Re: [PATCH v4 23/31] stack-protector: test compiler capability in Kconfig and drop AUTO mode
From: Kees Cook
Date: Thu May 17 2018 - 01:29:22 EST
On Wed, May 16, 2018 at 11:17 PM, Masahiro Yamada
<yamada.masahiro@xxxxxxxxxxxxx> wrote:
> Move the test for -fstack-protector(-strong) option to Kconfig.
>
> If the compiler does not support the option, the corresponding menu
> is automatically hidden. If STRONG is not supported, it will fall
> back to REGULAR. If REGULAR is not supported, it will be disabled.
> This means, AUTO is implicitly handled by the dependency solver of
> Kconfig, hence removed.
>
> I also turned the 'choice' into only two boolean symbols. The use of
> 'choice' is not a good idea here, because all of all{yes,mod,no}config
> would choose the first visible value, while we want allnoconfig to
> disable as many features as possible.
>
> X86 has additional shell scripts in case the compiler supports those
> options, but generates broken code. I added CC_HAS_SANE_STACKPROTECTOR
> to test this. I had to add -m32 to gcc-x86_32-has-stack-protector.sh
> to make it work correctly.
>
> Signed-off-by: Masahiro Yamada <yamada.masahiro@xxxxxxxxxxxxx>
Thanks!
Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>
-Kees
--
Kees Cook
Pixel Security