| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202505021337.DCC59E49@keescook> Date: Fri, 2 May 2025 13:39:15 -0700 From: Kees Cook <kees@...nel.org> To: Masahiro Yamada <masahiroy@...nel.org> Cc: Nathan Chancellor <nathan@...nel.org>, Nicolas Schier <nicolas.schier@...ux.dev>, linux-hardening@...r.kernel.org, linux-kbuild@...r.kernel.org, Petr Pavlu <petr.pavlu@...e.com>, Sebastian Andrzej Siewior <bigeasy@...utronix.de>, Justin Stitt <justinstitt@...gle.com>, Marco Elver <elver@...gle.com>, Andrey Konovalov <andreyknvl@...il.com>, Andrey Ryabinin <ryabinin.a.a@...il.com>, linux-kernel@...r.kernel.org, kasan-dev@...glegroups.com Subject: Re: [PATCH 1/3] gcc-plugins: Force full rebuild when plugins change On Thu, May 01, 2025 at 12:48:16PM -0700, Kees Cook wrote: > There was no dependency between the plugins changing and the rest of the > kernel being built. Enforce this by including a synthetic header file > when using plugins, that is regenerated any time the plugins are built. > > Signed-off-by: Kees Cook <kees@...nel.org> > --- > Cc: Masahiro Yamada <masahiroy@...nel.org> > Cc: Nathan Chancellor <nathan@...nel.org> > Cc: Nicolas Schier <nicolas.schier@...ux.dev> > Cc: <linux-hardening@...r.kernel.org> > Cc: <linux-kbuild@...r.kernel.org> > --- > scripts/Makefile.gcc-plugins | 2 +- > scripts/gcc-plugins/Makefile | 8 ++++++++ > 2 files changed, 9 insertions(+), 1 deletion(-) > > diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins > index 5b8a8378ca8a..b0d2b9ccf42c 100644 > --- a/scripts/Makefile.gcc-plugins > +++ b/scripts/Makefile.gcc-plugins > @@ -38,7 +38,7 @@ export DISABLE_STACKLEAK_PLUGIN > > # All the plugin CFLAGS are collected here in case a build target needs to > # filter them out of the KBUILD_CFLAGS. > -GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y)) > +GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y)) -include $(objtree)/scripts/gcc-plugins/deps.h This doesn't work[1] because CFLAGS_REMOVE and so many other places use filter-out (instead of subst) to remove flags, thinking flags are singular. But adding "-include path.h" means "-include" gets removed in a "$(filter-out $GCC_PLUGINS_CFLAGS, ...)" case. :( Ugh. -Kees [1] https://lore.kernel.org/r/202505021403.blhkPRXG-lkp@intel.com/ -- Kees Cook
Powered by blists - more mailing lists