This is xnu-11215.1.10. See this file in:
# -*- mode: makefile;-*-
#
# Copyright (C) 1999-2023 Apple Inc. All rights reserved.
#
# MakeInc.def contains global definitions for building,
# linking, and installing files.
#
#
# Architecture Configuration options
#
SUPPORTED_ARCH_CONFIGS := X86_64 X86_64H ARM64
#
# Kernel Configuration options
#
SUPPORTED_KERNEL_CONFIGS = RELEASE DEVELOPMENT DEBUG PROFILE KASAN SPTM
#
# Machine Configuration options
#
SUPPORTED_X86_64_MACHINE_CONFIGS = NONE
SUPPORTED_X86_64H_MACHINE_CONFIGS = NONE
ifneq ($(findstring _Sim,$(RC_ProjectName)),)
SUPPORTED_ARM64_MACHINE_CONFIGS = NONE
else ifneq ($(findstring _host,$(RC_ProjectName)),)
SUPPORTED_ARM64_MACHINE_CONFIGS = NONE
else
SUPPORTED_ARM64_MACHINE_CONFIGS = T6000 T6020 T6030 T6031 T8101 T8103 T8112 T8122 T8132 VMAPPLE
SPTM_ENABLED_SOCS_MacOSX = t8132
endif
#
# Setup up *_LC variables during recursive invocations
#
ifndef CURRENT_ARCH_CONFIG_LC
export CURRENT_ARCH_CONFIG_LC := $(shell printf "%s" "$(CURRENT_ARCH_CONFIG)" | $(TR) A-Z a-z)
endif
ifndef CURRENT_KERNEL_CONFIG_LC
export CURRENT_KERNEL_CONFIG_LC := $(shell printf "%s" "$(CURRENT_KERNEL_CONFIG)" | $(TR) A-Z a-z)
endif
ifndef CURRENT_MACHINE_CONFIG_LC
export CURRENT_MACHINE_CONFIG_LC := $(shell printf "%s" "$(CURRENT_MACHINE_CONFIG)" | $(TR) A-Z a-z)
endif
# Enable BTI by default for all ARM64 targets
BTI_BUILD = 1
# -mkernel contains BTI by default
ifeq ($(BTI_BUILD),1)
BTI_BUILD_FLAGS = -DXNU_BUILT_WITH_BTI
else
BTI_BUILD_FLAGS = -fno-branch-target-identification -UXNU_BUILT_WITH_BTI
endif
#
# Component List
#
COMPONENT_LIST = osfmk bsd libkern iokit pexpert libsa security san
COMPONENT = $(if $(word 2,$(subst /, ,$(RELATIVE_SOURCE_PATH))),$(word 2,$(subst /, ,$(RELATIVE_SOURCE_PATH))),$(firstword $(subst /, ,$(RELATIVE_SOURCE_PATH))))
COMPONENT_IMPORT_LIST = $(filter-out $(COMPONENT),$(COMPONENT_LIST))
MACHINE_FLAGS_ARM64_T8101 = -DARM64_BOARD_CONFIG_T8101 -mcpu=apple-a14
MACHINE_FLAGS_ARM64_T8103 = -DARM64_BOARD_CONFIG_T8103 -mcpu=apple-a14
MACHINE_FLAGS_ARM64_T6000 = -DARM64_BOARD_CONFIG_T6000 -mcpu=apple-a14
MACHINE_FLAGS_ARM64_T6020 = -DARM64_BOARD_CONFIG_T6020 -mcpu=apple-a15
MACHINE_FLAGS_ARM64_T8112 = -DARM64_BOARD_CONFIG_T8112 -mcpu=apple-a15
MACHINE_FLAGS_ARM64_T6030 = -DARM64_BOARD_CONFIG_T6030 -mcpu=apple-a16
MACHINE_FLAGS_ARM64_T6031 = -DARM64_BOARD_CONFIG_T6031 -mcpu=apple-a16
MACHINE_FLAGS_ARM64_T8122 = -DARM64_BOARD_CONFIG_T8122_T8130 -mcpu=apple-a16
MACHINE_FLAGS_ARM64_T8132 = -DARM64_BOARD_CONFIG_T8132 -mcpu=apple-acc7
MACHINE_FLAGS_ARM64_VMAPPLE = -DARM64_BOARD_CONFIG_VMAPPLE -march=armv8.5a+sme2
#
# Deployment target flag
#
ifeq ($(PLATFORM),MacOSX)
DEPLOYMENT_TARGET_FLAGS = -mmacosx-version-min=$(SDKVERSION) -DXNU_TARGET_OS_OSX
DEPLOYMENT_LINKER_FLAGS = -Wl,-macosx_version_min,$(SDKVERSION)
else ifeq ($(PLATFORM),DriverKit)
DEPLOYMENT_TARGET_FLAGS = -target apple-driverkit$(SDKVERSION) -DXNU_TARGET_OS_OSX
DEPLOYMENT_LINKER_FLAGS = -Wl,-target,apple-driverkit$(SDKVERSION)
else ifeq ($(PLATFORM),WatchOS)
DEPLOYMENT_TARGET_FLAGS = -mwatchos-version-min=$(SDKVERSION) -DXNU_TARGET_OS_WATCH
DEPLOYMENT_LINKER_FLAGS =
else ifeq ($(PLATFORM),tvOS)
DEPLOYMENT_TARGET_FLAGS = -mtvos-version-min=$(SDKVERSION) -DXNU_TARGET_OS_TV
DEPLOYMENT_LINKER_FLAGS =
else ifeq ($(PLATFORM),AppleTVOS)
DEPLOYMENT_TARGET_FLAGS = -mtvos-version-min=$(SDKVERSION) -DXNU_TARGET_OS_TV
else ifeq ($(PLATFORM),BridgeOS)
DEPLOYMENT_TARGET_FLAGS = -mbridgeos-version-min=$(SDKVERSION) -DXNU_TARGET_OS_BRIDGE
DEPLOYMENT_LINKER_FLAGS =
else ifneq ($(filter $(SUPPORTED_EMBEDDED_PLATFORMS),$(PLATFORM)),)
DEPLOYMENT_TARGET_FLAGS = -miphoneos-version-min=$(SDKVERSION) -DXNU_TARGET_OS_IOS
DEPLOYMENT_LINKER_FLAGS = -Wl,-ios_version_min,$(SDKVERSION)
else ifneq ($(filter $(SUPPORTED_SIMULATOR_PLATFORMS),$(PLATFORM)),)
DEPLOYMENT_TARGET_FLAGS =
DEPLOYMENT_LINKER_FLAGS =
else
DEPLOYMENT_TARGET_FLAGS =
DEPLOYMENT_LINKER_FLAGS =
endif
DEPLOYMENT_TARGET_DEFINES = -DXNU_PLATFORM_$(PLATFORM)
#
# Standard defines list
#
DEFINES = -DAPPLE -DKERNEL -DKERNEL_PRIVATE -DXNU_KERNEL_PRIVATE \
-DPRIVATE -D__MACHO__=1 -Dvolatile=__volatile -DXNU_KERN_EVENT_DATA_IS_VLA \
-DCURRENT_MACHINE_CONFIG_LC=$(CURRENT_MACHINE_CONFIG_LC) \
$(CONFIG_DEFINES) $(SEED_DEFINES)
# Enable caching with `make CCACHE=ccache`
# This intentionally does not override $(CC) because that will confuse
# utilities like mig.
CCACHE ?=
#
# Compiler command
#
KCC = $(CCACHE) $(CC)
KC++ = $(CCACHE) $(CXX)
GENASSYM_KCC = $(CCACHE) $(CC)
#
# Compiler warning flags
#
USE_WERROR := 1
ifneq ($(BUILD_WERROR),)
USE_WERROR := $(BUILD_WERROR)
endif
ifeq ($(USE_WERROR),1)
WERROR := -Werror
endif
# Shared C/C++ warning flags
# NOTE: order matters here. -Wno-xxx goes before opt-in of ones we want
WARNFLAGS_STD := \
-Weverything \
-Wundef-prefix=TARGET_OS_ \
-Wundef-prefix=LCK_GRP_USE_ARG \
-Wno-pedantic \
$(WERROR) \
-Wno-bad-function-cast \
-Wno-bitwise-instead-of-logical \
-Wno-c++-compat \
-Wno-c++98-compat \
-Wno-conditional-uninitialized \
-Wno-covered-switch-default \
-Wno-disabled-macro-expansion \
-Wno-documentation-unknown-command \
-Wno-extra-semi-stmt \
-Wno-format-non-iso \
-Wno-language-extension-token \
-Wno-missing-variable-declarations \
-Wno-packed \
-Wno-padded \
-Wno-partial-availability \
-Wno-reserved-id-macro \
-Wno-shift-sign-overflow \
-Wno-switch-enum \
-Wno-unaligned-access \
-Wno-undef \
-Wno-invalid-offsetof \
-Wno-unused-macros \
-Wno-used-but-marked-unused \
-Wno-variadic-macros \
-Wno-zero-length-array \
-Wno-packed \
-Wno-cast-function-type-strict \
-Wno-incompatible-function-pointer-types-strict
# When a new clang has new warnings disable them here until the kernel is fixed.
WARNFLAGS_STD := $(WARNFLAGS_STD) \
-Wno-unknown-warning-option \
-Wno-anon-enum-enum-conversion \
-Wno-error=enum-enum-conversion \
-Wno-error=c99-designator \
-Wno-error=reorder-init-list \
-Wno-error=switch-default \
-Wno-deprecated-volatile \
-Wno-error=incompatible-function-pointer-types-strict \
-Wno-cast-function-type-strict
WARNFLAGS_STD := $(WARNFLAGS_STD) \
-Wno-declaration-after-statement
# Hand-written sign conversion diagnostics are resolved, but the
# auto-generated ones need mig and iig to be updated to fix. Disable the
# diagnostic here until we've completed that:
WARNFLAGS_STD := $(WARNFLAGS_STD) \
-Wno-sign-compare \
-Wno-sign-conversion
# Opt-ins:
WARNFLAGS_STD := $(WARNFLAGS_STD) \
-Wpointer-arith \
-Wxnu-typed-allocators
CWARNFLAGS_STD = \
$(WARNFLAGS_STD)
# Can be overridden in Makefile.template or Makefile.$arch
export CWARNFLAGS ?= $(CWARNFLAGS_STD)
define add_perfile_cflags
$(1)_CWARNFLAGS_ADD += $2
endef
define rm_perfile_cflags
$(1)_CFLAGS_RM += $2
endef
CXXWARNFLAGS_STD = \
$(WARNFLAGS_STD) \
-Wno-c++98-compat-pedantic \
-Wno-exit-time-destructors \
-Wno-global-constructors \
-Wno-old-style-cast
# Can be overridden in Makefile.template or Makefile.$arch
export CXXWARNFLAGS ?= $(CXXWARNFLAGS_STD)
define add_perfile_cxxflags
$(1)_CXXWARNFLAGS_ADD += $2
endef
#
# Default ARCH_FLAGS, for use with compiler/linker/assembler/mig drivers
ARCH_FLAGS_X86_64 = -arch x86_64
ARCH_FLAGS_X86_64H = -arch x86_64h
ifeq ($(RC_ProjectName),xnu_libraries)
BUILD_STATIC_LINK := 1
BUILD_XNU_LIBRARY := 1
RC_NONARCH_CFLAGS += -D__BUILDING_XNU_LIBRARY__=1
endif
ifneq ($(filter ARM ARM64,$(CURRENT_ARCH_CONFIG)),)
ifneq ($(findstring _Sim,$(RC_ProjectName)),)
ARCH_FLAGS_ARM64 = -arch arm64e
else ifneq ($(findstring _host,$(RC_ProjectName)),)
ARCH_FLAGS_ARM64 = -arch arm64e
else
ARCH_STRING_FOR_CURRENT_MACHINE_CONFIG ?=
ifeq ($(ARCH_STRING_FOR_CURRENT_MACHINE_CONFIG),)
ifneq ($(EMBEDDED_DEVICE_MAP),)
export ARCH_STRING_FOR_CURRENT_MACHINE_CONFIG := $(shell $(EMBEDDED_DEVICE_MAP) -db $(EDM_DBPATH) -list -query SELECT DISTINCT KernelMachOArchitecture FROM Targets WHERE KernelPlatform IS \"$(CURRENT_MACHINE_CONFIG_LC)\" LIMIT 1 || echo UNKNOWN )
ifeq ($(ARCH_STRING_FOR_CURRENT_MACHINE_CONFIG),)
ifeq ($(filter $(EXTRA_TARGET_CONFIGS_$(CURRENT_KERNEL_CONFIG)),$(CURRENT_MACHINE_CONFIG)),)
$(error Machine config $(CURRENT_MACHINE_CONFIG_LC) not found in EmbeddedDeviceMap)
endif
endif
endif
endif
ifeq ($(ARCH_STRING_FOR_CURRENT_MACHINE_CONFIG),)
# Without embdedded device map, use a default arch string
export ARCH_STRING_FOR_CURRENT_MACHINE_CONFIG := $(shell echo $(CURRENT_ARCH_CONFIG) | tr A-Z a-z)
ifneq ($(filter arm64,$(ARCH_STRING_FOR_CURRENT_MACHINE_CONFIG)),)
export ARCH_STRING_FOR_CURRENT_MACHINE_CONFIG := arm64e
endif
endif
BUILD_STATIC_LINK := 1
ARCH_FLAGS_ARM64 = -arch $(ARCH_STRING_FOR_CURRENT_MACHINE_CONFIG)
endif
else
# non arm machine config string
ifndef ARCH_STRING_FOR_CURRENT_MACHINE_CONFIG
export ARCH_STRING_FOR_CURRENT_MACHINE_CONFIG := $(shell echo $(CURRENT_ARCH_CONFIG) | tr A-Z a-z)
endif
endif
#
# Default CFLAGS
#
ifdef RC_NONARCH_CFLAGS
OTHER_CFLAGS = $(RC_NONARCH_CFLAGS)
endif
#
# Debug info
#
DSYMINFODIR = Contents
DSYMKGMACROSDIR = Contents/Resources
DSYMLLDBMACROSDIR = Contents/Resources/Python
DSYMDWARFDIR = Contents/Resources/DWARF
DEBUG_CFLAGS := -g
BUILD_DSYM := 1
#
# We must not use -fno-keep-inline-functions, or it will remove the dtrace
# probes from the kernel.
#
CFLAGS_GEN = $(DEBUG_CFLAGS) -nostdlibinc \
-ferror-limit=10000 \
-fno-builtin \
-fno-common \
-ftrivial-auto-var-init=zero \
-fsigned-bitfields \
-fmerge-all-constants \
-fno-c++-static-destructors \
$(OTHER_CFLAGS)
CFLAGS_RELEASE =
CFLAGS_DEVELOPMENT =
CFLAGS_DEBUG =
CFLAGS_KASAN = $(CFLAGS_DEVELOPMENT)
CFLAGS_PROFILE = -pg
CFLAGS_X86_64 = -Dx86_64 -DX86_64 -D__X86_64__ -DLP64 \
-DPAGE_SIZE_FIXED -mkernel -msoft-float
CFLAGS_X86_64H = $(CFLAGS_X86_64)
LARGE_MEMORY_DEFINE=-UARM_LARGE_MEMORY
ARM64_PLKSEG_ADDR =0xfffffff004004000
ARM64_LINK_ADDR =0xfffffff007004000
# Use ARM_LARGE_MEMORY config for all MacOSX targets.
ifneq ($(filter $(PLATFORM),MacOSX),)
LARGE_MEMORY_DEFINE=-DARM_LARGE_MEMORY=1
ARM64_PLKSEG_ADDR =0xfffffe0004004000
ARM64_LINK_ADDR =0xfffffe0007004000
endif
CFLAGS_ARM64 = -Darm64 -DARM64 -D__ARM64__ -DLP64 -DPAGE_SIZE_FIXED -DVM_KERNEL_LINK_ADDRESS=$(ARM64_LINK_ADDR) \
$(LARGE_MEMORY_DEFINE) -momit-leaf-frame-pointer -fno-strict-aliasing -D__API__=v4 -mkernel \
$(BTI_BUILD_FLAGS)
CXXFLAGS_ARM64 = $(BTI_BUILD_FLAGS)
CFLAGS_RELEASEX86_64 = -O2
CFLAGS_DEVELOPMENTX86_64 = -O2
CFLAGS_KASANX86_64 = $(CFLAGS_DEVELOPMENTX86_64)
# No space optimization for the DEBUG kernel for the benefit of gdb:
CFLAGS_DEBUGX86_64 = -O0
CFLAGS_PROFILEX86_64 = -O2
CFLAGS_RELEASEX86_64H = -O2
CFLAGS_DEVELOPMENTX86_64H = -O2
CFLAGS_KASANX86_64H = $(CFLAGS_DEVELOPMENTX86_64H)
# No space optimization for the DEBUG kernel for the benefit of gdb:
CFLAGS_DEBUGX86_64H = -O0
CFLAGS_PROFILEX86_64H = -O2
CFLAGS_RELEASEARM = -O2
CFLAGS_DEVELOPMENTARM = -O2
CFLAGS_DEBUGARM = -O0
CFLAGS_PROFILEARM = -O2
CFLAGS_RELEASEARM64 = -O2
CFLAGS_DEVELOPMENTARM64 = -O2
CFLAGS_KASANARM64 = $(CFLAGS_DEVELOPMENTARM64)
CFLAGS_DEBUGARM64 = -O0
CFLAGS_SPTMARM64 = $(CFLAGS_DEVELOPMENTARM64)
CFLAGS_PROFILEARM64 = -O2
#
# bound-checking support
#
# BOUND_CHECKS=0 disables, else support is dynamically detected.
# Intel is currently disabled.
#
ifndef BOUND_CHECKS
ifeq ($(shell $(CC) -E -fbounds-safety /dev/null 2>/dev/null && echo 1),1)
ifeq ($(CURRENT_ARCH_CONFIG_LC),x86_64)
export BOUND_CHECKS := 0
export CFLAGS_BOUND_CHECKS = -Wno-error=self-assign
else
export BOUND_CHECKS := 1
endif
else
export BOUND_CHECKS := 0
endif
endif # ifndef BOUND_CHECKS
ifeq ($(BOUND_CHECKS),1)
CFLAGS_BOUND_CHECKS = -fbounds-safety
else
CFLAGS_BOUND_CHECKS ?=
endif
CFLAGS_BOUND_CHECKS_PENDING = -DBOUND_CHECKS_PENDING=1 -Wno-self-assign
# Bounds-safety adoption mode
#
# * Tells Clang to run in bounds-safety adoption mode which is allowed to
# produce better diagnostics but a slower build.
# * Doesn't try to suppress any warnings in staging (see Bounds-safety warning
# staging)
#
BOUNDS_SAFETY_ADOPTION_MODE ?= 0
ifeq ($(BOUNDS_SAFETY_ADOPTION_MODE),1)
ifneq ($(BOUND_CHECKS),1)
$(error BOUNDS_SAFETY_ADOPTION_MODE cannot be enabled when BOUND_CHECKS=0)
endif
ifeq ($(RC_XBS),YES)
# This mode should **only** be used at engineers' desks and not in B&I
# builds because it may add compile-time overhead.
$(error BOUNDS_SAFETY_ADOPTION_MODE should not be enabled in B&I builds)
endif
CFLAGS_BOUND_CHECKS += -fbounds-safety-adoption-mode
endif
# Bounds-safety warning staging
#
# To prevent new bounds-safety warnings in a soon to be submitted Clang from
# breaking the build they can be explicitly be prevented from being errors by
# adding `-Wno-error=<new_warning_name>` to
# `BOUNDS_SAFETY_DOWNGRADED_UPCOMING_WARNFLAGS`.
#
# A warning in `BOUNDS_SAFETY_DOWNGRADED_UPCOMING_WARNFLAGS` should be
# removed once the new Clang with the warning is in the OS and the code builds
# without it firing.
#
BOUNDS_SAFETY_DOWNGRADED_UPCOMING_WARNFLAGS =
ifneq ($(words $(BOUNDS_SAFETY_DOWNGRADED_UPCOMING_WARNFLAGS)),0)
ifeq ($(BOUNDS_SAFETY_ADOPTION_MODE),0)
# Note this implicitly relies on `-Wno-unknown-warning-option` already being
# passed to the compiler.
CFLAGS_BOUND_CHECKS += $(BOUNDS_SAFETY_DOWNGRADED_UPCOMING_WARNFLAGS)
endif
endif
# Check whether soft trap is supported
ifndef BOUND_CHECKS_SOFT
ifeq ($(shell $(CC) -E -ftrap-function-returns /dev/null 2>/dev/null && echo 1),1)
export BOUND_CHECKS_SOFT := 1
else
export BOUND_CHECKS_SOFT := 0
endif
endif # ifndef BOUND_CHECKS_SOFT
ifeq ($(BOUND_CHECKS_SOFT),1)
CFLAGS_BOUND_CHECKS_SOFT = -fbounds-safety -ftrap-function=ml_bound_chk_soft_trap -ftrap-function-returns
CFLAGS_BOUND_CHECKS_DEBUG = $(CFLAGS_BOUND_CHECKS_SOFT) -DBOUND_CHECKS_DEBUG=1
else
CFLAGS_BOUND_CHECKS_SOFT =
CFLAGS_BOUND_CHECKS_DEBUG =
endif
#
# Sanitizers Support (KASan, UBSan)
#
# Which kernel configurations are built with KCOV enabled.
KCOV_RUNTIME := KASAN
ifneq ($(filter RELEASE, $(KCOV_RUNTIME)),)
$(error "Sanitizer runtime should not be enabled for RELEASE kernel.")
endif
SAN=0
# KASan support
#
ifeq ($(CURRENT_KERNEL_CONFIG),KASAN)
# KASan kernel config implicitly enables the KASan instrumentation.
# Instrumentation for other sanitizers is enabled explicitly at build time.
KASAN = 1
endif
ifeq ($(KASAN),1)
SAN=1
BUILD_LTO=0
# KASan Light support
#
# Light mode omits the HWASAN stack instrumentation.
# Not supported by KASan Classic at this moment.
KASAN_LIGHT_PLATFORM := WatchOS
ifneq ($(filter $(PLATFORM), $(KASAN_LIGHT_PLATFORM)),)
KASAN_LIGHT=1
HWASAN_INSTRUMENT_STACK=0
else
KASAN_LIGHT=0
HWASAN_INSTRUMENT_STACK=1
endif
KASAN_BLACKLIST=$(OBJROOT)/san/kasan-blacklist-$(CURRENT_ARCH_CONFIG_LC)
# To calculate the kasan offset, subtract the lowest KVA to sanitize, shifted right by KASAN_SCALE_$INSTRUMENTATION bits,
# from the base address of the kasan shadow area, (e.g. for x86_64 solve the following equation:
# OFFSET = {VA mapped by the first KASAN PML4 [Currently #494]} - (LOWEST_KVA >> 3)
# OFFSET = (0ULL - (512GiB * (512 - 494))) - (LOWEST_SAN_KVA >> 3)
# OFFSET = FFFFF70000000000 - ((0ULL - (512GiB * (512 - 496))) >> 3) [PML4 #496 is the first possible KVA]
# OFFSET = FFFFF70000000000 - (FFFFF80000000000 >> 3)
# OFFSET = DFFFF80000000000
# ).
KASAN_OFFSET_X86_64=0xdffff80000000000
KASAN_OFFSET_X86_64H=$(KASAN_OFFSET_X86_64)
KASAN_OFFSET_ARM64=0xf000000000000000
KASAN_OFFSET=$($(addsuffix $(CURRENT_ARCH_CONFIG),KASAN_OFFSET_))
# CLANG HWASAN/KHWASAN instrumentation powers KASAN_TBI. HWASAN traditional prefixing
# is replaced by __asan_ to commonize exports across models.
KASAN_SCALE_TBI=4
CFLAGS_KASAN_INSTRUMENTATION_TBI = -DKASAN_TBI=1 -DKASAN_SCALE=$(KASAN_SCALE_TBI) \
-fsanitize=kernel-hwaddress \
-fsanitize-ignorelist=$(KASAN_BLACKLIST) \
-mllvm -hwasan-recover=0 \
-mllvm -hwasan-mapping-offset=$(KASAN_OFFSET) \
-mllvm -hwasan-instrument-atomics=1 \
-mllvm -hwasan-instrument-stack=$(HWASAN_INSTRUMENT_STACK) \
-mllvm -hwasan-generate-tags-with-calls=1 \
-mllvm -hwasan-instrument-with-calls=0 \
-mllvm -hwasan-use-short-granules=0 \
-mllvm -hwasan-memory-access-callback-prefix="__asan_"
KASAN_SCALE_CLASSIC=3
CFLAGS_KASAN_INSTRUMENTATION_CLASSIC = -DKASAN_CLASSIC=1 -DKASAN_SCALE=$(KASAN_SCALE_CLASSIC) \
-fsanitize=address \
-mllvm -asan-globals-live-support \
-mllvm -asan-mapping-offset=$(KASAN_OFFSET) \
-fsanitize-ignorelist=$(KASAN_BLACKLIST)
CFLAGS_KASANARM64 += $(CFLAGS_KASAN_INSTRUMENTATION_TBI)
CFLAGS_KASANX86_64 += $(CFLAGS_KASAN_INSTRUMENTATION_CLASSIC)
CFLAGS_KASANX86_64H += $(CFLAGS_KASAN_INSTRUMENTATION_CLASSIC)
CFLAGS_GEN += -DKASAN=1 -DKASAN_OFFSET=$(KASAN_OFFSET) -DKASAN_LIGHT=$(KASAN_LIGHT)
SFLAGS_KASANARM64 += $(CFLAGS_KASAN_INSTRUMENTATION_TBI)
SFLAGS_KASANX86_64 += $(CFLAGS_KASAN_INSTRUMENTATION_CLASSIC)
SFLAGS_KASANX86_64H += $(CFLAGS_KASAN_INSTRUMENTATION_CLASSIC)
SFLAGS_GEN += -DKASAN=1 -DKASAN_OFFSET=$(KASAN_OFFSET) -DKASAN_LIGHT=$(KASAN_LIGHT)
endif
# UBSan
#
# The Undefined Behavior sanitizer runtime is always built as part of, and only for,
# KASAN variants. UBSan instrumentation is disabled by default and only enabled explicitly
# when building with UBSAN=1.
#
# On iOS RELEASE and DEVELOPMENT kernels, a subset of UBSan checks is enabled along with a minimal
# runtime that emulates trap mode (but makes it recoverable).
ifeq ($(KASAN), 1)
ifeq ($(UBSAN),1)
SAN=1
UBSAN_RUNTIME =
UBSAN_CHECKS += signed-integer-overflow shift pointer-overflow bounds object-size # non-fatal (calls runtime, can return)
# UBSAN_CHECKS = undefined nullability unsigned-integer-overflow # everything
UBSAN_CHECKS_FATAL = # fatal (calls runtime, must not return)
UBSAN_CHECKS_TRAP = vla-bound builtin # emit a trap instruction (no runtime support)
UBSAN_DISABLED += vptr function # requires unsupported C++ runtime
# UBSan alignment + KASan code size is too large
# UBSan unreachable doesn't play nice with ASan (40723397)
UBSAN_DISABLED += alignment unreachable
endif
else
# DEVELOPMENT and RELEASE variants
ifeq ($(PLATFORM),iPhoneOS)
# Currently we have to keep alive two separated UBSAN runtimes (minimal for DEVELOPMENT,
# full for KASAN). This implies that we cannot use CFLAGS_$(CURRENT_KERNEL_CONFIG), because
# CFLAGS_DEVELOPMENT is folded into CFLAGS_KASAN. For the time being we leave this check here,
# as we work (independently) to both break the CFLAGS direct dependency and commonize the
# sanitizer runtimes.
UBSAN_MINIMAL_RUNTIME := DEVELOPMENT DEBUG
ifneq ($(filter $(CURRENT_KERNEL_CONFIG), $(UBSAN_MINIMAL_RUNTIME)),)
# This is (unfortunately) intentional. Currently the "kasan" blacklist, which folds both
# ubsan and kasan specific files, is generated for all builds during the
# setup phase. The blacklist file itself is divided per-sanitizer, so won't
# affect the UBSAN build outside of the entries that are legitimately
# intended for it.
UBSAN_BLACKLIST=$(OBJROOT)/san/kasan-blacklist-$(CURRENT_ARCH_CONFIG_LC)
UBSAN_CHECKS = signed-integer-overflow
UBSAN_RUNTIME = -fsanitize-minimal-runtime -fsanitize-ignorelist=$(UBSAN_BLACKLIST)
UBSAN_CHECKS_TRAP =
UBSAN_CHECKS_FATAL =
UBSAN_DISABLED =
endif
endif
endif
CFLAGS_GEN += $(UBSAN_RUNTIME)
CFLAGS_GEN += $(foreach x,$(UBSAN_CHECKS) $(UBSAN_CHECKS_FATAL) $(UBSAN_CHECKS_TRAP),-fsanitize=$(x))
CFLAGS_GEN += $(foreach x,$(UBSAN_CHECKS_FATAL),-fno-sanitize-recover=$(x))
CFLAGS_GEN += $(foreach x,$(UBSAN_CHECKS_TRAP),-fsanitize-trap=$(x))
CFLAGS_GEN += $(foreach x,$(UBSAN_DISABLED),-fno-sanitize=$(x))
ifeq ($(KSANCOV),1)
# Enable SanitizerCoverage instrumentation in xnu
SAN = 1
KCOV_BLACKLIST := $(OBJROOT)/san/kcov-blacklist-$(CURRENT_ARCH_CONFIG_LC)
KCOV_CFLAGS := -fsanitize-coverage=trace-pc-guard -fsanitize-coverage-ignorelist=$(KCOV_BLACKLIST)
CFLAGS_GEN += $(KCOV_CFLAGS) -DKSANCOV=1
endif
ifeq ($(SAN),1)
CFLAGS_GEN += -fsanitize-ignorelist=$(OBJROOT)/san/kasan-blacklist-$(CURRENT_ARCH_CONFIG_LC)
endif
# Any extra flags that get passed at the command line during build.
ifeq ($(CFLAGS_EXTRA),)
CFLAGS_EXTRA =
endif
CFLAGS = $(CFLAGS_GEN) \
$($(addsuffix $(CURRENT_MACHINE_CONFIG),MACHINE_FLAGS_$(CURRENT_ARCH_CONFIG)_)) \
$($(addsuffix $(CURRENT_ARCH_CONFIG),ARCH_FLAGS_)) \
$($(addsuffix $(CURRENT_ARCH_CONFIG),CFLAGS_)) \
$($(addsuffix $(CURRENT_KERNEL_CONFIG),CFLAGS_)) \
$($(addsuffix $(CURRENT_ARCH_CONFIG), $(addsuffix $(CURRENT_KERNEL_CONFIG),CFLAGS_))) \
$(DEPLOYMENT_TARGET_FLAGS) \
$(DEPLOYMENT_TARGET_DEFINES) \
$(DEFINES) \
$(CFLAGS_EXTRA)
#
# Default C++ flags
#
OTHER_CXXFLAGS =
CXXFLAGS_GEN = -std=gnu++2b -fsized-deallocation -fapple-kext $(OTHER_CXXFLAGS)
CXXFLAGS = $(CXXFLAGS_GEN) \
$($(addsuffix $(CURRENT_ARCH_CONFIG),CXXFLAGS_)) \
$($(addsuffix $(CURRENT_KERNEL_CONFIG),CXXFLAGS_))
#
# Assembler command
#
AS = $(CCACHE) $(CC)
S_KCC = $(CC)
#
# Default SFLAGS
#
SFLAGS_GEN = -D__ASSEMBLER__ -DASSEMBLER $(OTHER_CFLAGS)
SFLAGS_RELEASE =
SFLAGS_DEVELOPMENT =
# When making non-compatible changes to the XNU runtime, it can be useful to build
# a KASAN kernel + runtime, but linked against a DEVELOPMENT kernel cache.
# Uncomment the lines below to be able to build development, but passing KASAN=1.
# #_ifeq ($(KASAN),1)
# SFLAGS_DEVELOPMENT += -DKASAN=1
# #_endif
SFLAGS_KASAN = $(SFLAGS_DEVELOPMENT) -DKASAN=1
SFLAGS_DEBUG =
SFLAGS_PROFILE =
SFLAGS_X86_64 = $(CFLAGS_X86_64)
SFLAGS_X86_64H = $(CFLAGS_X86_64H)
SFLAGS_ARM64 = $(CFLAGS_ARM64)
SFLAGS = $(SFLAGS_GEN) \
$($(addsuffix $(CURRENT_MACHINE_CONFIG),MACHINE_FLAGS_$(CURRENT_ARCH_CONFIG)_)) \
$($(addsuffix $(CURRENT_ARCH_CONFIG),ARCH_FLAGS_)) \
$($(addsuffix $(CURRENT_ARCH_CONFIG),SFLAGS_)) \
$($(addsuffix $(CURRENT_KERNEL_CONFIG),SFLAGS_)) \
$($(addsuffix $(CURRENT_ARCH_CONFIG), $(addsuffix $(CURRENT_KERNEL_CONFIG),SFLAGS_))) \
$(DEPLOYMENT_TARGET_FLAGS) \
$(DEPLOYMENT_TARGET_DEFINES) \
$(DEFINES)
#
# Linker command
#
LD = $(KC++) -nostdlib
#
# Default LDFLAGS
#
# Availability of DWARF allows DTrace CTF (compressed type format) to be constructed.
# ctf_insert creates the CTF section. It needs reserved padding in the
# headers for the load command segment and the CTF section structures.
#
LDFLAGS_KERNEL_GEN = \
-nostdlib \
-fapple-kext \
-Wl,-e,__start \
-Wl,-sectalign,__TEXT,__text,0x1000 \
-Wl,-sectalign,__DATA,__common,0x1000 \
-Wl,-sectalign,__DATA,__bss,0x1000 \
-Wl,-sectcreate,__PRELINK_TEXT,__text,/dev/null \
-Wl,-segprot,__PRELINK_TEXT,r-x,r-x \
-Wl,-sectcreate,__PRELINK_INFO,__info,/dev/null \
-Wl,-new_linker \
-Wl,-pagezero_size,0x0 \
-Wl,-version_load_command \
-Wl,-function_starts \
-Wl,-headerpad,152
# LDFLAGS_KERNEL_SDK = -L$(SDKROOT)/usr/local/lib/kernel -lfirehose_kernel
LDFLAGS_KERNEL_SDK = -L$(SDKROOT)/usr/local/lib/kernel -L$(SDKROOT)/usr/local/lib/kernel/platform
LDFLAGS_KERNEL_RELEASE =
LDFLAGS_KERNEL_DEVELOPMENT =
LDFLAGS_KERNEL_KASAN = $(LDFLAGS_KERNEL_DEVELOPMENT)
LDFLAGS_KERNEL_DEBUG =
LDFLAGS_KERNEL_PROFILE =
# Tightbeam finds modules in the "tightbeam" subdirectory.
TIGHTBEAM_MODULE_DIR = $(SDKROOT)/usr/local/lib/kernel/tightbeam
# KASLR static slide config:
ifndef SLIDE
SLIDE=0x00
endif
KERNEL_MIN_ADDRESS = 0xffffff8000000000
KERNEL_BASE_OFFSET = 0x100000
# POSIX shells use signed long for their arithmetic expressions. However,
# we're dealing with uintptr_t values here, so explicitly use bash which
# is known to be able to handle such larger values. ksh also works; dash
# and zsh both fail with different results (zsh even warns you).
KERNEL_STATIC_SLIDE = $(shell $(BASH) -c 'printf "0x%016x" \
$$(( $(SLIDE) << 21 ))')
KERNEL_STATIC_BASE = $(shell $(BASH) -c 'printf "0x%016x" \
$$(( $(KERNEL_MIN_ADDRESS) + $(KERNEL_BASE_OFFSET) ))')
KERNEL_HIB_SECTION_BASE = $(shell $(BASH) -c 'printf "0x%016x" \
$$(( $(KERNEL_STATIC_BASE) + $(KERNEL_STATIC_SLIDE) ))')
KERNEL_TEXT_BASE = $(shell $(BASH) -c 'printf "0x%016x" \
$$(( $(KERNEL_HIB_SECTION_BASE) + 0x100000 ))')
LDFLAGS_KERNEL_RELEASEX86_64 = \
-Wl,-pie \
-Wl,-segaddr,__HIB,$(KERNEL_HIB_SECTION_BASE) \
-Wl,-image_base,$(KERNEL_TEXT_BASE) \
-Wl,-seg_page_size,__TEXT,0x200000 \
-Wl,-sectalign,__HIB,__bootPT,0x1000 \
-Wl,-sectalign,__HIB,__desc,0x1000 \
-Wl,-sectalign,__HIB,__data,0x1000 \
-Wl,-sectalign,__HIB,__text,0x1000 \
-Wl,-sectalign,__HIB,__const,0x1000 \
-Wl,-sectalign,__HIB,__bss,0x1000 \
-Wl,-sectalign,__HIB,__common,0x1000 \
-Wl,-sectalign,__HIB,__llvm_prf_cnts,0x1000 \
-Wl,-sectalign,__HIB,__llvm_prf_names,0x1000 \
-Wl,-sectalign,__HIB,__llvm_prf_data,0x1000 \
-Wl,-sectalign,__HIB,__textcoal_nt,0x1000 \
-Wl,-sectalign,__HIB,__cstring,0x1000 \
-Wl,-sectalign,__DATA,__percpu,0x1000 \
-Wl,-rename_section,__DATA,__const,__DATA_CONST,__const \
-Wl,-segprot,__DATA_CONST,r--,r-- \
-Wl,-rename_section,__KLD,__const,__KLDDATA,__const \
-Wl,-rename_section,__KLD,__cstring,__KLDDATA,__cstring \
-Wl,-segprot,__KLDDATA,rw-,rw- \
-Wl,-segprot,__KLD,r-x,r-x \
-Wl,-no_zero_fill_sections \
$(LDFLAGS_NOSTRIP_FLAG)
ifeq ($(SAN),1)
LDFLAGS_KERNEL_RELEASEX86_64 += \
-Wl,-sectalign,__HIB,__cstring,0x1000
endif
ifeq ($(KSANCOV),1)
LDFLAGS_KERNEL_RELEASEX86_64 += \
-Wl,-sectalign,__HIB,__sancov_guards,0x1000 \
-Wl,-sectalign,__HIB,__sancov_pcs,0x1000
endif
# Define KERNEL_BASE_OFFSET so known at compile time:
CFLAGS_X86_64 += -DKERNEL_BASE_OFFSET=$(KERNEL_BASE_OFFSET)
CFLAGS_X86_64H += -DKERNEL_BASE_OFFSET=$(KERNEL_BASE_OFFSET)
LDFLAGS_KERNEL_DEBUGX86_64 = $(LDFLAGS_KERNEL_RELEASEX86_64)
LDFLAGS_KERNEL_DEVELOPMENTX86_64 = $(LDFLAGS_KERNEL_RELEASEX86_64)
LDFLAGS_KERNEL_KASANX86_64 = $(LDFLAGS_KERNEL_DEVELOPMENTX86_64) \
-Wl,-sectalign,__HIB,__asan_globals,0x1000 \
-Wl,-sectalign,__HIB,__asan_liveness,0x1000 \
-Wl,-sectalign,__HIB,__mod_term_func,0x1000 \
-Wl,-rename_section,__HIB,__mod_init_func,__NULL,__mod_init_func \
-Wl,-rename_section,__HIB,__eh_frame,__NULL,__eh_frame
LDFLAGS_KERNEL_PROFILEX86_64 = $(LDFLAGS_KERNEL_RELEASEX86_64)
LDFLAGS_KERNEL_RELEASEX86_64H = $(LDFLAGS_KERNEL_RELEASEX86_64)
LDFLAGS_KERNEL_DEBUGX86_64H = $(LDFLAGS_KERNEL_RELEASEX86_64H)
LDFLAGS_KERNEL_DEVELOPMENTX86_64H = $(LDFLAGS_KERNEL_RELEASEX86_64H)
LDFLAGS_KERNEL_KASANX86_64H = $(LDFLAGS_KERNEL_KASANX86_64)
LDFLAGS_KERNEL_PROFILEX86_64H = $(LDFLAGS_KERNEL_RELEASEX86_64H)
# Offset image base by page to have iBoot load kernel TEXT correctly.
# First page is used for various purposes : sleep token, reset vector.
# We also need a 32MB offset, as this is the minimum block mapping size
# for a 16KB page runtime, and we wish to use the first virtual block
# to map the low globals page. We also need another 4MB to account for
# the address space reserved by L4 (because the reservation is not a
# multiple of the block size in alignment/length, we will implictly map
# it with our block mapping, and we therefore must reflect that the
# first 4MB of the block mapping for xnu do not belong to xnu).
# For the moment, kaliber has a unique memory layout (monitor at the top
# of memory). Support this by breaking 16KB on other platforms and
# mandating 32MB alignment. Image base (i.e. __TEXT) must be 16KB
# aligned since ld64 will link with 16KB alignment for ARM64.
#
# We currently offset by an additional 32MB in order to reclaim memory.
# We need a dedicated virtual page for the low globals. Our bootloader
# may have a significant chunk of memory (up to an L2 entry in size)
# that lies before the kernel. The addition 32MB of virtual padding
# ensures that we have enough virtual address space to map all of that
# memory as part of the V-to-P mapping.
# 23355738 - put __PRELINK_TEXT first. We reserve enough room
# for 0x0000000003000000 = 48MB of kexts
#
# 0xfffffff000000000 (32MB range for low globals)
# 0xfffffff002000000 (32MB range to allow for large page physical slide)
# 0xfffffff004000000 (16KB range to reserve the first available page)
# 0xfffffff004004000 (48MB range for kexts)
# 0xfffffff007004000 (Start of xnu proper).
LDFLAGS_KERNEL_GENARM64 = \
-Wl,-pie \
-Wl,-static \
-Wl,-segaddr,__PRELINK_TEXT,$(ARM64_PLKSEG_ADDR) \
-Wl,-image_base,$(ARM64_LINK_ADDR) \
\
-Wl,-rename_section,__HIB,__text,__TEXT_EXEC,__hib_text \
\
-Wl,-rename_section,__HIB,__const,__DATA_CONST,__hib_const \
-Wl,-rename_section,__HIB,__cstring,__DATA_CONST,__hib_const \
-Wl,-rename_section,__HIB,__literal8,__DATA_CONST,__hib_const \
-Wl,-rename_section,__HIB,__literal16,__DATA_CONST,__hib_const \
\
-Wl,-rename_segment,__HIB,__HIBDATA \
\
-Wl,-sectalign,__DATA,__const,0x4000 \
-Wl,-sectalign,__DATA,__percpu,0x4000 \
-Wl,-sectalign,__DATA,__data,0x4000 \
-Wl,-rename_section,__DATA,__mod_init_func,__DATA_CONST,__mod_init_func \
-Wl,-rename_section,__DATA,__mod_term_func,__DATA_CONST,__mod_term_func \
-Wl,-rename_section,__DATA,__auth_ptr,__DATA_CONST,__auth_ptr \
-Wl,-rename_section,__DATA,__auth_got,__DATA_CONST,__auth_got \
-Wl,-rename_section,__DATA,__const,__DATA_CONST,__const \
-Wl,-segprot,__DATA_CONST,r--,r-- \
-Wl,-rename_section,__KLD,__const,__KLDDATA,__const \
-Wl,-rename_section,__KLD,__cstring,__KLDDATA,__cstring \
-Wl,-segprot,__KLDDATA,rw-,rw- \
-Wl,-segprot,__KLD,r-x,r-x \
-Wl,-rename_section,__TEXT,__text,__TEXT_EXEC,__text \
-Wl,-rename_section,__TEXT,__stubs,__TEXT_EXEC,__stubs \
-Wl,-sectcreate,"__PLK_TEXT_EXEC",__text,/dev/null \
-Wl,-sectcreate,__PRELINK_DATA,__data,/dev/null \
-Wl,-sectcreate,"__PLK_DATA_CONST",__data,/dev/null \
-Wl,-sectcreate,"__PLK_LLVM_COV",__llvm_covmap,/dev/null \
-Wl,-sectcreate,"__PLK_LINKEDIT",__data,/dev/null
# To support code coverage for kexts, the coverage mapping sections __llvm_covmap
# and __llvm_covfun are put into the __PLK_LLVM_COV segment rather than the
# standard __LLVM_COV segment. For later processing of the coverage data using
# llvm-cov, we move the coverage mapping for the kernel itself into the same
# segment (see also rdar://104951137)
ifeq ($(BUILD_CODE_COVERAGE),1)
LDFLAGS_KERNEL_GENARM64 += \
-Wl,-rename_section,__LLVM_COV,__llvm_covmap,__PLK_LLVM_COV,__llvm_covmap \
-Wl,-rename_section,__LLVM_COV,__llvm_covfun,__PLK_LLVM_COV,__llvm_covfun
endif
LDFLAGS_KERNEL_SEGARM64_SEG_ORDER = \
__TEXT:__DATA_CONST:__DATA_SPTM:__LINKEDIT:__TEXT_EXEC:__TEXT_BOOT_EXEC:__KLD:__PPLTEXT:__PPLTRAMP:__PPLDATA_CONST:__LASTDATA_CONST:__LAST:__PPLDATA:__KLDDATA:__DATA:__HIBDATA:__BOOTDATA
LDFLAGS_KERNEL_SEGARM64 = \
-Wl,-rename_section,__PPLDATA,__const,__PPLDATA_CONST,__const \
-Wl,-segment_order,$(LDFLAGS_KERNEL_SEGARM64_SEG_ORDER) \
-Wl,-segprot,__TEXT,r--,r-- \
-Wl,-segprot,__TEXT_EXEC,r-x,r-x \
-Wl,-segprot,__TEXT_BOOT_EXEC,r-x,r-x \
-Wl,-segprot,__PPLTEXT,r-x,r-x \
-Wl,-segprot,__PPLTRAMP,r-x,r-x \
-Wl,-segprot,__PPLDATA_CONST,r--,r-- \
-Wl,-segprot,__LASTDATA_CONST,r--,r-- \
-Wl,-segprot,__LAST,r-x,r-x \
LDFLAGS_KERNEL_RELEASEARM64 = \
$(LDFLAGS_KERNEL_GENARM64) \
$(LDFLAGS_KERNEL_SEGARM64) \
$(LDFLAGS_KERNEL_STRIP_LTO)
LDFLAGS_KERNEL_ONLY_CONFIG_RELEASEARM64 = \
-Wl,-exported_symbols_list,$(TARGET)/all-kpi.exp
LDFLAGS_KERNEL_DEVELOPMENTARM64 = \
$(LDFLAGS_KERNEL_GENARM64) \
$(LDFLAGS_KERNEL_SEGARM64) \
$(LDFLAGS_NOSTRIP_FLAG)
LDFLAGS_KERNEL_ONLY_CONFIG_DEVELOPMENTARM64 =
LDFLAGS_KERNEL_KASANARM64 = $(LDFLAGS_KERNEL_DEVELOPMENTARM64)
LDFLAGS_KERNEL_DEBUGARM64 = $(LDFLAGS_KERNEL_DEVELOPMENTARM64)
LDFLAGS_KERNEL_SPTMARM64 = $(LDFLAGS_KERNEL_DEVELOPMENTARM64)
LDFLAGS_KERNEL_ONLY_CONFIG_KASANARM64 = $(LDFLAGS_KERNEL_ONLY_CONFIG_DEVELOPMENTARM64)
LDFLAGS_KERNEL_ONLY_CONFIG_DEBUGARM64 = $(LDFLAGS_KERNEL_ONLY_CONFIG_DEVELOPMENTARM64)
#
# arm64e specific linker flags that should be used only when linking the kernel
# (and not the static kernel cache / kcgen)
#
LDFLAGS_KERNEL_ONLY_SUBARCH_arm64e = \
-Wl,-add_split_seg_info \
-Wl,-kernel
LDFLAGS_KERNEL_ONLY_SUBARCH_x86_64 = \
-Wl,-add_split_seg_info \
-Wl,-kernel
LDFLAGS_KERNEL_ONLY_SUBARCH_x86_64h = $(LDFLAGS_KERNEL_ONLY_SUBARCH_x86_64)
LDFLAGS_KERNEL = $(LDFLAGS_KERNEL_GEN) \
$(LDFLAGS_KERNEL_SDK) \
$($(addsuffix $(CURRENT_ARCH_CONFIG),ARCH_FLAGS_)) \
$($(addsuffix $(CURRENT_ARCH_CONFIG),LDFLAGS_KERNEL_)) \
$($(addsuffix $(CURRENT_KERNEL_CONFIG),LDFLAGS_KERNEL_)) \
$($(addsuffix $(CURRENT_ARCH_CONFIG), $(addsuffix $(CURRENT_KERNEL_CONFIG),LDFLAGS_KERNEL_))) \
$(DEPLOYMENT_TARGET_FLAGS)
LDFLAGS_KERNEL_ONLY += \
$($(addsuffix $(CURRENT_ARCH_CONFIG), $(addsuffix $(CURRENT_KERNEL_CONFIG),LDFLAGS_KERNEL_ONLY_CONFIG_))) \
$($(addsuffix $(ARCH_STRING_FOR_CURRENT_MACHINE_CONFIG),LDFLAGS_KERNEL_ONLY_SUBARCH_)) \
-Wl,-alias_list,$(TARGET)/all-alias.exp \
-Wl,-sectcreate,__LINKINFO,__symbolsets,$(TARGET)/symbolsets.plist -Wl,-segprot,__LINKINFO,r--,r--
LDFILES_KERNEL_ONLY = $(TARGET)/all-kpi.exp $(TARGET)/all-alias.exp $(TARGET)/symbolsets.plist
#
# Default runtime libraries to be linked with the kernel
#
LD_KERNEL_LIBS = -lcc_kext
LD_KERNEL_ARCHIVES = $(LDFLAGS_KERNEL_SDK) -lfirehose_kernel
#
# SPTM TODO: This is a hack to always link the SPTM library when building the
# SPTM variant. In the future, we should base whether to link the
# library off of the HasSPTMTXM EDM per-target property. Note that
# for standard kernels where the SPTM is enabled by default,
# linkage is configured on a per-target and per-platform basis.
#
ifeq ($(CURRENT_KERNEL_CONFIG),SPTM)
LD_KERNEL_ARCHIVES += -lTrustedExecutionMonitor_Kernel
LD_KERNEL_ARCHIVES += -lsptm_xnu
else
ifneq ($(CURRENT_KERNEL_CONFIG),KASAN)
ifneq ($(filter $(CURRENT_MACHINE_CONFIG_LC),$(SPTM_ENABLED_SOCS_$(PLATFORM))),)
LD_KERNEL_ARCHIVES += -lTrustedExecutionMonitor_Kernel
LD_KERNEL_ARCHIVES += -lsptm_xnu
endif
endif
endif
#
# DTrace support
#
ifndef DO_CTFMERGE
DO_CTFMERGE := 1
ifeq ($(CURRENT_KERNEL_CONFIG),RELEASE)
ifneq ($(PLATFORM),MacOSX)
DO_CTFMERGE := 0
endif
endif
endif # DO_CTFMERGE
#
# Default INCFLAGS
#
INCFLAGS_IMPORT = $(patsubst %, -I$(OBJROOT)/EXPORT_HDRS/%, $(COMPONENT_IMPORT_LIST))
INCFLAGS_EXTERN = -I$(SRCROOT)/EXTERNAL_HEADERS
INCFLAGS_GEN = -I$(SRCROOT)/$(COMPONENT) -I$(OBJROOT)/EXPORT_HDRS/$(COMPONENT)
INCFLAGS_LOCAL = -I.
INCFLAGS_SDK = -I$(SDKROOT)/usr/local/include/kernel
INCFLAGS_PLATFORM = -I$(SDKROOT)/$(KPINCDIR)/platform
INCFLAGS = $(INCFLAGS_LOCAL) $(INCFLAGS_GEN) $(INCFLAGS_IMPORT) $(INCFLAGS_EXTERN) $(INCFLAGS_MAKEFILE) $(INCFLAGS_SDK) $(INCFLAGS_PLATFORM)
#
# Default MIGFLAGS
#
MIGFLAGS = $(DEFINES) $(INCFLAGS) -novouchers $($(addsuffix $(CURRENT_ARCH_CONFIG),CFLAGS_)) $($(addsuffix $(CURRENT_ARCH_CONFIG),ARCH_FLAGS_)) \
$(DEPLOYMENT_TARGET_FLAGS)
#
# Default MIG Kernel Server flags
#
MIGKSFLAGS = \
-DMACH_KERNEL_PRIVATE \
-DKERNEL_SERVER=1 \
-mach_msg2
#
# Default MIG KernelUser flags
#
MIGKUFLAGS = \
-DMACH_KERNEL_PRIVATE \
-DKERNEL_USER=1 \
-maxonstack 1024
# Support for LLVM Profile Guided Optimization (PGO)
ifeq ($(BUILD_PROFILE),1)
CFLAGS_GEN += -fprofile-instr-generate -DPROFILE
CXXFLAGS_GEN += -fprofile-instr-generate -DPROFILE
endif
ifdef USE_PROFILE
CFLAGS_GEN += -fprofile-instr-use=$(USE_PROFILE)
CXXFLAGS_GEN += -fprofile-instr-use=$(USE_PROFILE)
LDFLAGS_KERNEL_GEN += -fprofile-instr-use=$(USE_PROFILE)
CFLAGS_GEN += -Wno-error=profile-instr-out-of-date
endif
# Support for LLVM Source-based Code coverage. Since enabling code coverage
# increases the size of __LINKEDIT, it might be necessary to set the keepsyms=1
# boot-arg when building the kernel with code coverage enabled.
ifeq ($(BUILD_CODE_COVERAGE),1)
CFLAGS_GEN += -fprofile-instr-generate -fcoverage-mapping
CXXFLAGS_GEN += -fprofile-instr-generate -fcoverage-mapping
endif
#
# Support for LLVM Link Time Optimization (LTO)
#
# LTO can be explicitly enabled or disabled with BUILD_LTO=1|0
# and defaults to enabled except for DEBUG kernels
#
# CFLAGS_NOLTO_FLAG is needed on a per-file basis (for files
# that deal poorly with LTO, or files that must be machine
# code *.o files for xnu to build (i.e, setsegname runs on
# them).
#
# LDFLAGS_NOSTRIP_FLAG is used to support configurations that
# do not utilize an export list. For these configs to build,
# we need to prevent the LTO logic from dead stripping them.
LTO_ENABLED_RELEASE = 1
LTO_ENABLED_DEVELOPMENT = 1
LTO_ENABLED_DEBUG = 0
LTO_ENABLED_KASAN = 0
LTO_ENABLED_SPTM = $(LTO_ENABLED_DEVELOPMENT)
ifneq ($(BUILD_LTO),)
USE_LTO = $(BUILD_LTO)
else
USE_LTO = $(LTO_ENABLED_$(CURRENT_KERNEL_CONFIG))
endif
ifeq ($(USE_LTO),1)
CFLAGS_GEN += -flto -DBUILT_LTO=1
CXXFLAGS_GEN += -flto -DBUILT_LTO=1
LDFLAGS_KERNEL_LTO = -Wl,-mllvm,-inline-threshold=100
LDFLAGS_KERNEL_GEN += $(LDFLAGS_KERNEL_LTO) -Wl,-object_path_lto,$(TARGET)/lto.o
LDFLAGS_NOSTRIP_FLAG = -rdynamic
LDFLAGS_KERNEL_STRIP_LTO = -Wl,-dead_strip,-no_dead_strip_inits_and_terms
CFLAGS_NOLTO_FLAG = -fno-lto
else
LDFLAGS_KERNEL_LTO =
LDFLAGS_NOSTRIP_FLAG =
LDFLAGS_KERNEL_STRIP_LTO =
CFLAGS_NOLTO_FLAG =
endif
#
# Default VPATH
#
export VPATH = .:$(SOURCE)
#
# Macros that control installation of kernel and its header files
#
# install flags for header files
#
INSTALL_FLAGS = -c -S -m 0444
DATA_INSTALL_FLAGS = -c -S -m 0644
DATA_INSTALL_FLAGS_RO = -c -S -m 0444
EXEC_INSTALL_FLAGS = -c -S -m 0755
#
# Header file destinations
#
ifeq ($(DRIVERKIT),1)
SDKHEADERSROOT=$(DRIVERKITRUNTIMEROOT)
# only whitelisted headers install outside of the DriverKit Runtime hierarchy
DRIVERKITSDKHEADERSROOT=$(DRIVERKITROOT)
DRIVERKITFRAMEDIR = $(DRIVERKITROOT)/System/Library/Frameworks
endif
ifeq ($(EXCLAVEKIT),1)
EXCLAVEKITSDKHEADERSROOT=$(EXCLAVEKITROOT)
EXCLAVEKITFRAMEDIR = $(EXCLAVEKITROOT)/System/Library/Frameworks
endif
ifeq ($(EXCLAVECORE),1)
EXCLAVECORESDKHEADERSROOT=$(EXCLAVECOREROOT)
EXCLAVECOREFRAMEDIR = $(EXCLAVECOREROOT)/System/Library/Frameworks
endif
FRAMEDIR = $(SDKHEADERSROOT)/System/Library/Frameworks
IINCVERS = A
IINCFRAME = $(FRAMEDIR)/IOKit.framework
IINCDIR = $(IINCFRAME)/Versions/$(IINCVERS)/Headers
IPINCDIR = $(IINCFRAME)/Versions/$(IINCVERS)/PrivateHeaders
IRESDIR = $(IINCFRAME)/Versions/$(IINCVERS)/Resources
SINCVERS = B
SINCFRAME = $(FRAMEDIR)/System.framework
SINCDIR = $(SINCFRAME)/Versions/$(SINCVERS)/Headers
SPINCDIR = $(SINCFRAME)/Versions/$(SINCVERS)/PrivateHeaders
SRESDIR = $(SINCFRAME)/Versions/$(SINCVERS)/Resources
ifndef INCDIR
INCDIR = $(SDKHEADERSROOT)/usr/include
endif
ifndef DRIVERKITINCDIR
DRIVERKITINCDIR = $(DRIVERKITSDKHEADERSROOT)/usr/include
endif
ifndef EXCLAVEKITINCDIR
EXCLAVEKITINCDIR = $(EXCLAVEKITSDKHEADERSROOT)/usr/include
endif
ifndef EXCLAVECOREINCDIR
EXCLAVECOREINCDIR = $(EXCLAVECORESDKHEADERSROOT)/usr/include
endif
ifndef LCLDIR
LCLDIR = $(SDKHEADERSROOT)/usr/local/include
endif
ifndef DRIVERKITLCLDIR
DRIVERKITLCLDIR = $(DRIVERKITSDKHEADERSROOT)/usr/local/include
endif
KINCVERS = A
KINCFRAME = $(FRAMEDIR)/Kernel.framework
KINCDIR = $(KINCFRAME)/Versions/$(KINCVERS)/Headers
KPINCDIR = $(KINCFRAME)/Versions/$(KINCVERS)/PrivateHeaders
KRESDIR = $(KINCFRAME)/Versions/$(KINCVERS)/Resources
KLIBCXXDIR = $(KPINCDIR)/kernel_sdkroot
KLIBCXXINCDIR = $(KLIBCXXDIR)/usr/include
DKIT_INCFRAME = DriverKit.framework
ifeq ($(PLATFORM),MacOSX)
DKIT_INCVERS = A
DKIT_INCDIR = $(DKIT_INCFRAME)/Versions/$(DKIT_INCVERS)/Headers
DKIT_PINCDIR = $(DKIT_INCFRAME)/Versions/$(DKIT_INCVERS)/PrivateHeaders
else
# non-macOS SDK frameworks use shallow bundle structure
DKIT_INCDIR = $(DKIT_INCFRAME)/Headers
DKIT_PINCDIR = $(DKIT_INCFRAME)/PrivateHeaders
endif
# DriverKit SDK frameworks use shallow bundle structure
DRIVERKIT_DKIT_INCDIR = $(DKIT_INCFRAME)/Headers
DRIVERKIT_DKIT_PINCDIR = $(DKIT_INCFRAME)/PrivateHeaders
XNU_PRIVATE_UNIFDEF ?=
XNU_PRIVATE_UNIFDEF += -UMACH_KERNEL_PRIVATE
XNU_PRIVATE_UNIFDEF += -UBSD_KERNEL_PRIVATE
XNU_PRIVATE_UNIFDEF += -UIOKIT_KERNEL_PRIVATE
XNU_PRIVATE_UNIFDEF += -ULIBKERN_KERNEL_PRIVATE
XNU_PRIVATE_UNIFDEF += -ULIBSA_KERNEL_PRIVATE
XNU_PRIVATE_UNIFDEF += -UPEXPERT_KERNEL_PRIVATE
XNU_PRIVATE_UNIFDEF += -UXNU_KERNEL_PRIVATE
PLATFORM_UNIFDEF = $(foreach x,$(SUPPORTED_PLATFORMS),$(if $(filter $(PLATFORM),$(x)),-DXNU_PLATFORM_$(x) $(foreach token,$(PLATFORM_UNIFDEF_BLACKLIST_TOKENS_$(x)),-U$(token)),-UXNU_PLATFORM_$(x)))
# Some header guards need to be present and checked in kernel headers but removed from userspace headers
KERNEL_ONLY_GUARDS_UNIFDEF =
SPINCFRAME_UNIFDEF = $(PLATFORM_UNIFDEF) $(XNU_PRIVATE_UNIFDEF) $(SEED_DEFINES) -UKERNEL_PRIVATE -UKERNEL -DPRIVATE -UDRIVERKIT -UEXCLAVEKIT -UEXCLAVECORE -U_OPEN_SOURCE_ -U__OPEN_SOURCE__ $(KERNEL_ONLY_GUARDS_UNIFDEF)
SINCFRAME_UNIFDEF = $(PLATFORM_UNIFDEF) $(XNU_PRIVATE_UNIFDEF) $(SEED_DEFINES) -UKERNEL_PRIVATE -UKERNEL -UPRIVATE -UDRIVERKIT -UEXCLAVEKIT -UEXCLAVECORE -D_OPEN_SOURCE_ -D__OPEN_SOURCE__ $(KERNEL_ONLY_GUARDS_UNIFDEF)
DKPINCFRAME_UNIFDEF = $(PLATFORM_UNIFDEF) $(XNU_PRIVATE_UNIFDEF) $(SEED_DEFINES) -UKERNEL_PRIVATE -UKERNEL -DPRIVATE -DDRIVERKIT -UEXCLAVEKIT -UEXCLAVECORE -U_OPEN_SOURCE_ -U__OPEN_SOURCE__ $(KERNEL_ONLY_GUARDS_UNIFDEF)
DKINCFRAME_UNIFDEF = $(PLATFORM_UNIFDEF) $(XNU_PRIVATE_UNIFDEF) $(SEED_DEFINES) -UKERNEL_PRIVATE -UKERNEL -UPRIVATE -DDRIVERKIT -UEXCLAVEKIT -UEXCLAVECORE -D_OPEN_SOURCE_ -D__OPEN_SOURCE__ $(KERNEL_ONLY_GUARDS_UNIFDEF)
EKPINCFRAME_UNIFDEF = $(PLATFORM_UNIFDEF) $(XNU_PRIVATE_UNIFDEF) $(SEED_DEFINES) -UKERNEL_PRIVATE -UKERNEL -DPRIVATE -UDRIVERKIT -DEXCLAVEKIT -UEXCLAVECORE -U_OPEN_SOURCE_ -U__OPEN_SOURCE__ $(KERNEL_ONLY_GUARDS_UNIFDEF)
EKINCFRAME_UNIFDEF = $(PLATFORM_UNIFDEF) $(XNU_PRIVATE_UNIFDEF) $(SEED_DEFINES) -UKERNEL_PRIVATE -UKERNEL -UPRIVATE -UDRIVERKIT -DEXCLAVEKIT -UEXCLAVECORE -D_OPEN_SOURCE_ -D__OPEN_SOURCE__ $(KERNEL_ONLY_GUARDS_UNIFDEF)
ECPINCFRAME_UNIFDEF = $(PLATFORM_UNIFDEF) $(XNU_PRIVATE_UNIFDEF) $(SEED_DEFINES) -UKERNEL_PRIVATE -UKERNEL -DPRIVATE -UDRIVERKIT -UEXCLAVEKIT -DEXCLAVECORE -U_OPEN_SOURCE_ -U__OPEN_SOURCE__ $(KERNEL_ONLY_GUARDS_UNIFDEF)
ECINCFRAME_UNIFDEF = $(PLATFORM_UNIFDEF) $(XNU_PRIVATE_UNIFDEF) $(SEED_DEFINES) -UKERNEL_PRIVATE -UKERNEL -UPRIVATE -UDRIVERKIT -UEXCLAVEKIT -DEXCLAVECORE -D_OPEN_SOURCE_ -D__OPEN_SOURCE__ $(KERNEL_ONLY_GUARDS_UNIFDEF)
KPINCFRAME_UNIFDEF = $(PLATFORM_UNIFDEF) $(XNU_PRIVATE_UNIFDEF) $(SEED_DEFINES) -DKERNEL_PRIVATE -DKERNEL -DPRIVATE -UDRIVERKIT -UXNU_LIBCXX_SDKROOT -UEXCLAVEKIT -UEXCLAVECORE -U_OPEN_SOURCE_ -U__OPEN_SOURCE__
LIBCXXINCFRAME_UNIFDEF = $(PLATFORM_UNIFDEF) $(XNU_PRIVATE_UNIFDEF) $(SEED_DEFINES) -DKERNEL_PRIVATE -DKERNEL -DPRIVATE -UDRIVERKIT -DXNU_LIBCXX_SDKROOT -UEXCLAVEKIT -UEXCLAVECORE -U_OPEN_SOURCE_ -U__OPEN_SOURCE__
KINCFRAME_UNIFDEF = $(PLATFORM_UNIFDEF) $(XNU_PRIVATE_UNIFDEF) $(SEED_DEFINES) -UKERNEL_PRIVATE -DKERNEL -UPRIVATE -UDRIVERKIT -UEXCLAVEKIT -UEXCLAVECORE -D_OPEN_SOURCE_ -D__OPEN_SOURCE__
PDATA_UNIFDEF = $(PLATFORM_UNIFDEF) $(XNU_PRIVATE_UNIFDEF) $(SEED_DEFINES) -DPRIVATE -U_OPEN_SOURCE_ -U__OPEN_SOURCE__
DATA_UNIFDEF = $(PLATFORM_UNIFDEF) $(XNU_PRIVATE_UNIFDEF) $(SEED_DEFINES) -UPRIVATE -D_OPEN_SOURCE_ -D__OPEN_SOURCE__
#
# Compononent Header file destinations
#
EXPDIR = EXPORT_HDRS/$(COMPONENT)
#
# Strip Flags
#
STRIP_FLAGS_RELEASE = -S -x
STRIP_FLAGS_DEVELOPMENT = -S
STRIP_FLAGS_KASAN = $(STRIP_FLAGS_DEVELOPMENT)
STRIP_FLAGS_DEBUG = -S
STRIP_FLAGS_SPTM = $(STRIP_FLAGS_DEVELOPMENT)
STRIP_FLAGS_PROFILE = -S -x
STRIP_FLAGS = $($(addsuffix $(CURRENT_KERNEL_CONFIG),STRIP_FLAGS_))
#
# dsymutil flags
#
DSYMUTIL_FLAGS_GEN = --minimize
DSYMUTIL_FLAGS_X86_64 = --arch=x86_64
DSYMUTIL_FLAGS_X86_64H = --arch=x86_64h
DSYMUTIL_FLAGS_ARM64 =
DSYMUTIL_FLAGS = $(DSYMUTIL_FLAGS_GEN) \
$($(addsuffix $(CURRENT_ARCH_CONFIG),DSYMUTIL_FLAGS_))
#
# Man Page destination
#
MANDIR = /usr/share/man
#
# DEBUG alias location
#
DEVELOPER_EXTRAS_DIR = /AppleInternal/CoreOS/xnu_$(CURRENT_KERNEL_CONFIG_LC)
#
# mach_kernel install location
#
INSTALL_KERNEL_DIR = /
#
# new OS X install location
#
SYSTEM_LIBRARY_KERNELS_DIR = /System/Library/Kernels
#
# File names in DSTROOT
#
ifeq ($(PLATFORM),MacOSX)
KERNEL_FILE_NAME_PREFIX = kernel
else
KERNEL_FILE_NAME_PREFIX = mach
endif
ifeq ($(CURRENT_MACHINE_CONFIG),NONE)
ifeq ($(CURRENT_KERNEL_CONFIG),RELEASE)
KERNEL_FILE_NAME = $(KERNEL_FILE_NAME_PREFIX)
KERNEL_LLDBBOOTSTRAP_NAME = $(KERNEL_FILE_NAME_PREFIX).py
else
KERNEL_FILE_NAME = $(KERNEL_FILE_NAME_PREFIX).$(CURRENT_KERNEL_CONFIG_LC)
KERNEL_LLDBBOOTSTRAP_NAME = $(KERNEL_FILE_NAME_PREFIX).py
endif
else
KERNEL_FILE_NAME = $(KERNEL_FILE_NAME_PREFIX).$(CURRENT_KERNEL_CONFIG_LC).$(CURRENT_MACHINE_CONFIG_LC)
KERNEL_LLDBBOOTSTRAP_NAME = $(KERNEL_FILE_NAME_PREFIX)_$(CURRENT_KERNEL_CONFIG_LC).py
endif
CURRENT_ALIAS_MACHINE_CONFIG = $(word 4,$(subst ^, ,$(CURRENT_BUILD_CONFIG)))
CURRENT_ALIAS_MACHINE_CONFIG_LC = $(shell printf "%s" "$(CURRENT_ALIAS_MACHINE_CONFIG)" | $(TR) A-Z a-z)
ifneq ($(CURRENT_ALIAS_MACHINE_CONFIG),)
ALIAS_FILE_NAME = $(KERNEL_FILE_NAME_PREFIX).$(CURRENT_KERNEL_CONFIG_LC).$(CURRENT_ALIAS_MACHINE_CONFIG_LC)
endif
#
# System.kext pseudo-kext install location
#
INSTALL_EXTENSIONS_DIR = /System/Library/Extensions
SYSTEM_KEXT_INFO_PLIST = $(addprefix $(INSTALL_EXTENSIONS_DIR),/System.kext/Info.plist)
#
# System.kext PlugIns install location
#
DSTROOT_SYSTEM_KEXT_PATH = $(addprefix $(DSTROOT)$(INSTALL_EXTENSIONS_DIR),/System.kext/PlugIns)
SYMROOT_SYSTEM_KEXT_PATH = $(addprefix $(SYMROOT),/System.kext/PlugIns)
#
# KDK location
#
INSTALL_KERNEL_SYM_DIR = /System/Library/Extensions/KDK
#
# Misc. Etc.
#
INSTALL_SHARE_MISC_DIR = /usr/share/misc
INSTALL_DTRACE_SCRIPTS_DIR = /usr/lib/dtrace
INSTALL_DTRACE_LIBEXEC_DIR = /usr/libexec/dtrace
INSTALL_ARIADNE_PLISTS_DIR = /AppleInternal/Library/Ariadne/Plists
#
# Generated xnu version file
#
XNU_VERSION = $(OBJROOT)/xnuVersion
#
# Overrides for XBS build aliases
#
ifneq ($(filter $(RC_ProjectName),xnu_headers_driverkit),)
USE_BINARY_PLIST = 1
else ifneq ($(filter $(RC_ProjectName),xnu_debug),)
INSTALL_KERNEL_DIR := $(DEVELOPER_EXTRAS_DIR)
INSTALL_KERNEL_SYM_DIR := $(DEVELOPER_EXTRAS_DIR)
INSTALL_KERNEL_SYM_TO_KDK = 1
INSTALL_XNU_DEBUG_FILES = 1
else ifneq ($(filter $(SUPPORTED_EMBEDDED_PLATFORMS),$(PLATFORM)),)
INSTALL_KERNEL_SYM_TO_KDK = 1
USE_BINARY_PLIST = 1
else ifneq ($(filter $(SUPPORTED_SIMULATOR_PLATFORMS),$(PLATFORM)),)
USE_BINARY_PLIST = 1
else ifeq ($(PLATFORM),MacOSX)
INSTALL_KERNEL_DIR := $(SYSTEM_LIBRARY_KERNELS_DIR)
INSTALL_KERNEL_SYM_DIR := $(SYSTEM_LIBRARY_KERNELS_DIR)
INSTALL_KERNEL_SYM_TO_KDK = $(if $(filter YES,$(DWARF_DSYM_FILE_SHOULD_ACCOMPANY_PRODUCT)),1,0)
endif
ifneq ($(filter $(RC_ProjectName),xnu_kasan),)
INSTALL_KASAN_ONLY = 1
endif
# vim: set ft=make: