Re: [PATCH v10 12/12] efi/libstub: disable SCS

From: Kees Cook
Date: Mon Apr 06 2020 - 14:25:43 EST

Next message: Marcel Holtmann: "Re: [PATCH] Bluetooth: Simplify / fix return values from tk_request"
Previous message: David Miller: "[GIT] Sparc"
In reply to: Sami Tolvanen: "[PATCH v10 12/12] efi/libstub: disable SCS"
Next in thread: Ard Biesheuvel: "Re: [PATCH v10 12/12] efi/libstub: disable SCS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 06, 2020 at 09:41:21AM -0700, Sami Tolvanen wrote:
> Shadow stacks are not available in the EFI stub, filter out SCS flags.
>
> Suggested-by: James Morse <james.morse@xxxxxxx>
> Signed-off-by: Sami Tolvanen <samitolvanen@xxxxxxxxxx>

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

> ---
> drivers/firmware/efi/libstub/Makefile | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
> index 094eabdecfe6..fa0bb64f93d6 100644
> --- a/drivers/firmware/efi/libstub/Makefile
> +++ b/drivers/firmware/efi/libstub/Makefile
> @@ -32,6 +32,9 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \
> $(call cc-option,-fno-stack-protector) \
> -D__DISABLE_EXPORTS
>
> +# remove SCS flags from all objects in this directory

nit: double space

-Kees

> +KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS))
> +
> GCOV_PROFILE := n
> KASAN_SANITIZE := n
> UBSAN_SANITIZE := n
> --
> 2.26.0.292.g33ef6b2f38-goog
>

--
Kees Cook

Next message: Marcel Holtmann: "Re: [PATCH] Bluetooth: Simplify / fix return values from tk_request"
Previous message: David Miller: "[GIT] Sparc"
In reply to: Sami Tolvanen: "[PATCH v10 12/12] efi/libstub: disable SCS"
Next in thread: Ard Biesheuvel: "Re: [PATCH v10 12/12] efi/libstub: disable SCS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]