Received: by 10.223.185.116 with SMTP id b49csp1424239wrg;
        Sun, 11 Feb 2018 11:40:16 -0800 (PST)
X-Google-Smtp-Source: AH8x226RXDTRrkug0CG19YBUD5XM7cbrZEDYVh3H3WsRMVgph4TiYPA8xk6vn/xMJ7wsSuA+0SD6
X-Received: by 2002:a17:902:a711:: with SMTP id w17-v6mr8432845plq.299.1518378016194;
        Sun, 11 Feb 2018 11:40:16 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518378016; cv=none;
        d=google.com; s=arc-20160816;
        b=JVk1MN3KFKddYOSGQE5MDjJrUqrr8DikXHXFpoxEuVPgtCqNpu02IGtuCikfIQbBQN
         jw6FzcJhUIvRS+kp4VkpD+FLwWvfDpTPouM3JCjM/YoubU2aESkxiWY1jQ+5RqDmipD4
         et8YJ9+HUxwTirdi4Wa3otxY3D0GS2xy5zMmKuwtl1gjBXKvTWB3eJ2Ba+YhyMbmx45F
         CCwr+jrNDIMxbPaatfoTp51beKn1a8ANFisYS5LbOjZxzTdSEyVFKLEECzZxLpDPU2Sf
         qImBpDCIPt/YFEA8qOkhahLHnMEEG9jl1Pn01WTPJDuJ6J0x/xQeryjREUVYkTqr1WM9
         FbRw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=/i+RKqONT3lyEA2YIUKrvO0Mmxw4EwcmYGIJPfMV0lQ=;
        b=XbzTyyOn/spR/7ppSpFm/+IJVNOqfctJ7si+quAR2Ne1LGwTjRF9HOs3My3Amxf0Pe
         b/hRsjVFRDCjxjm33gej6tcXuDCD1qyt9oT7gH2rw6bGmbLm8U1hK61tTPV4Jf6Wl71e
         Yu3B3K2iocnRRvcvbKkt+zEsGDUf+85ZqPSp9hafNFs8WXhQRpw1fELr7UeKJQF/3YkI
         qlF6EBULe9CXOC0N+dIuPRsCX3vUMJqNU4OPJIEm2nw7MWnvzRdS5A2FL7SIVWICpsOP
         a/CMcUJpOP19ZImcZTpKYq7kQo+4hRSdXKFPw9/zopORsyQTKb6Oli2Hxxu+RWpXkSEb
         1S8g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=t1g2nRfy;
       dkim=fail header.i=@chromium.org header.s=google header.b=YgbyvKQq;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r62si877161pgr.77.2018.02.11.11.40.02;
        Sun, 11 Feb 2018 11:40:16 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=t1g2nRfy;
       dkim=fail header.i=@chromium.org header.s=google header.b=YgbyvKQq;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932091AbeBKTjQ (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Sun, 11 Feb 2018 14:39:16 -0500
Received: from mail-vk0-f66.google.com ([209.85.213.66]:47096 "EHLO
        mail-vk0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753714AbeBKTjO (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 11 Feb 2018 14:39:14 -0500
Received: by mail-vk0-f66.google.com with SMTP id e125so7713515vkh.13
        for <linux-kernel@vger.kernel.org>; Sun, 11 Feb 2018 11:39:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=/i+RKqONT3lyEA2YIUKrvO0Mmxw4EwcmYGIJPfMV0lQ=;
        b=t1g2nRfy0sO9KySxvgDxwtTdI6PjToVYbxGd6YJ/GgaHVyUSkA1awSQbnn7za6BM6G
         8sb+OxBYOF6pCPAIu8vZEzDJW4Y/IHWMetpBU8K3iiqMHLeXbYt8kbgqqhY2LdNjWEj+
         mL1z3VODeDyOvn+XRF0d2c2y68avQxNA1ni2CfL4MCM5jDsnvxVhV3cPQEe7jHIQVgIT
         IHweDtW3xVuM4woljtuhy0PDwl3dFyrRIa83P1EUgm508oKinNS7x7o6gyyHASbi4FC6
         bd6cC4sHOy0Uxha3/0GMh3fIV7PSb6Be48JJ3w3uxJO5I6tX7PaECujiaRrotjC5w1S6
         TZsg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=/i+RKqONT3lyEA2YIUKrvO0Mmxw4EwcmYGIJPfMV0lQ=;
        b=YgbyvKQqxu2ZJtFQtECK2wWXNlgZBG39dOpz6PsSd3HnRDRggGrKtkRqffBDyG0vGU
         LvnJkxYdjP4wywDM8l0j6SvHzIKeJwFHt+J+bfhfOMcrz0yO0Sz4koobFdfVSRodKBtY
         j1OTYFVB2Krqo/9mzCfM83QqRGVlkwi4P61pM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=/i+RKqONT3lyEA2YIUKrvO0Mmxw4EwcmYGIJPfMV0lQ=;
        b=JJUlq2/952b3vB9rDpXwonHVNyBGPqmUCQjj3wGv1TuyO+8Xn8ojLI8H7WtiZmPtcY
         xTLxg6YXhxewOEIFzL+RPSzeSlOSgm+G3hxhkR7scLbf9xc+YDPldikbX+BFgn1a0b9V
         t6ufGkMgArmznTv6jAWwkS6q7GmFH8VsAU+Zt7FG7DO/Kub+zqXf8w+PmAOazf1R8KCm
         P0Jfmx82TrokCEDwoII6Tn13c0wZ/e5iNqYn+7DSNsK5S3YBKpVIMrKG9kGIPgmyA6rc
         tKux7vQ82cA+G2x7+i/M6Eqi8yWaK3vxlytGRizGUvSmkWZcK4IRDlDJdMptRE2f9aiU
         wNQw==
X-Gm-Message-State: APf1xPDf8F0BoNiHZs2uZ+OfacWViDfUbn27H6xlnITRuvoEXJRD/KSn
        reJmU7dOA3dqvwq7tY7hnTqLxLmoE1InWzQ0/t4zMQ==
X-Received: by 10.31.164.69 with SMTP id n66mr8526005vke.49.1518377952933;
 Sun, 11 Feb 2018 11:39:12 -0800 (PST)
MIME-Version: 1.0
Received: by 10.31.67.196 with HTTP; Sun, 11 Feb 2018 11:39:11 -0800 (PST)
In-Reply-To: <CA+55aFz3gUKQMr-X-b=ytLPX0AjGUaXNtLSUQ0_xZwZuDU33RQ@mail.gmail.com>
References: <20180210054843.z3g7wvcmlccvww3h@huvuddator> <CAK7LNARHmAF2SxBcc1aUEH5MMzUo_furLevqy7QzGxqNRHYiyQ@mail.gmail.com>
 <20180210074924.3nhxsza5zdbaahxx@huvuddator> <20180210080556.mycqsjhxbaguwhay@huvuddator>
 <20180210085519.737ckf4bcl57h4g2@huvuddator> <CAGXu5jKQgxxC2RQL0dxLKFVED2v-LiWKjtXY3DDpfwAXbnxM4Q@mail.gmail.com>
 <CA+55aFz-SJ970iqDsR8-Ke4z6WvB4n9RXAeen8pG=+YJWubETw@mail.gmail.com>
 <CAGXu5jLo0iuMsH89vj3nr8sv+1YvXfXgoPeBdxHwZm5i=DWoOA@mail.gmail.com>
 <CA+55aFxdx3FYE6YGifRR=BSG9QzXwgThj5z7RmV5P5+RpNXSiQ@mail.gmail.com>
 <CA+55aFyPyYyG-riaBQU5cGp_sC=r8mf9Mg6L=DUEH6EyQfWYwA@mail.gmail.com>
 <20180211103432.pf2ot6nd7nbhdhsy@huvuddator> <CAGXu5jLtFcvbazxUvL_=6uT+a8m0JQEB7v0OE41Z-PMoX_fWpA@mail.gmail.com>
 <CA+55aFz3gUKQMr-X-b=ytLPX0AjGUaXNtLSUQ0_xZwZuDU33RQ@mail.gmail.com>
From:   Kees Cook <keescook@chromium.org>
Date:   Sun, 11 Feb 2018 11:39:11 -0800
X-Google-Sender-Auth: zvFgY3QNCIaVA82DSk0fpFjJHuo
Message-ID: <CAGXu5jLV-i5OAbXMQiJC-idXB+XrxMCC+RigQ+4R6eZWqn4rgg@mail.gmail.com>
Subject: Re: [RFC PATCH 4/7] kconfig: support new special property shell=
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     Ulf Magnusson <ulfalizer@gmail.com>,
        Masahiro Yamada <yamada.masahiro@socionext.com>,
        Linux Kbuild mailing list <linux-kbuild@vger.kernel.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Nicolas Pitre <nicolas.pitre@linaro.org>,
        "Luis R . Rodriguez" <mcgrof@suse.com>,
        Randy Dunlap <rdunlap@infradead.org>,
        Sam Ravnborg <sam@ravnborg.org>,
        Michal Marek <michal.lkml@markovi.net>,
        Martin Schwidefsky <schwidefsky@de.ibm.com>,
        Pavel Machek <pavel@ucw.cz>,
        linux-s390 <linux-s390@vger.kernel.org>,
        Jiri Kosina <jkosina@suse.cz>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Tejun Heo <tj@kernel.org>, Ingo Molnar <mingo@kernel.org>,
        "Van De Ven, Arjan" <arjan.van.de.ven@intel.com>,
        Arnd Bergmann <arnd@arndb.de>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Feb 11, 2018 at 10:13 AM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Sun, Feb 11, 2018 at 9:56 AM, Kees Cook <keescook@chromium.org> wrote:
>>
>>>     - How common are those broken compilers?
>>
>> I *thought* it was rare (i.e. gcc 4.2) but while working on ..._AUTO I
>> found breakage in akpm's 4.4 gcc, and all of Arnd's gccs due to some
>> very strange misconfiguration between the gcc build environment and
>> other options. So, it turns out this is unfortunately common. The good
>> news is that it does NOT appear to happen with most distro compilers,
>> though I've seen Android's compiler regress the global vs %gs at least
>> once about a year ago.
>
> Hmm. Ok, so it's not *that* common, and won't affect normal people.
>
> That actually sounds like we could just
>
>  (a) make gcc 4.5 be the minimum required version

I love bumping minimum for so many reason more than just stack protector. :)

>  (b) actually error out if we find a bad compiler

This made akpm and Arnd very very grumpy as it regressed their builds.
That's why I had to deal with the condition very carefully for _AUTO.

> Upgrading the minimum required gcc version to 4.5 is pretty much going
> to happen _anyway_, because we're starting to rely on "asm goto" for
> avoiding speculation.
>
> End result: maybe we can make the configuration phase just use the
> standard "does gcc support this flag" logic, and then just have a
> separate script that is run to validate that gcc doesn't generate
> garbage, and error out loudly if it does.

While it was entirely done in Makefile before, this is what we have
now (except no build failure in _AUTO mode). I think it'd be great to
push as much as possible into Kconfig, though.

One difference between what we have now and this proposal is that
right now, "best available option" detection includes the output test,
which means if you have a broken compiler you get a warning but the
build proceeds with "none" selected. If we only do flag detection,
then the build will fail during the make since the output is bad
(instead of fixing the flag to "none" and just warning).

-Kees

-- 
Kees Cook
Pixel Security