .*.o.cmd files. 4. Link the BE results to generate the final vmlinux.o. NOTE: This patch currently implements the build for the main kernel image (vmlinux) only. Kernel module support is planned for a subsequent patch. Tested on the following arch: x86, arm64, loongarch, and riscv. The earlier implementation details can be found here: https://discourse.llvm.org/t/rfc-distributed-thinlto-build-for-kernel/85934 Signed-off-by: Rong Xu <xur@google.com> Co-developed-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Tested-by: Piotr Gorski <piotrgorski@cachyos.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Link: https://patch.msgid.link/20260529185347.2418373-4-xur@google.com Signed-off-by: Nathan Chancellor <nathan@kernel.org> 
Add distributed ThinLTO build support for the Linux kernel.
This new mode offers several advantages: (1) Increased
flexibility in handling user-specified build options.
(2) Improved user-friendliness for developers. (3) Greater
convenience for integrating with objtool and livepatch.

Note that "distributed" in this context refers to a term
that differentiates in-process ThinLTO builds by invoking
backend compilation through the linker, not necessarily
building in distributed environments.

Distributed ThinLTO is enabled via the
`CONFIG_LTO_CLANG_THIN_DIST` Kconfig option. For example:
 > make LLVM=1 defconfig
 > scripts/config -e LTO_CLANG_THIN_DIST
 > make LLVM=1 oldconfig
 > make LLVM=1 vmlinux -j <..>

The build flow proceeds in four stages:
  1. Perform FE compilation, mirroring the in-process ThinLTO mode.
  2. Thin-link the generated IR files and object files.
  3. Find all IR files and perform BE compilation, using the flags
    stored in the .*.o.cmd files.
  4. Link the BE results to generate the final vmlinux.o.

NOTE: This patch currently implements the build for the main kernel
image (vmlinux) only. Kernel module support is planned for a
subsequent patch.

Tested on the following arch: x86, arm64, loongarch, and
riscv.

The earlier implementation details can be found here:
https://discourse.llvm.org/t/rfc-distributed-thinlto-build-for-kernel/85934

Signed-off-by: Rong Xu <xur@google.com>
Co-developed-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Tested-by: Piotr Gorski <piotrgorski@cachyos.org>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Link: https://patch.msgid.link/20260529185347.2418373-4-xur@google.com
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
kbuild: rust: add AutoFDO support 2026-05-26T23:53:42+00:00 Alice Ryhl aliceryhl@google.com 2026-03-31T10:57:49+00:00 a960c2cdb19e237f284a3b96eb8a0359abcf0e63 This patch enables AutoFDO build support for Rust code within the Linux kernel. This allows Rust code to be profiled and optimized based on the profile. The RUSTFLAGS variable was suffixed with *_AUTOFDO_CLANG to match the naming of the config option, which is called CONFIG_AUTOFDO_CLANG. This implementation has been verified in Android, first by inspecting the object files and confirming that they look correct. After that, it was verified as below: 1. Running the binderAddInts benchmark [1] with Rust Binder built as rust_binder.ko module, using a Pixel 9 Pro. 2. Collecting a profile on a Pixel 10 Pro XL using the app-launch benchmark, which starts different apps many times, on a device with Rust Binder as a built-in kernel module. (C Binder was not present on the device.) 3. Using the collected profile, run the binderAddInts benchmark again with Rust Binder built both as a rust_binder.ko module, and as a built-in kernel module. 4. In both cases, Rust Binder without AutoFDO was approximately 13% slower than the AutoFDO optimized version. Built-in vs .ko did not make a measurable performance difference. All of the above was verified in conjunction with my helpers inlining series [2], which confirmed that this worked correctly for helpers too once [3] was fixed in the helpers inlining series. Link: https://android.googlesource.com/platform/system/extras/+/920f089/tests/binder/benchmarks/binderAddInts.cpp [1] Link: https://lore.kernel.org/r/20260203-inline-helpers-v2-0-beb8547a03c9@google.com [2] Link: https://lore.kernel.org/r/aasPsbMEsX6iGUl8@google.com [3] Reviewed-by: Rong Xu <xur@google.com> Reviewed-by: Gary Guo <gary@garyguo.net> Tested-by: Alice Ryhl <aliceryhl@google.com> Signed-off-by: Alice Ryhl <aliceryhl@google.com> Acked-by: Nicolas Schier <nsc@kernel.org> Acked-by: Nathan Chancellor <nathan@kernel.org> Link: https://patch.msgid.link/20260331-autofdo-v2-1-eb5c5964820d@google.com [ Reworded for typos. - Miguel ] Signed-off-by: Miguel Ojeda <ojeda@kernel.org> 
This patch enables AutoFDO build support for Rust code within the Linux
kernel. This allows Rust code to be profiled and optimized based on the
profile.

The RUSTFLAGS variable was suffixed with *_AUTOFDO_CLANG to match the
naming of the config option, which is called CONFIG_AUTOFDO_CLANG.

This implementation has been verified in Android, first by inspecting
the object files and confirming that they look correct. After that,
it was verified as below:

1. Running the binderAddInts benchmark [1] with Rust Binder built as
   rust_binder.ko module, using a Pixel 9 Pro.
2. Collecting a profile on a Pixel 10 Pro XL using the app-launch
   benchmark, which starts different apps many times, on a device with
   Rust Binder as a built-in kernel module. (C Binder was not present on
   the device.)
3. Using the collected profile, run the binderAddInts benchmark again
   with Rust Binder built both as a rust_binder.ko module, and as a
   built-in kernel module.
4. In both cases, Rust Binder without AutoFDO was approximately 13%
   slower than the AutoFDO optimized version. Built-in vs .ko did not
   make a measurable performance difference.

All of the above was verified in conjunction with my helpers inlining
series [2], which confirmed that this worked correctly for helpers too
once [3] was fixed in the helpers inlining series.

Link: https://android.googlesource.com/platform/system/extras/+/920f089/tests/binder/benchmarks/binderAddInts.cpp [1]
Link: https://lore.kernel.org/r/20260203-inline-helpers-v2-0-beb8547a03c9@google.com [2]
Link: https://lore.kernel.org/r/aasPsbMEsX6iGUl8@google.com [3]
Reviewed-by: Rong Xu <xur@google.com>
Reviewed-by: Gary Guo <gary@garyguo.net>
Tested-by: Alice Ryhl <aliceryhl@google.com>
Signed-off-by: Alice Ryhl <aliceryhl@google.com>
Acked-by: Nicolas Schier <nsc@kernel.org>
Acked-by: Nathan Chancellor <nathan@kernel.org>
Link: https://patch.msgid.link/20260331-autofdo-v2-1-eb5c5964820d@google.com
[ Reworded for typos. - Miguel ]
Signed-off-by: Miguel Ojeda <ojeda@kernel.org>
objtool: Grow __cfi_* prefix symbols for all CFI+CALL_PADDING 2026-05-05T04:16:07+00:00 Josh Poimboeuf jpoimboe@kernel.org 2026-04-23T22:53:17+00:00 fc0bb9915bce0c333f918ca76958d804ccd79f89 For all CONFIG_CFI+CONFIG_CALL_PADDING configs, for C functions, the __cfi_ symbols only cover the 5-byte kCFI type hash. After that there also N bytes of NOP padding between the hash and the function entry which aren't associated with any symbol. The NOPs can be replaced with actual code at runtime. Without a symbol, unwinders and tooling have no way of knowing where those bytes belong. Grow the existing __cfi_* symbols to fill that gap. Note that assembly functions with SYM_TYPED_FUNC_START() aren't affected by this issue, their __cfi_ symbols also cover the padding. Also, CONFIG_PREFIX_SYMBOLS has no reason to exist: CONFIG_CALL_PADDING is what causes the compiler to emit NOP padding before function entry (via -fpatchable-function-entry), so it's the right condition for creating prefix symbols. Remove CONFIG_PREFIX_SYMBOLS, as it's no longer needed. Simplify the LONGEST_SYM_KUNIT_TEST dependency accordingly. Rework objtool's arguments a bit to handle the variety of prefix/cfi-related cases. Suggested-by: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org> 
For all CONFIG_CFI+CONFIG_CALL_PADDING configs, for C functions, the
__cfi_ symbols only cover the 5-byte kCFI type hash.  After that there
also N bytes of NOP padding between the hash and the function entry
which aren't associated with any symbol.

The NOPs can be replaced with actual code at runtime.  Without a symbol,
unwinders and tooling have no way of knowing where those bytes belong.

Grow the existing __cfi_* symbols to fill that gap.

Note that assembly functions with SYM_TYPED_FUNC_START() aren't affected
by this issue, their __cfi_ symbols also cover the padding.

Also, CONFIG_PREFIX_SYMBOLS has no reason to exist: CONFIG_CALL_PADDING
is what causes the compiler to emit NOP padding before function entry
(via -fpatchable-function-entry), so it's the right condition for
creating prefix symbols.

Remove CONFIG_PREFIX_SYMBOLS, as it's no longer needed.  Simplify the
LONGEST_SYM_KUNIT_TEST dependency accordingly.  Rework objtool's
arguments a bit to handle the variety of prefix/cfi-related cases.

Suggested-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Merge tag 'kbuild-7.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux 2026-02-11T21:40:35+00:00 Linus Torvalds torvalds@linux-foundation.org 2026-02-11T21:40:35+00:00 41f1a08645abb5ef7d2a3ed8835c747334878774 Pull Kbuild/Kconfig updates from Nathan Chancellor: "Kbuild: - Drop '*_probe' pattern from modpost section check allowlist, which hid legitimate warnings (Johan Hovold) - Disable -Wtype-limits altogether, instead of enabling at W=2 (Vincent Mailhol) - Improve UAPI testing to skip testing headers that require a libc when CONFIG_CC_CAN_LINK is not set, opening up testing of headers with no libc dependencies to more environments (Thomas Weißschuh) - Update gendwarfksyms documentation with required dependencies (Jihan LIN) - Reject invalid LLVM= values to avoid unintentionally falling back to system toolchain (Thomas Weißschuh) - Add a script to help run the kernel build process in a container for consistent environments and testing (Guillaume Tucker) - Simplify kallsyms by getting rid of the relative base (Ard Biesheuvel) - Performance and usability improvements to scripts/make_fit.py (Simon Glass) - Minor various clean ups and fixes Kconfig: - Move XPM icons to individual files, clearing up GTK deprecation warnings (Rostislav Krasny) - Support depends on FOO if BAR as syntactic sugar for depends on FOO || !BAR (Nicolas Pitre, Graham Roff) - Refactor merge_config.sh to use awk over shell/sed/grep, dramatically speeding up processing large number of config fragments (Anders Roxell, Mikko Rapeli)" * tag 'kbuild-7.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux: (39 commits) kbuild: remove dependency of run-command on config scripts/make_fit: Compress dtbs in parallel scripts/make_fit: Support a few more parallel compressors kbuild: Support a FIT_EXTRA_ARGS environment variable scripts/make_fit: Move dtb processing into a function scripts/make_fit: Support an initial ramdisk scripts/make_fit: Speed up operation rust: kconfig: Don't require RUST_IS_AVAILABLE for rustc-option MAINTAINERS: Add scripts/install.sh into Kbuild entry modpost: Amend ppc64 save/restfpr symnames for -Os build MIPS: tools: relocs: Ship a definition of R_MIPS_PC32 streamline_config.pl: remove superfluous exclamation mark kbuild: dummy-tools: Add python3 scripts: kconfig: merge_config.sh: warn on duplicate input files scripts: kconfig: merge_config.sh: use awk in checks too scripts: kconfig: merge_config.sh: refactor from shell/sed/grep to awk kallsyms: Get rid of kallsyms relative base mips: Add support for PC32 relocations in vmlinux Documentation: dev-tools: add container.rst page scripts: add tool to run containerized builds ... 
Pull Kbuild/Kconfig updates from Nathan Chancellor:
 "Kbuild:

   - Drop '*_probe' pattern from modpost section check allowlist, which
     hid legitimate warnings (Johan Hovold)

   - Disable -Wtype-limits altogether, instead of enabling at W=2
     (Vincent Mailhol)

   - Improve UAPI testing to skip testing headers that require a libc
     when CONFIG_CC_CAN_LINK is not set, opening up testing of headers
     with no libc dependencies to more environments (Thomas Weißschuh)

   - Update gendwarfksyms documentation with required dependencies
     (Jihan LIN)

   - Reject invalid LLVM= values to avoid unintentionally falling back
     to system toolchain (Thomas Weißschuh)

   - Add a script to help run the kernel build process in a container
     for consistent environments and testing (Guillaume Tucker)

   - Simplify kallsyms by getting rid of the relative base (Ard
     Biesheuvel)

   - Performance and usability improvements to scripts/make_fit.py
     (Simon Glass)

   - Minor various clean ups and fixes

  Kconfig:

   - Move XPM icons to individual files, clearing up GTK deprecation
     warnings (Rostislav Krasny)

   - Support

        depends on FOO if BAR

     as syntactic sugar for

        depends on FOO || !BAR

     (Nicolas Pitre, Graham Roff)

   - Refactor merge_config.sh to use awk over shell/sed/grep,
     dramatically speeding up processing large number of config
     fragments (Anders Roxell, Mikko Rapeli)"

* tag 'kbuild-7.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux: (39 commits)
  kbuild: remove dependency of run-command on config
  scripts/make_fit: Compress dtbs in parallel
  scripts/make_fit: Support a few more parallel compressors
  kbuild: Support a FIT_EXTRA_ARGS environment variable
  scripts/make_fit: Move dtb processing into a function
  scripts/make_fit: Support an initial ramdisk
  scripts/make_fit: Speed up operation
  rust: kconfig: Don't require RUST_IS_AVAILABLE for rustc-option
  MAINTAINERS: Add scripts/install.sh into Kbuild entry
  modpost: Amend ppc64 save/restfpr symnames for -Os build
  MIPS: tools: relocs: Ship a definition of R_MIPS_PC32
  streamline_config.pl: remove superfluous exclamation mark
  kbuild: dummy-tools: Add python3
  scripts: kconfig: merge_config.sh: warn on duplicate input files
  scripts: kconfig: merge_config.sh: use awk in checks too
  scripts: kconfig: merge_config.sh: refactor from shell/sed/grep to awk
  kallsyms: Get rid of kallsyms relative base
  mips: Add support for PC32 relocations in vmlinux
  Documentation: dev-tools: add container.rst page
  scripts: add tool to run containerized builds
  ...
kbuild: Support a FIT_EXTRA_ARGS environment variable 2026-02-04T00:20:10+00:00 Simon Glass sjg@chromium.org 2026-01-06T16:27:34+00:00 9a329df6e004190ce7422cc040c09374efa34289 In some cases it is useful to be able to pass additional flags to the make_fit.py script. For example, since ramdisks are typically large, passing -E to use external data can be helpful. Add a new FIT_EXTRA_ARGS variable for this. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Nicolas Schier <nsc@kernel.org> Reviewed-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de> Link: https://patch.msgid.link/20260106162738.2605574-5-sjg@chromium.org Signed-off-by: Nathan Chancellor <nathan@kernel.org> 
In some cases it is useful to be able to pass additional flags to the
make_fit.py script. For example, since ramdisks are typically large,
passing -E to use external data can be helpful.

Add a new FIT_EXTRA_ARGS variable for this.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Nicolas Schier <nsc@kernel.org>
Reviewed-by: Thomas Weißschuh <thomas.weissschuh@linutronix.de>
Link: https://patch.msgid.link/20260106162738.2605574-5-sjg@chromium.org
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
compiler-context-analysis: Add infrastructure for Context Analysis with Clang 2026-01-05T15:43:26+00:00 Marco Elver elver@google.com 2025-12-19T15:39:51+00:00 3269701cb25662ae8a9771a864201116626adb50 Context Analysis is a language extension, which enables statically checking that required contexts are active (or inactive), by acquiring and releasing user-definable "context locks". An obvious application is lock-safety checking for the kernel's various synchronization primitives (each of which represents a "context lock"), and checking that locking rules are not violated. Clang originally called the feature "Thread Safety Analysis" [1]. This was later changed and the feature became more flexible, gaining the ability to define custom "capabilities". Its foundations can be found in "Capability Systems" [2], used to specify the permissibility of operations to depend on some "capability" being held (or not held). Because the feature is not just able to express "capabilities" related to synchronization primitives, and "capability" is already overloaded in the kernel, the naming chosen for the kernel departs from Clang's "Thread Safety" and "capability" nomenclature; we refer to the feature as "Context Analysis" to avoid confusion. The internal implementation still makes references to Clang's terminology in a few places, such as `-Wthread-safety` being the warning option that also still appears in diagnostic messages. [1] https://clang.llvm.org/docs/ThreadSafetyAnalysis.html [2] https://www.cs.cornell.edu/talc/papers/capabilities.pdf See more details in the kernel-doc documentation added in this and subsequent changes. Clang version 22+ is required. [peterz: disable the thing for __CHECKER__ builds] Signed-off-by: Marco Elver <elver@google.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://patch.msgid.link/20251219154418.3592607-3-elver@google.com 
Context Analysis is a language extension, which enables statically
checking that required contexts are active (or inactive), by acquiring
and releasing user-definable "context locks". An obvious application is
lock-safety checking for the kernel's various synchronization primitives
(each of which represents a "context lock"), and checking that locking
rules are not violated.

Clang originally called the feature "Thread Safety Analysis" [1]. This
was later changed and the feature became more flexible, gaining the
ability to define custom "capabilities". Its foundations can be found in
"Capability Systems" [2], used to specify the permissibility of
operations to depend on some "capability" being held (or not held).

Because the feature is not just able to express "capabilities" related
to synchronization primitives, and "capability" is already overloaded in
the kernel, the naming chosen for the kernel departs from Clang's
"Thread Safety" and "capability" nomenclature; we refer to the feature
as "Context Analysis" to avoid confusion. The internal implementation
still makes references to Clang's terminology in a few places, such as
`-Wthread-safety` being the warning option that also still appears in
diagnostic messages.

 [1] https://clang.llvm.org/docs/ThreadSafetyAnalysis.html
 [2] https://www.cs.cornell.edu/talc/papers/capabilities.pdf

See more details in the kernel-doc documentation added in this and
subsequent changes.

Clang version 22+ is required.

[peterz: disable the thing for __CHECKER__ builds]
Signed-off-by: Marco Elver <elver@google.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Link: https://patch.msgid.link/20251219154418.3592607-3-elver@google.com
objtool/klp: Only enable --checksum when needed 2025-11-18T08:59:26+00:00 Josh Poimboeuf jpoimboe@kernel.org 2025-11-12T23:32:34+00:00 2092007aa32f8dd968c38751bd1b7cac9b1f738d With CONFIG_KLP_BUILD enabled, checksums are only needed during a klp-build run. There's no need to enable them for normal kernel builds. This also has the benefit of softening the xxhash dependency. Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Tested-by: Michael Kelley <mhklinux@outlook.com> Link: https://patch.msgid.link/edbb1ca215e4926e02edb493b68b9d6d063e902f.1762990139.git.jpoimboe@kernel.org 
With CONFIG_KLP_BUILD enabled, checksums are only needed during a
klp-build run.  There's no need to enable them for normal kernel builds.

This also has the benefit of softening the xxhash dependency.

Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Tested-by: Michael Kelley <mhklinux@outlook.com>
Link: https://patch.msgid.link/edbb1ca215e4926e02edb493b68b9d6d063e902f.1762990139.git.jpoimboe@kernel.org
livepatch/klp-build: Introduce klp-build script for generating livepatch modules 2025-10-14T21:50:19+00:00 Josh Poimboeuf jpoimboe@kernel.org 2025-09-17T16:04:08+00:00 24ebfcd65a871df4555b98c49c9ed9a92f146113 Add a klp-build script which automates the generation of a livepatch module from a source .patch file by performing the following steps: - Builds an original kernel with -function-sections and -fdata-sections, plus objtool function checksumming. - Applies the .patch file and rebuilds the kernel using the same options. - Runs 'objtool klp diff' to detect changed functions and generate intermediate binary diff objects. - Builds a kernel module which links the diff objects with some livepatch module init code (scripts/livepatch/init.c). - Finalizes the livepatch module (aka work around linker wreckage) using 'objtool klp post-link'. Acked-by: Petr Mladek <pmladek@suse.com> Tested-by: Joe Lawrence <joe.lawrence@redhat.com> Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org> 
Add a klp-build script which automates the generation of a livepatch
module from a source .patch file by performing the following steps:

  - Builds an original kernel with -function-sections and
    -fdata-sections, plus objtool function checksumming.

  - Applies the .patch file and rebuilds the kernel using the same
    options.

  - Runs 'objtool klp diff' to detect changed functions and generate
    intermediate binary diff objects.

  - Builds a kernel module which links the diff objects with some
    livepatch module init code (scripts/livepatch/init.c).

  - Finalizes the livepatch module (aka work around linker wreckage)
    using 'objtool klp post-link'.

Acked-by: Petr Mladek <pmladek@suse.com>
Tested-by: Joe Lawrence <joe.lawrence@redhat.com>
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>