lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180926090841.GC5745@zn.tnic>
Date:   Wed, 26 Sep 2018 11:08:41 +0200
From:   Borislav Petkov <bp@...e.de>
To:     Nick Desaulniers <ndesaulniers@...gle.com>,
        "H. Peter Anvin" <hpa@...or.com>
Cc:     Thomas Gleixner <tglx@...utronix.de>, mingo@...hat.com,
        hpa@...or.com, x86@...nel.org,
        "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Matthias Kaehlcke <mka@...omium.org>,
        Kees Cook <keescook@...omium.org>,
        Cao jin <caoj.fnst@...fujitsu.com>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] x86/boot: define CC_HAVE_ASM_GOTO

On Tue, Sep 25, 2018 at 02:13:16PM -0700, Nick Desaulniers wrote:
> Orthogonally, do you know *why* this Makefile overwrites
> KBUILD_CFLAGS?  We take great care to set various compiler flags in
> the top level Makefile, so to reset them lower in the tree seems
> troublesome on first glance.  Take for instance the fact that GCC
> changed the default C standard from gnu89 to gnu11 in GCC 5.  So a
> kernel dev with gcc 5+ is now building a kernel with some translation
> units built as gnu89, and some as gnu11.

Right, so I'd defer to hpa for a definitive answer here but AFAICT, the
reasoning is that because this is the special relocatable compressed
kernel and as such, it is redefining build flags completely so that
nothing leaks from kernel proper.

Which is funny because what happens is, that something *does* leak,
and what you're trying to fix is one incarnation. Because we do use
facilities from include/linux/. And looking at your error:

#warning "Compiler lacks ASM_GOTO support. Add -D __BPF_TRACING__ to your compiler arguments"

I don't think it does matter to the compressed kernel whether the
compiler has asm goto or not.

And looking at arch/x86/boot/Makefile, it does:

KBUILD_CFLAGS   := $(REALMODE_CFLAGS) -D_SETUP

and that _SETUP guard is kinda used to separate that early boot code
from kernel proper.

And I wonder if adding such guard to arch/x86/boot/compressed/Makefile
and then protect the asm goto check in arch/x86/include/asm/cpufeature.h
with it, would be more in line with how this whole machinery should
work...

hpa?

-- 
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
-- 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ