Kernel-hardening archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 1/2] kbuild: move shared library build rules to scripts/gcc-plugins/Makefile
@ 2020-07-29  3:15 Masahiro Yamada
  2020-07-29 21:18 ` Kees Cook
  0 siblings, 1 reply; 3+ messages in thread
From: Masahiro Yamada @ 2020-07-29  3:15 UTC (permalink / raw)
  To: linux-kbuild
  Cc: Kees Cook, Masahiro Yamada, Emese Revfy, Michal Marek,
	kernel-hardening, linux-kernel

The shared library build rules are currently implemented in
scripts/Makefile.host, but actually GCC-plugin is the only user of
them. Hence, they do not need to be treewide available.

Move all the relevant build rules to scripts/gcc-plugins/Makefile.

I also optimized the build steps so *.so is directly built from .c
because every upstream plugin is compiled from a single source file.

I am still keeping the infrastructure to build a plugin from multiple
files because Kees suggested to do so in my previous attempt.
(https://lkml.org/lkml/2019/1/11/1107)

If the plugin, foo.so, is compiled from two files foo.c and foo2.c,
then you can do like follows:

  foo-objs := foo.o foo2.o

Single-file plugins do not need the *-objs notation.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
---

 scripts/Makefile.build       |  4 +--
 scripts/Makefile.clean       |  3 +-
 scripts/Makefile.host        | 30 ++----------------
 scripts/gcc-plugins/Makefile | 61 +++++++++++++++++++++++++++++-------
 4 files changed, 55 insertions(+), 43 deletions(-)

diff --git a/scripts/Makefile.build b/scripts/Makefile.build
index 2e8810b7e5ed..d41c1cd453b9 100644
--- a/scripts/Makefile.build
+++ b/scripts/Makefile.build
@@ -45,8 +45,8 @@ include $(kbuild-file)
 
 include scripts/Makefile.lib
 
-# Do not include host rules unless needed
-ifneq ($(hostprogs)$(hostcxxlibs-y)$(hostcxxlibs-m),)
+# Do not include hostprogs rules unless needed
+ifneq ($(hostprogs),)
 include scripts/Makefile.host
 endif
 
diff --git a/scripts/Makefile.clean b/scripts/Makefile.clean
index e2c76122319d..3cdf31218198 100644
--- a/scripts/Makefile.clean
+++ b/scripts/Makefile.clean
@@ -29,8 +29,7 @@ subdir-ymn	:= $(addprefix $(obj)/,$(subdir-ymn))
 
 __clean-files	:= $(extra-y) $(extra-m) $(extra-)       \
 		   $(always) $(always-y) $(always-m) $(always-) $(targets) $(clean-files)   \
-		   $(hostprogs) $(hostprogs-y) $(hostprogs-m) $(hostprogs-) $(userprogs) \
-		   $(hostcxxlibs-y) $(hostcxxlibs-m)
+		   $(hostprogs) $(hostprogs-y) $(hostprogs-m) $(hostprogs-) $(userprogs)
 
 __clean-files   := $(filter-out $(no-clean-files), $(__clean-files))
 
diff --git a/scripts/Makefile.host b/scripts/Makefile.host
index c8a4a033dc3e..687ca3f309e9 100644
--- a/scripts/Makefile.host
+++ b/scripts/Makefile.host
@@ -39,7 +39,6 @@ $(obj)/%.tab.c $(obj)/%.tab.h: $(src)/%.y FORCE
 # They are linked as C++ code to the executable qconf
 
 __hostprogs := $(sort $(hostprogs))
-host-cxxshlib := $(sort $(hostcxxlibs-y) $(hostcxxlibs-m))
 
 # C code
 # Executables compiled from a single .c file
@@ -61,16 +60,11 @@ host-cxxmulti	:= $(foreach m,$(__hostprogs),$(if $($(m)-cxxobjs),$(m)))
 # C++ Object (.o) files compiled from .cc files
 host-cxxobjs	:= $(sort $(foreach m,$(host-cxxmulti),$($(m)-cxxobjs)))
 
-# Object (.o) files used by the shared libaries
-host-cxxshobjs	:= $(sort $(foreach m,$(host-cxxshlib),$($(m:.so=-objs))))
-
 host-csingle	:= $(addprefix $(obj)/,$(host-csingle))
 host-cmulti	:= $(addprefix $(obj)/,$(host-cmulti))
 host-cobjs	:= $(addprefix $(obj)/,$(host-cobjs))
 host-cxxmulti	:= $(addprefix $(obj)/,$(host-cxxmulti))
 host-cxxobjs	:= $(addprefix $(obj)/,$(host-cxxobjs))
-host-cxxshlib	:= $(addprefix $(obj)/,$(host-cxxshlib))
-host-cxxshobjs	:= $(addprefix $(obj)/,$(host-cxxshobjs))
 
 #####
 # Handle options to gcc. Support building with separate output directory
@@ -136,25 +130,5 @@ quiet_cmd_host-cxxobjs	= HOSTCXX $@
 $(host-cxxobjs): $(obj)/%.o: $(src)/%.cc FORCE
 	$(call if_changed_dep,host-cxxobjs)
 
-# Compile .c file, create position independent .o file
-# Note that plugin capable gcc versions can be either C or C++ based
-# therefore plugin source files have to be compilable in both C and C++ mode.
-# This is why a C++ compiler is invoked on a .c file.
-# host-cxxshobjs -> .o
-quiet_cmd_host-cxxshobjs	= HOSTCXX -fPIC $@
-      cmd_host-cxxshobjs	= $(HOSTCXX) $(hostcxx_flags) -fPIC -c -o $@ $<
-$(host-cxxshobjs): $(obj)/%.o: $(src)/%.c FORCE
-	$(call if_changed_dep,host-cxxshobjs)
-
-# Link a shared library, based on position independent .o files
-# *.o -> .so shared library (host-cxxshlib)
-quiet_cmd_host-cxxshlib	= HOSTLLD -shared $@
-      cmd_host-cxxshlib	= $(HOSTCXX) $(KBUILD_HOSTLDFLAGS) -shared -o $@ \
-			  $(addprefix $(obj)/, $($(target-stem)-objs)) \
-			  $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so)
-$(host-cxxshlib): FORCE
-	$(call if_changed,host-cxxshlib)
-$(call multi_depend, $(host-cxxshlib), .so, -objs)
-
-targets += $(host-csingle)  $(host-cmulti) $(host-cobjs)\
-	   $(host-cxxmulti) $(host-cxxobjs) $(host-cxxshlib) $(host-cxxshobjs)
+targets += $(host-csingle) $(host-cmulti) $(host-cobjs) \
+	   $(host-cxxmulti) $(host-cxxobjs)
diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile
index 4014ba7e2fbd..d66949bfeba4 100644
--- a/scripts/gcc-plugins/Makefile
+++ b/scripts/gcc-plugins/Makefile
@@ -1,22 +1,61 @@
 # SPDX-License-Identifier: GPL-2.0
-GCC_PLUGINS_DIR := $(shell $(CC) -print-file-name=plugin)
 
-HOST_EXTRACXXFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu++98 -fno-rtti
-HOST_EXTRACXXFLAGS += -fno-exceptions -fasynchronous-unwind-tables -ggdb
-HOST_EXTRACXXFLAGS += -Wno-narrowing -Wno-unused-variable -Wno-c++11-compat
-HOST_EXTRACXXFLAGS += -Wno-format-diag
-
-$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h
+$(obj)/randomize_layout_plugin.so: $(objtree)/$(obj)/randomize_layout_seed.h
 quiet_cmd_create_randomize_layout_seed = GENSEED $@
 cmd_create_randomize_layout_seed = \
   $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h
 $(objtree)/$(obj)/randomize_layout_seed.h: FORCE
 	$(call if_changed,create_randomize_layout_seed)
-targets = randomize_layout_seed.h randomize_layout_hash.h
+targets += randomize_layout_seed.h randomize_layout_hash.h
+
+# Build rules for plugins
+#
+# No extra code is needed for single-file plugins.
+# For multi-file plugins, use *-objs syntax to list the objects.
+#
+# If the plugin foo.so is compiled from foo.c and foo2.c, you can do:
+#
+# foo-objs := foo.o foo2.o
+
+always-y += $(GCC_PLUGIN)
 
-hostcxxlibs-y := $(GCC_PLUGIN)
-always-y := $(hostcxxlibs-y)
+GCC_PLUGINS_DIR = $(shell $(CC) -print-file-name=plugin)
 
-$(foreach p,$(hostcxxlibs-y:%.so=%),$(eval $(p)-objs := $(p).o))
+plugin_cxxflags	= -Wp,-MMD,$(depfile) $(KBUILD_HOSTCXXFLAGS) -fPIC \
+		   -I $(GCC_PLUGINS_DIR)/include -I $(obj) -std=gnu++98 \
+		   -fno-rtti -fno-exceptions -fasynchronous-unwind-tables \
+		   -ggdb -Wno-narrowing -Wno-unused-variable -Wno-c++11-compat \
+		   -Wno-format-diag
 
+plugin_ldflags	= -shared
+
+plugin-single	:= $(foreach m, $(GCC_PLUGIN), $(if $($(m:%.so=%-objs)),,$(m)))
+plugin-multi	:= $(filter-out $(plugin-single), $(GCC_PLUGIN))
+plugin-objs	:= $(sort $(foreach m, $(plugin-multi), $($(m:%.so=%-objs))))
+
+targets += $(plugin-single) $(plugin-multi) $(plugin-objs)
 clean-files += *.so
+
+plugin-single	:= $(addprefix $(obj)/, $(plugin-single))
+plugin-multi	:= $(addprefix $(obj)/, $(plugin-multi))
+plugin-objs	:= $(addprefix $(obj)/, $(plugin-objs))
+
+quiet_cmd_plugin_cxx_so_c = HOSTCXX $@
+      cmd_plugin_cxx_so_c = $(HOSTCXX) $(plugin_cxxflags) $(plugin_ldflags) -o $@ $<
+
+$(plugin-single): $(obj)/%.so: $(src)/%.c FORCE
+	$(call if_changed_dep,plugin_cxx_so_c)
+
+quiet_cmd_plugin_ld_so_o = HOSTLD  $@
+      cmd_plugin_ld_so_o = $(HOSTCXX) $(plugin_ldflags) -o $@ \
+			   $(addprefix $(obj)/, $($(target-stem)-objs))
+
+$(plugin-multi): FORCE
+	$(call if_changed,plugin_ld_so_o)
+$(foreach m, $(notdir $(plugin-multi)), $(eval $(obj)/$m: $(addprefix $(obj)/, $($(m:%.so=%-objs)))))
+
+quiet_cmd_plugin_cxx_o_c = HOSTCXX $@
+      cmd_plugin_cxx_o_c = $(HOSTCXX) $(plugin_cxxflags) -c -o $@ $<
+
+$(plugin-objs): $(obj)/%.o: $(src)/%.c FORCE
+	$(call if_changed_dep,plugin_cxx_o_c)
-- 
2.25.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 1/2] kbuild: move shared library build rules to scripts/gcc-plugins/Makefile
  2020-07-29  3:15 [PATCH 1/2] kbuild: move shared library build rules to scripts/gcc-plugins/Makefile Masahiro Yamada
@ 2020-07-29 21:18 ` Kees Cook
  2020-07-31  4:16   ` Masahiro Yamada
  0 siblings, 1 reply; 3+ messages in thread
From: Kees Cook @ 2020-07-29 21:18 UTC (permalink / raw)
  To: Masahiro Yamada
  Cc: linux-kbuild, Emese Revfy, Michal Marek, kernel-hardening, linux-kernel

On Wed, Jul 29, 2020 at 12:15:36PM +0900, Masahiro Yamada wrote:
> The shared library build rules are currently implemented in
> scripts/Makefile.host, but actually GCC-plugin is the only user of
> them. Hence, they do not need to be treewide available.

Are none of the VDSOs intending to use these rules?

> Move all the relevant build rules to scripts/gcc-plugins/Makefile.
> 
> I also optimized the build steps so *.so is directly built from .c
> because every upstream plugin is compiled from a single source file.
> 
> I am still keeping the infrastructure to build a plugin from multiple
> files because Kees suggested to do so in my previous attempt.
> (https://lkml.org/lkml/2019/1/11/1107)
> 
> If the plugin, foo.so, is compiled from two files foo.c and foo2.c,
> then you can do like follows:
> 
>   foo-objs := foo.o foo2.o
> 
> Single-file plugins do not need the *-objs notation.
> 
> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>

But, yeah, sure!

Acked-by: Kees Cook <keescook@chromium.org>

Unrelated, but I do note that objtool maybe has the wrong indentation,
path name reporting, and tool names (HOSTLD vs CC)?

...
  HOSTCC  scripts/asn1_compiler
  HOSTCC  scripts/extract-cert
  HOSTCC  scripts/genksyms/genksyms.o
  YACC    scripts/genksyms/parse.tab.[ch]
  LEX     scripts/genksyms/lex.lex.c
  DESCEND  objtool
  HOSTCXX scripts/gcc-plugins/cyc_complexity_plugin.so
  HOSTCXX scripts/gcc-plugins/latent_entropy_plugin.so
  HOSTCXX scripts/gcc-plugins/structleak_plugin.so
  GENSEED scripts/gcc-plugins/randomize_layout_seed.h
  HOSTCXX scripts/gcc-plugins/stackleak_plugin.so
  HOSTCC  scripts/genksyms/parse.tab.o
  HOSTCC  scripts/genksyms/lex.lex.o
  HOSTCC   /home/kees/src/linux-build/plugins/tools/objtool/fixdep.o
  HOSTLD  arch/x86/tools/relocs
  HOSTLD   /home/kees/src/linux-build/plugins/tools/objtool/fixdep-in.o
  LINK     /home/kees/src/linux-build/plugins/tools/objtool/fixdep
  CC       /home/kees/src/linux-build/plugins/tools/objtool/exec-cmd.o
  CC       /home/kees/src/linux-build/plugins/tools/objtool/help.o
  CC       /home/kees/src/linux-build/plugins/tools/objtool/weak.o
...

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH 1/2] kbuild: move shared library build rules to scripts/gcc-plugins/Makefile
  2020-07-29 21:18 ` Kees Cook
@ 2020-07-31  4:16   ` Masahiro Yamada
  0 siblings, 0 replies; 3+ messages in thread
From: Masahiro Yamada @ 2020-07-31  4:16 UTC (permalink / raw)
  To: Kees Cook
  Cc: Linux Kbuild mailing list, Emese Revfy, Michal Marek,
	Kernel Hardening, Linux Kernel Mailing List

On Thu, Jul 30, 2020 at 6:18 AM Kees Cook <keescook@chromium.org> wrote:
>
> On Wed, Jul 29, 2020 at 12:15:36PM +0900, Masahiro Yamada wrote:
> > The shared library build rules are currently implemented in
> > scripts/Makefile.host, but actually GCC-plugin is the only user of
> > them. Hence, they do not need to be treewide available.
>
> Are none of the VDSOs intending to use these rules?


Right.

GCC plugin .so files are compiled for the _host_ architecture.
vDSO .so files are compiled for the _target_ architecture.

They are built in completely different ways.



> > Move all the relevant build rules to scripts/gcc-plugins/Makefile.
> >
> > I also optimized the build steps so *.so is directly built from .c
> > because every upstream plugin is compiled from a single source file.
> >
> > I am still keeping the infrastructure to build a plugin from multiple
> > files because Kees suggested to do so in my previous attempt.
> > (https://lkml.org/lkml/2019/1/11/1107)
> >
> > If the plugin, foo.so, is compiled from two files foo.c and foo2.c,
> > then you can do like follows:
> >
> >   foo-objs := foo.o foo2.o
> >
> > Single-file plugins do not need the *-objs notation.
> >
> > Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
>
> But, yeah, sure!
>
> Acked-by: Kees Cook <keescook@chromium.org>
>
> Unrelated, but I do note that objtool maybe has the wrong indentation,
> path name reporting, and tool names (HOSTLD vs CC)?


Right.
Many people know it.


objtool opts out the Kbuild instructure.

I wrote a patch to make objtool join the Kbuild:
https://patchwork.kernel.org/patch/10839051/

The objtool maintainers refused to do this.






> ...
>   HOSTCC  scripts/asn1_compiler
>   HOSTCC  scripts/extract-cert
>   HOSTCC  scripts/genksyms/genksyms.o
>   YACC    scripts/genksyms/parse.tab.[ch]
>   LEX     scripts/genksyms/lex.lex.c
>   DESCEND  objtool
>   HOSTCXX scripts/gcc-plugins/cyc_complexity_plugin.so
>   HOSTCXX scripts/gcc-plugins/latent_entropy_plugin.so
>   HOSTCXX scripts/gcc-plugins/structleak_plugin.so
>   GENSEED scripts/gcc-plugins/randomize_layout_seed.h
>   HOSTCXX scripts/gcc-plugins/stackleak_plugin.so
>   HOSTCC  scripts/genksyms/parse.tab.o
>   HOSTCC  scripts/genksyms/lex.lex.o
>   HOSTCC   /home/kees/src/linux-build/plugins/tools/objtool/fixdep.o
>   HOSTLD  arch/x86/tools/relocs
>   HOSTLD   /home/kees/src/linux-build/plugins/tools/objtool/fixdep-in.o
>   LINK     /home/kees/src/linux-build/plugins/tools/objtool/fixdep
>   CC       /home/kees/src/linux-build/plugins/tools/objtool/exec-cmd.o
>   CC       /home/kees/src/linux-build/plugins/tools/objtool/help.o
>   CC       /home/kees/src/linux-build/plugins/tools/objtool/weak.o
> ...
>
> --
> Kees Cook



--
Best Regards
Masahiro Yamada

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-29  3:15 [PATCH 1/2] kbuild: move shared library build rules to scripts/gcc-plugins/Makefile Masahiro Yamada
2020-07-29 21:18 ` Kees Cook
2020-07-31  4:16   ` Masahiro Yamada

Kernel-hardening archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kernel-hardening/0 kernel-hardening/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kernel-hardening kernel-hardening/ https://lore.kernel.org/kernel-hardening \
		kernel-hardening@lists.openwall.com
	public-inbox-index kernel-hardening

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.openwall.lists.kernel-hardening


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git