| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 6 Mar 2021 11:18:31 +0900
From: Masahiro Yamada <masahiroy@...nel.org>
To: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Kees Cook <keescook@...omium.org>,
Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
Michal Marek <michal.lkml@...kovi.net>,
linux-hardening@...r.kernel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Frank Eigler <fche@...hat.com>,
Justin Forbes <jforbes@...hat.com>,
Ondrej Mosnacek <omosnace@...hat.com>
Subject: Re: [PATCH] kbuild: rebuild GCC plugins when the compiler is upgraded
On Sat, Mar 6, 2021 at 10:28 AM Josh Poimboeuf <jpoimboe@...hat.com> wrote:
>
> On Thu, Mar 04, 2021 at 08:25:00PM -0600, Josh Poimboeuf wrote:
> > On Thu, Mar 04, 2021 at 03:37:14PM -0800, Linus Torvalds wrote:
> > > On Thu, Mar 4, 2021 at 3:20 PM Kees Cook <keescook@...omium.org> wrote:
> > > >
> > > > This seems fine to me, but I want to make sure Josh has somewhere to
> > > > actually go with this. Josh, does this get you any closer?
> >
> > No, this doesn't seem to help me at all.
> >
> > > > It sounds like the plugins need to move to another location for
> > > > packaged kernels?
> > >
> > > Well, it might be worth extending the stuff that gets installed with
> > > /lib/modules/<kernel-version>/ with enough information and
> > > infrastruvcture to then build any external modules.
> >
> > The gcc plugins live in scripts/, which get installed by "make
> > modules_install" already. So the plugins' source and makefiles are in
> > /lib/modules/<kernel-version>/build/scripts/gcc-plugins.
> >
> > So everything needed for building the plugins is already there. We just
> > need the kernel makefiles to rebuild the plugins locally, when building
> > an external module.
>
> This seems to work with very limited testing... Based on top of
> Masahiro's recent patch:
>
> https://lkml.kernel.org/r/CAK7LNARHoTnZ3gAvHgnYB4n-wYuboxC10A6zURh1ODGhxWd2yA@mail.gmail.com
Is this a bad coding contest?
I am not asking you to add ugly ifeq or whatever
hacks to say "this worked for me".
Please feel free to do this in the fedora kernel,
but do not send it to upstream.
Sorry, I really do not want to see hacks like this any more.
Remember, how badly objtool was integrated in the build system,
and you even blocked me from fixing that.
> From: Josh Poimboeuf <jpoimboe@...hat.com>
> Subject: [PATCH] gcc-plugins: Rebuild plugins in external module directory
>
> When building external kernel modules, the build system doesn't require
> the GCC version to match the version used to build the original kernel.
>
> In fact, most distros release the compiler and the kernel in separate
> packages, with separate release cadences. So it's not uncommon for
> mismatches to occur.
>
> But with GCC plugins enabled, that's no longer allowed:
>
> cc1: error: incompatible gcc/plugin versions
> cc1: error: failed to initialize plugin ./scripts/gcc-plugins/structleak_plugin.so
>
> That error comes from the plugin's call to
> plugin_default_version_check(), which strictly enforces the GCC version.
> The strict check makes sense, because there's nothing to prevent the GCC
> plugin ABI from changing, and it often does.
>
> Since plugins are tightly tied to the compiler version, just rebuild
> them locally in the external module directory, and then use the local
> version in the external module build.
>
> Reported-by: Ondrej Mosnacek <omosnace@...hat.com>
> Signed-off-by: Josh Poimboeuf <jpoimboe@...hat.com>
> ---
> Makefile | 1 +
> scripts/Makefile.gcc-plugins | 2 +-
> scripts/gcc-plugins/Makefile | 8 ++++++--
> 3 files changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/Makefile b/Makefile
> index bc208886fcce..90c6656de224 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1784,6 +1784,7 @@ prepare:
> echo " The kernel was built by: "$(CONFIG_CC_VERSION_TEXT); \
> echo " You are using: $(CC_VERSION_TEXT)"; \
> fi
> + $(Q)$(MAKE) $(build)=scripts/gcc-plugins
>
> PHONY += help
> help:
> diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
> index 952e46876329..be4303678942 100644
> --- a/scripts/Makefile.gcc-plugins
> +++ b/scripts/Makefile.gcc-plugins
> @@ -48,7 +48,7 @@ export DISABLE_ARM_SSP_PER_TASK_PLUGIN
>
> # All the plugin CFLAGS are collected here in case a build target needs to
> # filter them out of the KBUILD_CFLAGS.
> -GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y))
> +GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(if $(KBUILD_EXTMOD),$(KBUILD_EXTMOD),$(objtree))/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y))
> # The sancov_plugin.so is included via CFLAGS_KCOV, so it is removed here.
> GCC_PLUGINS_CFLAGS := $(filter-out %/sancov_plugin.so, $(GCC_PLUGINS_CFLAGS))
> export GCC_PLUGINS_CFLAGS
> diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile
> index b5487cce69e8..9f8e2ef3ab56 100644
> --- a/scripts/gcc-plugins/Makefile
> +++ b/scripts/gcc-plugins/Makefile
> @@ -1,10 +1,14 @@
> # SPDX-License-Identifier: GPL-2.0
>
> -$(obj)/randomize_layout_plugin.so: $(objtree)/$(obj)/randomize_layout_seed.h
> +ifneq ($(KBUILD_EXTMOD),)
> +override obj := $(KBUILD_EXTMOD)/$(obj)
> +endif
> +
> +$(obj)/randomize_layout_plugin.so: $(objtree)/$(src)/randomize_layout_seed.h
> quiet_cmd_create_randomize_layout_seed = GENSEED $@
> cmd_create_randomize_layout_seed = \
> $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h
> -$(objtree)/$(obj)/randomize_layout_seed.h: FORCE
> +$(objtree)/$(src)/randomize_layout_seed.h: FORCE
> $(call if_changed,create_randomize_layout_seed)
> targets += randomize_layout_seed.h randomize_layout_hash.h
>
> --
> 2.29.2
>
--
Best Regards
Masahiro Yamada
Powered by blists - more mailing lists