On Tue, Jan 26, 2021 at 7:03 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> On Mon, Jan 25, 2021 at 02:42:10PM -0600, Josh Poimboeuf wrote:
> > When a GCC version mismatch is detected, print a warning and disable the
> > plugin. The only exception is the RANDSTRUCT plugin which needs all
> > code to see the same struct layouts. In that case print an error.
>
> I prefer this patch as-is: only randstruct needs a hard failure. The
> others likely work (in fact, randstruct likely works too).
>
> Masahiro, are you suggesting to be a hard-failure for all plugins?
Yes.
I want to require
"I swear to use the same compiler version for external modules"
when you enable GCC plugins.
config CC_VERSION_CHECK_FOR_EXTERNAL_MODULES
bool "Check the compiler version before building external modules"
help
If this option is enabled, the compiler version is checked
before building external modules. This ensures the same
compiler is used for the kernel and external modules.
config GCC_PLUGINS
...
depends on CC_VERSION_CHECK_FOR_EXTERNAL_MODULES
In Makefile, check the version for out-of-tree modules
if CONFIG_CC_VERSION_CHECK_FOR_EXTERNAL_MODULES.
There is no difference in the fact that
you cannot use a different compiler for external modules
if CONFIG_GCC_PLUGINS=y.
We started with the assumption that modules must be compiled
by the same compiler as the kernel was.
https://lore.kernel.org/patchwork/patch/836247/#1031547
Now that the compiler capability is evaluated in Kconfig,
this is a harder requirement.
In reality, a different compiler might be used,
and, this requirement might be loosened, but
the same compiler should be required for CONFIG_GCC_PLUGINS.
--
Best Regards
Masahiro Yamada
