Re: [PATCH 21/30] stack-protector: test compiler capability in Kconfig and drop AUTO mode

From: Masahiro Yamada
Date: Sun Apr 15 2018 - 09:29:48 EST


2018-04-14 3:11 GMT+09:00 Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>:
> On Fri, Apr 13, 2018 at 9:41 AM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>>
>> How about something like this instead:
>
> I'd rather avoid the ifdef's in the Makefile if at all possible.
>
> I'd rather expose this as a Kconfig rule, and in the Kconfig just have
> an entry something like this
>
> config STACKPROTECTOR_FLAGS
> string
> default "-fstack-protector-strong" if CC_STACKPROTECTOR_STRONG
> default "-fstack-protector" if CC_STACKPROTECTOR
> default "-fno-stack-protector" if CC_HAS_STACKPROTECTOR_NONE
> default ""
>
> which is really simple and straightforward. In the presense of
> multiple defaults, the first is picked, so this _automatically_ does
> that whole priority ordering.
>
> And then the Makefile can just have
>
> KBUILD_CFLAGS += $(CONFIG_STACKPROTECTOR_FLAGS)
>
> which seems much simpler.

This has a minor problem.

A string type symbol encloses a value with "..." like
CONFIG_STACKPROTECTOR_FLAGS="-fstack-protector-strong"


I think the least ugliest notation to rip off "..."
is to do like follows:

KBUILD_CFLAGS += $(CONFIG_STACKPROTECTOR_FLAGS:"%"=%)



> It also makes more complex conditionals easier (ie different compilers
> with different flags, since clang sometimes does the same thing with
> another flag name), so I'd rather see this pattern in general.
>
> I'd also *much* rather do as much as possible at Kconfig time compared
> to build time. Maybe it's just shifting the costs around, but the less
> "clever" things we ask "make" to do, the better.
>
> I find our Makefiles an odd combination of really clean and simply
> (the ones that just have "obj-$(CONFIG_X) += xyz.o" are just lovely)
> and completely incomprehensible (all of our infrastructure support for
> the simple stuff).
>
> I'd rather have more of the simple stuff in Makefiles, less of the
> complex conditionals.
>
> Linus


You showed a preference of the following,

CONFIG_XYZ
bool "Enable xyz"
depends on $(cc-option -fxyz)

CONFIG_XYZ_FLAGS
string "-fxyz" if XYZ

Then, in Makefile

KBUILD_CFLAGS += $(CONFIG_XYZ_FLAGS:"%"=%)


Users usually say y/n to a question "do you want to use xyz?"
So, if you make this a general pattern,
it would require one additional symbol
to convert a bool symbol to a string.




I think the following was your original idea.

CONFIG_XYZ
bool "xyz"
depends on $(cc-option -fxyz)

Then, in Makefile

KBUILD_CFLAGS-$(CONFIG_XYZ) += -fxyz



Both notations have pros/cons, but
I slightly prefer the latter at the moment of time.




There are some complicated cases such as stack protector flags.


Your idea,

config STACKPROTECTOR_FLAGS
string
default "-fstack-protector-strong" if CC_STACKPROTECTOR_STRONG
default "-fstack-protector" if CC_STACKPROTECTOR
default "-fno-stack-protector" if CC_HAS_STACKPROTECTOR_NONE
default ""

works fine since the first visible default is picked.




In my Makefile ...

stackp-flags-$(CONFIG_CC_HAS_STACKPROTECTOR_NONE) := -fno-stack-protector
stackp-flags-$(CONFIG_CC_STACKPROTECTOR) := -fstack-protector
stackp-flags-$(CONFIG_CC_STACKPROTECTOR_STRONG) := -fstack-protector-strong

KBUILD_CFLAGS += $(stackp-flags-y)



the last one is picked.


IMHO, they are tied in terms of "cleanness".



Perhaps I may miss something, but we will have more time
to consider which approach is better.


--
Best Regards
Masahiro Yamada