|
Message-ID: <CAGXu5jJUvcCTOt1-Jy5YzG=HebacAeC9sbsUw5O4HMJ8UWy3Ow@mail.gmail.com> Date: Thu, 21 Apr 2016 09:55:54 -0700 From: Kees Cook <keescook@...omium.org> To: Masahiro Yamada <yamada.masahiro@...ionext.com> Cc: Emese Revfy <re.emese@...il.com>, Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>, PaX Team <pageexec@...email.hu>, Brad Spengler <spender@...ecurity.net>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Michal Marek <mmarek@...e.com>, Rasmus Villemoes <linux@...musvillemoes.dk>, Fengguang Wu <fengguang.wu@...el.com>, Dmitry Vyukov <dvyukov@...gle.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, David Brown <david.brown@...aro.org> Subject: Re: [PATCH v6 2/6] GCC plugin infrastructure On Tue, Apr 12, 2016 at 7:35 PM, Masahiro Yamada <yamada.masahiro@...ionext.com> wrote: > Hi Emese, > > > 2016-04-08 6:13 GMT+09:00 Emese Revfy <re.emese@...il.com>: > >> diff --git a/Makefile b/Makefile >> index 173437d..3af7b9e 100644 >> --- a/Makefile >> +++ b/Makefile >> @@ -418,6 +418,8 @@ export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE >> export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL >> export KBUILD_ARFLAGS >> >> +export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS >> + >> # When compiling out-of-tree modules, put MODVERDIR in the module >> # tree rather than in the kernel tree. The kernel tree might >> # even be read-only. >> @@ -548,7 +550,7 @@ ifeq ($(KBUILD_EXTMOD),) >> # in parallel >> PHONY += scripts >> scripts: scripts_basic include/config/auto.conf include/config/tristate.conf \ >> - asm-generic >> + asm-generic gcc-plugins >> $(Q)$(MAKE) $(build)=$(@) >> >> # Objects we will link into vmlinux / subdirs we need to visit >> @@ -623,6 +625,15 @@ endif >> # Tell gcc to never replace conditional load with a non-conditional one >> KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) >> >> +PHONY += gcc-plugins >> +gcc-plugins: scripts_basic >> +ifdef CONFIG_GCC_PLUGINS >> + $(Q)$(MAKE) $(build)=scripts/gcc-plugins >> +endif >> + @: >> + >> +include scripts/Makefile.gcc-plugins >> + >> ifdef CONFIG_READABLE_ASM >> # Disable optimizations that make assembler listings hard to read. >> # reorder blocks reorders the control in the function >> @@ -949,6 +960,8 @@ endif >> >> # The actual objects are generated when descending, >> # make sure no implicit rule kicks in >> +$(filter-out $(init-y),$(vmlinux-deps)): KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) >> +$(filter-out $(init-y),$(vmlinux-deps)): KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) >> $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; > > I do not get your intention here. > > It looks like you are trying to omit plugin flags for init/ directory. > (Actually this code is not working, though) > > Then, you add plug the following lines to init/Makefile > > +ccflags-y := $(GCC_PLUGINS_CFLAGS) > +asflags-y := $(GCC_PLUGINS_AFLAGS) > > > > > > >> # Handle descending into subdirectories listed in $(vmlinux-dirs) >> @@ -1001,10 +1014,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ >> >> archprepare: archheaders archscripts prepare1 scripts_basic >> >> -prepare0: archprepare FORCE >> +prepare0: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) >> +prepare0: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) >> +prepare0: archprepare gcc-plugins FORCE >> $(Q)$(MAKE) $(build)=. >> >> # All the preparing.. >> +prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) >> prepare: prepare0 prepare-objtool >> >> ifdef CONFIG_STACK_VALIDATION >> @@ -1137,6 +1153,8 @@ all: modules >> # using awk while concatenating to the final file. >> >> PHONY += modules >> +modules: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) >> +modules: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) >> modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin >> $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order >> @$(kecho) ' Building modules, stage 2.'; >> @@ -1257,7 +1275,7 @@ distclean: mrproper >> @find $(srctree) $(RCS_FIND_IGNORE) \ >> \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ >> -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ >> - -o -name '.*.rej' -o -name '*%' -o -name 'core' \) \ >> + -o -name '.*.rej' -o -name '*.so' -o -name '*%' -o -name 'core' \) \ >> -type f -print | xargs rm -f >> >> >> @@ -1426,6 +1444,8 @@ PHONY += $(module-dirs) modules >> $(module-dirs): crmodverdir $(objtree)/Module.symvers >> $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) >> >> +modules: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) >> +modules: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) >> modules: $(module-dirs) >> @$(kecho) ' Building modules, stage 2.'; >> $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost >> @@ -1567,10 +1587,14 @@ else >> target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) >> endif >> >> +%.s: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) >> +%.s: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) >> %.s: %.c prepare scripts FORCE >> $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) >> %.i: %.c prepare scripts FORCE >> $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) >> +%.o: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) >> +%.o: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) >> %.o: %.c prepare scripts FORCE >> $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) >> %.lst: %.c prepare scripts FORCE >> @@ -1589,10 +1613,14 @@ endif >> $(build)=$(build-dir) >> # Make sure the latest headers are built for Documentation >> Documentation/: headers_install >> +%/: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) >> +%/: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) >> %/: prepare scripts FORCE >> $(cmd_crmodverdir) >> $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ >> $(build)=$(build-dir) >> +%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) >> +%.ko: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) >> %.ko: prepare scripts FORCE >> $(cmd_crmodverdir) >> $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ > > > Why do you need to sprinkle "KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)" > here and there? > > > Unless I am missing something, I think the following should work. > > > > diff --git a/Makefile b/Makefile > index 5d65f4b..f85420b 100644 > --- a/Makefile > +++ b/Makefile > @@ -962,8 +962,6 @@ endif > > # The actual objects are generated when descending, > # make sure no implicit rule kicks in > -$(filter-out $(init-y),$(vmlinux-deps)): KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) > -$(filter-out $(init-y),$(vmlinux-deps)): KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) > $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; > > # Handle descending into subdirectories listed in $(vmlinux-dirs) > @@ -1016,13 +1014,10 @@ prepare1: prepare2 $(version_h) > include/generated/utsrelease.h > > archprepare: archheaders archscripts prepare1 scripts_basic > > -prepare0: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) > -prepare0: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) > prepare0: archprepare gcc-plugins FORCE > $(Q)$(MAKE) $(build)=. > > # All the preparing.. > -prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) > prepare: prepare0 prepare-objtool > > ifdef CONFIG_STACK_VALIDATION > @@ -1155,8 +1150,6 @@ all: modules > # using awk while concatenating to the final file. > > PHONY += modules > -modules: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) > -modules: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) > modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin > $(Q)$(AWK) '!x[$$0]++' > $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtre > @$(kecho) ' Building modules, stage 2.'; > @@ -1446,8 +1439,6 @@ PHONY += $(module-dirs) modules > $(module-dirs): crmodverdir $(objtree)/Module.symvers > $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) > > -modules: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) > -modules: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) > modules: $(module-dirs) > @$(kecho) ' Building modules, stage 2.'; > $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost > @@ -1589,14 +1580,10 @@ else > target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) > endif > > -%.s: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) > -%.s: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) > %.s: %.c prepare scripts FORCE > $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) > %.i: %.c prepare scripts FORCE > $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) > -%.o: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) > -%.o: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) > %.o: %.c prepare scripts FORCE > $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) > %.lst: %.c prepare scripts FORCE > @@ -1615,14 +1602,10 @@ endif > $(build)=$(build-dir) > # Make sure the latest headers are built for Documentation > Documentation/: headers_install > -%/: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) > -%/: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) > %/: prepare scripts FORCE > $(cmd_crmodverdir) > $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ > $(build)=$(build-dir) > -%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) > -%.ko: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) > %.ko: prepare scripts FORCE > $(cmd_crmodverdir) > $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ > diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins > index 25a70fb..34d6224 100644 > --- a/scripts/Makefile.gcc-plugins > +++ b/scripts/Makefile.gcc-plugins > @@ -26,4 +26,6 @@ ifdef CONFIG_GCC_PLUGINS > endif > endif > > + KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) > + > endif > > > > > > > -- > Best Regards > Masahiro Yamada Hi Emese, Any update on this? I'd love to see if we can land the plug-in infrastructure soon. Thanks! -Kees -- Kees Cook Chrome OS & Brillo Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.