From: Kees Cook <keescook@chromium.org>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Andi Kleen <ak@linux.intel.com>,
Randy Dunlap <rdunlap@infradead.org>,
linux-next@vger.kernel.org, sfr@canb.auug.org.au, mhocko@suse.cz,
linux-kernel@vger.kernel.org, Michal Marek <mmarek@suse.cz>,
linux-kbuild@vger.kernel.org
Subject: [PATCH] kbuild: explain stack-protector-strong CONFIG logic
Date: Wed, 2 Jul 2014 18:10:59 -0700 [thread overview]
Message-ID: <20140703011059.GA6331@www.outflux.net> (raw)
In-Reply-To: <20140702175635.79d54c44.akpm@linux-foundation.org>
This adds a hopefully helpful comment above the (seemingly weird)
compiler flag selection logic.
Suggested-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
Makefile | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/Makefile b/Makefile
index 13175632137f..ea88e68d121e 100644
--- a/Makefile
+++ b/Makefile
@@ -630,6 +630,22 @@ KBUILD_CFLAGS += $(call cc-option,-Wframe-larger-than=${CONFIG_FRAME_WARN})
endif
# Handle stack protector mode.
+#
+# Since kbuild can potentially perform two passes (first with the old
+# .config values and then with updated .config values), we cannot error out
+# if a desired compiler option is unsupported. If we were to error, kbuild
+# could never get to the second pass and actually notice that we changed
+# the option to something that was supported.
+#
+# Additionally, we don't want to fallback and/or silently change which compiler
+# flags will be used, since that leads to producing kernels with different
+# security feature characteristics depending on the compiler used. ("But I
+# selected CC_STACKPROTECTOR_STRONG! Why did it build with _REGULAR?!")
+#
+# The middle ground is to warn here so that the failed option is obvious, but
+# to let the build fail with bad compiler flags so that we can't produce a
+# kernel when there is a CONFIG and compiler mismatch.
+#
ifdef CONFIG_CC_STACKPROTECTOR_REGULAR
stackp-flag := -fstack-protector
ifeq ($(call cc-option, $(stackp-flag)),)
--
1.7.9.5
--
Kees Cook
Chrome OS Security
next prev parent reply other threads:[~2014-07-03 1:12 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-02 22:08 mmotm 2014-07-02-15-07 uploaded akpm
2014-07-02 22:08 ` akpm
2014-07-02 23:21 ` mmotm 2014-07-02-15-07 uploaded (stack protector) Randy Dunlap
2014-07-03 0:22 ` Andi Kleen
2014-07-03 0:37 ` Randy Dunlap
2014-07-03 0:51 ` Kees Cook
2014-07-03 0:56 ` Andrew Morton
2014-07-03 1:10 ` Kees Cook [this message]
2014-07-03 1:00 ` Andi Kleen
2014-07-03 1:13 ` Kees Cook
2014-07-03 0:57 ` Kees Cook
2014-07-03 1:42 ` Randy Dunlap
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140703011059.GA6331@www.outflux.net \
--to=keescook@chromium.org \
--cc=ak@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-next@vger.kernel.org \
--cc=mhocko@suse.cz \
--cc=mmarek@suse.cz \
--cc=rdunlap@infradead.org \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.