From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1161182AbcFMScl (ORCPT <rfc822;w@1wt.eu>);
	Mon, 13 Jun 2016 14:32:41 -0400
Received: from mail-it0-f68.google.com ([209.85.214.68]:36169 "EHLO
	mail-it0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751920AbcFMSck (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 13 Jun 2016 14:32:40 -0400
Subject: Re: [PATCH] gcc-plugins: disable under COMPILE_TEST
To: Emese Revfy <re.emese@gmail.com>, Kees Cook <keescook@chromium.org>
References: <20160611161212.GA29370@www.outflux.net>
 <20160611162926.GL12567@windriver.com>
 <20160613001244.b4b3c675d59e3ad3d8d656a4@gmail.com>
 <CAGXu5jJ_+azG6H0tB7W0mJTUzXp18Y7qN7dx7EEKng+0nO-dig@mail.gmail.com>
 <20160613021831.9a79c5c82d1511e572023ed6@gmail.com>
Cc: Paul Gortmaker <paul.gortmaker@windriver.com>,
        Michal Marek <mmarek@suse.com>,
        Stephen Rothwell <sfr@canb.auug.org.au>,
        Sudip Mukherjee <sudipm.mukherjee@gmail.com>,
        Linux-Next <linux-next@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        "kernel-hardening@lists.openwall.com" 
	<kernel-hardening@lists.openwall.com>
From: "Austin S. Hemmelgarn" <ahferroin7@gmail.com>
Message-ID: <7102975e-88a5-3555-21e1-f07d595bc235@gmail.com>
Date: Mon, 13 Jun 2016 14:32:31 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <20160613021831.9a79c5c82d1511e572023ed6@gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2016-06-12 20:18, Emese Revfy wrote:
> On Sun, 12 Jun 2016 15:25:39 -0700
> Kees Cook <keescook@chromium.org> wrote:
>
>> I don't like this because it means if someone specifically selects
>> some plugins in their .config, and the headers are missing, the kernel
>> will successfully compile. For many plugins, this results in a kernel
>> that lacks the requested security features, and that I really do not
>> want to have happening. I'm okay leaving these disabled for compile
>> tests for now. We can revisit this once more distros have plugins
>> enabled by default.
>
> You are right. Your patch is safer.
>
Why not make it so that if COMPILE_TEST is enabled, the build warns if 
it can't find the headers, otherwise it fails?  That way, people who are 
doing all*config builds but don't have the headers will still get some 
build coverage, and the people who are enabling it as a security feature 
will still get build failures.