On Tue, Jan 26, 2021 at 02:59:57PM -0800, Kees Cook wrote: > On Tue, Jan 26, 2021 at 12:43:16PM -0600, Josh Poimboeuf wrote: > > On Tue, Jan 26, 2021 at 09:56:10AM -0800, Kees Cook wrote: > > > On Mon, Jan 25, 2021 at 04:19:53PM -0600, Josh Poimboeuf wrote: > > > > On Mon, Jan 25, 2021 at 02:03:07PM -0800, Kees Cook wrote: > > > > > On Mon, Jan 25, 2021 at 02:42:10PM -0600, Josh Poimboeuf wrote: > > > > > > When a GCC version mismatch is detected, print a warning and disable the > > > > > > plugin. The only exception is the RANDSTRUCT plugin which needs all > > > > > > code to see the same struct layouts. In that case print an error. > > > > > > > > > > I prefer this patch as-is: only randstruct needs a hard failure. The > > > > > others likely work (in fact, randstruct likely works too). > > > > > > > > I'm curious about this last statement, why would randstruct likely work? > > > > > > > > Even struct module has '__randomize_layout', wouldn't basic module init > > > > go splat? > > > > > > No; the seed is part of the generate includes -- you'll get the same > > > layout with the same seed. > > > > Right, but don't you need the plugin enabled to make use of that seed, > > so the structs get interpreted properly by the module? Or am I > > completely misunderstanding how this plugin works? > > Having the plugin enabled or not is part of the Kconfig ... you can't > build anything if you change Kconfig. I feel like I'm missing > something... I guess we crossed wires somehow. Backing up :-) The patch disables plugins when there's a GCC mismatch in the OOT module build, with the exception of RANDSTRUCT, for which it just errors out. When you said "randstruct likely works too" I thought you meant that RANDSTRUCT would likely work even if it were disabled in the OOT module build (i.e. if we removed the RANDSTRUCT special case from the patch). Or did you mean something else? Like using RANDSTRUCT with a different version of GCC would likely work? (I'm definitely not proposing we allow GCC mismatches for plugins, as I was told that plugins can break from one build to the next). -- Josh