Re: [PATCH 01/30] gcc-plugins: fix build condition of SANCOV plugin
From: Kees Cook
Date: Fri May 04 2018 - 12:21:22 EST
On Fri, May 4, 2018 at 7:21 AM, Masahiro Yamada
<yamada.masahiro@xxxxxxxxxxxxx> wrote:
> Hi Kees,
>
>
> 2018-04-13 14:06 GMT+09:00 Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx>:
>> Since commit d677a4d60193 ("Makefile: support flag
>> -fsanitizer-coverage=trace-cmp"), you miss to build the SANCOV
>> plugin under some circumstances.
>>
>> CONFIG_KCOV=y
>> CONFIG_KCOV_ENABLE_COMPARISONS=y
>> Your compiler does not support -fsanitize-coverage=trace-pc
>> Your compiler does not support -fsanitize-coverage=trace-cmp
>>
>> Under this condition, $(CFLAGS_KCOV) is not empty but contains a
>> space, so the following ifeq-conditional is false.
>>
>> ifeq ($(CFLAGS_KCOV),)
>>
>> Then, scripts/Makefile.gcc-plugins misses to add sancov_plugin.so to
>> gcc-plugin-y while the SANCOV plugin is necessary as an alternative
>> means.
>>
>> Fixes: d677a4d60193 ("Makefile: support flag -fsanitizer-coverage=trace-cmp")
>> Signed-off-by: Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx>
>> ---
>
>
> I am planning to queue this up to the fixes branch
> since this is a bug fix.
>
> Do you have any comment on this?
Looks fine to me; thanks!
Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>
-Kees
>
>
>
>
>
>> Changes in v3:
>> - newly added
>>
>> Changes in v2: None
>>
>> scripts/Makefile.gcc-plugins | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
>> index b2a95af..7f5c862 100644
>> --- a/scripts/Makefile.gcc-plugins
>> +++ b/scripts/Makefile.gcc-plugins
>> @@ -14,7 +14,7 @@ ifdef CONFIG_GCC_PLUGINS
>> endif
>>
>> ifdef CONFIG_GCC_PLUGIN_SANCOV
>> - ifeq ($(CFLAGS_KCOV),)
>> + ifeq ($(strip $(CFLAGS_KCOV)),)
>> # It is needed because of the gcc-plugin.sh and gcc version checks.
>> gcc-plugin-$(CONFIG_GCC_PLUGIN_SANCOV) += sancov_plugin.so
>>
>> --
>> 2.7.4
>>
>
>
>
> --
> Best Regards
> Masahiro Yamada
--
Kees Cook
Pixel Security