On 2/11/20 12:25 PM, Kees Cook wrote:
On Tue, Feb 11, 2020 at 11:11:21AM -0700, shuah wrote:
On 2/10/20 12:30 PM, Kees Cook wrote:
In order to check the matrix of possible states for handling
READ_IMPLIES_EXEC across native, compat, and the state of PT_GNU_STACK,
add tests for these execution conditions.
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
No issues for this to go through tip.
A few problems to fix first. This fails to compile when 32-bit libraries
aren't installed. It should fail the 32-bit part and run other checks.
Do you mean the Makefile should detect the missing compat build deps and
avoid building them? Testing compat is pretty important to this test, so
it seems like missing the build deps causing the build to fail is the
correct action here. This is likely true for the x86/ selftests too.
What would you like this to do?
selftests/x86 does this already and runs the dependency check in
x86/Makefile.
check_cc.sh:# check_cc.sh - Helper to test userspace compilation support
Makefile:CAN_BUILD_I386 := $(shell ./check_cc.sh $(CC)
trivial_32bit_program.c -m32)
Makefile:CAN_BUILD_X86_64 := $(shell ./check_cc.sh $(CC)
trivial_64bit_program.c)
Makefile:CAN_BUILD_WITH_NOPIE := $(shell ./check_cc.sh $(CC)
trivial_program.c -no-pie)
Take a look and see if you can leverage this.
thanks,
-- Shuah
