user/sven/linux.git/scripts/gcc-plugins, branch v6.6.14Linux Kernel
https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v6.6.142023-12-13T17:45:35Zgcc-plugins: randstruct: Update code comment in relayout_struct()2023-12-13T17:45:35ZGustavo A. R. Silvagustavoars@kernel.org2023-11-25T21:49:12Zurn:sha1:b79210fa10db4cab09b19965f6cc47bc393e47e9
commit d71f22365a9caca82d424f3a33445de46567e198 upstream.
Update code comment to clarify that the only element whose layout is
not randomized is a proper C99 flexible-array member. This update is
complementary to commit 1ee60356c2dc ("gcc-plugins: randstruct: Only
warn about true flexible arrays")
Signed-off-by: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/ZWJr2MWDjXLHE8ap@work
Fixes: 1ee60356c2dc ("gcc-plugins: randstruct: Only warn about true flexible arrays")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
randstruct: Fix gcc-plugin performance mode to stay in group2023-11-28T17:19:55ZKees Cookkeescook@chromium.org2023-10-07T04:09:28Zurn:sha1:792473a4e0eb872443ff30bc96f2b7cd0d878619
commit 381fdb73d1e2a48244de7260550e453d1003bb8e upstream.
The performance mode of the gcc-plugin randstruct was shuffling struct
members outside of the cache-line groups. Limit the range to the
specified group indexes.
Cc: linux-hardening@vger.kernel.org
Cc: stable@vger.kernel.org
Reported-by: Lukas Loidolt <e1634039@student.tuwien.ac.at>
Closes: https://lore.kernel.org/all/f3ca77f0-e414-4065-83a5-ae4c4d25545d@student.tuwien.ac.at
Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
gcc-plugins: randstruct: Only warn about true flexible arrays2023-11-28T17:19:49ZKees Cookkeescook@chromium.org2023-11-04T20:43:37Zurn:sha1:2e8b4e0992e16d7967095773040cd9919171d8db
[ Upstream commit 1ee60356c2dca938362528404af95b8ef3e49b6a ]
The randstruct GCC plugin tried to discover "fake" flexible arrays
to issue warnings about them in randomized structs. In the future
LSM overhead reduction series, it would be legal to have a randomized
struct with a 1-element array, and this should _not_ be treated as a
flexible array, especially since commit df8fc4e934c1 ("kbuild: Enable
-fstrict-flex-arrays=3"). Disable the 0-sized and 1-element array
discovery logic in the plugin, but keep the "true" flexible array check.
Cc: KP Singh <kpsingh@kernel.org>
Cc: linux-hardening@vger.kernel.org
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202311021532.iBwuZUZ0-lkp@intel.com/
Fixes: df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3")
Reviewed-by: Bill Wendling <morbo@google.com>
Acked-by: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/20231104204334.work.160-kees@kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
gcc-plugins: Rename last_stmt() for GCC 14+2023-08-11T06:10:09ZKees Cookkeescook@chromium.org2023-08-07T16:41:19Zurn:sha1:2e3f65ccfe6b0778b261ad69c9603ae85f210334
In GCC 14, last_stmt() was renamed to last_nondebug_stmt(). Add a helper
macro to handle the renaming.
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Merge branch 'for-linus/hardening' into for-next/hardening2023-02-02T18:43:28ZKees Cookkeescook@chromium.org2023-02-02T18:43:28Zurn:sha1:5c0f220e1b2d349b6241375e19887b5c865a84a1gcc-plugins: drop -std=gnu++11 to fix GCC 13 build2023-02-02T16:31:23ZSam Jamessam@gentoo.org2023-02-01T23:00:09Zurn:sha1:5a6b64adc18d9adfb497a529ff004d59b6df151f
The latest GCC 13 snapshot (13.0.1 20230129) gives the following:
```
cc1: error: cannot load plugin ./scripts/gcc-plugins/randomize_layout_plugin.so
:./scripts/gcc-plugins/randomize_layout_plugin.so: undefined symbol: tree_code_type
```
This ends up being because of https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=b0241ce6e37031
upstream in GCC which changes the visibility of some types used by the kernel's
plugin infrastructure like tree_code_type.
After discussion with the GCC folks, we found that the kernel needs to be building
plugins with the same flags used to build GCC - and GCC defaults to gnu++17
right now. The minimum GCC version needed to build the kernel is GCC 5.1
and GCC 5.1 already defaults to gnu++14 anyway, so just drop the flag, as
all GCCs that could be used to build GCC already default to an acceptable
version which was >= the version we forced via flags until now.
Bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108634
Signed-off-by: Sam James <sam@gentoo.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20230201230009.2252783-1-sam@gentoo.org
gcc-plugins: Reorganize gimple includes for GCC 132023-01-25T20:24:48ZKees Cookkeescook@chromium.org2023-01-18T20:21:35Zurn:sha1:e6a71160cc145e18ab45195abf89884112e02dfb
The gimple-iterator.h header must be included before gimple-fold.h
starting with GCC 13. Reorganize gimple headers to work for all GCC
versions.
Reported-by: Palmer Dabbelt <palmer@rivosinc.com>
Acked-by: Palmer Dabbelt <palmer@rivosinc.com>
Link: https://lore.kernel.org/all/20230113173033.4380-1-palmer@rivosinc.com/
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_385.RULE2022-06-10T12:51:36ZThomas Gleixnertglx@linutronix.de2022-06-07T14:11:34Zurn:sha1:fa82cce7a6bbb35ecf7fe66231c7076052cf66d5
Based on the normalized pattern:
licensed under the gpl v2
extracted by the scancode license scanner the SPDX license identifier
GPL-2.0-only
has been chosen to replace the boilerplate/reference.
Reviewed-by: Allison Randal <allison@lohutok.net>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
gcc-plugins: use KERNELVERSION for plugin version2022-05-24T15:25:16ZMasahiro Yamadamasahiroy@kernel.org2022-05-24T13:55:41Zurn:sha1:d37aa2efc89b387cda93bf15317883519683d435
Commit 61f60bac8c05 ("gcc-plugins: Change all version strings match
kernel") broke parallel builds.
Instead of adding the dependency between GCC plugins and utsrelease.h,
let's use KERNELVERSION, which does not require any build artifact.
Another reason why I want to avoid utsrelease.h is because it depends
on CONFIG_LOCALVERSION(_AUTO) and localversion* files.
(include/generated/utsrelease.h depends on include/config/kernel.release,
which is generated by scripts/setlocalversion)
I want to keep host tools independent of the kernel configuration.
There is no good reason to rebuild GCC plugins just because of
CONFIG_LOCALVERSION being changed.
We just want to associate the plugin versions with the kernel source
version. KERNELVERSION should be enough for our purpose.
Fixes: 61f60bac8c05 ("gcc-plugins: Change all version strings match kernel")
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/linux-mm/202205230239.EZxeZ3Fv-lkp@intel.com
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220524135541.1453693-1-masahiroy@kernel.org
gcc-plugins: randstruct: Remove cast exception handling2022-05-16T23:02:21ZKees Cookkeescook@chromium.org2022-05-10T23:22:45Zurn:sha1:710e4ebfbacac53b05c86a01e6d636c69f6eca9f
With all randstruct exceptions removed, remove all the exception
handling code. Any future warnings are likely to be shared between
this plugin and Clang randstruct, and will need to be addressed in a
more wholistic fashion.
Cc: Christoph Hellwig <hch@infradead.org>
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>