Re: [PATCH V2 02/41] x86/traps: Remove stack-protector from traps.c

[Lai Jiangshan]

On 2021/9/27 19:01, Borislav Petkov wrote:
> On Mon, Sep 27, 2021 at 06:49:16PM +0800, Lai Jiangshan wrote:
> > Using only "-fno-stack-protector" is enough to disable stack protector with
> > my .config, I'm not so sure about other configuration.
>
> What does the gcc manpage say about it?

In gcc's code, all the -f[no-]stack-protector* argument overwrites the
same flag_stack_protect variable, so the last one takes effect.

> fstack-protector
> Common Var(flag_stack_protect, 1) Init(-1) Optimization
> Use propolice as a stack protection method.
>
> fstack-protector-all
> Common RejectNegative Var(flag_stack_protect, 2) Init(-1) Optimization
> Use a stack protection method for every function.
>
> fstack-protector-strong
> Common RejectNegative Var(flag_stack_protect, 3) Init(-1) Optimization
> Use a smart stack protection method for certain functions.
>
> fstack-protector-explicit
> Common RejectNegative Var(flag_stack_protect, 4) Optimization
> Use stack protection method only for functions with the stack_protect attribute.

In linux kernel's scripts/Makefile.lib, CFLAGS_traps.o is the last flags for
gcc invocation, so only "CFLAGS_traps.o += -fno-stack-protector" must be enough.

> _c_flags       = $(filter-out $(CFLAGS_REMOVE_$(target-stem).o), \
>                     $(filter-out $(ccflags-remove-y), \
>                         $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(ccflags-y)) \
>                     $(CFLAGS_$(target-stem).o))