On Sun, Feb 11, 2018 at 10:05 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > On Sun, Feb 11, 2018 at 10:34 AM, Ulf Magnusson <ulfalizer@xxxxxxxxx> wrote: >> On Sun, Feb 11, 2018 at 6:56 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote: >>> Old? That's not the case. The check for -fno-stack-protector will >>> likely be needed forever, as some distro compilers enable >>> stack-protector by default. So when someone wants to explicitly build >>> without stack-protector (or if the compiler's stack-protector is >>> detected as broken), we must force it off for the kernel build. >> >> What I meant is whether it makes sense to test if the >> -fno-stack-protector option is supported. Can we reasonably assume >> that passing -fno-stack-protector to the compiler won't cause an >> error? > > That isn't something I've tested; but I can check if it's useful. If it gets rid of a pointless test and symbol, I think it's useful, so that would be nice. :) >> Is it possible to build GCC with no "no stack protector" support? Do >> we need to support any compilers that would choke on the >> -fno-stack-protector flag itself? >> >> If we can reasonably assume that passing -fno-stack-protector is safe, >> then CC_HAS_STACKPROTECTOR_NONE isn't needed. > > Well, there are two situations: > > - does the user want to build _without_ stack protector? (which is > something some people want to do, no matter what I think of it) > > - did _AUTO discover that stack protector output is broken? > > In both cases, we need to pass -fno-stack-protector in case the distro > compiler was built with stack protector enabled by default. Yup, that's already the way it would work. Currently, there's also a test for whether the compiler supports -fno-stack-protector. It's that one that I suspect we might be able to get rid of. Cheers, Ulf "should merge replies" -- To unsubscribe from this list: send the line "unsubscribe linux-s390" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html