[tip: x86/urgent] x86/entry: Actually disable stack protector

From: tip-bot2 for Kees Cook
Date: Sun Jul 19 2020 - 07:08:52 EST

Next message: tip-bot2 for Arvind Sankar: "[tip: x86/urgent] x86/boot: Don't add the EFI stub to targets"
Previous message: Paul Cercueil: "Re: [PATCH] drm/ingenic: Silence uninitialized-variable warning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The following commit has been merged into the x86/urgent branch of tip:

Commit-ID: 58ac3154b83938515129c20aa76d456a4c9202a8
Gitweb: https://git.kernel.org/tip/58ac3154b83938515129c20aa76d456a4c9202a8
Author: Kees Cook <keescook@xxxxxxxxxxxx>
AuthorDate: Fri, 26 Jun 2020 13:34:25 -07:00
Committer: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
CommitterDate: Sun, 19 Jul 2020 13:07:10 +02:00

x86/entry: Actually disable stack protector

Some builds of GCC enable stack protector by default. Simply removing
the arguments is not sufficient to disable stack protector, as the stack
protector for those GCC builds must be explicitly disabled. Remove the
argument removals and add -fno-stack-protector. Additionally include
missed x32 argument updates, and adjust whitespace for readability.

Fixes: 20355e5f73a7 ("x86/entry: Exclude low level entry code from sanitizing")
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Link: https://lkml.kernel.org/r/202006261333.585319CA6B@keescook

---
arch/x86/entry/Makefile | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/arch/x86/entry/Makefile b/arch/x86/entry/Makefile
index b7a5790..08bf95d 100644
--- a/arch/x86/entry/Makefile
+++ b/arch/x86/entry/Makefile
@@ -7,12 +7,20 @@ KASAN_SANITIZE := n
UBSAN_SANITIZE := n
KCOV_INSTRUMENT := n

-CFLAGS_REMOVE_common.o = $(CC_FLAGS_FTRACE) -fstack-protector -fstack-protector-strong
-CFLAGS_REMOVE_syscall_32.o = $(CC_FLAGS_FTRACE) -fstack-protector -fstack-protector-strong
-CFLAGS_REMOVE_syscall_64.o = $(CC_FLAGS_FTRACE) -fstack-protector -fstack-protector-strong
+CFLAGS_REMOVE_common.o = $(CC_FLAGS_FTRACE)
+CFLAGS_REMOVE_syscall_64.o = $(CC_FLAGS_FTRACE)
+CFLAGS_REMOVE_syscall_32.o = $(CC_FLAGS_FTRACE)
+CFLAGS_REMOVE_syscall_x32.o = $(CC_FLAGS_FTRACE)
+
+CFLAGS_common.o += -fno-stack-protector
+CFLAGS_syscall_64.o += -fno-stack-protector
+CFLAGS_syscall_32.o += -fno-stack-protector
+CFLAGS_syscall_x32.o += -fno-stack-protector

CFLAGS_syscall_64.o += $(call cc-option,-Wno-override-init,)
CFLAGS_syscall_32.o += $(call cc-option,-Wno-override-init,)
+CFLAGS_syscall_x32.o += $(call cc-option,-Wno-override-init,)
+
obj-y := entry_$(BITS).o thunk_$(BITS).o syscall_$(BITS).o
obj-y += common.o

Next message: tip-bot2 for Arvind Sankar: "[tip: x86/urgent] x86/boot: Don't add the EFI stub to targets"
Previous message: Paul Cercueil: "Re: [PATCH] drm/ingenic: Silence uninitialized-variable warning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]