Received: by 10.213.65.68 with SMTP id h4csp3374871imn; Mon, 9 Apr 2018 20:20:18 -0700 (PDT) X-Google-Smtp-Source: AIpwx48Z0+hXorffXrXXMoQnPHxgVoS5bbVCsIL7OahFwk8Oj5VaspaW0MYBr2GtNK9ZN0ipFSBs X-Received: by 10.98.155.137 with SMTP id e9mr1245906pfk.109.1523330417958; Mon, 09 Apr 2018 20:20:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523330417; cv=none; d=google.com; s=arc-20160816; b=Rs4XKTUUvsUjtqt88JUi6Mg0oKk7/s3E68UlQBT0OTNrK0tzTdb8BJIy0h+OXmv+sr mO+/wRQcARfB3upy4hEV4a6ECExHz19Lv2Y2AmBIHHUQizg695dvbvXynL7IrC3VRTfT iPJTS0Lq3lGK9AsLCh6xK4ffI1atIyFIF/9gOi0lDM/qcAmrmocc1zvgObyYPxmSO3Wq SM0yldakwRuv7GouymV/OtswxWlZiYoakWfsrceKgIQ58mCrI/0ehf/4umtEoCKc3Qoy 4GKP7AaaHYttsSAGgfEq8Elrih0zNNHDohxHIjlSLOiCuSbTn0Lx2rYYX8IIJ43dg9HV L/Yw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-filter :arc-authentication-results; bh=KSiIYmnWCn8t54g9kSnsKbas4U6RcYA4I0ZTeHdX2Mk=; b=QBUq9Un78L835eGGuzunelvpi7MBObFPzfzG6cvod3Zx4bqwjuuVDHa6kt1yy3PWyf np72/BX628vj41NKBDMbNueZqkbKX53h7TqqREWe4SXqnkLL3wAND2J50nrePiNwO1KC zf5vZB/9husQY2DFx7nYT0Qucfd5VYeGnHOLDmjHGIs4wIYfPd2BpjQpqHdkGie1kHEa PwSLdzI+g+wn1pbofDzqg2J9wRIGTYSh6QtO6xMr9TllvJlmFkm5R25ujfkn/XT3VZyV YyIgxTyjg9AU+q2A+o9CSpz2aGw3sxCLXXE+YwGqmO0kmDPnhHvZf6HtlNpTV062jPK3 oTkQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=OeKVbl1g; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o12si1125331pgn.20.2018.04.09.20.19.41; Mon, 09 Apr 2018 20:20:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=OeKVbl1g; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751970AbeDJDQS (ORCPT + 99 others); Mon, 9 Apr 2018 23:16:18 -0400 Received: from conssluserg-06.nifty.com ([210.131.2.91]:29957 "EHLO conssluserg-06.nifty.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751624AbeDJDQQ (ORCPT ); Mon, 9 Apr 2018 23:16:16 -0400 Received: from mail-ua0-f177.google.com (mail-ua0-f177.google.com [209.85.217.177]) (authenticated) by conssluserg-06.nifty.com with ESMTP id w3A3GBkL001802; Tue, 10 Apr 2018 12:16:11 +0900 DKIM-Filter: OpenDKIM Filter v2.10.3 conssluserg-06.nifty.com w3A3GBkL001802 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com; s=dec2015msa; t=1523330172; bh=KSiIYmnWCn8t54g9kSnsKbas4U6RcYA4I0ZTeHdX2Mk=; h=In-Reply-To:References:From:Date:Subject:To:Cc:From; b=OeKVbl1gccWgr17/GmhGIODYxv4qFiMbUOHNn92mfPQF+9JLqc9hBGi9sle+00KXg YnkLvajDjtYPw6e1CLK6J6+pSo0LVzR15PWY/5+7ejzJInDLxAN30ki++awyifgPot 6C/AdSrfAShk3FVON97R+pAmk2UIox8f+ZWhfBo5ZIGgjrnljU+ff7JBFOyV2kS4y+ Ul5p7c/CEPC9DdsHv12CbQ06znVwFop2EgDvLaxusS0MjFdo1yi9DIw7gSnjzm1wwi Rogj64Zt0RqrVFrX7Joe7jBfZxFY9cEhMYVxiKlPgEnycQbx/l7NfNkjiStLBQdIz5 j/ufan+ppY06g== X-Nifty-SrcIP: [209.85.217.177] Received: by mail-ua0-f177.google.com with SMTP id n20so6390379ual.7; Mon, 09 Apr 2018 20:16:11 -0700 (PDT) X-Gm-Message-State: ALQs6tDAwSXdcNd8zPovn1aHCP/VEVMBOSOGDYSGDNDQBx1KJ9cpU9vi dnJXVZ1wwZvIM/JMHqKbVxWb7jpyTlmhcI4QEzE= X-Received: by 10.176.20.106 with SMTP id c39mr8928422uae.82.1523330170519; Mon, 09 Apr 2018 20:16:10 -0700 (PDT) MIME-Version: 1.0 Received: by 10.176.29.150 with HTTP; Mon, 9 Apr 2018 20:15:30 -0700 (PDT) In-Reply-To: References: <1522128575-5326-1-git-send-email-yamada.masahiro@socionext.com> <1522128575-5326-12-git-send-email-yamada.masahiro@socionext.com> From: Masahiro Yamada Date: Tue, 10 Apr 2018 12:15:30 +0900 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2 11/21] stack-protector: test compiler capability in Kconfig and drop AUTO mode To: Kees Cook Cc: linux-kbuild , Sam Ravnborg , Linus Torvalds , Arnd Bergmann , Ulf Magnusson , Thomas Gleixner , Greg Kroah-Hartman , Randy Dunlap , "Luis R . Rodriguez" , Nicolas Pitre , LKML , Ingo Molnar Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2018-04-10 0:04 GMT+09:00 Kees Cook : > On Mon, Apr 9, 2018 at 1:54 AM, Masahiro Yamada > wrote: >> 2018-03-28 20:18 GMT+09:00 Kees Cook : >>> On Mon, Mar 26, 2018 at 10:29 PM, Masahiro Yamada >>> wrote: >>>> diff --git a/arch/Kconfig b/arch/Kconfig >>>> index 8e0d665..b42378d 100644 >>>> --- a/arch/Kconfig >>>> +++ b/arch/Kconfig >>>> @@ -535,13 +535,13 @@ config HAVE_CC_STACKPROTECTOR >>>> bool >>>> help >>>> An arch should select this symbol if: >>>> - - its compiler supports the -fstack-protector option >>> >>> Please leave this note: it's still valid. An arch must still have >>> compiler support for this to be sensible. >>> >> >> No. >> >> "its compiler supports the -fstack-protector option" >> is tested by $(cc-option -fstack-protector) >> >> ARCH does not need to know the GCC support level. > > That's not correct: if you enable stack protector for a kernel > architecture that doesn't having it enabled, it's unlikely for the > resulting kernel to boot. An architecture must handle the changes that > the compiler introduces when adding -fstack-protector (for example, > having the stack protector canary value defined, having the failure > function defined, handling context switches changing canaries, etc). > It is still hard to understand this. When we "its compiler supports the -fstack-protector option", we have two meanings [1] the stack protector feature is implemented in GCC source code. [2] -fstack-protector is recognized as a valid option in the GCC being used. This can be tested by $(cc-option -fstack-protector) I guess you were talking about [1], where as I [2]. Is this correct? Does [2] happen only after [1] happens? Or, are they independent? If there is a case where GCC recognizes -fstack-protector, but not implemented? For x86, there are cases where the option is recognized but not working. That's why we have scripts/gcc-x86_{32,64}-has-stack-protector.sh Generally, if GCC accepts -fstack-protector as a valid option, we expect "it is working". I wonder why we need additional information about the compiler even after $(cc-option -fstack-protector) succeeds. This is just a matter of comment. Can you clarify your problem? > resulting kernel to boot. An architecture must handle the changes that > the compiler introduces when adding -fstack-protector (for example, > having the stack protector canary value defined, having the failure > function defined, handling context switches changing canaries, etc). > All of these are talking about the kernel side implementation. So, it is included in the following comment I am still keeping. - it has implemented a stack canary (e.g. __stack_chk_guard) -- Best Regards Masahiro Yamada