From: Masahiro Yamada <yamada.masahiro@socionext.com>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kbuild <linux-kbuild@vger.kernel.org>,
Sam Ravnborg <sam@ravnborg.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Arnd Bergmann <arnd@arndb.de>,
Ulf Magnusson <ulfalizer@gmail.com>,
Thomas Gleixner <tglx@linutronix.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Randy Dunlap <rdunlap@infradead.org>,
"Luis R . Rodriguez" <mcgrof@kernel.org>,
Nicolas Pitre <nico@linaro.org>,
LKML <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@redhat.com>
Subject: Re: [PATCH v2 11/21] stack-protector: test compiler capability in Kconfig and drop AUTO mode
Date: Mon, 9 Apr 2018 17:54:31 +0900 [thread overview]
Message-ID: <CAK7LNAScTUhpvgnNzuOGZ2ueh-d4R4r=v5wzOGsd+pYn+MF-rQ@mail.gmail.com> (raw)
In-Reply-To: <CAGXu5j+F1GXNE9T3vOo+Sq+GfX2Cy5a8tFU--qVBJwaJkt=s6Q@mail.gmail.com>
2018-03-28 20:18 GMT+09:00 Kees Cook <keescook@chromium.org>:
> On Mon, Mar 26, 2018 at 10:29 PM, Masahiro Yamada
> <yamada.masahiro@socionext.com> wrote:
>> Move the test for -fstack-protector(-strong) option to Kconfig.
>>
>> If the compiler does not support the option, the corresponding menu
>> is automatically hidden. If _STRONG is not supported, it will fall
>> back to _REGULAR. If _REGULAR is not supported, it will be disabled.
>> This means, _AUTO is implicitly handled by the dependency solver of
>> Kconfig, hence removed.
>>
>> I also turned the 'choice' into only two boolean symbols. The use of
>> 'choice' is not a good idea here, because all of all{yes,mod,no}config
>> would choose the first visible value, while we want allnoconfig to
>> disable as many features as possible.
>>
>> X86 has additional shell scripts in case the compiler supports the
>> option, but generates broken code. I added CC_HAS_SANE_STACKPROTECTOR
>> to test this. I had to add -m32 to gcc-x86_32-has-stack-protector.sh
>> to make it work correctly.
>>
>> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
>
> This looks really good. Notes below...
>
>> ---
>>
>> Changes in v2:
>> - Describe $(cc-option ...) directly in depends on context
>>
>> Makefile | 93 ++-----------------------------
>> arch/Kconfig | 29 +++-------
>> arch/x86/Kconfig | 8 ++-
>> scripts/gcc-x86_32-has-stack-protector.sh | 7 +--
>> scripts/gcc-x86_64-has-stack-protector.sh | 5 --
>> 5 files changed, 22 insertions(+), 120 deletions(-)
>>
>> diff --git a/Makefile b/Makefile
>> index 5c395ed..5cadffa 100644
>> --- a/Makefile
>> +++ b/Makefile
>> @@ -675,55 +675,11 @@ ifneq ($(CONFIG_FRAME_WARN),0)
>> KBUILD_CFLAGS += $(call cc-option,-Wframe-larger-than=${CONFIG_FRAME_WARN})
>> endif
>>
>> -# This selects the stack protector compiler flag. Testing it is delayed
>> -# until after .config has been reprocessed, in the prepare-compiler-check
>> -# target.
>> -ifdef CONFIG_CC_STACKPROTECTOR_AUTO
>> - stackp-flag := $(call cc-option,-fstack-protector-strong,$(call cc-option,-fstack-protector))
>> - stackp-name := AUTO
>> -else
>> -ifdef CONFIG_CC_STACKPROTECTOR_REGULAR
>> - stackp-flag := -fstack-protector
>> - stackp-name := REGULAR
>> -else
>> -ifdef CONFIG_CC_STACKPROTECTOR_STRONG
>> - stackp-flag := -fstack-protector-strong
>> - stackp-name := STRONG
>> -else
>> - # If either there is no stack protector for this architecture or
>> - # CONFIG_CC_STACKPROTECTOR_NONE is selected, we're done, and $(stackp-name)
>> - # is empty, skipping all remaining stack protector tests.
>> - #
>> - # Force off for distro compilers that enable stack protector by default.
>> - KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector)
>> -endif
>> -endif
>> -endif
>> -# Find arch-specific stack protector compiler sanity-checking script.
>> -ifdef stackp-name
>> -ifneq ($(stackp-flag),)
>> - stackp-path := $(srctree)/scripts/gcc-$(SRCARCH)_$(BITS)-has-stack-protector.sh
>> - stackp-check := $(wildcard $(stackp-path))
>> - # If the wildcard test matches a test script, run it to check functionality.
>> - ifdef stackp-check
>> - ifneq ($(shell $(CONFIG_SHELL) $(stackp-check) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y)
>> - stackp-broken := y
>> - endif
>> - endif
>> - ifndef stackp-broken
>> - # If the stack protector is functional, enable code that depends on it.
>> - KBUILD_CPPFLAGS += -DCONFIG_CC_STACKPROTECTOR
>> - # Either we've already detected the flag (for AUTO) or we'll fail the
>> - # build in the prepare-compiler-check rule (for specific flag).
>> - KBUILD_CFLAGS += $(stackp-flag)
>> - else
>> - # We have to make sure stack protector is unconditionally disabled if
>> - # the compiler is broken (in case we're going to continue the build in
>> - # AUTO mode).
>
> Let's keep this comment (slightly rewritten) since the reason for
> setting this flag isn't obvious.
Will move this to help of arch/x86/Kconfig
>> - KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector)
>> - endif
>> -endif
>> -endif
>> +stackp-flags-y := -fno-stack-protector
>
> This is a (minor?) regression in my testing. Making this unconditional
> may break for a compiler built without stack-protector. It should be
> rare, but it's technically possible. Perhaps:
>
> stackp-flags-y := ($call cc-option, -fno-stack-protector)
Will add CONFIG_CC_HAS_STACKPROTECTOR_NONE
>> +stackp-flags-$(CONFIG_CC_STACKPROTECTOR) := -fstack-protector
>> +stackp-flags-$(CONFIG_CC_STACKPROTECTOR_STRONG) := -fstack-protector-strong
>> +
>> +KBUILD_CFLAGS += $(stackp-flags-y)
>> [...]
>> diff --git a/arch/Kconfig b/arch/Kconfig
>> index 8e0d665..b42378d 100644
>> --- a/arch/Kconfig
>> +++ b/arch/Kconfig
>> @@ -535,13 +535,13 @@ config HAVE_CC_STACKPROTECTOR
>> bool
>> help
>> An arch should select this symbol if:
>> - - its compiler supports the -fstack-protector option
>
> Please leave this note: it's still valid. An arch must still have
> compiler support for this to be sensible.
>
No.
"its compiler supports the -fstack-protector option"
is tested by $(cc-option -fstack-protector)
ARCH does not need to know the GCC support level.
>> - it has implemented a stack canary (e.g. __stack_chk_guard)
--
Best Regards
Masahiro Yamada
next prev parent reply other threads:[~2018-04-09 8:54 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-27 5:29 [PATCH v2 00/21] kconfig: move compiler capability tests to Kconfig Masahiro Yamada
2018-03-27 5:29 ` Masahiro Yamada
2018-03-27 5:29 ` [PATCH v2 01/21] kbuild: remove kbuild cache Masahiro Yamada
2018-03-28 3:26 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 02/21] kbuild: remove CONFIG_CROSS_COMPILE support Masahiro Yamada
2018-03-28 3:28 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 03/21] kconfig: move and rename sym_expand_string_value() Masahiro Yamada
2018-03-28 3:29 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 04/21] kconfig: reference environments directly and remove 'option env=' syntax Masahiro Yamada
2018-03-28 3:33 ` Kees Cook
2018-03-29 2:19 ` Ulf Magnusson
2018-03-29 2:56 ` Ulf Magnusson
2018-03-29 17:38 ` Ulf Magnusson
2018-03-30 5:30 ` Masahiro Yamada
2018-04-01 2:27 ` Ulf Magnusson
2018-04-01 2:40 ` Ulf Magnusson
2018-04-13 6:02 ` Masahiro Yamada
2018-03-27 5:29 ` [PATCH v2 05/21] kconfig: remove string expansion in file_lookup() Masahiro Yamada
2018-03-28 3:34 ` Kees Cook
2018-04-01 2:52 ` Ulf Magnusson
2018-03-27 5:29 ` [PATCH v2 06/21] kconfig: remove string expansion for mainmenu after yyparse() Masahiro Yamada
2018-03-28 3:35 ` Kees Cook
2018-04-01 2:59 ` Ulf Magnusson
2018-03-27 5:29 ` [PATCH v2 07/21] kconfig: add function support and implement 'shell' function Masahiro Yamada
2018-03-28 3:41 ` Kees Cook
2018-04-13 5:32 ` Masahiro Yamada
2018-03-29 2:42 ` Ulf Magnusson
2018-04-01 4:19 ` Ulf Magnusson
2018-04-13 5:37 ` Masahiro Yamada
2018-03-27 5:29 ` [PATCH v2 08/21] kconfig: replace $UNAME_RELEASE with function call Masahiro Yamada
2018-03-28 3:42 ` Kees Cook
2018-04-01 4:38 ` Ulf Magnusson
2018-03-27 5:29 ` [PATCH v2 09/21] kconfig: add 'macro' keyword to support user-defined function Masahiro Yamada
2018-03-28 3:45 ` Kees Cook
2018-04-01 6:05 ` Ulf Magnusson
2018-04-01 6:49 ` Ulf Magnusson
2018-04-13 5:44 ` Masahiro Yamada
2018-03-27 5:29 ` [PATCH v2 10/21] kconfig: add 'success' and 'cc-option' macros Masahiro Yamada
2018-03-28 3:46 ` Kees Cook
2018-04-01 6:28 ` Ulf Magnusson
2018-03-27 5:29 ` [PATCH v2 11/21] stack-protector: test compiler capability in Kconfig and drop AUTO mode Masahiro Yamada
2018-03-28 11:18 ` Kees Cook
2018-04-09 8:54 ` Masahiro Yamada [this message]
2018-04-09 15:04 ` Kees Cook
2018-04-10 3:15 ` Masahiro Yamada
2018-03-27 5:29 ` [PATCH v2 12/21] kconfig: show compiler version text in the top comment Masahiro Yamada
2018-03-28 3:26 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 13/21] kconfig: add CC_IS_GCC and GCC_VERSION Masahiro Yamada
2018-03-28 11:19 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 14/21] kconfig: add CC_IS_CLANG and CLANG_VERSION Masahiro Yamada
2018-03-28 11:22 ` Kees Cook
2018-03-28 11:52 ` Masahiro Yamada
2018-03-27 5:29 ` [PATCH v2 15/21] gcov: remove CONFIG_GCOV_FORMAT_AUTODETECT Masahiro Yamada
2018-03-27 9:12 ` Peter Oberparleiter
2018-03-28 11:24 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 16/21] kcov: imply GCC_PLUGINS and GCC_PLUGIN_SANCOV instead of select'ing them Masahiro Yamada
2018-03-28 11:25 ` Kees Cook
2018-03-28 11:53 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 17/21] gcc-plugins: always build plugins with C++ Masahiro Yamada
2018-03-28 11:29 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 18/21] gcc-plugins: move GCC version check for PowerPC to Kconfig Masahiro Yamada
2018-03-28 11:30 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 19/21] gcc-plugins: test GCC plugin support in Kconfig Masahiro Yamada
2018-03-28 11:44 ` Kees Cook
2018-04-11 15:55 ` Masahiro Yamada
2018-04-11 16:09 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 20/21] gcc-plugins: enable GCC_PLUGINS for COMPILE_TEST Masahiro Yamada
2018-03-28 11:47 ` Kees Cook
2018-04-10 6:15 ` Masahiro Yamada
2018-04-10 7:00 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 21/21] arm64: move GCC version check for ARCH_SUPPORTS_INT128 to Kconfig Masahiro Yamada
2018-03-27 5:29 ` Masahiro Yamada
2018-03-27 17:28 ` Will Deacon
2018-03-27 17:28 ` Will Deacon
2018-03-28 11:55 ` Kees Cook
2018-03-28 11:55 ` Kees Cook
2018-03-27 16:39 ` [PATCH v2 00/21] kconfig: move compiler capability tests " Masahiro Yamada
2018-03-27 16:39 ` Masahiro Yamada
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAK7LNAScTUhpvgnNzuOGZ2ueh-d4R4r=v5wzOGsd+pYn+MF-rQ@mail.gmail.com' \
--to=yamada.masahiro@socionext.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=mingo@redhat.com \
--cc=nico@linaro.org \
--cc=rdunlap@infradead.org \
--cc=sam@ravnborg.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=ulfalizer@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.