gcc-plugins: disable under COMPILE_TEST
diff mbox

Message ID 20160611161212.GA29370@www.outflux.net
State New
Headers show

Commit Message

Kees Cook June 11, 2016, 4:12 p.m. UTC
Since adding the gcc plugin development headers is required for the
gcc plugin support, we should ease into this new kernel build dependency
more slowly. For now, disable the gcc plugins under COMPILE_TEST so that
all*config builds will skip it.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
 arch/Kconfig      | 1 +
 lib/Kconfig.debug | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

Comments

Paul Gortmaker June 11, 2016, 4:29 p.m. UTC | #1
[[PATCH] gcc-plugins: disable under COMPILE_TEST] On 11/06/2016 (Sat 09:12) Kees Cook wrote:

> Since adding the gcc plugin development headers is required for the
> gcc plugin support, we should ease into this new kernel build dependency
> more slowly. For now, disable the gcc plugins under COMPILE_TEST so that
> all*config builds will skip it.

Wouldn't it be better to test compile a one line program that tries to
source the header(s) and then react accordingly?

Then at least you would get the test coverage from people who have the
headers installed who are doing all[yes|mod]config.  This "for now"
solution doesn't really have a path forward other than assuming all
distros install the plugin headers sometime in the future.

Either way, this is an improvement over the current situation, so thanks
for that.

Paul.
--

> 
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
>  arch/Kconfig      | 1 +
>  lib/Kconfig.debug | 4 ++--
>  2 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/Kconfig b/arch/Kconfig
> index 83aa2a3c470d..3f06d678b1d7 100644
> --- a/arch/Kconfig
> +++ b/arch/Kconfig
> @@ -366,6 +366,7 @@ config HAVE_GCC_PLUGINS
>  menuconfig GCC_PLUGINS
>  	bool "GCC plugins"
>  	depends on HAVE_GCC_PLUGINS
> +	depends on !COMPILE_TEST
>  	help
>  	  GCC plugins are loadable modules that provide extra features to the
>  	  compiler. They are useful for runtime instrumentation and static analysis.
> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
> index d40833b9b7f4..0f9981999a27 100644
> --- a/lib/Kconfig.debug
> +++ b/lib/Kconfig.debug
> @@ -713,8 +713,8 @@ config KCOV
>  	bool "Code coverage for fuzzing"
>  	depends on ARCH_HAS_KCOV
>  	select DEBUG_FS
> -	select GCC_PLUGINS
> -	select GCC_PLUGIN_SANCOV
> +	select GCC_PLUGINS if !COMPILE_TEST
> +	select GCC_PLUGIN_SANCOV if !COMPILE_TEST
>  	help
>  	  KCOV exposes kernel code coverage information in a form suitable
>  	  for coverage-guided fuzzing (randomized testing).
> -- 
> 2.7.4
> 
> 
> -- 
> Kees Cook
> Chrome OS & Brillo Security
Sudip Mukherjee June 13, 2016, 7:52 a.m. UTC | #2
On Sat, Jun 11, 2016 at 09:12:12AM -0700, Kees Cook wrote:
> Since adding the gcc plugin development headers is required for the
> gcc plugin support, we should ease into this new kernel build dependency
> more slowly. For now, disable the gcc plugins under COMPILE_TEST so that
> all*config builds will skip it.

But don't you think that people who are actually building the kernel
with allmodconfig or allyesconfig and/or with COMPILE_TEST enabled are
just doing that to build test the kernel. Atleast for me, when I am
testing i will always do allmodconfig but when I am building which is
to be deployed somewhere then I am building with a particular config.

Regards
Sudip
Kees Cook June 13, 2016, 8:15 p.m. UTC | #3
On Mon, Jun 13, 2016 at 1:40 AM, Sedat Dilek <sedat.dilek@gmail.com> wrote:
> On Sat, Jun 11, 2016 at 6:12 PM, Kees Cook <keescook@chromium.org> wrote:
>> Since adding the gcc plugin development headers is required for the
>> gcc plugin support, we should ease into this new kernel build dependency
>> more slowly. For now, disable the gcc plugins under COMPILE_TEST so that
>> all*config builds will skip it.
>>
>
> [ This might be a bit off-topic - Feel free to answer ]
>
> Hi,
>
> I want to try that new "GCC-plugin" feature.
> Do you have a Git repo for "easy-testing"?

Start with linux-next. It has the basic infrastructure. The
"latent_entropy" plugin is in my kssp tree here:
http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=kspp/gcc-plugins/latent_entropy
though it is not the most up to date version.

> Does the kernel's build-system check for installed "gcc-plugin
> development headers"?

Yes, when the plugins have been selected.

> Which GCC versions support "gcc-plugin" feature?

gcc-4.5 and newer.

> I am here on Ubuntu/precise AMD64 and have gcc-4.6.4 and gcc-4.9.2.

I strongly recommend upgrading to Ubuntu 16.04, but regardless, using
gcc 4.9 should be fine.

> [ Optional ]
> What about the topic and support for "LLVM/Clang and hardening" of the
> Linux-kernel?

I haven't been involved in that project, sorry.

-Kees

Patch
diff mbox

diff --git a/arch/Kconfig b/arch/Kconfig
index 83aa2a3c470d..3f06d678b1d7 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -366,6 +366,7 @@  config HAVE_GCC_PLUGINS
 menuconfig GCC_PLUGINS
 	bool "GCC plugins"
 	depends on HAVE_GCC_PLUGINS
+	depends on !COMPILE_TEST
 	help
 	  GCC plugins are loadable modules that provide extra features to the
 	  compiler. They are useful for runtime instrumentation and static analysis.
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index d40833b9b7f4..0f9981999a27 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -713,8 +713,8 @@  config KCOV
 	bool "Code coverage for fuzzing"
 	depends on ARCH_HAS_KCOV
 	select DEBUG_FS
-	select GCC_PLUGINS
-	select GCC_PLUGIN_SANCOV
+	select GCC_PLUGINS if !COMPILE_TEST
+	select GCC_PLUGIN_SANCOV if !COMPILE_TEST
 	help
 	  KCOV exposes kernel code coverage information in a form suitable
 	  for coverage-guided fuzzing (randomized testing).