On Thu, Mar 04, 2021 at 08:25:00PM -0600, Josh Poimboeuf wrote: > On Thu, Mar 04, 2021 at 03:37:14PM -0800, Linus Torvalds wrote: > > On Thu, Mar 4, 2021 at 3:20 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > > > > > This seems fine to me, but I want to make sure Josh has somewhere to > > > actually go with this. Josh, does this get you any closer? > > No, this doesn't seem to help me at all. > > > > It sounds like the plugins need to move to another location for > > > packaged kernels? > > > > Well, it might be worth extending the stuff that gets installed with > > /lib/modules/<kernel-version>/ with enough information and > > infrastruvcture to then build any external modules. > > The gcc plugins live in scripts/, which get installed by "make > modules_install" already. So the plugins' source and makefiles are in > /lib/modules/<kernel-version>/build/scripts/gcc-plugins. > > So everything needed for building the plugins is already there. We just > need the kernel makefiles to rebuild the plugins locally, when building > an external module. This seems to work with very limited testing... Based on top of Masahiro's recent patch: https://lkml.kernel.org/r/CAK7LNARHoTnZ3gAvHgnYB4n-wYuboxC10A6zURh1ODGhxWd2yA@xxxxxxxxxxxxxx From: Josh Poimboeuf <jpoimboe@xxxxxxxxxx> Subject: [PATCH] gcc-plugins: Rebuild plugins in external module directory When building external kernel modules, the build system doesn't require the GCC version to match the version used to build the original kernel. In fact, most distros release the compiler and the kernel in separate packages, with separate release cadences. So it's not uncommon for mismatches to occur. But with GCC plugins enabled, that's no longer allowed: cc1: error: incompatible gcc/plugin versions cc1: error: failed to initialize plugin ./scripts/gcc-plugins/structleak_plugin.so That error comes from the plugin's call to plugin_default_version_check(), which strictly enforces the GCC version. The strict check makes sense, because there's nothing to prevent the GCC plugin ABI from changing, and it often does. Since plugins are tightly tied to the compiler version, just rebuild them locally in the external module directory, and then use the local version in the external module build. Reported-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> Signed-off-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx> --- Makefile | 1 + scripts/Makefile.gcc-plugins | 2 +- scripts/gcc-plugins/Makefile | 8 ++++++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index bc208886fcce..90c6656de224 100644 --- a/Makefile +++ b/Makefile @@ -1784,6 +1784,7 @@ prepare: echo " The kernel was built by: "$(CONFIG_CC_VERSION_TEXT); \ echo " You are using: $(CC_VERSION_TEXT)"; \ fi + $(Q)$(MAKE) $(build)=scripts/gcc-plugins PHONY += help help: diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins index 952e46876329..be4303678942 100644 --- a/scripts/Makefile.gcc-plugins +++ b/scripts/Makefile.gcc-plugins @@ -48,7 +48,7 @@ export DISABLE_ARM_SSP_PER_TASK_PLUGIN # All the plugin CFLAGS are collected here in case a build target needs to # filter them out of the KBUILD_CFLAGS. -GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y)) +GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(if $(KBUILD_EXTMOD),$(KBUILD_EXTMOD),$(objtree))/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y)) # The sancov_plugin.so is included via CFLAGS_KCOV, so it is removed here. GCC_PLUGINS_CFLAGS := $(filter-out %/sancov_plugin.so, $(GCC_PLUGINS_CFLAGS)) export GCC_PLUGINS_CFLAGS diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile index b5487cce69e8..9f8e2ef3ab56 100644 --- a/scripts/gcc-plugins/Makefile +++ b/scripts/gcc-plugins/Makefile @@ -1,10 +1,14 @@ # SPDX-License-Identifier: GPL-2.0 -$(obj)/randomize_layout_plugin.so: $(objtree)/$(obj)/randomize_layout_seed.h +ifneq ($(KBUILD_EXTMOD),) +override obj := $(KBUILD_EXTMOD)/$(obj) +endif + +$(obj)/randomize_layout_plugin.so: $(objtree)/$(src)/randomize_layout_seed.h quiet_cmd_create_randomize_layout_seed = GENSEED $@ cmd_create_randomize_layout_seed = \ $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h -$(objtree)/$(obj)/randomize_layout_seed.h: FORCE +$(objtree)/$(src)/randomize_layout_seed.h: FORCE $(call if_changed,create_randomize_layout_seed) targets += randomize_layout_seed.h randomize_layout_hash.h -- 2.29.2
