Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp4867312rwd; Tue, 23 May 2023 13:57:02 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7FOlZZtwpVdk/ZgnjzRqtnM0kKGJWLMOEjE58sJU6gLdQCn5m8B6bCWCoxve6krFV6hDg4 X-Received: by 2002:aa7:88d0:0:b0:63b:854e:8459 with SMTP id k16-20020aa788d0000000b0063b854e8459mr299470pff.31.1684875421844; Tue, 23 May 2023 13:57:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684875421; cv=none; d=google.com; s=arc-20160816; b=sj6jbopXEecVXVptCauXur9HhQ4fAANxhwtv9QmcAFkQQVXhZ5iAi2+pYNDErO+HXW Bsyw7c4mBWRHeYtlmdiVPEAqku/4EOCCv2fY2iHGuxFsB9iOjXe1rC+Bl8d4pHplP+2Y i8cDq0fkDuh2zyHhCBl6kPD/uvvK4rhu2S6v9Wu7GtzVf/e6w8G1se7qGbzH6pqNSQ3i UvqGK5wfouNKbQFDIbMCW2qDQg+MObOYPE8lBW64oSw1ayzKxu+rC8vqyC8BHmLU4M0A 78KMIsHDlmorXNHA+L8/Ag/36C5HEMWuyfdeu4yP8CJ88g61mO+3YVyOJJUz31rvqx5s 7Kxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=UYlN+UxAu9OOraOEpZGvia1lomJ5NWAembFvdW1pydI=; b=A5HkMniibYHGdFg06eQ4Fx50p/3NiEALcLg6u+cLahGflj0S8qCHchq0W+mE5EromZ CdtEnLcnhwWmSz5T4tiVD/UJx7x5GZ9rWQ5JLothjhgdV4Ckuz96INeqfLsMNKj/s+cZ rRzUhq/enBT6EKN+friU9U+jf7p9BNmy+b4IirtYTJKg8LZPedCiKZBXIAhkiAiG/fbE Rr+sepe4OAwPFHOc4iLlsr5Zpl17KCYtojEGZL2pdsysMbiFoYjDb64xbxEfCi5zVGw5 DCxbHI9Q8tNBYH+i3H1gXwyKukqfl4KgbMnJTqYK6PZ21uWUvLoTZ4weX22mrLb9B8K4 Js0w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s68-20020a625e47000000b0064aef84eb16si4760574pfb.135.2023.05.23.13.56.45; Tue, 23 May 2023 13:57:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238551AbjEWUvI (ORCPT + 99 others); Tue, 23 May 2023 16:51:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43882 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230027AbjEWUvG (ORCPT ); Tue, 23 May 2023 16:51:06 -0400 Received: from 1wt.eu (ded1.1wt.eu [163.172.96.212]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 548418E; Tue, 23 May 2023 13:51:04 -0700 (PDT) Received: (from willy@localhost) by mail.home.local (8.17.1/8.17.1/Submit) id 34NKopcM014914; Tue, 23 May 2023 22:50:51 +0200 Date: Tue, 23 May 2023 22:50:51 +0200 From: Willy Tarreau To: Thomas =?iso-8859-1?Q?Wei=DFschuh?= Cc: Zhangjin Wu , "Paul E. McKenney" , Shuah Khan , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: Re: [PATCH 7/7] tools/nolibc: simplify stackprotector compiler flags Message-ID: References: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> <20230521-nolibc-automatic-stack-protector-v1-7-dad6c80c51c1@weissschuh.net> <7126afac-3914-435a-852a-41703bc668ea@t-8ch.de> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <7126afac-3914-435a-852a-41703bc668ea@t-8ch.de> X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_PASS, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 23, 2023 at 10:38:48PM +0200, Thomas Wei?schuh wrote: > On 2023-05-23 22:12:38+0200, Willy Tarreau wrote: > > Hi Thomas, Zhangjin, > > > > I merged and pushed this series on top of the previous series, it's in > > branch 20230523-nolibc-rv32+stkp3. > > > > However, Thomas, I found an issue with this last patch that I partially > > reverted in a last patch I pushed as well so that we can discuss it: > > > > On Sun, May 21, 2023 at 11:36:35AM +0200, Thomas Wei?schuh wrote: > > > > > > -CFLAGS_STACKPROTECTOR = -DNOLIBC_STACKPROTECTOR \ > > > - $(call cc-option,-mstack-protector-guard=global) \ > > > - $(call cc-option,-fstack-protector-all) > > > -CFLAGS_STKP_i386 = $(CFLAGS_STACKPROTECTOR) > > > -CFLAGS_STKP_x86_64 = $(CFLAGS_STACKPROTECTOR) > > > -CFLAGS_STKP_x86 = $(CFLAGS_STACKPROTECTOR) > > > -CFLAGS_STKP_arm64 = $(CFLAGS_STACKPROTECTOR) > > > -CFLAGS_STKP_arm = $(CFLAGS_STACKPROTECTOR) > > > -CFLAGS_STKP_mips = $(CFLAGS_STACKPROTECTOR) > > > -CFLAGS_STKP_riscv = $(CFLAGS_STACKPROTECTOR) > > > -CFLAGS_STKP_loongarch = $(CFLAGS_STACKPROTECTOR) > > > +CFLAGS_STACKPROTECTOR = $(call cc-option,-mstack-protector-guard=global -fstack-protector-all) > > > CFLAGS_s390 = -m64 > > > CFLAGS ?= -Os -fno-ident -fno-asynchronous-unwind-tables -std=c89 \ > > > $(call cc-option,-fno-stack-protector) \ > > > + $(call cc-option,-mstack-protector-guard=global $(call cc-option,-fstack-protector-all)) \ > > > $(CFLAGS_STKP_$(ARCH)) $(CFLAGS_$(ARCH)) > > > > By doing so, we reintroduce the forced stack-protector mechanism > > that cannot be disabled anymore. The ability to disable it was the > > main point of the options above. In fact checking __SSP__* was a > > solution to save the user from having to set -DNOLIBC_STACKPROTECTOR > > to match their compiler's flags, but here in the nolibc-test we still > > want to be able to forcefully disable stkp for a run (at least to > > unbreak gcc-9, and possibly to confirm that non-stkp builds still > > continue to work when your local toolchain has it by default). > > Wouldn't this work? > > make CFLAGS_x86=-fno-stack-protector nolibc-test Not that much because as you can see, CFLAGS is more of an accumulator than an input cflags. Once it starts to accumulate automatic flags detected for various reasons it becomes a huge burden for end users to figure what to manually put there. > Or we do > > CFLAGS_STACKPROTECTOR ?= $(call cc-option,-mstack-protector-guard=global $(call cc-option,-fstack-protector-all)) > CFLAGS ?= ... $(CFLAGS_STACKPROTECTOR) > And then it is always: > > make CFLAGS_STACKPROTECTOR= nolibc-test This one is more in line with the partial revert. I don't have a *strong* feeling for the per-arch setting but it did make sense when not all archs were supporting it, and I've used per-arch setting when I was having different compiler versions for certain archs (e.g. for loongarch I used gcc12). > An alternative would also be to use a GCC 9 compatible mechanism: > > #if __has_attribute(no_stack_protector) > #define __no_stack_protector __attribute__((no_stack_protector)) > #else > #define __no_stack_protector __attribute__((__optimize__("-fno-stack-protector"))) > #endif I tried this one but I remember some initial failures and a possible later success when instrumenting the correct function, so my memory is not intact on this one. However if we manage to find a working solution for gcc-9 and it affects the nolibc part (not the test part), we definitely need to merge it because if some users have working stkp on gcc-9 and we break it, that will not be cool. > Or we combine CFLAGS_STACKPROTECTOR and __no_stack_protector. I think that CFLAGS_STACKPROTECTOR should only be a makefile variable to forcefully enable/disable that but not separately exposed in the code. > > So I reverted that part and only dropped -DNOLIBC_STACKPROTECTOR. > > This way I could run the test on all archs with gcc-9 by forcing > > CFLAGS_STACKPROTECTOR= and verified it was still possible to > > disable it for a specific arch only by setting CFLAGS_STKP_$ARCH. > > > > If you're fine with this we can squash this one into your cleanup > > patch. > > To be honest I was happy to get rid of all these architecture specific > variables. I generally agree with the principle and I think I can live with that. So let's summarize: how about: - we only keep the CFLAGS_STACKPROTECTOR variable that is easy to reset from the make command line. Those with multiple compilers are free to globally enable/disable or pass that on multiple make command lines if needed, but we decide it's the users' test instrumentation problem, not the maintainers'. - we try our best to make sure that gcc-9 with stkp enabled still produces working code (with/without stkp I don't know but not something that smashes the stack at least). IMHO this would be clean enough and sufficiently maintainable for the long term. > I trimmed the list a bit. Thanks for them ;-) Willy