Re: [RFC PATCH 4/7] kconfig: support new special property shell=

From: Kees Cook
Date: Sun Feb 11 2018 - 14:39:32 EST

Next message: Lukas Wunner: "Re: [PATCH 0/5] Fix deadlock on runtime suspend in DRM drivers"
Previous message: Sangwon Hong: "[PATCH] perf kallsyms: Fix the usage on the man page"
In reply to: Linus Torvalds: "Re: [RFC PATCH 4/7] kconfig: support new special property shell="
Next in thread: Linus Torvalds: "Re: [RFC PATCH 4/7] kconfig: support new special property shell="
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Feb 11, 2018 at 10:13 AM, Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Sun, Feb 11, 2018 at 9:56 AM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>>
>>> - How common are those broken compilers?
>>
>> I *thought* it was rare (i.e. gcc 4.2) but while working on ..._AUTO I
>> found breakage in akpm's 4.4 gcc, and all of Arnd's gccs due to some
>> very strange misconfiguration between the gcc build environment and
>> other options. So, it turns out this is unfortunately common. The good
>> news is that it does NOT appear to happen with most distro compilers,
>> though I've seen Android's compiler regress the global vs %gs at least
>> once about a year ago.
>
> Hmm. Ok, so it's not *that* common, and won't affect normal people.
>
> That actually sounds like we could just
>
> (a) make gcc 4.5 be the minimum required version

I love bumping minimum for so many reason more than just stack protector. :)

> (b) actually error out if we find a bad compiler

This made akpm and Arnd very very grumpy as it regressed their builds.
That's why I had to deal with the condition very carefully for _AUTO.

> Upgrading the minimum required gcc version to 4.5 is pretty much going
> to happen _anyway_, because we're starting to rely on "asm goto" for
> avoiding speculation.
>
> End result: maybe we can make the configuration phase just use the
> standard "does gcc support this flag" logic, and then just have a
> separate script that is run to validate that gcc doesn't generate
> garbage, and error out loudly if it does.

While it was entirely done in Makefile before, this is what we have
now (except no build failure in _AUTO mode). I think it'd be great to
push as much as possible into Kconfig, though.

One difference between what we have now and this proposal is that
right now, "best available option" detection includes the output test,
which means if you have a broken compiler you get a warning but the
build proceeds with "none" selected. If we only do flag detection,
then the build will fail during the make since the output is bad
(instead of fixing the flag to "none" and just warning).

-Kees

--
Kees Cook
Pixel Security

Next message: Lukas Wunner: "Re: [PATCH 0/5] Fix deadlock on runtime suspend in DRM drivers"
Previous message: Sangwon Hong: "[PATCH] perf kallsyms: Fix the usage on the man page"
In reply to: Linus Torvalds: "Re: [RFC PATCH 4/7] kconfig: support new special property shell="
Next in thread: Linus Torvalds: "Re: [RFC PATCH 4/7] kconfig: support new special property shell="
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]