From patchwork Tue Nov 7 17:38:38 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 10047069 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 522EF6032D for ; Tue, 7 Nov 2017 17:38:58 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3AEC520700 for ; Tue, 7 Nov 2017 17:38:58 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2ED2028A0F; Tue, 7 Nov 2017 17:38:58 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A15A720700 for ; Tue, 7 Nov 2017 17:38:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752210AbdKGRi4 (ORCPT ); Tue, 7 Nov 2017 12:38:56 -0500 Received: from mail-pf0-f193.google.com ([209.85.192.193]:46340 "EHLO mail-pf0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751682AbdKGRiz (ORCPT ); Tue, 7 Nov 2017 12:38:55 -0500 Received: by mail-pf0-f193.google.com with SMTP id p87so4809pfj.3 for ; Tue, 07 Nov 2017 09:38:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=TSEJPVfCh2gDVLQCs/MlcFRB38BBSxyF3/I8/SWDPjg=; b=ZnqVDM5X2hI4qvSZiXaTAVrQDkqASIbMWVGsyJaPsWJ5tisCUTZoaUBkau2S67kcFG 51NeA8DDMlOvtGBiC5xSI57KG4WXyiFQDVzSYvZYx5kmuWt9IJp6Ueg1erWDeekDKMdY o817m2Hh8tLz5u/DKk9512kYZhaCt2MrHAGtU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=TSEJPVfCh2gDVLQCs/MlcFRB38BBSxyF3/I8/SWDPjg=; b=i5uHMZZt+pnUkcRzdvzebgVC+a2ixucrGG0dXW67oIveK3Idvil3F+vKnKa/RvcpL3 Vy+fg7fllTMX4NUqcZarpCfM4mLt0zFiHCWfXaZFkYM+LbAeCfw/SKI9Y6uh+zx+hlq+ s8K1KGFNEJGQ1yCRd8aafNQWBJSAImIt/PSzXnxglpZISX07hQ+LpN3Yy2KVqDx1yZn4 D51VtiuH85v6j/4T3XJVi9hbIYMBpbadumhRcFi8StPx0XftLylmIayUkDb5Kri3Am6u FtrP0Vq5aFIoAwarcfZy3/kRWvTbO3jKkBS6vOInvqnvrahFQZzK7b7CpPhEEDA2e9En in3w== X-Gm-Message-State: AMCzsaW94m7U6ktan0BBInRxXpPLEYWUCyAHGerQtGosQkWq6KfSUpma UrFJKBzS+HdGuiWlPzdJ9dG14g== X-Google-Smtp-Source: ABhQp+TM4CykPwvesOJ6CvuHBijI8MLW+xirncWyG5ywP5Rs/6PuDVVi0hDGJ/AdLo57P+93TJ1DcQ== X-Received: by 10.98.223.15 with SMTP id u15mr21555282pfg.115.1510076334612; Tue, 07 Nov 2017 09:38:54 -0800 (PST) Received: from www.outflux.net (173-164-112-133-Oregon.hfc.comcastbusiness.net. [173.164.112.133]) by smtp.gmail.com with ESMTPSA id z86sm4978479pfk.34.2017.11.07.09.38.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 07 Nov 2017 09:38:52 -0800 (PST) From: Kees Cook To: Andrew Morton Cc: Kees Cook , Masahiro Yamada , Arnd Bergmann , linux-kbuild@vger.kernel.org, Josh Triplett , Nicholas Piggin , Laura Abbott , linux-kernel@vger.kernel.org Subject: [PATCH v2 1/3] Makefile: Move stack-protector compiler breakage test earlier Date: Tue, 7 Nov 2017 09:38:38 -0800 Message-Id: <1510076320-69931-2-git-send-email-keescook@chromium.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1510076320-69931-1-git-send-email-keescook@chromium.org> References: <1510076320-69931-1-git-send-email-keescook@chromium.org> Sender: linux-kbuild-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP In order to make stack-protector failures warn instead of unconditionally breaking the build, this moves the compiler output sanity-check earlier, and sets a flag for later testing. Future patches can choose to warn or fail, depending on the flag value. Cc: Masahiro Yamada Cc: Arnd Bergmann Cc: linux-kbuild@vger.kernel.org Signed-off-by: Kees Cook --- Makefile | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index cf007a31d575..caa3f7e6f524 100644 --- a/Makefile +++ b/Makefile @@ -692,6 +692,12 @@ endif ifdef CONFIG_CC_STACKPROTECTOR stackp-path := $(srctree)/scripts/gcc-$(SRCARCH)_$(BITS)-has-stack-protector.sh stackp-check := $(wildcard $(stackp-path)) + # If the wildcard test matches a test script, run it to check functionality. + ifdef stackp-check + ifneq ($(shell $(CONFIG_SHELL) $(stackp-check) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y) + stackp-broken := y + endif + endif endif KBUILD_CFLAGS += $(stackp-flag) @@ -1087,11 +1093,9 @@ ifdef stackp-name endif endif # Make sure compiler does not have buggy stack-protector support. -ifdef stackp-check - ifneq ($(shell $(CONFIG_SHELL) $(stackp-check) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y) +ifdef stackp-broken @echo Cannot use CONFIG_CC_STACKPROTECTOR_$(stackp-name): \ $(stackp-flag) available but compiler is broken >&2 && exit 1 - endif endif @: