Received: by 10.223.185.116 with SMTP id b49csp1498455wrg; Sun, 11 Feb 2018 13:36:05 -0800 (PST) X-Google-Smtp-Source: AH8x224GxFncgJ+BgnLQJQfg6LEetraqrd/I1/80rBT58bv9XjgAxe5Mrhb1hrXGCPwKD9woxkuj X-Received: by 10.101.96.141 with SMTP id t13mr7689509pgu.58.1518384965612; Sun, 11 Feb 2018 13:36:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518384965; cv=none; d=google.com; s=arc-20160816; b=laGrhDK2ZcJk34kT0U8LO+cxXZZUVqg54FiBoPUadIpm9bzm+MEYPUohO4pEziKDHQ sdI2Pd5AeJLEnB/ezMUqqjHzeMbil8j8t0JpBN/djdoWnrciTiduT8OsN2hG+FrbNO+b XbMeXwT9ws6w7B3RFgocsLVGdiDLgjDkr9/H5kPYqempaukrxLjTk09pm3TPHWXDBEc4 YDA8G/pu83LT5xlT5195eX3GDmWcL7lfsMkTz4ols096PwKxXM2IejEsn4x8P8rympmb KSdr/Gdtcr2ngLJwdTWQ6/8pT+hou4hPBagV+lD3A2UJWDnAnH/OVtLJB782/BdDdTS/ bnVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=9Xil5mkrbBlRwwFZpQFq39sMtgl4Sq+t3KGoIatlZmM=; b=ffIdSXcmcw3Xq0ztJHgkoFS70k1lto/29U/VK7BRei45BBaJSb38o24Lya6TkeP+ev kxLL0gSCXT1Ys774GxiQRy4Cc46ND2UQG7ZjgAS/HhaOxD+xIHUkM7qxIFn27QBrKA92 tJwzu3VM8BvsXgXXLePc+sjUa6+SsuwicgnBvqf3HiJY/qwk40fuYmTONBaN7eJE3dJu DAERytgm014KnJxE7g6Dcgw6tURpvbVPtzdoqSHmt4cZaCz5kMjbSS7ZAdKH0Aj8FcYn EUYc8VHa209xoHckhy/rM+nYgrr9vQaJ96jVKJq4ePFHBDszCLjpVj/cnMjAnacrH4LB 9aLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ZPsjN1L/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a61-v6si4918589plc.593.2018.02.11.13.35.50; Sun, 11 Feb 2018 13:36:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=ZPsjN1L/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753802AbeBKVfM (ORCPT + 99 others); Sun, 11 Feb 2018 16:35:12 -0500 Received: from mail-vk0-f47.google.com ([209.85.213.47]:46563 "EHLO mail-vk0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753752AbeBKVfJ (ORCPT ); Sun, 11 Feb 2018 16:35:09 -0500 Received: by mail-vk0-f47.google.com with SMTP id e125so7799968vkh.13; Sun, 11 Feb 2018 13:35:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=9Xil5mkrbBlRwwFZpQFq39sMtgl4Sq+t3KGoIatlZmM=; b=ZPsjN1L/e8sHAMfU5UKrUUD4AJIcuqNhEwDiklJcCGomLL2lQOYgOs1Wo/w9+vODf4 fEEeLxkJL2Xud0QrvyUcM/O7rBhbLG34eaJvegjNYqhTdhcdPho+50XMndI3v67m5kNk VbFAX8+APL12lwad68burmegpPL9lSa9zFMBglOs1GikeN2aA7S6XAX/NGbqSkHToe9m /nE1tdzMt/uAVRfwpUyBJ9v0jF5phqYkBgYklXAIFThhMiHMfRNSYI55XMMPkouPMrfO PwUtePehwMQfLHQ7GZ8ZleSIX7Iy1ByPx+sj7T+JnipaOBa9C4ni1DnTkvWpL5RNUfP+ mqtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=9Xil5mkrbBlRwwFZpQFq39sMtgl4Sq+t3KGoIatlZmM=; b=Iv2+Y0wDDU2pPZvtJT90UFXXclIvGX4af+SkGbUR4FLnBSzoT4SjgnYja+HrstLGXK NnhQV+v6GB1zQPMo0oF14VKPJB7Fp8ATc/Rg0g64zkaBvwO4GpZydBc0T9hUhXXaSgNE GRad7mGOdboQCob5CEACPZpY3a4OiJZxwMvrQ6KO0rtm/CevDk9qG9AQqZqwSDv7youF b87g6fpfsbknT6hsJz2V3D84Wm1S+QhSAI6v0UGURa8lb9DnLRSLyA4jfZi9S6gsGXHK MkX1bET5SvJeI7gWCZeNNCoODzVrrEwQIBtxqcoyQT12w7qR8XbsGDjtEAbY69HTgJtj 4wew== X-Gm-Message-State: APf1xPD+mqY4lDFybzMM8yoWHbBD1gu/q9v8JBGtEV50hoZZaMJ4e56G 0JbTyj+tSf3DNJzzXDoVfgZAhZm/e2wPzLIMgW4= X-Received: by 10.31.248.8 with SMTP id w8mr9169054vkh.78.1518384908994; Sun, 11 Feb 2018 13:35:08 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.70.21 with HTTP; Sun, 11 Feb 2018 13:35:08 -0800 (PST) In-Reply-To: References: <20180210054843.z3g7wvcmlccvww3h@huvuddator> <20180210074924.3nhxsza5zdbaahxx@huvuddator> <20180210080556.mycqsjhxbaguwhay@huvuddator> <20180210085519.737ckf4bcl57h4g2@huvuddator> <20180211103432.pf2ot6nd7nbhdhsy@huvuddator> From: Ulf Magnusson Date: Sun, 11 Feb 2018 22:35:08 +0100 Message-ID: Subject: Re: [RFC PATCH 4/7] kconfig: support new special property shell= To: Kees Cook Cc: Linus Torvalds , Masahiro Yamada , Linux Kbuild mailing list , Greg Kroah-Hartman , Andrew Morton , Nicolas Pitre , "Luis R . Rodriguez" , Randy Dunlap , Sam Ravnborg , Michal Marek , Martin Schwidefsky , Pavel Machek , linux-s390 , Jiri Kosina , Linux Kernel Mailing List , Tejun Heo , Ingo Molnar , "Van De Ven, Arjan" , Arnd Bergmann Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Feb 11, 2018 at 10:05 PM, Kees Cook wrote: > On Sun, Feb 11, 2018 at 10:34 AM, Ulf Magnusson wrote: >> On Sun, Feb 11, 2018 at 6:56 PM, Kees Cook wrote: >>> Old? That's not the case. The check for -fno-stack-protector will >>> likely be needed forever, as some distro compilers enable >>> stack-protector by default. So when someone wants to explicitly build >>> without stack-protector (or if the compiler's stack-protector is >>> detected as broken), we must force it off for the kernel build. >> >> What I meant is whether it makes sense to test if the >> -fno-stack-protector option is supported. Can we reasonably assume >> that passing -fno-stack-protector to the compiler won't cause an >> error? > > That isn't something I've tested; but I can check if it's useful. If it gets rid of a pointless test and symbol, I think it's useful, so that would be nice. :) >> Is it possible to build GCC with no "no stack protector" support? Do >> we need to support any compilers that would choke on the >> -fno-stack-protector flag itself? >> >> If we can reasonably assume that passing -fno-stack-protector is safe, >> then CC_HAS_STACKPROTECTOR_NONE isn't needed. > > Well, there are two situations: > > - does the user want to build _without_ stack protector? (which is > something some people want to do, no matter what I think of it) > > - did _AUTO discover that stack protector output is broken? > > In both cases, we need to pass -fno-stack-protector in case the distro > compiler was built with stack protector enabled by default. Yup, that's already the way it would work. Currently, there's also a test for whether the compiler supports -fno-stack-protector. It's that one that I suspect we might be able to get rid of. Cheers, Ulf "should merge replies"