include/linux/compiler-version.h | 10 ++++++++++ include/linux/vermagic.h | 1 - scripts/Makefile.gcc-plugins | 2 +- scripts/Makefile.lib | 18 ++++++++++++++++++ scripts/Makefile.ubsan | 1 + scripts/basic/Makefile | 5 +++++ scripts/gcc-plugins/Makefile | 4 ++++ 7 files changed, 39 insertions(+), 2 deletions(-)
v3: move to include/generated, add touch helper v2: https://lore.kernel.org/lkml/20250502224512.it.706-kees@kernel.org/ v1: https://lore.kernel.org/lkml/20250501193839.work.525-kees@kernel.org/ Hi, This is my attempt to introduce dependencies that track the various compiler behaviors that may globally change the build that aren't represented by either compiler flags nor the compiler version (CC_VERSION_TEXT). Namely, this is to detect when the contents of a file the compiler uses changes. We have 3 such situations currently in the tree: - If any of the GCC plugins change, we need to rebuild everything that was built with them, as they may have changed their behavior and those behaviors may need to be synchronized across all translation units. (The most obvious of these is the randstruct GCC plugin, but is true for most of them.) - If the randstruct seed itself changes (whether for GCC plugins or Clang), the entire tree needs to be rebuilt since the randomization of structures may change between compilation units if not. - If the integer-wrap-ignore.scl file for Clang's integer wrapping sanitizer changes, a full rebuild is needed as the coverage for wrapping types may have changed, once again cause behavior differences between compilation units. The current solution is to: - Touch a .h file in include/generated that is updated when the specific dependencies change. e.g.: randstruct_hash.h depends on randstruct.seed - Add a conditional -D argument for each separate case e.g.: RANDSTRUCT_CFLAGS += -DRANDSTRUCT - Include the .h file from compiler-version.h through an #ifdef for the define e.g.: #ifdef RANDSTUCT #include <generated/randstruct_hash.h> #endif This means that all targets gain the dependency (via fixdep), but only when the defines are active, which means they are trivially controlled by the existing CFLAGS removal mechanisms that are already being used to turn off each of the above features. -Kees Kees Cook (3): gcc-plugins: Force full rebuild when plugins change randstruct: Force full rebuild when seed changes integer-wrap: Force full rebuild when .scl file changes include/linux/compiler-version.h | 10 ++++++++++ include/linux/vermagic.h | 1 - scripts/Makefile.gcc-plugins | 2 +- scripts/Makefile.lib | 18 ++++++++++++++++++ scripts/Makefile.ubsan | 1 + scripts/basic/Makefile | 5 +++++ scripts/gcc-plugins/Makefile | 4 ++++ 7 files changed, 39 insertions(+), 2 deletions(-) -- 2.34.1
On Sat, 03 May 2025, Kees Cook wrote: > v3: move to include/generated, add touch helper > v2: https://lore.kernel.org/lkml/20250502224512.it.706-kees@kernel.org/ > v1: https://lore.kernel.org/lkml/20250501193839.work.525-kees@kernel.org/ > > Hi, > > This is my attempt to introduce dependencies that track the various > compiler behaviors that may globally change the build that aren't > represented by either compiler flags nor the compiler version > (CC_VERSION_TEXT). Namely, this is to detect when the contents of a > file the compiler uses changes. We have 3 such situations currently in > the tree: > > - If any of the GCC plugins change, we need to rebuild everything that > was built with them, as they may have changed their behavior and those > behaviors may need to be synchronized across all translation units. > (The most obvious of these is the randstruct GCC plugin, but is true > for most of them.) > > - If the randstruct seed itself changes (whether for GCC plugins or > Clang), the entire tree needs to be rebuilt since the randomization of > structures may change between compilation units if not. > > - If the integer-wrap-ignore.scl file for Clang's integer wrapping > sanitizer changes, a full rebuild is needed as the coverage for wrapping > types may have changed, once again cause behavior differences between > compilation units. I am unsure if it is too much detail, but I'd like to see some of these infos in include/linux/compiler-version.h, too. Kind regards, Nicolas
On Wed, May 07, 2025 at 02:02:42PM +0200, Nicolas Schier wrote: > On Sat, 03 May 2025, Kees Cook wrote: > > > v3: move to include/generated, add touch helper > > v2: https://lore.kernel.org/lkml/20250502224512.it.706-kees@kernel.org/ > > v1: https://lore.kernel.org/lkml/20250501193839.work.525-kees@kernel.org/ > > > > Hi, > > > > This is my attempt to introduce dependencies that track the various > > compiler behaviors that may globally change the build that aren't > > represented by either compiler flags nor the compiler version > > (CC_VERSION_TEXT). Namely, this is to detect when the contents of a > > file the compiler uses changes. We have 3 such situations currently in > > the tree: > > > > - If any of the GCC plugins change, we need to rebuild everything that > > was built with them, as they may have changed their behavior and those > > behaviors may need to be synchronized across all translation units. > > (The most obvious of these is the randstruct GCC plugin, but is true > > for most of them.) > > > > - If the randstruct seed itself changes (whether for GCC plugins or > > Clang), the entire tree needs to be rebuilt since the randomization of > > structures may change between compilation units if not. > > > > - If the integer-wrap-ignore.scl file for Clang's integer wrapping > > sanitizer changes, a full rebuild is needed as the coverage for wrapping > > types may have changed, once again cause behavior differences between > > compilation units. > > I am unsure if it is too much detail, but I'd like to see some of these > infos in include/linux/compiler-version.h, too. Yeah, that's a good idea. No reason to make people dig for the commit logs, etc -- it should be immediately discoverable. I've updated the patches to include the (slight rephrased) text above. Thanks! -- Kees Cook
© 2016 - 2026 Red Hat, Inc.