tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

randstruct: Split randstruct Makefile and CFLAGS

To enable the new Clang randstruct implementation[1], move
randstruct into its own Makefile and split the CFLAGS from
GCC_PLUGINS_CFLAGS into RANDSTRUCT_CFLAGS.

[1] https://reviews.llvm.org/D121556

Cc: linux-hardening@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220503205503.3054173-5-keescook@chromium.org

Kees Cook 613f4b3e 595b893e

+24 -10
+1
Makefile
··· 1011 1011 include-$(CONFIG_KCSAN) += scripts/Makefile.kcsan 1012 1012 include-$(CONFIG_UBSAN) += scripts/Makefile.ubsan 1013 1013 include-$(CONFIG_KCOV) += scripts/Makefile.kcov 1014 + include-$(CONFIG_RANDSTRUCT) += scripts/Makefile.randstruct 1014 1015 include-$(CONFIG_GCC_PLUGINS) += scripts/Makefile.gcc-plugins 1015 1016 1016 1017 include $(addprefix $(srctree)/, $(include-y))
+1 -1
arch/arm/vdso/Makefile
··· 28 28 CFLAGS_REMOVE_vdso.o = -pg 29 29 30 30 # Force -O2 to avoid libgcc dependencies 31 - CFLAGS_REMOVE_vgettimeofday.o = -pg -Os $(GCC_PLUGINS_CFLAGS) 31 + CFLAGS_REMOVE_vgettimeofday.o = -pg -Os $(RANDSTRUCT_CFLAGS) $(GCC_PLUGINS_CFLAGS) 32 32 ifeq ($(c-gettimeofday-y),) 33 33 CFLAGS_vgettimeofday.o = -O2 34 34 else
+2 -1
arch/arm64/kernel/vdso/Makefile
··· 32 32 # -Wmissing-prototypes and -Wmissing-declarations are removed from 33 33 # the CFLAGS of vgettimeofday.c to make possible to build the 34 34 # kernel with CONFIG_WERROR enabled. 35 - CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE) -Os $(CC_FLAGS_SCS) $(GCC_PLUGINS_CFLAGS) \ 35 + CFLAGS_REMOVE_vgettimeofday.o = $(CC_FLAGS_FTRACE) -Os $(CC_FLAGS_SCS) \ 36 + $(RANDSTRUCT_CFLAGS) $(GCC_PLUGINS_CFLAGS) \ 36 37 $(CC_FLAGS_LTO) -Wmissing-prototypes -Wmissing-declarations 37 38 KASAN_SANITIZE := n 38 39 KCSAN_SANITIZE := n
+2 -1
arch/sparc/vdso/Makefile
··· 58 58 59 59 SPARC_REG_CFLAGS = -ffixed-g4 -ffixed-g5 -fcall-used-g5 -fcall-used-g7 60 60 61 - $(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(SPARC_REG_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) 61 + $(vobjs): KBUILD_CFLAGS := $(filter-out $(RANDSTRUCT_CFLAGS) $(GCC_PLUGINS_CFLAGS) $(SPARC_REG_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) 62 62 63 63 # 64 64 # vDSO code runs in userspace and -pg doesn't help with profiling anyway. ··· 88 88 KBUILD_CFLAGS_32 := $(filter-out -m64,$(KBUILD_CFLAGS)) 89 89 KBUILD_CFLAGS_32 := $(filter-out -mcmodel=medlow,$(KBUILD_CFLAGS_32)) 90 90 KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32)) 91 + KBUILD_CFLAGS_32 := $(filter-out $(RANDSTRUCT_CFLAGS),$(KBUILD_CFLAGS_32)) 91 92 KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32)) 92 93 KBUILD_CFLAGS_32 := $(filter-out $(SPARC_REG_CFLAGS),$(KBUILD_CFLAGS_32)) 93 94 KBUILD_CFLAGS_32 += -m32 -msoft-float -fpic
+2 -1
arch/x86/entry/vdso/Makefile
··· 91 91 endif 92 92 endif 93 93 94 - $(vobjs): KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) 94 + $(vobjs): KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_LTO) $(RANDSTRUCT_CFLAGS) $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) 95 95 96 96 # 97 97 # vDSO code runs in userspace and -pg doesn't help with profiling anyway. ··· 148 148 KBUILD_CFLAGS_32 := $(filter-out -mcmodel=kernel,$(KBUILD_CFLAGS_32)) 149 149 KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32)) 150 150 KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32)) 151 + KBUILD_CFLAGS_32 := $(filter-out $(RANDSTRUCT_CFLAGS),$(KBUILD_CFLAGS_32)) 151 152 KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32)) 152 153 KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32)) 153 154 KBUILD_CFLAGS_32 := $(filter-out $(CC_FLAGS_LTO),$(KBUILD_CFLAGS_32))
+2 -6
scripts/Makefile.gcc-plugins
··· 22 22 gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STRUCTLEAK) \ 23 23 += -DSTRUCTLEAK_PLUGIN 24 24 25 - gcc-plugin-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) += randomize_layout_plugin.so 26 - gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) \ 27 - += -DRANDSTRUCT 28 - gcc-plugin-cflags-$(CONFIG_RANDSTRUCT_PERFORMANCE) \ 29 - += -fplugin-arg-randomize_layout_plugin-performance-mode 30 - 31 25 gcc-plugin-$(CONFIG_GCC_PLUGIN_STACKLEAK) += stackleak_plugin.so 32 26 gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_STACKLEAK) \ 33 27 += -DSTACKLEAK_PLUGIN ··· 54 60 # be included in GCC_PLUGIN so they can get built. 55 61 gcc-plugin-external-$(CONFIG_GCC_PLUGIN_SANCOV) \ 56 62 += sancov_plugin.so 63 + gcc-plugin-external-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) \ 64 + += randomize_layout_plugin.so 57 65 58 66 # All enabled GCC plugins are collected here for building in 59 67 # scripts/gcc-scripts/Makefile.
+14
scripts/Makefile.randstruct
··· 1 + # SPDX-License-Identifier: GPL-2.0 2 + 3 + randstruct-cflags-y += -DRANDSTRUCT 4 + 5 + ifdef CONFIG_GCC_PLUGIN_RANDSTRUCT 6 + randstruct-cflags-y \ 7 + += -fplugin=$(objtree)/scripts/gcc-plugins/randomize_layout_plugin.so 8 + randstruct-cflags-$(CONFIG_RANDSTRUCT_PERFORMANCE) \ 9 + += -fplugin-arg-randomize_layout_plugin-performance-mode 10 + endif 11 + 12 + export RANDSTRUCT_CFLAGS := $(randstruct-cflags-y) 13 + 14 + KBUILD_CFLAGS += $(RANDSTRUCT_CFLAGS)