Masahiro Yamada 9c6b7fbbd7 fortify: use if_changed_dep to record header dependency in *.cmd files
After building with CONFIG_FORTIFY_SOURCE=y, many .*.d files are left
in lib/test_fortify/ because the compiler outputs header dependencies
into *.d without fixdep being invoked.

When compiling C files, if_changed_dep should be used so that the
auto-generated header dependencies are recorded in .*.cmd files.

Currently, if_changed is incorrectly used, and only two headers are
hard-coded in lib/Makefile.

In the previous patch version, the kbuild test robot detected new errors
on GCC 7.

GCC 7 or older does not produce test.d with the following test code:

 $ echo 'void b(void) __attribute__((__error__(""))); void a(void) { b(); }' |
   gcc -Wp,-MMD,test.d -c -o /dev/null -x c -

Perhaps, this was a bug that existed in older GCC versions.

Skip the tests for GCC<=7 for now, as this will be eventually solved
when we bump the minimal supported GCC version.

Link: https://lore.kernel.org/oe-kbuild-all/CAK7LNARmJcyyzL-jVJfBPi3W684LTDmuhMf1koF0TXoCpKTmcw@mail.gmail.com/T/#m13771bf78ae21adff22efc4d310c973fb4bcaf67
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Link: https://lore.kernel.org/r/20240727150302.1823750-4-masahiroy@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>
2024-08-15 09:26:02 -07:00

29 lines
973 B
Makefile

# SPDX-License-Identifier: GPL-2.0
ccflags-y := $(call cc-disable-warning,fortify-source)
quiet_cmd_test_fortify = TEST $@
cmd_test_fortify = $(CONFIG_SHELL) $(src)/test_fortify.sh \
$< $@ "$(NM)" $(CC) $(c_flags) -DKBUILD_EXTRA_WARN1
$(obj)/%.log: $(src)/%.c $(src)/test_fortify.sh FORCE
$(call if_changed_dep,test_fortify)
logs = $(patsubst $(src)/%.c, %.log, $(wildcard $(src)/*-*.c))
targets += $(logs)
quiet_cmd_gen_fortify_log = CAT $@
cmd_gen_fortify_log = cat $(or $(real-prereqs),/dev/null) > $@
$(obj)/test_fortify.log: $(addprefix $(obj)/, $(logs)) FORCE
$(call if_changed,gen_fortify_log)
# GCC<=7 does not always produce *.d files.
# Run the tests only for GCC>=8 or Clang.
always-$(call gcc-min-version, 80000) += test_fortify.log
always-$(CONFIG_CC_IS_CLANG) += test_fortify.log
# Some architectures define __NO_FORTIFY if __SANITIZE_ADDRESS__ is undefined.
# Pass CFLAGS_KASAN to avoid warnings.
KASAN_SANITIZE := y