From patchwork Sat Jun 18 18:14:37 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 9185785
Return-Path: <linux-kbuild-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	6A80F601C0 for <patchwork-linux-kbuild@patchwork.kernel.org>;
	Sat, 18 Jun 2016 18:14:41 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 53C562714B
	for <patchwork-linux-kbuild@patchwork.kernel.org>;
	Sat, 18 Jun 2016 18:14:41 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 467D828360; Sat, 18 Jun 2016 18:14:41 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B84192714B
	for <patchwork-linux-kbuild@patchwork.kernel.org>;
	Sat, 18 Jun 2016 18:14:40 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751468AbcFRSOk (ORCPT
	<rfc822;patchwork-linux-kbuild@patchwork.kernel.org>);
	Sat, 18 Jun 2016 14:14:40 -0400
Received: from mail-pf0-f172.google.com ([209.85.192.172]:36299 "EHLO
	mail-pf0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751458AbcFRSOj (ORCPT
	<rfc822;linux-kbuild@vger.kernel.org>);
	Sat, 18 Jun 2016 14:14:39 -0400
Received: by mail-pf0-f172.google.com with SMTP id t190so40569530pfb.3
	for <linux-kbuild@vger.kernel.org>;
	Sat, 18 Jun 2016 11:14:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=chromium.org; s=google;
	h=date:from:to:cc:subject:message-id:mime-version:content-disposition;
	bh=uW3iN0GqvRT44tJrpSy+/Ao928ZrKazk8ws+8KHtUEU=;
	b=aAbjsSSN2mGM/SDr9DAaWoLNkMOMrrWon4o/gUjkKUi1xm4p2KBol5cwYIDx9Rlwph
	SX0I1H9Ph6kxvtnLjC7SzYow41a/BiCbhfKGLKPtlYQSoYXi6rUoS8ntWPz3SySZXQyw
	5wlsD4U2KXnMJrbiR1gKMdBhtMLdbShlHzQPQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
	:content-disposition;
	bh=uW3iN0GqvRT44tJrpSy+/Ao928ZrKazk8ws+8KHtUEU=;
	b=kFnhaesOf2LM81izm0/kGrf51I4G7id7Ldfh/4nPqjjDpuUsnsfgN/SEUoH2M3USeV
	V1Ppq1Pw7r+ycexnlA6vNRYVPPWy2O+n2uiZh264GslqpAftOrspPyT2EBhgv6gxclwW
	q5B9p0fAo0GrSWVnlg/EkGXQN9UCos4on32Om6N4BcYuFQ9BZQXjglAgiW5Q9XJhxiAQ
	C8ayjw/pTK+zfQMw1CL37xk6Csb7/Nr+5OiNKSYUdcyVJmh+asiAp0PdIWwpTMJ96X9R
	MsZNt/yQZVpkM48htWKHPTMoUCTjxNBMinRk7YDu1oV0lSWDtoija4ABTT3VpwegJg2F
	N1wg==
X-Gm-Message-State: 
 ALyK8tJzpo6JnlAJTRguYjQYHvJo+Dy5lU1K3Ztz8DOQsOa18qtBg0r7tPq9P4O9KEiy5lMN
X-Received: by 10.98.104.68 with SMTP id d65mr10331044pfc.34.1466273678753;
	Sat, 18 Jun 2016 11:14:38 -0700 (PDT)
Received: from www.outflux.net
	(173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133])
	by smtp.gmail.com with ESMTPSA id
	c78sm76721868pfk.11.2016.06.18.11.14.37
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sat, 18 Jun 2016 11:14:38 -0700 (PDT)
Date: Sat, 18 Jun 2016 11:14:37 -0700
From: Kees Cook <keescook@chromium.org>
To: Emese Revfy <re.emese@gmail.com>
Cc: Michal Marek <mmarek@suse.com>, linux-kbuild@vger.kernel.org,
	kernel-hardening@lists.openwall.com
Subject: [RFC][PATCH] gcc-plugins: abort builds cleanly when not supported
Message-ID: <20160618181437.GA2633@www.outflux.net>
MIME-Version: 1.0
Content-Disposition: inline
Sender: linux-kbuild-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kbuild.vger.kernel.org>
X-Mailing-List: linux-kbuild@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

When the compiler doesn't support gcc plugins (either due to missing
headers or too old a version), report the problem and abort the build
instead of emitting a warning and letting the build founder with arcane
compiler errors.

Signed-off-by: Kees Cook <keescook@chromium.org>
---
I think this greatly improves the failure case when trying to use the
gcc plugin infrastructure. Emese, what do you think of this?
---
 Makefile                     |  7 -------
 scripts/Makefile.gcc-plugins | 34 +++++++++++++++++++++++++---------
 scripts/gcc-plugin.sh        | 14 ++++++++++++++
 3 files changed, 39 insertions(+), 16 deletions(-)

diff --git a/Makefile b/Makefile
index ab124a0e5e0d..5c61a7155d50 100644
--- a/Makefile
+++ b/Makefile
@@ -633,13 +633,6 @@ endif
 # Tell gcc to never replace conditional load with a non-conditional one
 KBUILD_CFLAGS	+= $(call cc-option,--param=allow-store-data-races=0)
 
-PHONY += gcc-plugins
-gcc-plugins: scripts_basic
-ifdef CONFIG_GCC_PLUGINS
-	$(Q)$(MAKE) $(build)=scripts/gcc-plugins
-endif
-	@:
-
 include scripts/Makefile.gcc-plugins
 
 ifdef CONFIG_READABLE_ASM
diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
index cd7902ccd119..61fc4bbe0c21 100644
--- a/scripts/Makefile.gcc-plugins
+++ b/scripts/Makefile.gcc-plugins
@@ -29,21 +29,37 @@ ifdef CONFIG_GCC_PLUGINS
 
   export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGIN SANCOV_PLUGIN DISABLE_LATENT_ENTROPY_PLUGIN
 
+  ifneq ($(PLUGINCC),)
+    # SANCOV_PLUGIN can be only in CFLAGS_KCOV because avoid duplication.
+    GCC_PLUGINS_CFLAGS := $(filter-out $(SANCOV_PLUGIN), $(GCC_PLUGINS_CFLAGS))
+  endif
+
+  KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
+  GCC_PLUGIN := $(gcc-plugin-y)
+endif
+
+# If plugins aren't supported, abort the build before hard-to-read compiler
+# errors start getting spewed by the main build.
+PHONY += gcc-plugins-check
+gcc-plugins-check: FORCE
+ifdef CONFIG_GCC_PLUGINS
   ifeq ($(PLUGINCC),)
     ifneq ($(GCC_PLUGINS_CFLAGS),)
       ifeq ($(call cc-ifversion, -ge, 0405, y), y)
-        PLUGINCC := $(shell $(CONFIG_SHELL) -x $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)")
-        $(warning warning: your gcc installation does not support plugins, perhaps the necessary headers are missing?)
+	$(Q)$(srctree)/scripts/gcc-plugin.sh --show-error "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)" || true
+	@echo "Cannot use CONFIG_GCC_PLUGINS: your gcc installation does not support plugins, perhaps the necessary headers are missing?" >&2 && exit 1
       else
-        $(warning warning: your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least)
+	@echo "Cannot use CONFIG_GCC_PLUGINS: your gcc version does not support plugins, you should upgrade it to at least gcc 4.5" >&2 && exit 1
       endif
     endif
-  else
-    # SANCOV_PLUGIN can be only in CFLAGS_KCOV because avoid duplication.
-    GCC_PLUGINS_CFLAGS := $(filter-out $(SANCOV_PLUGIN), $(GCC_PLUGINS_CFLAGS))
   endif
+endif
+	@:
 
-  KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
-  GCC_PLUGIN := $(gcc-plugin-y)
-
+# Actually do the build, if requested.
+PHONY += gcc-plugins
+gcc-plugins: scripts_basic gcc-plugins-check
+ifdef CONFIG_GCC_PLUGINS
+	$(Q)$(MAKE) $(build)=scripts/gcc-plugins
 endif
+	@:
diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
index fb9207565471..b65224bfb847 100755
--- a/scripts/gcc-plugin.sh
+++ b/scripts/gcc-plugin.sh
@@ -1,5 +1,12 @@
 #!/bin/sh
 srctree=$(dirname "$0")
+
+SHOW_ERROR=
+if [ "$1" = "--show-error" ] ; then
+	SHOW_ERROR=1
+	shift || true
+fi
+
 gccplugins_dir=$($3 -print-file-name=plugin)
 plugincc=$($1 -E -x c++ - -o /dev/null -I"${srctree}"/gcc-plugins -I"${gccplugins_dir}"/include 2>&1 <<EOF
 #include "gcc-common.h"
@@ -13,6 +20,9 @@ EOF
 
 if [ $? -ne 0 ]
 then
+	if [ -n "$SHOW_ERROR" ] ; then
+		echo "${plugincc}" >&2
+	fi
 	exit 1
 fi
 
@@ -48,4 +58,8 @@ then
 	echo "$2"
 	exit 0
 fi
+
+if [ -n "$SHOW_ERROR" ] ; then
+	echo "${plugincc}" >&2
+fi
 exit 1