Date: Tue, 1 Mar 2016 11:16:23 -0800 From: Kees Cook <keescook@...omium.org> To: Emese Revfy <re.emese@...il.com> Cc: linux-kbuild <linux-kbuild@...r.kernel.org>, PaX Team <pageexec@...email.hu>, Brad Spengler <spender@...ecurity.net>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Michal Marek <mmarek@...e.com>, Rasmus Villemoes <linux@...musvillemoes.dk>, Fengguang Wu <fengguang.wu@...el.com> Subject: Re: [PATCH v4 0/3] Introduce GCC plugin infrastructure On Tue, Mar 1, 2016 at 11:09 AM, Kees Cook <keescook@...omium.org> wrote: > On Tue, Mar 1, 2016 at 9:14 AM, Emese Revfy <re.emese@...il.com> wrote: >> This patch set introduce the GCC plugin infrastructure with examples for testing >> and documentation. >> >> GCC plugins are loadable modules that provide extra features to the compiler. >> They are useful for runtime instrumentation and static analysis. >> >> The infrastructure supports all gcc versions from 4.5 to 6.0, building >> out-of-tree modules and building in a separate directory. Cross-compilation >> is supported too but currently only the x86 architecture enables plugins. >> >> This infrastructure was ported from grsecurity/PaX. It is a CII project >> supported by the Linux Foundation. Oh, for future submissions, please include lkml itself too, just to get some more eyes on it. I'm intending to carry this for -next, so I don't want to unduly surprise anyone. :) -Kees >> >> Emese Revfy (3): >> GCC plugin infrastructure >> Add Cyclomatic complexity plugin >> Documentations of the GCC plugin infrastructre >> >> >> Changes from v3: >> * Fix some indentation related warnings >> (Suggested by checkpatch.pl) >> * Add maintainer entries >> * Don't run gcc_plugin.sh when the GCC_PLUGINS option is disabled or unsupported >> (Reported-by: Fengguang Wu <fengguang.wu@...el.com>) >> >> I found a kbuild bug (or feature?) related to this patch. When a config option is disabled >> then the symbol gets undefined only when you run make clean. >> The easiest way to reproduce it is with e.g., CC_STACKPROTECTOR_STRONG: > > Yeah, I fought this when adding _STRONG. It seems there are two > "phases" of Kbuild where it rebuilds the .config during phase 1 then > does the actual build in phase 2. I couldn't make the stack protector > detection kill the build because it would kill the config rewriter > too. So I had to leave it a warning and let the compiler die later > instead. > > -Kees > >> >> * patch in warning here: >> >> diff --git a/Makefile b/Makefile >> index a1a7708..9e6961f 100644 >> --- a/Makefile >> +++ b/Makefile >> @@ -664,6 +664,7 @@ ifdef CONFIG_CC_STACKPROTECTOR_REGULAR >> else >> ifdef CONFIG_CC_STACKPROTECTOR_STRONG >> stackp-flag := -fstack-protector-strong >> + $(warning AAAAAAAA) >> ifeq ($(call cc-option, $(stackp-flag)),) >> $(warning Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: \ >> -fstack-protector-strong not supported by compiler) >> >> * enable CC_STACKPROTECTOR_STRONG in menuconfig >> * run make and it prints out the "AAAAAAAA" >> * enable CC_STACKPROTECTOR_NONE in menuconfig >> * run make and it prints out the "AAAAAAAA" >> * run make clean, run make again and it doesn't print out the "AAAAAAAA" >> >> >> Changes from v2: >> * Fixed incorrectly encoded characters >> * Generate the GIMPLE, IPA, SIMPLE_IPA and RTL pass structures >> (Suggested-by: Rasmus Villemoes <linux@...musvillemoes.dk>) >> * Write plugin related warning messages to stderr instead of stdout >> (Suggested-by: Kees Cook <keescook@...omium.org>) >> * Mention the installation of the gcc plugin headers (Documentation) >> >> >> Changes from v1: >> * Move the gcc-plugins make target into a separate Makefile because there may >> be a lot of plugins (Suggested-by: Rasmus Villemoes) >> * Simplify the dependencies of the plugin related config option >> (Suggested-by: Kees Cook <keescook@...omium.org>) >> * Removed the unnecessary example plugin >> --- >> Documentation/dontdiff | 1 + >> Documentation/gcc-plugins.txt | 82 ++++ >> MAINTAINERS | 8 + >> Makefile | 41 +- >> arch/Kconfig | 24 + >> arch/x86/Kconfig | 1 + >> init/Makefile | 3 + >> scripts/Makefile.build | 2 +- >> scripts/Makefile.clean | 3 +- >> scripts/Makefile.gcc-plugins | 32 ++ >> scripts/Makefile.host | 69 ++- >> scripts/gcc-plugin.sh | 51 ++ >> scripts/link-vmlinux.sh | 2 +- >> scripts/package/builddeb | 1 + >> tools/gcc/Makefile | 19 + >> tools/gcc/cyc_complexity_plugin.c | 73 +++ >> tools/gcc/gcc-common.h | 803 +++++++++++++++++++++++++++++++ >> tools/gcc/gcc-generate-gimple-pass.h | 173 +++++++ >> tools/gcc/gcc-generate-ipa-pass.h | 287 +++++++++++ >> tools/gcc/gcc-generate-rtl-pass.h | 173 +++++++ >> tools/gcc/gcc-generate-simple_ipa-pass.h | 173 +++++++ >> 21 files changed, 2006 insertions(+), 15 deletions(-) > > > > -- > Kees Cook > Chrome OS & Brillo Security -- Kees Cook Chrome OS & Brillo Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.