lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 26 Apr 2016 13:40:10 -0700
From:	Kees Cook <keescook@...omium.org>
To:	Emese Revfy <re.emese@...il.com>,
	Masahiro Yamada <yamada.masahiro@...ionext.com>,
	Michal Marek <mmarek@...e.com>
Cc:	linux-kbuild <linux-kbuild@...r.kernel.org>,
	PaX Team <pageexec@...email.hu>,
	Brad Spengler <spender@...ecurity.net>,
	"kernel-hardening@...ts.openwall.com" 
	<kernel-hardening@...ts.openwall.com>,
	Rasmus Villemoes <linux@...musvillemoes.dk>,
	Fengguang Wu <fengguang.wu@...el.com>,
	Dmitry Vyukov <dvyukov@...gle.com>,
	LKML <linux-kernel@...r.kernel.org>,
	David Brown <david.brown@...aro.org>
Subject: Re: [PATCH v7 0/6] Introduce GCC plugin infrastructure

On Fri, Apr 22, 2016 at 11:19 AM, Emese Revfy <re.emese@...il.com> wrote:
> This patch set introduce the GCC plugin infrastructure with examples for testing
> and documentation.
>
> GCC plugins are loadable modules that provide extra features to the compiler.
> They are useful for runtime instrumentation and static analysis.
>
> The infrastructure supports all gcc versions from 4.5 to 6.0, building
> out-of-tree modules and building in a separate directory. Cross-compilation
> is supported too but currently only the x86, arm and arm64 architectures enables plugins.
>
> This infrastructure was ported from grsecurity/PaX. It is a CII project
> supported by the Linux Foundation.
>
> Emese Revfy (6):
>  Shared library support
>  GCC plugin infrastructure
>  The GCC plugin infrastructure supports the arm and arm64 architectures too
>  Add Cyclomatic complexity plugin
>  Documentations of the GCC plugin infrastructre
>  Add sancov plugin
>
>
> Changes from v6:
>  * Disable the sancov plugin whenever KCOV_INSTRUMENT is disabled
>     (Reported-by: Huang Ying <ying.huang@...ux.intel.com>)
>  * Disable KCOV/sancov plugin because this is not a regular kernel code
>     (Reported-by: Huang Ying <ying.huang@...ux.intel.com>)
>  * Removed unnecessary gcc plugin cflags
>     (Signed-off-by: Masahiro Yamada <yamada.masahiro@...ionext.com>)
>  * Removed unnecessary gcc plugin aflags
>
> Changes from v5:
>  * Set important properties on the external fndecl (Add sancov plugin)
>  * Revert documentation change too (Shared library support)
>     (Suggested-by: Kees Cook <keescook@...omium.org>)
>  * The GCC plugin infrastructure now supports the arm and arm64 architectures too
>     (Signed-off-by: David Brown <david.brown@...aro.org>)
>  * Simplify the computation of PLUGINCC (GCC plugin infrastructure)
>     (Suggested-by: Masahiro Yamada <yamada.masahiro@...ionext.com>)
>  * Simplify the invocation of gcc-plugin.sh (GCC plugin infrastructure)
>     (Suggested-by: Masahiro Yamada <yamada.masahiro@...ionext.com>)
>  * Make use of multi-depend (Shared library support)
>     (Suggested-by: Masahiro Yamada <yamada.masahiro@...ionext.com>)
>  * Remove unnecessary exports (GCC plugin infrastructure)
>     (Suggested-by: Masahiro Yamada <yamada.masahiro@...ionext.com>)
>  * Simplify Makefile by using addprefix (GCC plugin infrastructure)
>     (Suggested-by: Masahiro Yamada <yamada.masahiro@...ionext.com>)
>  * Moved the gcc plugins from tools/ to scripts/ (GCC plugin infrastructure)
>     (Suggested-by: Masahiro Yamada <yamada.masahiro@...ionext.com>)
>  * Removed plugins from KBUILD_CFLAGS_32 (GCC plugin infrastructure)
>  * Remove gcc-plugin target everywhere
>     (Suggested-by and partly Written-by: Masahiro Yamada <yamada.masahiro@...ionext.com>)
>  * There is no leaf gcc attribute in gcc-4.5 (Add sancov plugin)
>  * Added support to the sancov plugin with kcov (Add sancov plugin)
>
> Changes from v4:
>  * Moved shared library support from the GCC plugin infrastructure patch into
>    a different patch
>  * Update gcc-*.h from PaX
>    * Fixed gcc-common.h for gcc 6
>    * Added pass cloning support to the gcc pass generators
>  * Disable all plugins in vdso because it is userland code
>  * Add sancov gcc plugin: another use case for gcc plugin support in the kernel
>    is when there is a feature in the latest gcc version and we would like to use
>    it with older gcc versions as well (e.g., distros).
>
> Changes from v3:
>  * Fix some indentation related warnings
>    (Suggested by checkpatch.pl)
>  * Add maintainer entries
>  * Don't run gcc_plugin.sh when the GCC_PLUGINS option is disabled or unsupported
>    (Reported-by: Fengguang Wu <fengguang.wu@...el.com>)
>
> Changes from v2:
>  * Fixed incorrectly encoded characters
>  * Generate the GIMPLE, IPA, SIMPLE_IPA and RTL pass structures
>    (Suggested-by: Rasmus Villemoes <linux@...musvillemoes.dk>)
>  * Write plugin related warning messages to stderr instead of stdout
>    (Suggested-by: Kees Cook <keescook@...omium.org>)
>  * Mention the installation of the gcc plugin headers (Documentation)
>
> Changes from v1:
>  * Move the gcc-plugins make target into a separate Makefile because there may
>    be a lot of plugins (Suggested-by: Rasmus Villemoes)
>  * Simplify the dependencies of the plugin related config option
>    (Suggested-by: Kees Cook <keescook@...omium.org>)
>  * Removed the unnecessary example plugin

This looks really good to me! Masahiro are there any other things you
see here that need fixing? Michal, does this look like it's ready for
-next? I'd be happy to carry it via one of my trees if you want.

-Kees

>
> ---
>  Documentation/dontdiff                             |   1 +
>  Documentation/gcc-plugins.txt                      |  83 +++
>  Documentation/kbuild/makefiles.txt                 |  39 +-
>  Documentation/kernel-parameters.txt                |   5 +
>  MAINTAINERS                                        |   8 +
>  Makefile                                           |  25 +-
>  arch/Kconfig                                       |  36 +
>  arch/arm/Kconfig                                   |   1 +
>  arch/arm64/Kconfig                                 |   1 +
>  arch/x86/Kconfig                                   |   1 +
>  arch/x86/entry/vdso/Makefile                       |   3 +-
>  arch/x86/purgatory/Makefile                        |   2 +
>  lib/Kconfig.debug                                  |   2 +
>  scripts/Makefile                                   |   2 +-
>  scripts/Makefile.build                             |   2 +-
>  scripts/Makefile.clean                             |   3 +-
>  scripts/Makefile.gcc-plugins                       |  40 +
>  scripts/Makefile.host                              |  70 +-
>  scripts/gcc-plugin.sh                              |  51 ++
>  scripts/gcc-plugins/Makefile                       |  24 +
>  scripts/gcc-plugins/cyc_complexity_plugin.c        |  73 ++
>  scripts/gcc-plugins/gcc-common.h                   | 830 +++++++++++++++++++++
>  scripts/gcc-plugins/gcc-generate-gimple-pass.h     | 175 +++++
>  scripts/gcc-plugins/gcc-generate-ipa-pass.h        | 289 +++++++
>  scripts/gcc-plugins/gcc-generate-rtl-pass.h        | 175 +++++
>  scripts/gcc-plugins/gcc-generate-simple_ipa-pass.h | 175 +++++
>  scripts/gcc-plugins/sancov_plugin.c                | 144 ++++
>  scripts/link-vmlinux.sh                            |   2 +-
>  scripts/package/builddeb                           |   1 +
>  29 files changed, 2239 insertions(+), 25 deletions(-)



-- 
Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists