Re: [PATCH 1/3] gcc-plugins: Force full rebuild when plugins change
From: Kees Cook
Date: Fri May 02 2025 - 16:39:24 EST
On Thu, May 01, 2025 at 12:48:16PM -0700, Kees Cook wrote:
> There was no dependency between the plugins changing and the rest of the
> kernel being built. Enforce this by including a synthetic header file
> when using plugins, that is regenerated any time the plugins are built.
>
> Signed-off-by: Kees Cook <kees@xxxxxxxxxx>
> ---
> Cc: Masahiro Yamada <masahiroy@xxxxxxxxxx>
> Cc: Nathan Chancellor <nathan@xxxxxxxxxx>
> Cc: Nicolas Schier <nicolas.schier@xxxxxxxxx>
> Cc: <linux-hardening@xxxxxxxxxxxxxxx>
> Cc: <linux-kbuild@xxxxxxxxxxxxxxx>
> ---
> scripts/Makefile.gcc-plugins | 2 +-
> scripts/gcc-plugins/Makefile | 8 ++++++++
> 2 files changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
> index 5b8a8378ca8a..b0d2b9ccf42c 100644
> --- a/scripts/Makefile.gcc-plugins
> +++ b/scripts/Makefile.gcc-plugins
> @@ -38,7 +38,7 @@ export DISABLE_STACKLEAK_PLUGIN
>
> # All the plugin CFLAGS are collected here in case a build target needs to
> # filter them out of the KBUILD_CFLAGS.
> -GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y))
> +GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y)) -include $(objtree)/scripts/gcc-plugins/deps.h
This doesn't work[1] because CFLAGS_REMOVE and so many other places use
filter-out (instead of subst) to remove flags, thinking flags are
singular. But adding "-include path.h" means "-include" gets removed in
a "$(filter-out $GCC_PLUGINS_CFLAGS, ...)" case. :(
Ugh.
-Kees
[1] https://lore.kernel.org/r/202505021403.blhkPRXG-lkp@xxxxxxxxx/
--
Kees Cook