Received: by 10.223.185.116 with SMTP id b49csp1016497wrg; Sun, 11 Feb 2018 02:36:13 -0800 (PST) X-Google-Smtp-Source: AH8x226hfWkPJQRfNq/Q5o/p8ha2muLAdw/7DgyZy/Q2ZnfPk/NZ1lGecACFNnlzIpx9O1kls1dX X-Received: by 2002:a17:902:b189:: with SMTP id s9-v6mr7695449plr.243.1518345373543; Sun, 11 Feb 2018 02:36:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518345373; cv=none; d=google.com; s=arc-20160816; b=GCekBIlTbomsQ5vgIa/fNMMYNoTXeSqEhMaOER1mMZNdWofnig1auuIBdJMbHXO2A7 ycploB0hd3aAdelQEvxSW42/pj6riOoTMzj9OJcKZ4b7KGs1s4uVOaXLt4Dcwd1+sAjN 5Av7ySIRBH6WYHXKbVRsul5BSGjyNfHlWid5ecSdsERD7a77lyRjNBgInRLAe3k2mtMb mgaNNFU4VriIB8/YtXlh7FAceyk3WC1V2i6HN1fjMsYbJesKUukZMP8HlVwjW5DltWrY nWvzGYU8bvHbOHPF6XMLSuk//26mDCL751PRI98VFOLoGEsoW7OCo48JDgTNQxJkPOyH frpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=w4a1Gn+Yz8PiwgsdQslKe1qr5OdJ+FKFvbtgyuCqcwo=; b=ITfidkJCWjcIIyoVv7x0zQPf+51qSqH4ClnAc3HmUa72xC37nfcNdK55Nq2wJhgdwY SfAuJph2NR2O8MWnzKjxEklX8lj1txdIknupyAAFL+Ia7CXcZnXAnDjbDQva4ST9qPhQ j1CETg3rM4Seaik3gm9IzJkoMIjcsh/8Bt33hk9Zx/FqK6hEfXaAaRjq8u7+X1CtHwYc /hrMFPN6F5NipPTkGaKcHhC3K+RA8VW4CzpC797WMrG4bvIMzplwf2OQDrzS4DRfX49N XbR0rLtfGA5h1QBW/HJcLNBVHchOlVFoyiVuNW3H3wMxuNTnn0n6zyOJ63T5Glc9M5r8 1/CA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=jhxU81cc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p19-v6si4360898plo.199.2018.02.11.02.35.48; Sun, 11 Feb 2018 02:36:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=jhxU81cc; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752828AbeBKKev (ORCPT + 99 others); Sun, 11 Feb 2018 05:34:51 -0500 Received: from mail-lf0-f65.google.com ([209.85.215.65]:43623 "EHLO mail-lf0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752288AbeBKKes (ORCPT ); Sun, 11 Feb 2018 05:34:48 -0500 Received: by mail-lf0-f65.google.com with SMTP id u3so1148053lff.10; Sun, 11 Feb 2018 02:34:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=w4a1Gn+Yz8PiwgsdQslKe1qr5OdJ+FKFvbtgyuCqcwo=; b=jhxU81ccDkg3o66Am2r1VCBRK/R976ZBlPnSBTMLJvlwg7FaRou5NNSuoHthXkzbTG k31TxdE9KFW6Knb2tRGrHjGRKo8bb/DdmX8nri4ZWfF9wsCK7RhezH9TwR4K09GjKUHJ yDAUjttx68XuVbpNfP5U0BuCo3ZoQpv/LspEIteNsKNr0wwU0QsjkeGUeAXNPfGLyl2o 0iSvoJCKEBsB5OIkPIhkcebiRRYbck2Ywt73AMH3x2AdB9M8UdsJH54xO4UzLLu7XBv1 4O+K5Gqdd4NyUkQi7udN8jc3H4nLiYWvP5UvAvedHmpuX1041FrzH8q7NJBCVSJy5Q5i 2yCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=w4a1Gn+Yz8PiwgsdQslKe1qr5OdJ+FKFvbtgyuCqcwo=; b=RlErqorJCoVeoy93+1GBX+x7LYF6ocSpGV+8K4BTXNe5rKwo6kXIArkKQa84B9sPI9 T8Qur8DQ15Xa8Kqrwqsi2qL0RLaCUU3jzjAc/byuYc5PlXXutjtU4X34O+eQggWHvKHc r3aZoUVr7fpjDAGuLtSj131duf2rkTnzo6gAhXNrZ2qjxXEObj58dktMr4HgepipdfNt PEbLTENySGWrcodp6MsM7unS+AMZgFvRqpABIzfo9W0sQdKrYbelbkMgp9Xi0vWENzvZ JxTK5U5kj7JDcx1NLv6PQr3LFjQGs7idl3NGlmCpKrJlbktsWfifJJlqPAEe6h2Sxs42 shYA== X-Gm-Message-State: APf1xPC8Kkh9Vu2G8dZfp0w7E6nfxc2cYvUZf5xKajMdx1gZ/Y4p51QU e2svT21DTP+QGfS7d8Ebe6w= X-Received: by 10.25.39.136 with SMTP id n130mr5858635lfn.67.1518345286860; Sun, 11 Feb 2018 02:34:46 -0800 (PST) Received: from huvuddator (ua-213-113-106-221.cust.bredbandsbolaget.se. [213.113.106.221]) by smtp.gmail.com with ESMTPSA id r74sm251420ljr.42.2018.02.11.02.34.45 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 11 Feb 2018 02:34:46 -0800 (PST) Date: Sun, 11 Feb 2018 11:34:32 +0100 From: Ulf Magnusson To: Linus Torvalds Cc: Kees Cook , Masahiro Yamada , Linux Kbuild mailing list , Greg Kroah-Hartman , Andrew Morton , Nicolas Pitre , "Luis R . Rodriguez" , Randy Dunlap , Sam Ravnborg , Michal Marek , Martin Schwidefsky , Pavel Machek , linux-s390 , Jiri Kosina , Linux Kernel Mailing List , tj@kernel.org, mingo@kernel.org, arjan.van.de.ven@intel.com Subject: Re: [RFC PATCH 4/7] kconfig: support new special property shell= Message-ID: <20180211103432.pf2ot6nd7nbhdhsy@huvuddator> References: <20180210054843.z3g7wvcmlccvww3h@huvuddator> <20180210074924.3nhxsza5zdbaahxx@huvuddator> <20180210080556.mycqsjhxbaguwhay@huvuddator> <20180210085519.737ckf4bcl57h4g2@huvuddator> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170609 (1.8.3) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Looks to me like there's a few unrelated issues here: 1. The stack protector support test scripts Worthwhile IMO if they (*in practice*) prevent hard-to-debug build errors or a subtly broken kernel from being built. A few questions: - How do things fail with a broken stack protector implementation? - How common are those broken compilers? - Do you really need to pass $(KBUILD_CPPFLAGS) when testing for breakage, or would a simpler static test work in practice? I don't know how messy it would be to get $(KBUILD_CPPFLAGS) into Kconfig, but should make sure it's actually needed in any case. The scripts are already split up as scripts/gcc-$(SRCARCH)_$(BITS)-has-stack-protector.sh by the way, though only gcc-x86_32-has-stack-protector.sh and gcc-x86_64-has-stack-protector.sh exist. - How old do you need to go with GCC for -fno-stack-protector to give an error (i.e., for not even the option to be recognized)? Is it still warranted to test for it? Adding some CCs who worked on the stack protector test scripts. And yeah, I was assuming that needing support scripts would be rare, and that you'd usually just check whether gcc accepts the flag. When you Google "gcc broken stack protector", the top hits about are about the scripts/gcc-x86_64-has-stack-protector.sh script in the kernel throwing a false positive by the way (fixed in 82031ea29e45 ("scripts/has-stack-protector: add -fno-PIE")). 2. Whether to hide the Kconfig stack protector alternatives or always show them Or equivalently, whether to automatically fall back on other stack protector alternatives (including no stack protector) if the one specified in the .config isn't available. I'll let you battle this one out. In any case, as a user, I'd want a super-clear message telling me what to change if the build breaks because of missing stack protector support. 3. Whether to implement CC_STACKPROTECTOR_AUTO in Kconfig or the Makefiles I'd just go with whatever is simplest here. I don't find the Kconfig version too bad, but I'm already very familiar with Kconfig, so it's harder for me to tell how it looks to other people. I'd add some comments to explain the idea in the final version. @Kees: I was assuming that the Makefiles would error out with a message if none of the CC_STACKPROTECTOR_* variables are set, in addition to the Kconfig warning. You could offload part of that check to Kconfig with something like config CHOSEN_CC_STACKPROTECTOR_AVAILABLE def_bool CC_STACKPROTECTOR_STRONG || \ CC_STACKPROTECTOR_REGULAR || \ CC_STACKPROTECTOR_NONE CHOSEN_STACKPROTECTOR_AVAILABLE could then be checked in the Makefile. It has the advantage of making the constraint clear in the Kconfig file at least. You could add some kind of assert feature to Kconfig too, but IMO it's not warranted purely for one-offs like this at least. That's details though. I'd want to explain it with a comment in any case if we go with something like this, since it's slightly kludgy and subtle (CC_STACKPROTECTOR_{STRONG,REGULAR,NONE} form a kind of choice, only you can't express it like that directly, since it's derived from other symbols). Here's an overview of the current Kconfig layout by the way, assuming the old no-fallback behavior and CC_STACKPROTECTOR_AUTO being implemented in Kconfig: # Feature tests CC_HAS_STACKPROTECTOR_STRONG CC_HAS_STACKPROTECTOR_REGULAR CC_HAS_STACKPROTECTOR_NONE # User request WANT_CC_STACKPROTECTOR_AUTO WANT_CC_STACKPROTECTOR_STRONG WANT_CC_STACKPROTECTOR_REGULAR WANT_CC_STACKPROTECTOR_NONE # The actual "output" to the Makefiles CC_STACKPROTECTOR_STRONG CC_STACKPROTECTOR_REGULAR CC_STACKPROTECTOR_NONE # Some possible output "nicities" CHOSEN_CC_STACKPROTECTOR_AVAILABLE CC_OPT_STACKPROTECTOR Does anyone have objections to the naming or other things? I saw some references to "Santa's wish list" in messages of commits that dealt with other variables named WANT_*, though I didn't look into those cases. ;) Cheers, Ulf