randstruct: Force full rebuild when seed changes

While the randstruct GCC plugin was being rebuilt if the randstruct seed
changed, Clang builds did not notice the change. This could result in
differing struct layouts in a target depending on when it was built.

Include the existing generated header file in compiler-version.h when
its associated feature name, RANDSTRUCT, is defined. This will be picked
up by fixdep and force rebuilds where needed.

Link: https://lore.kernel.org/r/20250503184623.2572355-2-kees@kernel.org
Reviewed-by: Nicolas Schier <n.schier@avm.de>
Tested-by: Nicolas Schier <n.schier@avm.de>
Signed-off-by: Kees Cook <kees@kernel.org>

diff --git a/include/linux/compiler-version.h b/include/linux/compiler-version.h
index 5dba398a94129e099bda81ba79bdb45a08ac630c..4b9d39b3765033aae05dcc8b7f9f5c0fe524bc5a 100644 (file)
--- a/include/linux/compiler-version.h
+++ b/include/linux/compiler-version.h
@@ -23,3 +23,12 @@
 #ifdef GCC_PLUGINS
 #include <generated/gcc-plugins.h>
 #endif
+
+/*
+ * If the randstruct seed itself changes (whether for GCC plugins or
+ * Clang), the entire tree needs to be rebuilt since the randomization of
+ * structures may change between compilation units if not.
+ */
+#ifdef RANDSTRUCT
+#include <generated/randstruct_hash.h>
+#endif

diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h
index 939ceabcaf06f3739929b19ce4c3f20aec6a950e..335c360d4f9b94d73cd91e57c27466514323cbd6 100644 (file)
--- a/include/linux/vermagic.h
+++ b/include/linux/vermagic.h
@@ -33,7 +33,6 @@
 #define MODULE_VERMAGIC_MODVERSIONS ""
 #endif
 #ifdef RANDSTRUCT
-#include <generated/randstruct_hash.h>
 #define MODULE_RANDSTRUCT "RANDSTRUCT_" RANDSTRUCT_HASHED_SEED
 #else
 #define MODULE_RANDSTRUCT