Received: by 10.223.185.116 with SMTP id b49csp1480624wrg;
        Sun, 11 Feb 2018 13:07:03 -0800 (PST)
X-Google-Smtp-Source: AH8x2248JNwlf6FSqqMyNz7EogTl6mri+voWPS0LNZ7fMBc/bG4Ff8H503lDyLjME+3Pe6uPjqqX
X-Received: by 10.99.185.78 with SMTP id v14mr7836350pgo.112.1518383222926;
        Sun, 11 Feb 2018 13:07:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1518383222; cv=none;
        d=google.com; s=arc-20160816;
        b=o1oGneKkv/lTzhdDyP1xH9jJdut7Vs6wdSVGBp4LFa4w2w93BlNssmvYOzCqD8B+Tk
         BJK45Z3347P+sbvK0kkkaDm0uXmZZdAQfOEQOnHdhgv5T3GSCicF/MD7XCm/wHm/2DhR
         q/xWHAYkQYLFFSajHEUATCHSweMZKuARL8SKDoaKYACMJM4+hsGZPadfhBV5anQ3JbZq
         PiVkt99mxsLTBPM0F7p1vK9OON7YZqwuO3ePoPQxE4agr0z1EekvQ3v54FwnsnvHyA7w
         vSA66cM1UqeN1YY0tWIzM4O0mdt5fXBlmRoO/0EmGdVZe0kD42gbFZ13sMhGqEjeJR7i
         Tkog==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=xEZYFJfWMeyLjQ+SPWeG9EROa1ufZJVUhvybPTZ85iA=;
        b=X4ZQSRIyLdj84P8WUVUNAja2387xtHeUYbqlKZzqB4qRAEk5k274b2LxegvOQwnn3a
         j8ocskqPtZqjzzqhUFZd7gXsKqowmeh8ZseO/pkH93a31GtkQQYjLvSD93ycqOccmXHD
         5zKIVjkirLSc1gqhfuS3BT/YeHQPEFmZbKpkwRICA7szPHpjlLsl9w69m+T8lBZwBV76
         /t+q6U43eaL8XwsAkVhlfcdnHQ1uM8h7gazS8dVPRL51LDzLY/Of5UJuBFwHPyucHmQV
         m4yb/9mqZANrII+NkmaEY5t2HypsxSlBtXBtPbocLNR0S7dre8/6PmH49pv51UQk1oTv
         MsUA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=cn+04PTi;
       dkim=fail header.i=@chromium.org header.s=google header.b=dwewu+BI;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q188si46527pga.444.2018.02.11.13.06.48;
        Sun, 11 Feb 2018 13:07:02 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=cn+04PTi;
       dkim=fail header.i=@chromium.org header.s=google header.b=dwewu+BI;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932181AbeBKVFR (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Sun, 11 Feb 2018 16:05:17 -0500
Received: from mail-vk0-f44.google.com ([209.85.213.44]:41640 "EHLO
        mail-vk0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753689AbeBKVFP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 11 Feb 2018 16:05:15 -0500
Received: by mail-vk0-f44.google.com with SMTP id g186so7777350vkd.8
        for <linux-kernel@vger.kernel.org>; Sun, 11 Feb 2018 13:05:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=xEZYFJfWMeyLjQ+SPWeG9EROa1ufZJVUhvybPTZ85iA=;
        b=cn+04PTiaabl+rPxQkeRxU2xjnCXNIb1u9hix4pI6jkMdCWCqh6SdPeDqT1I2VvOXT
         dyaKu/NhrgP4PakrMU3/G/Pbl+Ytd9MRGMwHgJl16oxc4+Y5JSjE8bQyHvtWkpPg1XRc
         xF1Ejw843rk/1NDiEehssa+T8xCKlngoeRKVw6mZyyjDXbxPKNy/Vg4plL2G8VfcC6mA
         cRdPPMbMTWNr06nKoMnAAZWP4UJSqK08Dp4V9C8/6lx8jAV7xhAh1k7eBEVzkkHarD2x
         xjeAOiPJCEDOgVW2Qjnv/r1lVpQqTXxo0SgvSSbyGYWSdEBZArRmtveyDWTb62hHwIBr
         ym5g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=xEZYFJfWMeyLjQ+SPWeG9EROa1ufZJVUhvybPTZ85iA=;
        b=dwewu+BIir9TaV1zcpuEhmDNBTKe8/sPsicHWlb1T9J1pnUR/eZjBuBJkdd125+dN7
         NPbz5iAQg1VauR721L1EzNc5dAtG/Wvc5MpGQOvEgaoAHCqJj5sf3+PeHy/BTKvYhXAB
         bR3NBsPaROWkPRht4CHVB45wZdRuMJi3T6djg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=xEZYFJfWMeyLjQ+SPWeG9EROa1ufZJVUhvybPTZ85iA=;
        b=UctEIsbhFgYAxOwy+hG4Sm0g+E4rT5mHd7G6t0Sto6/Gc9zSxHQVhDC/5TN/7ReiL7
         9QCozOoupUIKHEmXJ2LJFSduzHPzvpWxN7/wi7OtCJyhCrKoTLU7M5puaDvNlMN3V8su
         GERZTQP5nx0BfJR1LADes2Ea4GFww+3z3QYngE7iYWsO3fYFbBDNUhT44lMuMHigrycf
         xrWkQPpaZHILBP9VEQyRcXvUDQUsVpBXt2sosByt2An/PcbLAaN03nBAVzGFeSXfk0ru
         b88CQJBd7TEUNtcpqSdiuGcdnrmCzdirCdDUzBfyM6dm90ERBd2PCqACsECBH4QNT8lk
         xC4Q==
X-Gm-Message-State: APf1xPD02mqSqGu4V+dJHvM+vVr6KDRLHQlH7b2Ps6sEAExZkg3MJOOc
        hJ5U6RsJIbyN3PBIeEqNa9f/akw5a17gI4pnwDad1Q==
X-Received: by 10.31.204.131 with SMTP id c125mr3835995vkg.127.1518383114008;
 Sun, 11 Feb 2018 13:05:14 -0800 (PST)
MIME-Version: 1.0
Received: by 10.31.67.196 with HTTP; Sun, 11 Feb 2018 13:05:12 -0800 (PST)
In-Reply-To: <CAFkk2KRAjA80Y74Nahf2Nk_5yOucoa1y2Xp54F2k-Hv0xgTAFg@mail.gmail.com>
References: <20180210054843.z3g7wvcmlccvww3h@huvuddator> <CAK7LNARHmAF2SxBcc1aUEH5MMzUo_furLevqy7QzGxqNRHYiyQ@mail.gmail.com>
 <20180210074924.3nhxsza5zdbaahxx@huvuddator> <20180210080556.mycqsjhxbaguwhay@huvuddator>
 <20180210085519.737ckf4bcl57h4g2@huvuddator> <CAGXu5jKQgxxC2RQL0dxLKFVED2v-LiWKjtXY3DDpfwAXbnxM4Q@mail.gmail.com>
 <CA+55aFz-SJ970iqDsR8-Ke4z6WvB4n9RXAeen8pG=+YJWubETw@mail.gmail.com>
 <CAGXu5jLo0iuMsH89vj3nr8sv+1YvXfXgoPeBdxHwZm5i=DWoOA@mail.gmail.com>
 <CA+55aFxdx3FYE6YGifRR=BSG9QzXwgThj5z7RmV5P5+RpNXSiQ@mail.gmail.com>
 <CA+55aFyPyYyG-riaBQU5cGp_sC=r8mf9Mg6L=DUEH6EyQfWYwA@mail.gmail.com>
 <20180211103432.pf2ot6nd7nbhdhsy@huvuddator> <CAGXu5jLtFcvbazxUvL_=6uT+a8m0JQEB7v0OE41Z-PMoX_fWpA@mail.gmail.com>
 <CAFkk2KRAjA80Y74Nahf2Nk_5yOucoa1y2Xp54F2k-Hv0xgTAFg@mail.gmail.com>
From:   Kees Cook <keescook@chromium.org>
Date:   Sun, 11 Feb 2018 13:05:12 -0800
X-Google-Sender-Auth: AZz1zB_JckftYhNmmyT3m2gz5wQ
Message-ID: <CAGXu5jLnho=kMVwZgV0rEs=brt2OZZrxEcYCK=8kt5kLbraZwQ@mail.gmail.com>
Subject: Re: [RFC PATCH 4/7] kconfig: support new special property shell=
To:     Ulf Magnusson <ulfalizer@gmail.com>
Cc:     Linus Torvalds <torvalds@linux-foundation.org>,
        Masahiro Yamada <yamada.masahiro@socionext.com>,
        Linux Kbuild mailing list <linux-kbuild@vger.kernel.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Nicolas Pitre <nicolas.pitre@linaro.org>,
        "Luis R . Rodriguez" <mcgrof@suse.com>,
        Randy Dunlap <rdunlap@infradead.org>,
        Sam Ravnborg <sam@ravnborg.org>,
        Michal Marek <michal.lkml@markovi.net>,
        Martin Schwidefsky <schwidefsky@de.ibm.com>,
        Pavel Machek <pavel@ucw.cz>,
        linux-s390 <linux-s390@vger.kernel.org>,
        Jiri Kosina <jkosina@suse.cz>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Tejun Heo <tj@kernel.org>, Ingo Molnar <mingo@kernel.org>,
        "Van De Ven, Arjan" <arjan.van.de.ven@intel.com>,
        Arnd Bergmann <arnd@arndb.de>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Feb 11, 2018 at 10:34 AM, Ulf Magnusson <ulfalizer@gmail.com> wrote:
> On Sun, Feb 11, 2018 at 6:56 PM, Kees Cook <keescook@chromium.org> wrote:
>> Old? That's not the case. The check for -fno-stack-protector will
>> likely be needed forever, as some distro compilers enable
>> stack-protector by default. So when someone wants to explicitly build
>> without stack-protector (or if the compiler's stack-protector is
>> detected as broken), we must force it off for the kernel build.
>
> What I meant is whether it makes sense to test if the
> -fno-stack-protector option is supported. Can we reasonably assume
> that passing -fno-stack-protector to the compiler won't cause an
> error?

That isn't something I've tested; but I can check if it's useful.

> Is it possible to build GCC with no "no stack protector" support? Do
> we need to support any compilers that would choke on the
> -fno-stack-protector flag itself?
>
> If we can reasonably assume that passing -fno-stack-protector is safe,
> then CC_HAS_STACKPROTECTOR_NONE isn't needed.

Well, there are two situations:

- does the user want to build _without_ stack protector? (which is
something some people want to do, no matter what I think of it)

- did _AUTO discover that stack protector output is broken?

In both cases, we need to pass -fno-stack-protector in case the distro
compiler was built with stack protector enabled by default.

-Kees

-- 
Kees Cook
Pixel Security