Received: by 10.223.185.116 with SMTP id b49csp2398007wrg; Mon, 12 Feb 2018 08:56:31 -0800 (PST) X-Google-Smtp-Source: AH8x227PCxyqXqSlfd4PM9SC4faduZi62VMYvnl4DVuLNDbZWeTi0i2YGqmcA8Zx8RVyDBYLmbSn X-Received: by 10.101.80.202 with SMTP id s10mr9695544pgp.226.1518454591570; Mon, 12 Feb 2018 08:56:31 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518454591; cv=none; d=google.com; s=arc-20160816; b=Rugh6mfZR0yUpbTYQsLCeCLcfc0bfgoz0ucpBUDGhYY+wfLOIkV54Mn/GOCgOOS/lm puc2Xfol2esuRBZOv9PjPW2Jr7gztOtHi+8AyB/EMx/h17I9dTYOgvRuyfo2Qa+YEBfR tYaSZH67SuM9rAp7ELwGKxXfukMpDQF3frqb0OowiUHaP26RxSclhcoQN8oP9GoKjGLD D4UvMCUh0w4dSAaMDWwENhG5hYCkS9sC1Q/QjKcIuE3+SgcShKuSbVJyR5/JQT4UUBrb l5L/BuxQnOxj16R77C0BM6TWSeu1OH07kxoMfA5tzicEgIMiVRVT7UHdGjTZCXkJ97Ln shtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=jNjH+0bCywzYDbmL3NfqGFJxr56/eFgUZcOPy0gRptc=; b=z9Hn4f8pPFv7kKpc2TjLNEcdJ0qkzTgwKHexHmh5RadqlL/7H7PauK9NGlrC7i5lak MynmLFLDdc2qoDiQobMctS9w0bCWhVSqtpjQnF02nd59gHtS50aKYmtYsBzpIEydcy+W lVJeedKV1zhoOE5X82EeF0vMlNFIVTDtDOgyuYHCPgMc3Nd+N7fvMREm5rj/CEz9GFMm PNHq0t5G2IRVXqeETkYkcqN/rlheykjYgP8oggjPhf5gsC/5M6JonNn3yrM34JM/OgnZ LHfH/nEI9UultXqGQiwohv+6S2ZdZemZVmdubIbM/dVl782R63iRjAwWmys+vpGg+LO0 ip0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=Dstnh2Cf; dkim=fail header.i=@chromium.org header.s=google header.b=LFywC+Bn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y38-v6si824187plh.448.2018.02.12.08.56.16; Mon, 12 Feb 2018 08:56:31 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=Dstnh2Cf; dkim=fail header.i=@chromium.org header.s=google header.b=LFywC+Bn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752836AbeBLPYu (ORCPT + 99 others); Mon, 12 Feb 2018 10:24:50 -0500 Received: from mail-ua0-f180.google.com ([209.85.217.180]:43617 "EHLO mail-ua0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752667AbeBLPYr (ORCPT ); Mon, 12 Feb 2018 10:24:47 -0500 Received: by mail-ua0-f180.google.com with SMTP id i5so9638017uai.10 for ; Mon, 12 Feb 2018 07:24:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=jNjH+0bCywzYDbmL3NfqGFJxr56/eFgUZcOPy0gRptc=; b=Dstnh2CfLlyXgvdTU7QQsyl1ve0duBFPIgFe+QBASy+ONgWRFwRD88G1kx6QXw3rcG OBVkDkjocoPEO8yE8UrBotqmsEhqp/p4IaiD6q9nZQ9JvQk76rdlwJ259+gf2UjBV8G6 5Qf0RNdfOuBKAxF5PwvP2e19NKFAl4SU+EFsHpq21VST/2sqMdg7VMrJpVNF/bLJoQPt IYlblqOxVGbbbFc63x5LiBy7l1t+5oQPRrIL2aGxgknA0kPyTxyJEyLHdHe0j7oVA58E +9Qougpml7i0NiTV4ilyZqWjqtvSexjhuhndVJ7a6XLYpyoFB4jObfG26m2SU3RbxbLo IgPw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=jNjH+0bCywzYDbmL3NfqGFJxr56/eFgUZcOPy0gRptc=; b=LFywC+BnNXU9uLa0ZPBrl6LEyawL1x/PYgiPQrBkydpoRIBcjxpBC88sJ/jyAHYUvj ibJ/5hJ8aaIOqXG+PAeckEKMnO5KBXs0P4ZwZxml+woTwc9Jzeg3ZUlvUAM8sEuvUrkm NTmCO5cqUDXI7aozoagMUj/BAi/WAzOXJMjiA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=jNjH+0bCywzYDbmL3NfqGFJxr56/eFgUZcOPy0gRptc=; b=ArXtuDnP759Hjj0a6J8cm7YTS5XRKIjqSSxouBjUV8a91ZXL5u0JPnf7sRi+Ldbttm T7f71NprmSteMcMxlfl1Ch/PVzir2Kg9Fsl7AEx5HEdx5sgO94G7qKSsFYHltQ7DRIR+ YMPNrGbdbhf0Zg3gygdK6L4HGBxc67u7QxaX/O4kcS3tVrbhM+3WhtTmZTYTroxGmo0y 2vywC/ESTZsOHwBKbIW8aIVfNS8xPcn2czQGYRlCYz3mrx/2o3PEEsE+eGeSk9Yyz3P/ bjIW50FOLX0sUDIKOwHp1EUyGoELDAHo3q4hs4o8lNhlTC4kpo1j9zS504MRF1e39vYH nn6w== X-Gm-Message-State: APf1xPBFJxgxa2sjzL9kjQ/J4a9pjZZu/Lhcz2LKr3Sr8SuDpkxbQQ0w aq5lKfOclqJN+mSsxZ1AKPfO8hH5uFbLa8dfsF9DTw== X-Received: by 10.159.35.15 with SMTP id 15mr12201030uae.130.1518449086612; Mon, 12 Feb 2018 07:24:46 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.67.196 with HTTP; Mon, 12 Feb 2018 07:24:45 -0800 (PST) In-Reply-To: References: <20180210054843.z3g7wvcmlccvww3h@huvuddator> <20180210074924.3nhxsza5zdbaahxx@huvuddator> <20180210080556.mycqsjhxbaguwhay@huvuddator> <20180210085519.737ckf4bcl57h4g2@huvuddator> <20180211103432.pf2ot6nd7nbhdhsy@huvuddator> From: Kees Cook Date: Mon, 12 Feb 2018 07:24:45 -0800 X-Google-Sender-Auth: b98M03QUeohin780wbQyPAZH_Oo Message-ID: Subject: Re: [RFC PATCH 4/7] kconfig: support new special property shell= To: Masahiro Yamada Cc: Ulf Magnusson , Linus Torvalds , Linux Kbuild mailing list , Greg Kroah-Hartman , Andrew Morton , Nicolas Pitre , "Luis R . Rodriguez" , Randy Dunlap , Sam Ravnborg , Michal Marek , Martin Schwidefsky , Pavel Machek , linux-s390 , Jiri Kosina , Linux Kernel Mailing List , Tejun Heo , Ingo Molnar , "Van De Ven, Arjan" , Arnd Bergmann Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 12, 2018 at 6:39 AM, Masahiro Yamada wrote: > 2018-02-12 2:56 GMT+09:00 Kees Cook : >> I think it would work to skip KBUILD_CPPFLAGS right up until it >> didn't. Since we have the arch split, we can already add -m32 to the >> 32-bit case, etc. However, I worry about interaction with other >> selected build options. For example, while retpoline doesn't interact >> stack-protector, it's easy to imagine things that might. I want to be sure I clarify: I'm not aware of any negative interaction between stack-protector and other options at present. I was just trying to think of an illustrative example. I do know we're about to get some per-architecture stack protector options (e.g. arm64 using a per-process canary instead of global), but I *think* that can be handled in the new Kconfig too. > One ugly solution could be > to add one more CC_HAS_ for the combination of the two ? Yeah, that seems reasonable, but it's a fix after the fact. I guess we'll have to see. >> (And in thinking about this, does Kconfig know the true $CC in use? >> i.e. the configured cross compiler, etc?) > > I was thinking of removing CONFIG_CROSS_COMPILE. > > A user can dynamically change CROSS_COMPILE from > "make menuconfig". Most builds I've seen implement cross compilers as an environment variable during all "make" invocations. > If we continue to support this, $CC changes > according to CONFIG_CROSS_COMPILE. > Then, compiler flags must be re-evaluated > every time a user changes a compiler in use. > It will introduce much more complexity. Right now, this is just handled in the Makefile: all the right variables exist, etc. -Kees -- Kees Cook Pixel Security