| From: |
| Linus Torvalds <torvalds-AT-linux-foundation.org> |
| To: |
| Kees Cook <keescook-AT-chromium.org> |
| Subject: |
| Re: [RFC PATCH 4/7] kconfig: support new special property shell= |
| Date: |
| Sun, 11 Feb 2018 10:13:44 -0800 |
| Message-ID: |
| <CA+55aFz3gUKQMr-X-b=ytLPX0AjGUaXNtLSUQ0_xZwZuDU33RQ@mail.gmail.com> |
| Cc: |
| Ulf Magnusson <ulfalizer-AT-gmail.com>, Masahiro Yamada <yamada.masahiro-AT-socionext.com>, Linux Kbuild mailing list <linux-kbuild-AT-vger.kernel.org>, Greg Kroah-Hartman <gregkh-AT-linuxfoundation.org>, Andrew Morton <akpm-AT-linux-foundation.org>, Nicolas Pitre <nicolas.pitre-AT-linaro.org>, "Luis R . Rodriguez" <mcgrof-AT-suse.com>, Randy Dunlap <rdunlap-AT-infradead.org>, Sam Ravnborg <sam-AT-ravnborg.org>, Michal Marek <michal.lkml-AT-markovi.net>, Martin Schwidefsky <schwidefsky-AT-de.ibm.com>, Pavel Machek <pavel-AT-ucw.cz>, linux-s390 <linux-s390-AT-vger.kernel.org>, Jiri Kosina <jkosina-AT-suse.cz>, Linux Kernel Mailing List <linux-kernel-AT-vger.kernel.org>, Tejun Heo <tj-AT-kernel.org>, Ingo Molnar <mingo-AT-kernel.org>, "Van De Ven, Arjan" <arjan.van.de.ven-AT-intel.com>, Arnd Bergmann <arn |
On Sun, Feb 11, 2018 at 9:56 AM, Kees Cook <keescook@chromium.org> wrote:
>
>> - How common are those broken compilers?
>
> I *thought* it was rare (i.e. gcc 4.2) but while working on ..._AUTO I
> found breakage in akpm's 4.4 gcc, and all of Arnd's gccs due to some
> very strange misconfiguration between the gcc build environment and
> other options. So, it turns out this is unfortunately common. The good
> news is that it does NOT appear to happen with most distro compilers,
> though I've seen Android's compiler regress the global vs %gs at least
> once about a year ago.
Hmm. Ok, so it's not *that* common, and won't affect normal people.
That actually sounds like we could just
(a) make gcc 4.5 be the minimum required version
(b) actually error out if we find a bad compiler
Upgrading the minimum required gcc version to 4.5 is pretty much going
to happen _anyway_, because we're starting to rely on "asm goto" for
avoiding speculation.
End result: maybe we can make the configuration phase just use the
standard "does gcc support this flag" logic, and then just have a
separate script that is run to validate that gcc doesn't generate
garbage, and error out loudly if it does.
Linus
