lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <202504290951.8C3D7C7653@keescook>
Date: Tue, 29 Apr 2025 09:52:54 -0700
From: Kees Cook <kees@...nel.org>
To: Nicolas Schier <n.schier@....de>
Cc: Miguel Ojeda <ojeda@...nel.org>, Alex Gaynor <alex.gaynor@...il.com>,
	Boqun Feng <boqun.feng@...il.com>, Gary Guo <gary@...yguo.net>,
	Björn Roy Baron <bjorn3_gh@...tonmail.com>,
	Benno Lossin <benno.lossin@...ton.me>,
	Andreas Hindborg <a.hindborg@...nel.org>,
	Alice Ryhl <aliceryhl@...gle.com>, Trevor Gross <tmgross@...ch.edu>,
	Danilo Krummrich <dakr@...nel.org>,
	Masahiro Yamada <masahiroy@...nel.org>,
	Nicolas Schier <nicolas.schier@...ux.dev>,
	linux-hardening@...r.kernel.org, linux-kbuild@...r.kernel.org,
	linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org
Subject: Re: [PATCH] randstruct: Rebuild completely if randstruct.seed changes

On Tue, Apr 29, 2025 at 02:59:13PM +0200, Nicolas Schier wrote:
> Include generated/randstruct_hash.h in linux/compiler-version.h to force
> a complete rebuild if CONFIG_RANDSTRUCT is enabled and randstruct.seed
> changes.
> 
> Removal or change of scripts/basic/randstruct.seed leads to a remake of
> generated/randstruct_hash.h.  As linux/compiler-version.h is a
> hard-coded include for every kbuild induced compilation, conditionally
> adding generated/randstruct_hash.h there adds it as build-dependency to
> each object file.

This does technically work, but this feels like the wrong solution.
Also, this won't work for another case where I need a similar thing: if
the .scl file for the integer sanitizer changes, we need to do the same
full rebuild, and that's not a C file.

I think we need to explicitly inject something into fixdep...

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ