Re: [kernel-hardening] [PATCH v5 2/5] GCC plugin infrastructure

From: Kees Cook
Date: Wed Mar 09 2016 - 15:50:38 EST


On Wed, Mar 9, 2016 at 1:01 AM, David Brown <david.brown@xxxxxxxxxx> wrote:
> On Mon, Mar 07, 2016 at 12:04:27AM +0100, Emese Revfy wrote:
>
>> This patch allows to build the whole kernel with GCC plugins. It was
>> ported from
>> grsecurity/PaX. The infrastructure supports building out-of-tree modules
>> and
>> building in a separate directory. Cross-compilation is supported too but
>> currently only the x86 architecture enables plugins.
>
>
> I've tested this with both ARM and ARM64. There are some missing
> headers in the arm64 gcc, reported here:
> https://bugs.linaro.org/show_bug.cgi?id=2123 (also upstream), but this
> should work once that is fixed.
>
> Feel free to fold these into your patch, or, if you prefer, I can send
> out separate patches for them.

Ah-ha, great! Thanks for testing!

Emese, if you're not interested in carrying this, I can add it to my tree.

-Kees

>
> Signed-off-by: David Brown <david.brown@xxxxxxxxxx>
>
> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
> index 4f799e5..67ee8e3 100644
> --- a/arch/arm/Kconfig
> +++ b/arch/arm/Kconfig
> @@ -54,6 +54,7 @@ config ARM
> select HAVE_FUNCTION_GRAPH_TRACER if (!THUMB2_KERNEL)
> select HAVE_FUNCTION_TRACER if (!XIP_KERNEL)
> select HAVE_GENERIC_DMA_COHERENT
> + select HAVE_GCC_PLUGINS
> select HAVE_HW_BREAKPOINT if (PERF_EVENTS && (CPU_V6 || CPU_V6K ||
> CPU_V7))
> select HAVE_IDE if PCI || ISA || PCMCIA
> select HAVE_IRQ_TIME_ACCOUNTING
> diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
> index 8cc6228..6d6e4f8 100644
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -70,6 +70,7 @@ config ARM64
> select HAVE_FTRACE_MCOUNT_RECORD
> select HAVE_FUNCTION_TRACER
> select HAVE_FUNCTION_GRAPH_TRACER
> + select HAVE_GCC_PLUGINS
> select HAVE_GENERIC_DMA_COHERENT
> select HAVE_HW_BREAKPOINT if PERF_EVENTS
> select HAVE_IRQ_TIME_ACCOUNTING
> --



--
Kees Cook
Chrome OS & Brillo Security