lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <de8a06d6-11c5-19ea-07a6-37f8624c8b66@oracle.com>
Date:   Wed, 5 Dec 2018 14:07:05 +0800
From:   Zhenzhong Duan <zhenzhong.duan@...cle.com>
To:     Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Ingo Molnar <mingo@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>, x86@...nel.org
Cc:     Meelis Roos <mroos@...ux.ee>, "H. Peter Anvin" <hpa@...or.com>,
        Borislav Petkov <bp@...en8.de>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] x86/build: fix compiler support check for
 CONFIG_RETPOLINE


On 2018/12/5 11:00, Masahiro Yamada wrote:
> It is wrong to add CONFIG option diagnostic to the Makefile parse
> stage.
>
> Once you are hit by the error about non-retpoline compiler, the
> compilation still breaks even after disabling CONFIG_RETPOLINE.
>
> The easiest fix is to move this check to the "archprepare" like commit
> 829fe4aa9ac1 ("x86: Allow generating user-space headers without a
> compiler") did.
>
> Link: https://lkml.org/lkml/2018/12/4/206
> Reported-by: Meelis Roos <mroos@...ux.ee>
> Fixes: 4cd24de3a098 ("x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support")
> Signed-off-by: Masahiro Yamada <yamada.masahiro@...ionext.com>
> ---
>
>   arch/x86/Makefile | 14 ++++++++------
>   1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/arch/x86/Makefile b/arch/x86/Makefile
> index f5d7f41..ae0148b 100644
> --- a/arch/x86/Makefile
> +++ b/arch/x86/Makefile
> @@ -219,12 +219,7 @@ KBUILD_CFLAGS += -Wno-sign-compare
>   KBUILD_CFLAGS += -fno-asynchronous-unwind-tables
>   
>   # Avoid indirect branches in kernel to deal with Spectre
> -ifdef CONFIG_RETPOLINE
> -ifeq ($(RETPOLINE_CFLAGS),)
> -  $(error You are building kernel with non-retpoline compiler, please update your compiler.)
> -endif
> -  KBUILD_CFLAGS += $(RETPOLINE_CFLAGS)
> -endif
> +KBUILD_CFLAGS += $(RETPOLINE_CFLAGS)

Is it better to also move "# Avoid indirect branches in kernel to deal 
with Spectre"

and "KBUILD_CFLAGS += $(RETPOLINE_CFLAGS)"?

Seems unconditionaly using "KBUILD_CFLAGS += $(RETPOLINE_CFLAGS)" will 
have compiler

using "__x86_indirect_thunk_\reg" call even ifCONFIG_RETPOLINE is 
disabled. I guess

link process will fail?

Thanks

Zhenzhong

>   
>   archscripts: scripts_basic
>   	$(Q)$(MAKE) $(build)=arch/x86/tools relocs
> @@ -307,6 +302,13 @@ ifndef CC_HAVE_ASM_GOTO
>   	@echo Compiler lacks asm-goto support.
>   	@exit 1
>   endif
> +ifdef CONFIG_RETPOLINE
> +ifeq ($(RETPOLINE_CFLAGS),)
> +	@echo "You are building kernel with non-retpoline compiler." >&2
> +	@echo "Please update your compiler." >&2
> +	@false
> +endif
> +endif
>   
>   archclean:
>   	$(Q)rm -rf $(objtree)/arch/i386

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ