Received: by 10.223.185.116 with SMTP id b49csp790912wrg; Sat, 10 Feb 2018 20:14:29 -0800 (PST) X-Google-Smtp-Source: AH8x224X7iKsY+HhMvMqw95H2CVlHDwWkstYyF9LAJa2a2naZbss1cFusuQFB3XuLuGm3IEa/G7f X-Received: by 10.101.69.9 with SMTP id n9mr6426699pgq.317.1518322469228; Sat, 10 Feb 2018 20:14:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518322469; cv=none; d=google.com; s=arc-20160816; b=VxEVditGLBPWL8mwB8GYHloatp1X1eZQIZsm9C9B6kjx922vnYikg4aifPUTe4BoFG ZLHfmNp2uw+b6J9t5QOImgmMBS2rPa2QjBCgxF5ZpDM+3YTTwkt57xdCkXqAtjkl7lon 2/MZguH0ZYODvwBGDzrXSR3+JL0X7qNROBhXz48QMEVdrqR1yEF37n0HrfAIlcyt5AT2 hA4KltDiLR1nc8YN0MwKbh0sJMEj9oohVRK73i4EZ9fgRfZUwJawf7uOgdmotyOR6MOn K7vpDA4h3AzMW7s8cjZgqKQ0QOdNA2bfCsMyGLCRrUNE+y4s50p0eRXLJnBGg7tDwDec ceiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=tt2fl4STXrycFCTz1f54CtueFBYWfmGnIXA5RhQDmdw=; b=kcXkIRXNp36y7HEqs8lcJaHHPi/eBJHOq1XfanZ1jgRhcgZwcbbPyBzYMQQnW+LENu TcoqzuG+485sLdWDMkNUyD/L5uu5SLJjQGE4E5GkPnV88X6Ebw+dHlHFfOU59IQDekfY kXeQkIRFHzstv0gUXEqQ6EcL1z+Rp0sbWFqiNtQBGpWHSpvQH5JlKGpFZwPD+49yzbEv yiItObO46UMzuvjmKTnfXQyC6Wx3dMHhJNrvY6xHrtcEu2cFVDUmBGnlM85lCeY5l7rH bFbro1Ux9MvCaKI+SBlxUfqTE04/rI2lueBZ0A4C8LtCMmrKxLpnWhB0Pe4Hg+ZZaJMh GSMg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=wTzxREYT; dkim=fail header.i=@chromium.org header.s=google header.b=hRKQ4jW4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r3-v6si3962263plo.432.2018.02.10.20.14.14; Sat, 10 Feb 2018 20:14:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=wTzxREYT; dkim=fail header.i=@chromium.org header.s=google header.b=hRKQ4jW4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752547AbeBKENf (ORCPT + 99 others); Sat, 10 Feb 2018 23:13:35 -0500 Received: from mail-vk0-f66.google.com ([209.85.213.66]:35358 "EHLO mail-vk0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752401AbeBKENc (ORCPT ); Sat, 10 Feb 2018 23:13:32 -0500 Received: by mail-vk0-f66.google.com with SMTP id n132so7097961vke.2 for ; Sat, 10 Feb 2018 20:13:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=tt2fl4STXrycFCTz1f54CtueFBYWfmGnIXA5RhQDmdw=; b=wTzxREYTrAMYuWS/EcJCzwClbx4nnG6sWRAHtsdWvvJbkzDYj2cHgSFhbRD3TX5ZZ0 OD+7HMM8vWuPPs+Z94OqYQefuXPzUetKOBGsm0WZgTyCJEy4G8KukXiCUbZ8tyRyyGTf ifkNtkkN6dZqQwe95iCDsr0MDBp8VNY6U/fx3BAh1LTeYMuVBWnIJwsIDAV0pmn9dHi+ T8C2Cerb6Cu0Gvff5HQFbitQT3E98VnTEqHoBnR96FaOVoGG3KwiE+uwDGE2qSYzyPM2 ZecX6vMEBTuMM99IJLsS7GS1oU0KH28o0Iewx9N+t9ts2k2K0rzPoW780z8rVuEf9rBS d7uA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=tt2fl4STXrycFCTz1f54CtueFBYWfmGnIXA5RhQDmdw=; b=hRKQ4jW44DiPPZmbJ0RO+gCJm3fNwokJekuDUPTXSRh7hyQ7KS6H1enHxgXPhhU7fe sST3Y8lH+u5+p+6UPLaPHoGBAAzl5EPvwlzlG8RcattBBbwZMXR/dVHbvA8TRohnsd3R 90WxxZ846T0eYXt2hzzyqVb496lHGQ3kvfyv4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=tt2fl4STXrycFCTz1f54CtueFBYWfmGnIXA5RhQDmdw=; b=AygTV5fz5XH5KHVMO23h4ZUE5ZiySIgUh9G/la8AmuZlZDXThqfnfmr69uAlGrwfV+ s5h1oguKEFTkR4JL165BjvzodlwlQiWpmj3EYvtb3EO7PLrn5HdQWst5T9r/ndMRq0MW h8zAcj9XBYHQcSznB4NnYpuoKqv9Uu65SMuTItxwF1rTrkn7TIh32VnGwFmHCfGrnanz 9W/njb5Guel9z/O4eO4Z24U5cafuwEWWUvAELWklgn9R5uLej8TazDO9BW0RSyV5n0HQ mNBgDcs6in+JoZGL24YnjZXw8sJd4soGQBRXznHjra/V9GHuNDsgx7lKTrn+lFNzKFB/ 5ayQ== X-Gm-Message-State: APf1xPAecdSXOs5v7UGnVZiGLggtfYoZSzZ/+87ZmUUzc9MFi9HKQYc1 XNxakJlpw5ytw8x37MeKrv+jx+eDcg8cHCAWaftc1Q== X-Received: by 10.31.201.133 with SMTP id z127mr7397872vkf.129.1518322411602; Sat, 10 Feb 2018 20:13:31 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.67.196 with HTTP; Sat, 10 Feb 2018 20:13:31 -0800 (PST) In-Reply-To: References: <1518106752-29228-1-git-send-email-yamada.masahiro@socionext.com> <1518106752-29228-5-git-send-email-yamada.masahiro@socionext.com> <20180209053038.pscoijvowmyudyzf@huvuddator> <20180209124607.akjhncb5sempjqcn@huvuddator> <20180210054843.z3g7wvcmlccvww3h@huvuddator> <20180210074924.3nhxsza5zdbaahxx@huvuddator> <20180210080556.mycqsjhxbaguwhay@huvuddator> <20180210085519.737ckf4bcl57h4g2@huvuddator> From: Kees Cook Date: Sat, 10 Feb 2018 20:13:31 -0800 X-Google-Sender-Auth: 8dt-4L-uGjdi2deRluHP5gyPg08 Message-ID: Subject: Re: [RFC PATCH 4/7] kconfig: support new special property shell= To: Linus Torvalds Cc: Ulf Magnusson , Masahiro Yamada , Linux Kbuild mailing list , Greg Kroah-Hartman , Andrew Morton , Nicolas Pitre , "Luis R . Rodriguez" , Randy Dunlap , Sam Ravnborg , Michal Marek , Martin Schwidefsky , Pavel Machek , linux-s390 , Jiri Kosina , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Feb 10, 2018 at 12:08 PM, Linus Torvalds wrote: > On Sat, Feb 10, 2018 at 11:23 AM, Kees Cook wrote: >> >> So, if this could do something like this: >> >> config CC_HAS_STACKPROTECTOR_STRONG >> bool >> option >> shell="scripts/gcc-${ARCH}_${BITS}-has-stack-protector.sh $CC >> $KBUILD_CPPFLAGS" > > Guys, this is not that important. > > Don't make some stupid script for stackprotector. If the user doesn't > have a gcc that supports -fstackprotector-*, then don't show the > options. It matters NOT ONE WHIT whether that then means that > stackprotector will be off by default later. What? Maybe you're misunderstanding the script? This script already exists: $ ls scripts/gcc-x86_* scripts/gcc-x86_32-has-stack-protector.sh scripts/gcc-x86_64-has-stack-protector.sh It's been there since the very beginning when Arjan added it to validate that the compiler actually produces a stack protector when you give it -fstack-protector. Older gccs broke this entirely, more recent misconfigurations (as seen with some of Arnd's local gcc builds) did similar, and there have been regressions in some versions where gcc's x86 support flipped to the global canary instead of the %gs-offset canary. > Seriously. This is classic "Kees thinks that _his_ code is so > important that everybody should get the value _he_ cares about". I care about the kernel build informing people about what's gone wrong as early as possible instead of producing an unbootable image that takes forever to debug. -Kees -- Kees Cook Pixel Security