lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 17 Jun 2016 17:51:55 +0200
From:	Dmitry Vyukov <dvyukov@...gle.com>
To:	Mark Rutland <mark.rutland@....com>
Cc:	Kees Cook <keescook@...omium.org>,
	Alexander Potapenko <glider@...gle.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	James Morse <james.morse@....com>,
	Michal Marek <mmarek@...e.com>
Subject: Re: [PATCHv3] kcov: reject open when kernel not instrumented

On Fri, Jun 17, 2016 at 5:48 PM, Mark Rutland <mark.rutland@....com> wrote:
> On Fri, Jun 17, 2016 at 08:42:28AM -0700, Kees Cook wrote:
>> On Fri, Jun 17, 2016 at 2:39 AM, Mark Rutland <mark.rutland@....com> wrote:
>> > If the toolchain does not support -fsanitize-coverage=trace-pc, we blat
>> > this option from CFLAGS_KCOV, and build the kernel without
>> > instrumentation, even if CONFIG_KCOV was selected. However, we still
>> > build the rest of the kcov infrastructure, and expose a kcov file under
>> > debugfs. This can be confusing, as the kernel will appear to support
>> > kcov, yet will never manage to sample any trace PC values. While we do
>> > note this fact at build time, this may be missed, and a user may not
>> > have access to build logs.
>>
>> Do you want to refuse to build if the compiler doesn't support the
>> flag?
>
> I would also be happy with that, so it's up to Alexander and Dmitry.
>
>> I finally figured out how to do this, I think, for
>> -fstack-protector:
>>
>> http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/commit/?h=kbuild/stackprotector&id=600c1bd5f8647a8470dc2fc5a8697e3eafb5fd52
>>
>> If you wanted, the CONFIG_KCOV test could live under the same
>> prepare-compiler-check target.
>
> Alexander, Dmitry, thoughts?


I did it initially for KCOV. I just reported a warning, and then
compiler errors on unknown flag. And it was submitted this way.
But then Andrew did:
http://www.spinics.net/lists/mm-commits/msg116008.html
I've seen other "unbreak allmodconfig" patches. This issue does not
affect my workflow, but it seems to be something that other people
care about. I.e. you can't even test that code builds without a
special compiler.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ