Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp3342432pxb; Mon, 25 Jan 2021 13:21:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJyFjGVCUDL7+Gs1YNMCZ/+8WrAwHYM46h+FapXPNCAPg7AD7c6hf0aMEtC1m0G1Fs4O4hoi X-Received: by 2002:a50:f0cc:: with SMTP id a12mr2137451edm.219.1611609712929; Mon, 25 Jan 2021 13:21:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611609712; cv=none; d=google.com; s=arc-20160816; b=Zumh6DTrjFnwuE4/z4uA4KfKXS8AWnQQWTisah1iI1XRyRZFh3OVDT8GZdYPJcmbai vCy3ZjBB5DBB6h1xP+kNH3Pqf4rX6MLID0v8wZIEWcjWDa6YAwNDF5s9bgC/5lckwYms 2qjrzHGJzHIHDBTuN66KbXp82WRSgBGJr12+ASNH2xKjliy8oOj0uBENv6guEgCJOVj5 jT6HK1lmZeW9Ioom9QTjWmAPhQeypxrie2K2RihDpJwj5lrM2zvVX1KqZc7sCgE6WKK4 z8jLeVw6XD8fi+yEciqI93YuWCsgQheP2CD631BswZe3E7xculUUYobAM51WtCmeAayG oxUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature:dkim-filter; bh=UBtSR4SngVZcF8xuMqiB6wAgmObrFSnj0hR3SZnjGx0=; b=aFhXPSge01lnQLM8q6GctzgJN/2OY7BBFlsVdu+RoaCUemkNr9cRHHJWinwlgvjF/u 5C+HExXJlFOgslulqrFdy0OTxTST+9B26b5bkbkvLN2oWMEIjPOHlEJF6+kDJ7zp/xID 68GIHsl7Klw6WQaH4vXvymNJZGcU5WReB/nM75MJuYJbkhZfst/qAkxRnxQxlOTvjlYO beKt597/CMZbFnk14y8r/tCnWA9CSArl1qql15stfbvOyRZr+AUvBtqaSvLlGdlL3A85 bnx+t22qZJi/VBHeZDpXYrCyOisR7/uLXTCQTCGxlxUthn/k+R8xRfwrUJPPlVc+534M /FVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=fW3IypG7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a42si8461750edf.469.2021.01.25.13.21.28; Mon, 25 Jan 2021 13:21:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=fW3IypG7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732642AbhAYVTq (ORCPT + 99 others); Mon, 25 Jan 2021 16:19:46 -0500 Received: from conssluserg-06.nifty.com ([210.131.2.91]:64935 "EHLO conssluserg-06.nifty.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732444AbhAYVR5 (ORCPT ); Mon, 25 Jan 2021 16:17:57 -0500 Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) (authenticated) by conssluserg-06.nifty.com with ESMTP id 10PLGee1021843; Tue, 26 Jan 2021 06:16:40 +0900 DKIM-Filter: OpenDKIM Filter v2.10.3 conssluserg-06.nifty.com 10PLGee1021843 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com; s=dec2015msa; t=1611609401; bh=UBtSR4SngVZcF8xuMqiB6wAgmObrFSnj0hR3SZnjGx0=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=fW3IypG7DU0Sy2lJtuivc8NXYOkwYgV1o24luqg5jMlQ7htBZVHMwK1Bg+83r1pZX XU1ojvBCOeiW6XLA8AUFPtvMILO1Zzy/w4jaYAuqh0sQD0bXQiXUArRl2jZ9uO0LA6 GwwHRaBChHy2gH7+l+cqefFpB3/kTTJbcTNwH/Hqpqo9d4m7fIRGGTap/fcXErVJoh BKbTy/7Y8ztwNzH/aS0NLbVjcih88Gzwqxp+kl5XjU0MhCJj8olKks2xBqphOQRrlG d8gJFMz7qLN396NBHwtMwuLwHjtVVbHN5bN6dv0gYLyG2Ih/kA4lB0VLlOb+IYvH4T pjafarslnPZdQ== X-Nifty-SrcIP: [209.85.216.51] Received: by mail-pj1-f51.google.com with SMTP id l18so425615pji.3; Mon, 25 Jan 2021 13:16:40 -0800 (PST) X-Gm-Message-State: AOAM531aIFflY0j4930lDxf+sxYAFpQIbvXlkL+p40BNs4wq6xLkpvgM fA64PJiXkMvCQ9xOdDD2hStH4Z9dsDKGR6KFxFE= X-Received: by 2002:a17:90a:5403:: with SMTP id z3mr2231069pjh.198.1611609399736; Mon, 25 Jan 2021 13:16:39 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Masahiro Yamada Date: Tue, 26 Jan 2021 06:16:01 +0900 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH RFC] gcc-plugins: Handle GCC version mismatch for OOT modules To: Josh Poimboeuf Cc: Kees Cook , Linux Kernel Mailing List , Michal Marek , linux-hardening@vger.kernel.org, Linux Kbuild mailing list , Peter Zijlstra , Justin Forbes , Ondrej Mosnacek Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 26, 2021 at 5:42 AM Josh Poimboeuf wrote: > > When building out-of-tree kernel modules, the build system doesn't > require the GCC version to match the version used to build the original > kernel. That's probably [1] fine. > > In fact, for many distros, the version of GCC used to build the latest > kernel doesn't necessarily match the latest released GCC, so a GCC > mismatch turns out to be pretty common. And with CONFIG_MODVERSIONS > it's probably more common. > > So a lot of users have come to rely on being able to use a different > version of GCC when building OOT modules. > > But with GCC plugins enabled, that's no longer allowed: > > cc1: error: incompatible gcc/plugin versions > cc1: error: failed to initialize plugin ./scripts/gcc-plugins/structleak_plugin.so > > That error comes from the plugin's call to > plugin_default_version_check(), which strictly enforces the GCC version. > The strict check makes sense, because there's nothing to prevent the GCC > plugin ABI from changing -- and it often does. > > But failing the build isn't necessary. For most plugins, OOT modules > will otherwise work just fine without the plugin instrumentation. > > When a GCC version mismatch is detected, print a warning and disable the > plugin. The only exception is the RANDSTRUCT plugin which needs all > code to see the same struct layouts. In that case print an error. > > [1] Ignoring, for the moment, that the kernel now has > toolchain-dependent kconfig options, which can silently disable > features and cause havoc when compiler versions differ, or even when > certain libraries are missing. This is a separate problem which > also needs to be addressed. > > Reported-by: Ondrej Mosnacek > Signed-off-by: Josh Poimboeuf > --- We are based on the assumption that we use the same compiler for in-tree and out-of-tree. If people use a different compiler, they must be prepared for any possible problem. Using different compiler flags for in-tree and out-of-tree is even more dangerous. For example, CONFIG_GCC_PLUGIN_RANDSTRUCT is enabled for in-tree build, and then disabled for out-of-tree modules, the struct layout will mismatch, won't it? This patch is ugly, and not doing the right thing. > scripts/Makefile.gcc-plugins | 19 +++++++++++++++++++ > scripts/Makefile.kcov | 11 +++++++++++ > 2 files changed, 30 insertions(+) > > diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins > index 952e46876329..7227692fba59 100644 > --- a/scripts/Makefile.gcc-plugins > +++ b/scripts/Makefile.gcc-plugins > @@ -51,6 +51,25 @@ export DISABLE_ARM_SSP_PER_TASK_PLUGIN > GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y)) > # The sancov_plugin.so is included via CFLAGS_KCOV, so it is removed here. > GCC_PLUGINS_CFLAGS := $(filter-out %/sancov_plugin.so, $(GCC_PLUGINS_CFLAGS)) > + > +# Out-of-tree module check: If there's a GCC version mismatch, disable plugins > +# and print a warning. Otherwise the OOT module build will fail due to > +# plugin_default_version_check(). > +ifneq ($(GCC_PLUGINS_CFLAGS),) > + ifneq ($(KBUILD_EXTMOD),) > + ifneq ($(CONFIG_GCC_VERSION), $(shell $(srctree)/scripts/gcc-version.sh $(HOSTCXX))) > + > + ifdef CONFIG_GCC_PLUGIN_RANDSTRUCT > + $(error error: CONFIG_GCC_PLUGIN_RANDSTRUCT requires out-of-tree modules to be built using the same GCC version as the kernel.) > + endif > + > + $(warning warning: Disabling GCC plugins for out-of-tree modules due to GCC version mismatch.) > + $(warning warning: The following plugins have been disabled: $(gcc-plugin-y)) > + GCC_PLUGINS_CFLAGS := > + endif > + endif > +endif > + > export GCC_PLUGINS_CFLAGS > > # Add the flags to the build! > diff --git a/scripts/Makefile.kcov b/scripts/Makefile.kcov > index 67e8cfe3474b..63a2bc2aabb2 100644 > --- a/scripts/Makefile.kcov > +++ b/scripts/Makefile.kcov > @@ -3,4 +3,15 @@ kcov-flags-$(CONFIG_CC_HAS_SANCOV_TRACE_PC) += -fsanitize-coverage=trace-pc > kcov-flags-$(CONFIG_KCOV_ENABLE_COMPARISONS) += -fsanitize-coverage=trace-cmp > kcov-flags-$(CONFIG_GCC_PLUGIN_SANCOV) += -fplugin=$(objtree)/scripts/gcc-plugins/sancov_plugin.so > > +# Out-of-tree module check for GCC version mismatch. > +# See the similar check in scripts/Makefile.gcc-plugins > +ifneq ($(CONFIG_GCC_PLUGIN_SANCOV),) > + ifneq ($(KBUILD_EXTMOD),) > + ifneq ($(CONFIG_GCC_VERSION), $(shell $(srctree)/scripts/gcc-version.sh $(HOSTCXX))) > + $(warning warning: Disabling CONFIG_GCC_PLUGIN_SANCOV for out-of-tree modules due to GCC version mismatch.) > + kcov-flags-y := $(filter-out %/sancov_plugin.so, $(kcov-flags-y)) > + endif > + endif > +endif > + > export CFLAGS_KCOV := $(kcov-flags-y) > -- > 2.29.2 > -- Best Regards Masahiro Yamada