Received: by 10.213.65.68 with SMTP id h4csp2729213imn; Mon, 9 Apr 2018 08:08:21 -0700 (PDT) X-Google-Smtp-Source: AIpwx490T2MW5nq12tQHGmnN0+lxu0M2+DyYjw8fmglxl74CPithasX0p1c9SDcvKv5CtbTDQBaz X-Received: by 10.99.123.71 with SMTP id k7mr13781299pgn.245.1523286501552; Mon, 09 Apr 2018 08:08:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523286501; cv=none; d=google.com; s=arc-20160816; b=fkjqzHZVjUHwuHXIMrGzGT1wSva7EnRTpDqgK/gBkWf0ThIVE6g52xbTWcmi/HQtTJ hSIEalb1x5+F/Jx6aBZNrh1M08gqVYyEpzHeNz94fl68u8jBRHfKafx7GymRqzCWMuMV M5AJmBhNsFWS9+tZ1OoyCQKYcTi/JjlXym9FtFKn28vKyuWodeC6CxsrWCDM3sf52GTB MCsH4OpYJScmb3ZSzq2ux+jJMkysaUeJLEEYe+4x76qVxQUTIxuTEBKh8Bb8S/mzQ89M +EuRCJBNLxC01hlxtxouWZjQWgrKZu+Ticf53Js+7Pv7XX10m5M+ti3Gqc3cDpZ8oBxl azpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=77YXMQK9DdG/tVbRQqp07MOUqB48aXTrFTiHxGZJmz0=; b=1KJMiQPvMecV4xBBTTpLMQ95lvbGH0OERbLjjoW4j/JIuoDup059eXReb5A6GCidGZ 6ftQ5oElA6ZAkeVnbEVY1GwcoftpQkabzk5wyFxkeau+hHaqpcsOu/TS627hI9x9yEcF UphlTIgnwqJV5U32Lp+yRpiRuRHPu/R5N4Nlrh0HeTSOWdbCgwlTr0M+NgTkAH8nFlkq Y9gWqBXPVMpMHPQr7aSyYztdhsD2JFB24lWDJRrCf3aH/WJyDKWuR/Fp5BQ18pDocdnb g0nCBgMywS8olkS8BEfFtzEcJ5hFsVOIRajEw/PrsInjy4lKd8NCADG5g/q8FEca+iUq BDvQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=L72H5QhI; dkim=fail header.i=@chromium.org header.s=google header.b=NO99rhSe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c3-v6si513924pls.123.2018.04.09.08.07.42; Mon, 09 Apr 2018 08:08:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=L72H5QhI; dkim=fail header.i=@chromium.org header.s=google header.b=NO99rhSe; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753131AbeDIPEU (ORCPT + 99 others); Mon, 9 Apr 2018 11:04:20 -0400 Received: from mail-vk0-f67.google.com ([209.85.213.67]:46077 "EHLO mail-vk0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753089AbeDIPES (ORCPT ); Mon, 9 Apr 2018 11:04:18 -0400 Received: by mail-vk0-f67.google.com with SMTP id n64so4940704vkf.12 for ; Mon, 09 Apr 2018 08:04:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=77YXMQK9DdG/tVbRQqp07MOUqB48aXTrFTiHxGZJmz0=; b=L72H5QhIzPiR5WEjdj+NffQhySME+R4jeCrGNsn5fx9CycrXgeDHRsdTNGyP+2flhx 1a6mlvdMQjX7U4TQC5hy2svOqWmPEqO0HkxvNrUSltBf7pmq7MC73ir3yiKshvaxzfpt WQyoojsXh1o82+imdce46d8DW1NeitcC+2b2manRLgoYoV6eRmmw/9+uUoBD65vi/19O 7FGPftQHA44JffhrKmb7CeZEtSTEVaSfqw+QeVSncTavMy7C8jyicLXfZVhyqvhpCoGP Sd3SMW86EvenrOIZfwVzqelFHNd46cxdXDFOf+BcH1L/yGKKvsSBzLPMYDD2XpAFhTah 5omw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=77YXMQK9DdG/tVbRQqp07MOUqB48aXTrFTiHxGZJmz0=; b=NO99rhSe8QAnyAoACQLBL/HGSv4MW8glAw05gYYSzvHgE8a9UIxtHB2/QbvYGBJcqy z6pWjCLwmg2/rIem+/Xxl1nMTf5TU6xXI2uIJHWeAQKWoci6lK9mHJcTaIHOE++DcKgh b7GhhOj23mXQHl5nTQjBeUtZOTuLLCyu/npaY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=77YXMQK9DdG/tVbRQqp07MOUqB48aXTrFTiHxGZJmz0=; b=jYRreHg8odPHtt0vGp8tiFrpMCLgkQXuEKHoH5re2F2TzLUB/O6qacGq1HDyfRH0cM Qo3YQ5+Lc2TTpEbMhkqmxDNSbDS7SAAMn0cBzf1Xo8eDvVo+oBc/JS7jqCuq2x2ivwVF uVB5x3eTCR2wEx2hnTfmtYF0WW0SK9pLb7UEkrUoX+vYQg8NDK65WDELjAvc40UnZclf BEBf3WTvnQvg7ud853bZ3CQolujbbObgD40S2atyfr1gtR4M2owXUle7nt4q5H+K0CFs Foq5JetaL0ZHBAtaj8IaZSAGm4hM//TGtmIKYqNZBv5BzMO2V/OO8+A/QwATTrlTmd9r nBRg== X-Gm-Message-State: ALQs6tAj1cMHl/vC6/+eWwvFeQC1HpVd7KGmAffUvtPXUJwbzu6duTRp o+T7lC0bZQUsSYDtlBf8WKYd3RVhh5ar18TxYQA2KA== X-Received: by 10.31.65.11 with SMTP id o11mr23636207vka.149.1523286257005; Mon, 09 Apr 2018 08:04:17 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.164.81 with HTTP; Mon, 9 Apr 2018 08:04:16 -0700 (PDT) In-Reply-To: References: <1522128575-5326-1-git-send-email-yamada.masahiro@socionext.com> <1522128575-5326-12-git-send-email-yamada.masahiro@socionext.com> From: Kees Cook Date: Mon, 9 Apr 2018 08:04:16 -0700 X-Google-Sender-Auth: UEfeTvrda6rIDiUEj1m3vsuRCxw Message-ID: Subject: Re: [PATCH v2 11/21] stack-protector: test compiler capability in Kconfig and drop AUTO mode To: Masahiro Yamada Cc: linux-kbuild , Sam Ravnborg , Linus Torvalds , Arnd Bergmann , Ulf Magnusson , Thomas Gleixner , Greg Kroah-Hartman , Randy Dunlap , "Luis R . Rodriguez" , Nicolas Pitre , LKML , Ingo Molnar Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 9, 2018 at 1:54 AM, Masahiro Yamada wrote: > 2018-03-28 20:18 GMT+09:00 Kees Cook : >> On Mon, Mar 26, 2018 at 10:29 PM, Masahiro Yamada >> wrote: >>> diff --git a/arch/Kconfig b/arch/Kconfig >>> index 8e0d665..b42378d 100644 >>> --- a/arch/Kconfig >>> +++ b/arch/Kconfig >>> @@ -535,13 +535,13 @@ config HAVE_CC_STACKPROTECTOR >>> bool >>> help >>> An arch should select this symbol if: >>> - - its compiler supports the -fstack-protector option >> >> Please leave this note: it's still valid. An arch must still have >> compiler support for this to be sensible. >> > > No. > > "its compiler supports the -fstack-protector option" > is tested by $(cc-option -fstack-protector) > > ARCH does not need to know the GCC support level. That's not correct: if you enable stack protector for a kernel architecture that doesn't having it enabled, it's unlikely for the resulting kernel to boot. An architecture must handle the changes that the compiler introduces when adding -fstack-protector (for example, having the stack protector canary value defined, having the failure function defined, handling context switches changing canaries, etc). -Kees -- Kees Cook Pixel Security