lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAGXu5jKiPFdP-wMeH5RpRuT9RAK9v-Ce=2=tmsZVYm0Bn3A-Lw@mail.gmail.com>
Date:   Tue, 10 Jul 2018 11:26:52 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Josh Poimboeuf <jpoimboe@...hat.com>
Cc:     Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Ingo Molnar <mingo@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>, X86 ML <x86@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        "H. Peter Anvin" <hpa@...or.com>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Michal Marek <michal.lkml@...kovi.net>
Subject: Re: [PATCH v2] objtool: move libelf detection to Kconfig from Makefile

On Mon, Jul 9, 2018 at 9:26 PM, Josh Poimboeuf <jpoimboe@...hat.com> wrote:
> I wasn't a part of the -fstack-protector conversation, but I doubt it's
> the same pattern.  We're trying to phase out frame pointers, for several
> reasons.  One big reason is that they cause a general slowdown across
> the entire kernel.

My primary concern with stack-protector was that I wanted to avoid a
disconnect between what was visible in CONFIG_* and how the kernel
actually got built. i.e. a kernel config had
CONFIG_STACKPROTECTOR_STRONG, it was actually built with
-fstack-protector-strong. Having it silently downgrade to
-fstack-protector while keeping CONFIG_STACKPROTECTOR_STRONG would
lead to serious confusion.

The second issue was that I wanted the best stack protector a compiler
supported, and at the time it wasn't possible to do this from kconfig.

Masahiro fixed both of these now. :) (Thank you!)

> Since we switched the x86_64 default to the ORC unwinder, a lot of
> people have switched over.  But this patch will reverse (or at least
> slow down) that trend, because almost nobody has the libelf devel
> packaged installed by default.  So over time, it will effectively make
> frame pointers the default again in many cases.  That's exactly what we
> *don't* want to do.  It will also cause people to accidentally re-enable
> frame pointers when they thought they had ORC.

This is more like the gcc-plugins: kconfig will just not make the
plugin CONFIG_*s visible if the gcc plugin dev package is missing on
the build host. However, having or not having these isn't something
we're trying to phase in or out, so the ORC case is more like how
stack-protector was originally: fail the build if your CONFIG requires
some additional build host package.

What might be interesting is having "make *config" report certain
CONFIG_* failures with helpful text. "WARNING: missing libelf for
CONFIG_ORC..." or "Warning: missing gcc-plugin-dev for
CONFIG_GCC_PLUGINS" etc?

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ