Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2908549imm; Wed, 16 May 2018 23:28:26 -0700 (PDT) X-Google-Smtp-Source: AB8JxZo/RBGwFEFUT2H5qzxS8OLHb5P0ws8qENxAmbwJQBuacmUFcgT1yIf8j8kvOEQ1q4/MX6kG X-Received: by 2002:a17:902:2848:: with SMTP id e66-v6mr4041092plb.319.1526538506627; Wed, 16 May 2018 23:28:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526538506; cv=none; d=google.com; s=arc-20160816; b=GG6zwbUiyJaCgVLok66/JYkYKBixQfCWUUatJl8gmX7Dxfv6XqRL0cZZhOOGnYmjqD 9KaI/kuTArvmGV43XRwH0b5q3b7XPNJFbBVgtBmbK4yqxJ+2ixNMeCIGmYY4nRzST9tM mqkSOdrtMRvlWMoiL68N4DoxyGHds38cQh5ntj2ksDiG3s18LnZvnLhhwUteOXAKzqOt Qs0AR5AielyqETUo/mW5nTzChx4GspWjXiqci+8NF4nFaLBI+gbrM9puEvPQQUtzSru9 Qx/6YtZARq8RwngNV8ar+DAYv7k504gzhwjRiA3aeoiVWyZMU+K21CNu/4yItQ9den/V Pjew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=7ZbQKg5yQA5I3WMQUcKRBrwPQxsRGkEPCaoAgcHbpzc=; b=NDU2t6ZZh6giME5ZZQbFFf7CV1KX9K8mwrw1L5Ys2fqbkr6qWU+N95FIpXdKx8PJAB DEilVVVZaM6VEE50gnLkt+v3OQhmlJtYaxDOfBOC1rlYH45E7dEJ3ukyYoK93rbu3XLB NwZf5lKTvyho4jbPKIMX3Z4fHiBmSLkjREB8QpocjCzKTps3TarzWCnjn7KbGEcn04d9 lsoxKRw++kjfvjtJm3RtL3E0i+R1enqNTzR+WSuAQ2QOz8nA2TtJIHCDbcRudWxvdkIj 0WfgmUmjfdadF/9FphVwxtVhsvV8fKC1qavgFvqiZXbL/5h3iZy3ZNxy0A4FEPVcyC/Z 2UdQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=R0jYIWi/; dkim=fail header.i=@chromium.org header.s=google header.b=WorYaG6L; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i72-v6si3497178pgd.211.2018.05.16.23.28.12; Wed, 16 May 2018 23:28:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=R0jYIWi/; dkim=fail header.i=@chromium.org header.s=google header.b=WorYaG6L; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752455AbeEQG0Z (ORCPT + 99 others); Thu, 17 May 2018 02:26:25 -0400 Received: from mail-vk0-f65.google.com ([209.85.213.65]:33878 "EHLO mail-vk0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752321AbeEQG0W (ORCPT ); Thu, 17 May 2018 02:26:22 -0400 Received: by mail-vk0-f65.google.com with SMTP id t63-v6so2034431vkb.1 for ; Wed, 16 May 2018 23:26:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=7ZbQKg5yQA5I3WMQUcKRBrwPQxsRGkEPCaoAgcHbpzc=; b=R0jYIWi/7+PTvBxuY370AvmqAozb54eXAJqvnJ6366swZKdjapoIPFf96d49QpcOFD tLgzwG7x3x4q6y/AR8t3Kuo3R3W9c4SvrFfz3zXvlqoU+k6WbP+tclFtfMvGoSwGEGMU mUDP14ytRA6qi+bnhQdhxUXxLxFMlKl7SN0sVHGQmxy/RJV6jfEdLGx9DXLkftd8vFdl EYzJ1OHdDL2J9HhPBadjnKtVZT8sa447sNX6kiMvYaCeo9Hkx/WXTHmFWWKG6Jvi/aVs Mup+Jk7SQaAM+dHKCoUssJt2n8WZR8PPN1kHz5cTt38O2Y+OUQ0bLZl4PeRRoRZdWSQL 1AHA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=7ZbQKg5yQA5I3WMQUcKRBrwPQxsRGkEPCaoAgcHbpzc=; b=WorYaG6LdHZTiBKKSb9DaEecudrpQD8FD/Z7s7G/AJy6Jh49Bb8RmlyHlRJgjJVmTu CSTTDQ2BpOaXsnVNn3kHLUZbt6GokrMi3M7Abk1qzymUO4q/fZlv774tpXDK4J5aYzWH JsGvS+/4HkXiL6cCPSIzgC15zBg4wbHM6qZ9o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=7ZbQKg5yQA5I3WMQUcKRBrwPQxsRGkEPCaoAgcHbpzc=; b=fKj5PpsCSiguoEKSyT+TinD4PW5CsZ/1vEAyVMtxWR5b17CZqQE+6WlgMDwkKgygTs 8RWRQPNp4ZWFBDCLowPA9Vy2yquS0jJ+gjXNsZAhSlc/CfTNjlXytF8i3DFlYIzLMrG5 FKCrOsdUKHZOiU3sau+IfuUUhVGc9SMoswjmCDeGgsfR9xQgm6dPW+8a3JOZ9srul7mK b5uB5ngcpIqSSvXEBoiLSP5A5dVWAA5hig0Xy7GovpnoPnio8FrDhQ9XBtwY5NODLLf3 ts27altmrfNlto8urirplz9wGi588B7WG+xqSkVmfKFpLNLe+ERLNV7YF5XrI6rD0lyU +HQw== X-Gm-Message-State: ALKqPwcFKXxm4xyRJPyM0xAmfFz/12mv/JHXk2PPaYXgggFsmBHGWToK YtLff1+YRB9tEHNCtEqGAcKy4aj51AEuaknj4joHQA== X-Received: by 2002:a1f:8a12:: with SMTP id m18-v6mr3005029vkd.84.1526538380988; Wed, 16 May 2018 23:26:20 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a1f:bd1:0:0:0:0:0 with HTTP; Wed, 16 May 2018 23:26:20 -0700 (PDT) In-Reply-To: <1526537830-22606-24-git-send-email-yamada.masahiro@socionext.com> References: <1526537830-22606-1-git-send-email-yamada.masahiro@socionext.com> <1526537830-22606-24-git-send-email-yamada.masahiro@socionext.com> From: Kees Cook Date: Wed, 16 May 2018 23:26:20 -0700 X-Google-Sender-Auth: yXat5Wo56-K_obUVuN9MM1SWtzs Message-ID: Subject: Re: [PATCH v4 23/31] stack-protector: test compiler capability in Kconfig and drop AUTO mode To: Masahiro Yamada Cc: linux-kbuild , Linus Torvalds , Sam Ravnborg , Ulf Magnusson , "Luis R . Rodriguez" , LKML , Nicholas Piggin , Emese Revfy , X86 ML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 16, 2018 at 11:17 PM, Masahiro Yamada wrote: > Move the test for -fstack-protector(-strong) option to Kconfig. > > If the compiler does not support the option, the corresponding menu > is automatically hidden. If STRONG is not supported, it will fall > back to REGULAR. If REGULAR is not supported, it will be disabled. > This means, AUTO is implicitly handled by the dependency solver of > Kconfig, hence removed. > > I also turned the 'choice' into only two boolean symbols. The use of > 'choice' is not a good idea here, because all of all{yes,mod,no}config > would choose the first visible value, while we want allnoconfig to > disable as many features as possible. > > X86 has additional shell scripts in case the compiler supports those > options, but generates broken code. I added CC_HAS_SANE_STACKPROTECTOR > to test this. I had to add -m32 to gcc-x86_32-has-stack-protector.sh > to make it work correctly. > > Signed-off-by: Masahiro Yamada Thanks! Acked-by: Kees Cook -Kees -- Kees Cook Pixel Security