| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250501193839.work.525-kees@kernel.org> Date: Thu, 1 May 2025 12:48:15 -0700 From: Kees Cook <kees@...nel.org> To: Masahiro Yamada <masahiroy@...nel.org> Cc: Kees Cook <kees@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Nicolas Schier <nicolas.schier@...ux.dev>, Petr Pavlu <petr.pavlu@...e.com>, Sebastian Andrzej Siewior <bigeasy@...utronix.de>, Justin Stitt <justinstitt@...gle.com>, Marco Elver <elver@...gle.com>, Andrey Konovalov <andreyknvl@...il.com>, Andrey Ryabinin <ryabinin.a.a@...il.com>, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org, linux-kbuild@...r.kernel.org, kasan-dev@...glegroups.com Subject: [PATCH 0/3] Detect changed compiler dependencies for full rebuild Hi, This is my attempt to introduce dependencies that track the various compiler behaviors that may globally change the build that aren't represented by either compiler flags nor the compiler version (CC_VERSION_TEXT). Namely, this is to detect when the contents of a file the compiler uses changes. We have 3 such situations currently in the tree: - If any of the GCC plugins change, we need to rebuild everything that was built with them, as they may have changed their behavior and those behaviors may need to be synchronized across all translation units. (The most obvious of these is the randstruct GCC plugin, but is true for most of them.) - If the randstruct seed itself changes (whether for GCC plugins or Clang), the entire tree needs to be rebuilt since the randomization of structures may change between compilation units if not. - If the integer-wrap-ignore.scl file for Clang's integer wrapping sanitizer changes, a full rebuild is needed as the coverage for wrapping types may have changed, once again cause behavior differences between compilation units. The best way I found to deal with this is to use a -include argument for each of the above cases, which causes fixdep to pick up the file and naturally depend on it causing the build to notice any date stamp changes. Each case updates its .h file when its internal dependencies change. -Kees Kees Cook (3): gcc-plugins: Force full rebuild when plugins change randstruct: Force full rebuild when seed changes integer-wrap: Force full rebuild when .scl file changes include/linux/vermagic.h | 1 - scripts/Makefile.gcc-plugins | 2 +- scripts/Makefile.randstruct | 3 ++- scripts/Makefile.ubsan | 1 + scripts/basic/Makefile | 20 +++++++++++++++----- scripts/gcc-plugins/Makefile | 8 ++++++++ 6 files changed, 27 insertions(+), 8 deletions(-) -- 2.34.1
Powered by blists - more mailing lists