[kernel-hardening] Re: [PATCH 1/3] GCC plugin infrastructure

[Michal Marek <mmarek@suse.com>]

Dne 7.2.2016 v 22:28 Emese Revfy napsal(a):
> This patch allows to build the whole kernel with GCC plugins. It was ported from
> grsecurity/PaX. The infrastructure supports building out-of-tree modules and
> building in a separate directory. Cross-compilation is supported too but
> currently only the x86 architecture enables plugins.
> 
> The directory of the gcc plugins is tools/gcc. You can use a file or a directory
> there. The plugins compile with these options:
>  * -fno-rtti: gcc is compiled with this option so the plugins must use it too
>  * -fno-exceptions: this is inherited from gcc too
>  * -fasynchronous-unwind-tables: this is inherited from gcc too
>  * -ggdb: it is useful for debugging a plugin (better backtrace on internal
>     errors)
>  * -Wno-narrowing: to suppress warnings from gcc headers (ipa-utils.h)
>  * -Wno-unused-variable: to suppress warnings from gcc headers (gcc_version
>     variable, plugin-version.h)
> 
> The infrastructure introduces a new Makefile target called gcc-plugins. It
> supports all gcc versions from 4.5 to 6.0. The scripts/gcc-plugin.sh script
> chooses the proper host compiler (gcc-4.7 can be built by either gcc or g++).
> This script also checks the availability of the included headers in
> tools/gcc/gcc-common.h.
> 
> The gcc-common.h header contains frequently included headers for GCC plugins
> and it has a compatibility layer for the supported gcc versions.

The changelog is missing an explanation as to why this needs to be part
of the kernel build system. To me it looks like building the kernel with
a modified build system and non-default compiler flags, which can be
achieved by doing make CC=my-gcc-wrapper or somesuch. But I'd love to be
corrected.

Michal