From: Masahiro Yamada <yamada.masahiro@socionext.com>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kbuild <linux-kbuild@vger.kernel.org>,
Sam Ravnborg <sam@ravnborg.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Arnd Bergmann <arnd@arndb.de>,
Ulf Magnusson <ulfalizer@gmail.com>,
Thomas Gleixner <tglx@linutronix.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Randy Dunlap <rdunlap@infradead.org>,
"Luis R . Rodriguez" <mcgrof@kernel.org>,
Nicolas Pitre <nico@linaro.org>,
LKML <linux-kernel@vger.kernel.org>,
Ingo Molnar <mingo@redhat.com>
Subject: Re: [PATCH v2 11/21] stack-protector: test compiler capability in Kconfig and drop AUTO mode
Date: Tue, 10 Apr 2018 12:15:30 +0900 [thread overview]
Message-ID: <CAK7LNATULgbS6mxYJUumnkVZU_1LhQwS0jL=v_=HAjtRiF12yA@mail.gmail.com> (raw)
In-Reply-To: <CAGXu5jJCpDtVcFckLzeTg=Du0TWL=KGUH1_k2LSbv8PTONQ2Mw@mail.gmail.com>
2018-04-10 0:04 GMT+09:00 Kees Cook <keescook@chromium.org>:
> On Mon, Apr 9, 2018 at 1:54 AM, Masahiro Yamada
> <yamada.masahiro@socionext.com> wrote:
>> 2018-03-28 20:18 GMT+09:00 Kees Cook <keescook@chromium.org>:
>>> On Mon, Mar 26, 2018 at 10:29 PM, Masahiro Yamada
>>> <yamada.masahiro@socionext.com> wrote:
>>>> diff --git a/arch/Kconfig b/arch/Kconfig
>>>> index 8e0d665..b42378d 100644
>>>> --- a/arch/Kconfig
>>>> +++ b/arch/Kconfig
>>>> @@ -535,13 +535,13 @@ config HAVE_CC_STACKPROTECTOR
>>>> bool
>>>> help
>>>> An arch should select this symbol if:
>>>> - - its compiler supports the -fstack-protector option
>>>
>>> Please leave this note: it's still valid. An arch must still have
>>> compiler support for this to be sensible.
>>>
>>
>> No.
>>
>> "its compiler supports the -fstack-protector option"
>> is tested by $(cc-option -fstack-protector)
>>
>> ARCH does not need to know the GCC support level.
>
> That's not correct: if you enable stack protector for a kernel
> architecture that doesn't having it enabled, it's unlikely for the
> resulting kernel to boot. An architecture must handle the changes that
> the compiler introduces when adding -fstack-protector (for example,
> having the stack protector canary value defined, having the failure
> function defined, handling context switches changing canaries, etc).
>
It is still hard to understand this.
When we "its compiler supports the -fstack-protector option",
we have two meanings
[1] the stack protector feature is implemented in GCC source code.
[2] -fstack-protector is recognized as a valid option in the GCC being used.
This can be tested by $(cc-option -fstack-protector)
I guess you were talking about [1], where as I [2].
Is this correct?
Does [2] happen only after [1] happens?
Or, are they independent?
If there is a case where GCC recognizes -fstack-protector,
but not implemented?
For x86, there are cases where the option is recognized but not working.
That's why we have
scripts/gcc-x86_{32,64}-has-stack-protector.sh
Generally, if GCC accepts -fstack-protector as a valid option,
we expect "it is working".
I wonder why we need additional information about the compiler
even after $(cc-option -fstack-protector) succeeds.
This is just a matter of comment.
Can you clarify your problem?
> resulting kernel to boot. An architecture must handle the changes that
> the compiler introduces when adding -fstack-protector (for example,
> having the stack protector canary value defined, having the failure
> function defined, handling context switches changing canaries, etc).
>
All of these are talking about the kernel side implementation.
So, it is included in the following comment I am still keeping.
- it has implemented a stack canary (e.g. __stack_chk_guard)
--
Best Regards
Masahiro Yamada
next prev parent reply other threads:[~2018-04-10 3:15 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-27 5:29 [PATCH v2 00/21] kconfig: move compiler capability tests to Kconfig Masahiro Yamada
2018-03-27 5:29 ` Masahiro Yamada
2018-03-27 5:29 ` [PATCH v2 01/21] kbuild: remove kbuild cache Masahiro Yamada
2018-03-28 3:26 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 02/21] kbuild: remove CONFIG_CROSS_COMPILE support Masahiro Yamada
2018-03-28 3:28 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 03/21] kconfig: move and rename sym_expand_string_value() Masahiro Yamada
2018-03-28 3:29 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 04/21] kconfig: reference environments directly and remove 'option env=' syntax Masahiro Yamada
2018-03-28 3:33 ` Kees Cook
2018-03-29 2:19 ` Ulf Magnusson
2018-03-29 2:56 ` Ulf Magnusson
2018-03-29 17:38 ` Ulf Magnusson
2018-03-30 5:30 ` Masahiro Yamada
2018-04-01 2:27 ` Ulf Magnusson
2018-04-01 2:40 ` Ulf Magnusson
2018-04-13 6:02 ` Masahiro Yamada
2018-03-27 5:29 ` [PATCH v2 05/21] kconfig: remove string expansion in file_lookup() Masahiro Yamada
2018-03-28 3:34 ` Kees Cook
2018-04-01 2:52 ` Ulf Magnusson
2018-03-27 5:29 ` [PATCH v2 06/21] kconfig: remove string expansion for mainmenu after yyparse() Masahiro Yamada
2018-03-28 3:35 ` Kees Cook
2018-04-01 2:59 ` Ulf Magnusson
2018-03-27 5:29 ` [PATCH v2 07/21] kconfig: add function support and implement 'shell' function Masahiro Yamada
2018-03-28 3:41 ` Kees Cook
2018-04-13 5:32 ` Masahiro Yamada
2018-03-29 2:42 ` Ulf Magnusson
2018-04-01 4:19 ` Ulf Magnusson
2018-04-13 5:37 ` Masahiro Yamada
2018-03-27 5:29 ` [PATCH v2 08/21] kconfig: replace $UNAME_RELEASE with function call Masahiro Yamada
2018-03-28 3:42 ` Kees Cook
2018-04-01 4:38 ` Ulf Magnusson
2018-03-27 5:29 ` [PATCH v2 09/21] kconfig: add 'macro' keyword to support user-defined function Masahiro Yamada
2018-03-28 3:45 ` Kees Cook
2018-04-01 6:05 ` Ulf Magnusson
2018-04-01 6:49 ` Ulf Magnusson
2018-04-13 5:44 ` Masahiro Yamada
2018-03-27 5:29 ` [PATCH v2 10/21] kconfig: add 'success' and 'cc-option' macros Masahiro Yamada
2018-03-28 3:46 ` Kees Cook
2018-04-01 6:28 ` Ulf Magnusson
2018-03-27 5:29 ` [PATCH v2 11/21] stack-protector: test compiler capability in Kconfig and drop AUTO mode Masahiro Yamada
2018-03-28 11:18 ` Kees Cook
2018-04-09 8:54 ` Masahiro Yamada
2018-04-09 15:04 ` Kees Cook
2018-04-10 3:15 ` Masahiro Yamada [this message]
2018-03-27 5:29 ` [PATCH v2 12/21] kconfig: show compiler version text in the top comment Masahiro Yamada
2018-03-28 3:26 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 13/21] kconfig: add CC_IS_GCC and GCC_VERSION Masahiro Yamada
2018-03-28 11:19 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 14/21] kconfig: add CC_IS_CLANG and CLANG_VERSION Masahiro Yamada
2018-03-28 11:22 ` Kees Cook
2018-03-28 11:52 ` Masahiro Yamada
2018-03-27 5:29 ` [PATCH v2 15/21] gcov: remove CONFIG_GCOV_FORMAT_AUTODETECT Masahiro Yamada
2018-03-27 9:12 ` Peter Oberparleiter
2018-03-28 11:24 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 16/21] kcov: imply GCC_PLUGINS and GCC_PLUGIN_SANCOV instead of select'ing them Masahiro Yamada
2018-03-28 11:25 ` Kees Cook
2018-03-28 11:53 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 17/21] gcc-plugins: always build plugins with C++ Masahiro Yamada
2018-03-28 11:29 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 18/21] gcc-plugins: move GCC version check for PowerPC to Kconfig Masahiro Yamada
2018-03-28 11:30 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 19/21] gcc-plugins: test GCC plugin support in Kconfig Masahiro Yamada
2018-03-28 11:44 ` Kees Cook
2018-04-11 15:55 ` Masahiro Yamada
2018-04-11 16:09 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 20/21] gcc-plugins: enable GCC_PLUGINS for COMPILE_TEST Masahiro Yamada
2018-03-28 11:47 ` Kees Cook
2018-04-10 6:15 ` Masahiro Yamada
2018-04-10 7:00 ` Kees Cook
2018-03-27 5:29 ` [PATCH v2 21/21] arm64: move GCC version check for ARCH_SUPPORTS_INT128 to Kconfig Masahiro Yamada
2018-03-27 5:29 ` Masahiro Yamada
2018-03-27 17:28 ` Will Deacon
2018-03-27 17:28 ` Will Deacon
2018-03-28 11:55 ` Kees Cook
2018-03-28 11:55 ` Kees Cook
2018-03-27 16:39 ` [PATCH v2 00/21] kconfig: move compiler capability tests " Masahiro Yamada
2018-03-27 16:39 ` Masahiro Yamada
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAK7LNATULgbS6mxYJUumnkVZU_1LhQwS0jL=v_=HAjtRiF12yA@mail.gmail.com' \
--to=yamada.masahiro@socionext.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=mingo@redhat.com \
--cc=nico@linaro.org \
--cc=rdunlap@infradead.org \
--cc=sam@ravnborg.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=ulfalizer@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.