| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250429-rebuild-on-randstruct-seed-changes-v1-1-16a74fe65538@avm.de> Date: Tue, 29 Apr 2025 14:59:13 +0200 From: Nicolas Schier <n.schier@....de> To: Kees Cook <kees@...nel.org>, Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, Benno Lossin <benno.lossin@...ton.me>, Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>, Danilo Krummrich <dakr@...nel.org> Cc: Masahiro Yamada <masahiroy@...nel.org>, Nicolas Schier <nicolas.schier@...ux.dev>, linux-hardening@...r.kernel.org, linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org, Nicolas Schier <nicolas.schier@...ux.dev> Subject: [PATCH] randstruct: Rebuild completely if randstruct.seed changes Include generated/randstruct_hash.h in linux/compiler-version.h to force a complete rebuild if CONFIG_RANDSTRUCT is enabled and randstruct.seed changes. Removal or change of scripts/basic/randstruct.seed leads to a remake of generated/randstruct_hash.h. As linux/compiler-version.h is a hard-coded include for every kbuild induced compilation, conditionally adding generated/randstruct_hash.h there adds it as build-dependency to each object file. Reported-by: Kees Cook <kees@...nel.org> Closes: https://lore.kernel.org/linux-kbuild/202504161928.17A90D9B@keescook/ Signed-off-by: Nicolas Schier <n.schier@....de> --- As I have no rust experience at all, yet: Do we have to consider something for rust? --- include/linux/compiler-version.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/include/linux/compiler-version.h b/include/linux/compiler-version.h index 573fa85b6c0cd314dfeec66e8c77342798aa7e62..523eacf80c1a6149c513dccfd0dd9fd388e909a4 100644 --- a/include/linux/compiler-version.h +++ b/include/linux/compiler-version.h @@ -6,9 +6,19 @@ #define __LINUX_COMPILER_VERSION_H /* - * This header exists to force full rebuild when the compiler is upgraded. + * This header exists to force full rebuild when the compiler is upgraded or + * the randstruct is changed. * * When fixdep scans this, it will find this string "CONFIG_CC_VERSION_TEXT" * and add dependency on include/config/CC_VERSION_TEXT, which is touched * by Kconfig when the version string from the compiler changes. */ +#ifdef CONFIG_RANDSTRUCT +/* + * If CONFIG_RANDSTRUCT is enabled and scripts/basic/randstruct.seed changes, + * randstruct_hash.h is updated. Including it here, makes it a build + * dependency for all build objects. + */ +#include <generated/randstruct_hash.h> +#undef RANDSTRUCT_HASHED_SEED +#endif --- base-commit: 9c32cda43eb78f78c73aee4aa344b777714e259b change-id: 20250429-rebuild-on-randstruct-seed-changes-6b45e327fb31 Best regards, -- Nicolas Schier
Powered by blists - more mailing lists