{"id":2197821,"url":"http://patchwork.ozlabs.org/api/1.0/patches/2197821/?format=json","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/1.0/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260218163205.1639035-2-fabien.lehoussel@smile.fr>","date":"2026-02-18T16:32:03","name":"[1/2] linux/linux.mk: add generation of compile_commands.json","commit_ref":null,"pull_url":null,"state":"superseded","archived":false,"hash":"72b5b45752d3ae12a64736b8cad045ca3d48d65b","submitter":{"id":91059,"url":"http://patchwork.ozlabs.org/api/1.0/people/91059/?format=json","name":"Fabien LEHOUSSEL","email":"fabien.lehoussel@smile.fr"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260218163205.1639035-2-fabien.lehoussel@smile.fr/mbox/","series":[{"id":492573,"url":"http://patchwork.ozlabs.org/api/1.0/series/492573/?format=json","date":"2026-02-18T16:32:03","name":"Linux kernel CVE filtering improvements","version":1,"mbox":"http://patchwork.ozlabs.org/series/492573/mbox/"}],"check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2197821/checks/","tags":{},"headers":{"Return-Path":"<buildroot-bounces@buildroot.org>","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=RhBAqjuL;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fGMVT5NXJz1xvq\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Thu, 19 Feb 2026 03:32:17 +1100 (AEDT)","from localhost (localhost [127.0.0.1])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id 7C67F60902;\n\tWed, 18 Feb 2026 16:32:15 +0000 (UTC)","from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id j-Bm9oNXUJ5e; Wed, 18 Feb 2026 16:32:14 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id 895A3608F5;\n\tWed, 18 Feb 2026 16:32:14 +0000 (UTC)","from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])\n by lists1.osuosl.org (Postfix) with ESMTP id 0D29235B\n for <buildroot@buildroot.org>; Wed, 18 Feb 2026 16:32:13 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp2.osuosl.org (Postfix) with ESMTP id F329340404\n for <buildroot@buildroot.org>; Wed, 18 Feb 2026 16:32:12 +0000 (UTC)","from smtp2.osuosl.org ([127.0.0.1])\n by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id eq987RRtqHXZ for <buildroot@buildroot.org>;\n Wed, 18 Feb 2026 16:32:12 +0000 (UTC)","from mail-wm1-x335.google.com (mail-wm1-x335.google.com\n [IPv6:2a00:1450:4864:20::335])\n by smtp2.osuosl.org (Postfix) with ESMTPS id 02FB3403FF\n for <buildroot@buildroot.org>; Wed, 18 Feb 2026 16:32:11 +0000 (UTC)","by mail-wm1-x335.google.com with SMTP id\n 5b1f17b1804b1-4806ce0f97bso253245e9.0\n for <buildroot@buildroot.org>; Wed, 18 Feb 2026 08:32:11 -0800 (PST)","from FRSMI25-GRAVITY.. ([2a01:e0a:943:83d0:6dc6:c524:f7df:4d64])\n by smtp.gmail.com with ESMTPSA id\n 5b1f17b1804b1-483983e8e3dsm20677605e9.20.2026.02.18.08.32.08\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 18 Feb 2026 08:32:08 -0800 (PST)"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp3.osuosl.org 895A3608F5","OpenDKIM Filter v2.11.0 smtp2.osuosl.org 02FB3403FF"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1771432334;\n\tbh=9A54JTfHYJ1FDFPtrY2CqlkFHaoBPyC4MLeue7LasIo=;\n\th=To:Cc:Date:In-Reply-To:References:Subject:List-Id:\n\t List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:\n\t From:Reply-To:From;\n\tb=RhBAqjuLxVIuzgxu4xLpwimOwOCsMCrHwgbCPrhCJYETHX9dGCy0nllPk1kRNXgxr\n\t dRZ5P483V3nnoPF1teNyafHWpXntl6EXSpzH0HXCl/kqIJWSMRrJY8TNMp2SiMi1L8\n\t sGAdCcT+nFPuEypD7Vl5YB/YN7SWHMtJcf+69F+b9ix70jVh6S3EiOFcPCdg9WF3o3\n\t IIkU4uadFJVc0owUo2BSKxTJgsFn2C1JUxQeVJgc6bJofBjcS6K8uAg6uHOJt1YlEe\n\t RIf/2BAzXAPIZybCZOirqBzmOUXOHOvjZvvJOlzASXugpWsAjSGRu3ehtZVdwAYAb7\n\t tpx2ROS1HmJ1A==","Received-SPF":"Pass (mailfrom) identity=mailfrom;\n client-ip=2a00:1450:4864:20::335; helo=mail-wm1-x335.google.com;\n envelope-from=fabien.lehoussel@smile.fr; receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp2.osuosl.org 02FB3403FF","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1771432329; x=1772037129;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=yhfu+7SOv1HBwQ8AotjTeuB2yj1TsUkrRUkRFwo+8kk=;\n b=RC6K/SyTPlnu/AujgaF8BtCPKCr3wvrmZN8OBkahQ+BS1YtJpm6KXqFfczCV5Jwfpa\n vgx6sIOgZYAXmR/bHfOpLwgWhzBim9f6QN0XzFaVeJ3u8fKkPG9WJPtY4qMx7JyA9idw\n EBsSRV1Vxfmkd8uaa3CGSU5gLQz+5gAimP1gk8HhBlfAsSbgrv7OgNuSSongZl45lWMA\n rGrrfGMFGwyt46GAIlrIeyM9cgK4lPXm+VBXGmKJWNfPGobrx7YOOyJcBjunsOKPZHYi\n EIngMvmBmH3yhq2rpbfkaSEgGMDO7zusqKjPKcKbSqsdu8EwgkgOtcNOaMaMnBbQBa9O\n E1pw==","X-Gm-Message-State":"AOJu0YxRskcwp/qbBHM4wrxI9uhAVVBTOfh/FmLmu9MvaUiZ44f5h/51\n ApA+1T8o6Me2t39rJ8FTAClRKfGell6BVE/iOTYuRTlzIKtRsd8L1WBuK/Tsn4aHqQm4BBLMqqr\n oUDl9","X-Gm-Gg":"AZuq6aIS4CNSm6H4RgaYdzfiC11WGK4Lv7iFbeCz6WssNPn1sO/W7bvg8uZDgBr0jvj\n /OkVqoNcmx0CKWNjrFpiIytJq2w0H72QkV7gd6Gy/imP313xoI6Mhpix4iGB4PQninaLdWvPCxX\n TUYeOUcc2kLOA0SVgdHtqooc2fw7Pa4gsUjUWOMPizPgbIx8CMyfnwtFrTQp6KVq4iy7QI4pBp/\n 9Egb1zgCCDstmLrfLgfriyGTMU9Tz/telFDtVBrAfFgBxmOxWzgk7KlT//DeZaaznwmnkjdPfo0\n mmW06UvVvdV1Eicf8XWE3bSllEtOBVzgn56CRsH1ksSocO2zM+xNZNMk7UFwX/6PBbHPG/nfVvk\n 1xeQdQ7lc5HCY13Ji1xBS8La/rvf2FwU/mB1jM9wUSYJPJtfZVj6MFav0I3Se2CyRxBz2gkg1C6\n Dvph18ojY1GC4zokTxdV75rTBOOVtou/0idLbV9z01","X-Received":"by 2002:a05:600c:1d1b:b0:47b:e2a9:2bd7 with SMTP id\n 5b1f17b1804b1-48398ad716dmr39871785e9.19.1771432329240;\n Wed, 18 Feb 2026 08:32:09 -0800 (PST)","To":"buildroot@buildroot.org","Cc":"Fabien Lehoussel <fabien.lehoussel@smile.fr>","Date":"Wed, 18 Feb 2026 17:32:03 +0100","Message-ID":"<20260218163205.1639035-2-fabien.lehoussel@smile.fr>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260218163205.1639035-1-fabien.lehoussel@smile.fr>","References":"<20260218163205.1639035-1-fabien.lehoussel@smile.fr>","MIME-Version":"1.0","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=smile.fr; s=google; t=1771432329; x=1772037129; darn=buildroot.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=yhfu+7SOv1HBwQ8AotjTeuB2yj1TsUkrRUkRFwo+8kk=;\n b=VbvxbaH+/nm5kkpDAkqg0lBgRv9zqbTes979linwxKvWqp8VP7G7f/kzOYOZzmp3//\n EDDl4vYuLiAnsC8dm0HJ7kObqw9L6xWUyc3OKM2OzeyH/1ZWTtYMOBVVHZ4AvtBDnEIa\n 3sH70XFHLBj4whLoynDQP5nr179WzCMP1/DIM=","X-Mailman-Original-Authentication-Results":["smtp2.osuosl.org;\n dmarc=pass (p=reject dis=none)\n header.from=smile.fr","smtp2.osuosl.org;\n dkim=pass (1024-bit key,\n unprotected) header.d=smile.fr header.i=@smile.fr header.a=rsa-sha256\n header.s=google header.b=VbvxbaH+"],"Subject":"[Buildroot] [PATCH 1/2] linux/linux.mk: add generation of\n compile_commands.json","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.buildroot.org>","List-Unsubscribe":"<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>","List-Archive":"<http://lists.buildroot.org/pipermail/buildroot/>","List-Post":"<mailto:buildroot@buildroot.org>","List-Help":"<mailto:buildroot-request@buildroot.org?subject=help>","List-Subscribe":"<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>","From":"Fabien Lehoussel via buildroot <buildroot@buildroot.org>","Reply-To":"Fabien Lehoussel <fabien.lehoussel@smile.fr>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" <buildroot-bounces@buildroot.org>"},"content":"Enable automatic generation of compile_commands.json during the kernel\nbuild process to facilitate security analysis and CVE filtering.\n\nThe compile_commands.json file is generated after the kernel build\nusing the native kernel target (available since Linux 5.3). It\ncontains the complete list of compiled source files with their\ncompilation commands and flags.\n\nThis file is copied to the binaries directory and can be used to:\n- Extract the exact list of compiled kernel files\n- Cross-reference with CVE databases (NVD, CNA) to filter relevant\n  vulnerabilities\nIn the future, this information could be leveraged to:\n- Map affected files to their corresponding Kconfig CONFIG_ options\n- Determine which CVEs are actually applicable based on the current\n  build configuration\n- Provide more accurate vulnerability impact analysis\n\nThe generated file is saved as linux_compile_commands.json in the\nbinaries directory for use by CVE analysis tools.\n\nSigned-off-by: Fabien Lehoussel <fabien.lehoussel@smile.fr>\n---\n linux/Config.in | 20 ++++++++++++++++++++\n linux/linux.mk  | 12 ++++++++++++\n 2 files changed, 32 insertions(+)","diff":"diff --git a/linux/Config.in b/linux/Config.in\nindex 4ed9104695..c6929a4a7c 100644\n--- a/linux/Config.in\n+++ b/linux/Config.in\n@@ -519,6 +519,26 @@ config BR2_LINUX_KERNEL_INSTALL_TARGET\n \t  /boot if DTBs have been generated by the kernel build\n \t  process.\n \n+\n+config BR2_LINUX_KERNEL_COMPILE_COMMANDS\n+\tbool \"Generate compile_commands.json file\"\n+\thelp\n+\t  Generate compile_commands.json during the Linux kernel build.\n+\t  This file contains the exact list of all compiled kernel files\n+\t  with the current build options/configuration in JSON format\n+\n+\t  The generated file is copied to the binaries directory as\n+\t  linux_compile_commands.json and can be used for:\n+\t  - Static analysis and code indexing tools\n+\t  - Cross-referencing with CVE databases (NVD, CNA) to determine\n+\t    which vulnerabilities are actually applicable to the current\n+\t    kernel build configuration\n+\n+\t  Note: This option requires Linux kernel 5.4 or newer.\n+\n+\t  If unsure, say N.\n+\n+\n config BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL\n \tbool \"Needs host OpenSSL\"\n \thelp\ndiff --git a/linux/linux.mk b/linux/linux.mk\nindex c61089bfe0..649921a87b 100644\n--- a/linux/linux.mk\n+++ b/linux/linux.mk\n@@ -550,6 +550,18 @@ define LINUX_BUILD_CMDS\n \t$(LINUX_APPEND_DTB)\n endef\n \n+define LINUX_GENERATE_COMPILE_COMMANDS\n+\t@$(call MESSAGE,\"Generating compile_commands.json\")\n+\t$(Q)$(LINUX_MAKE_ENV) $(BR2_MAKE) $(LINUX_MAKE_FLAGS) \\\n+\t\t-C $(@D) \\\n+\t\tcompile_commands.json\n+\tcp $(@D)/compile_commands.json $(BINARIES_DIR)/linux_compile_commands.json\n+endef\n+\n+ifeq ($(BR2_LINUX_KERNEL_GENERATE_COMPILE_COMMANDS),y)\n+LINUX_POST_BUILD_HOOKS += LINUX_GENERATE_COMPILE_COMMANDS\n+endif\n+\n ifeq ($(BR2_LINUX_KERNEL_APPENDED_DTB),y)\n # When a DTB was appended, install the potential several images with\n # appended DTBs.\n","prefixes":["1/2"]}