| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Dec 2013 16:45:44 -0800
From: Kees Cook <keescook@...omium.org>
To: David Rientjes <rientjes@...gle.com>
Cc: Ingo Molnar <mingo@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Peter Zijlstra <peterz@...radead.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Russell King - ARM Linux <linux@....linux.org.uk>,
ralf@...ux-mips.org, Thomas Gleixner <tglx@...utronix.de>,
"H. Peter Anvin" <hpa@...or.com>,
LKML <linux-kernel@...r.kernel.org>,
Arjan van de Ven <arjan@...ux.intel.com>,
James Hogan <james.hogan@...tec.com>,
Michal Marek <mmarek@...e.cz>,
Paul Mundt <lethal@...ux-sh.org>,
Shawn Guo <shawn.guo@...aro.org>,
Stephen Rothwell <sfr@...b.auug.org.au>,
linux-kbuild <linux-kbuild@...r.kernel.org>,
"linux-tip-commits@...r.kernel.org"
<linux-tip-commits@...r.kernel.org>
Subject: Re: [patch core/stackprotector] stackprotector: Fix build when
compiler lacks support
On Mon, Dec 30, 2013 at 1:37 PM, David Rientjes <rientjes@...gle.com> wrote:
> 8779657d29c0 ("stackprotector: Introduce CONFIG_CC_STACKPROTECTOR_STRONG")
> causes the build to break when the compiler doesn't support
> -fstack-protector-strong:
>
> cc1: error: unrecognized command line option ‘-fstack-protector-strong’
> cc1: error: unrecognized command line option ‘-fstack-protector-strong’
>
> with at least gcc 4.6.3.
>
> Instead of breaking the build, just warn of the failure and disable the
> feature.
NAK. If you have selected CONFIG_CC_STACKPROTECTOR_STRONG, the build
the fail hard. Without this, it means you'll end up with kernels that
build and show a stackprotector option in their config, which is
false.
-Kees
>
> Signed-off-by: David Rientjes <rientjes@...gle.com>
> ---
> Makefile | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/Makefile b/Makefile
> --- a/Makefile
> +++ b/Makefile
> @@ -603,10 +603,11 @@ ifdef CONFIG_CC_STACKPROTECTOR_REGULAR
> -fstack-protector not supported by compiler))
> endif
> else ifdef CONFIG_CC_STACKPROTECTOR_STRONG
> - stackp-flag := -fstack-protector-strong
> - ifeq ($(call cc-option, $(stackp-flag)),)
> + ifeq ($(call cc-option, -fstack-protector-strong),)
> $(warning Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: \
> -fstack-protector-strong not supported by compiler)
> + else
> + stackp-flag := -fstack-protector-strong
> endif
> else
> # Force off for distro compilers that enable stack protector by default.
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists