* [PATCH] ARM: fix atags_to_fdt with stack-protector-strong
@ 2015-12-18 21:04 ` Kees Cook
0 siblings, 0 replies; 6+ messages in thread
From: Kees Cook @ 2015-12-18 21:04 UTC (permalink / raw)
To: Russell King
Cc: linux-kernel, Jeffy, Simon Horman, Geert Uytterhoeven,
Laurent Pinchart, Magnus Damm, Arnd Bergmann, linux-arm-kernel
Building with CONFIG_CC_STACKPROTECTOR_STRONG triggers protection code
generation under CONFIG_ARM_ATAG_DTB_COMPAT but this is too early for
being able to use any of the stack_chk code. Explicitly disable it for
only the atags_to_fdt bits.
Suggested-by: zhxihu <zhxihu@marvell.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/arm/boot/compressed/Makefile | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile
index 3f9a9ebc77c3..8cfbc4a2090b 100644
--- a/arch/arm/boot/compressed/Makefile
+++ b/arch/arm/boot/compressed/Makefile
@@ -106,6 +106,14 @@ ORIG_CFLAGS := $(KBUILD_CFLAGS)
KBUILD_CFLAGS = $(subst -pg, , $(ORIG_CFLAGS))
endif
+ifeq ($(CONFIG_ARM_ATAG_DTB_COMPAT),y)
+CFLAGS_atags_to_fdt.o := -fno-stack-protector
+CFLAGS_fdt.o := -fno-stack-protector
+CFLAGS_fdt_ro.o := -fno-stack-protector
+CFLAGS_fdt_rw.o := -fno-stack-protector
+CFLAGS_fdt_wip.o := -fno-stack-protector
+endif
+
ccflags-y := -fpic -mno-single-pic-base -fno-builtin -I$(obj)
asflags-y := -DZIMAGE
--
2.6.3
--
Kees Cook
Chrome OS & Brillo Security
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH] ARM: fix atags_to_fdt with stack-protector-strong
@ 2015-12-18 21:04 ` Kees Cook
0 siblings, 0 replies; 6+ messages in thread
From: Kees Cook @ 2015-12-18 21:04 UTC (permalink / raw)
To: linux-arm-kernel
Building with CONFIG_CC_STACKPROTECTOR_STRONG triggers protection code
generation under CONFIG_ARM_ATAG_DTB_COMPAT but this is too early for
being able to use any of the stack_chk code. Explicitly disable it for
only the atags_to_fdt bits.
Suggested-by: zhxihu <zhxihu@marvell.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
---
arch/arm/boot/compressed/Makefile | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile
index 3f9a9ebc77c3..8cfbc4a2090b 100644
--- a/arch/arm/boot/compressed/Makefile
+++ b/arch/arm/boot/compressed/Makefile
@@ -106,6 +106,14 @@ ORIG_CFLAGS := $(KBUILD_CFLAGS)
KBUILD_CFLAGS = $(subst -pg, , $(ORIG_CFLAGS))
endif
+ifeq ($(CONFIG_ARM_ATAG_DTB_COMPAT),y)
+CFLAGS_atags_to_fdt.o := -fno-stack-protector
+CFLAGS_fdt.o := -fno-stack-protector
+CFLAGS_fdt_ro.o := -fno-stack-protector
+CFLAGS_fdt_rw.o := -fno-stack-protector
+CFLAGS_fdt_wip.o := -fno-stack-protector
+endif
+
ccflags-y := -fpic -mno-single-pic-base -fno-builtin -I$(obj)
asflags-y := -DZIMAGE
--
2.6.3
--
Kees Cook
Chrome OS & Brillo Security
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] ARM: fix atags_to_fdt with stack-protector-strong
2015-12-18 21:04 ` Kees Cook
@ 2015-12-18 21:09 ` Arnd Bergmann
-1 siblings, 0 replies; 6+ messages in thread
From: Arnd Bergmann @ 2015-12-18 21:09 UTC (permalink / raw)
To: Kees Cook
Cc: Russell King, linux-kernel, Jeffy, Simon Horman,
Geert Uytterhoeven, Laurent Pinchart, Magnus Damm,
linux-arm-kernel
On Friday 18 December 2015 13:04:59 Kees Cook wrote:
> +ifeq ($(CONFIG_ARM_ATAG_DTB_COMPAT),y)
> +CFLAGS_atags_to_fdt.o := -fno-stack-protector
> +CFLAGS_fdt.o := -fno-stack-protector
> +CFLAGS_fdt_ro.o := -fno-stack-protector
> +CFLAGS_fdt_rw.o := -fno-stack-protector
> +CFLAGS_fdt_wip.o := -fno-stack-protector
> +endif
I'm pretty sure you don't need the ifeq there, you can simply define those
flags unconditionally.
You can't just add -fno-stack-protector unconditionally, because that
breaks building the kernel with toolchains that are older than stack-protector,
so this should be
CFLAGS_obj.o += $(call cc-option, -fno-stack-protector)
Other than that, the patch looks ok.
Arnd
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] ARM: fix atags_to_fdt with stack-protector-strong
@ 2015-12-18 21:09 ` Arnd Bergmann
0 siblings, 0 replies; 6+ messages in thread
From: Arnd Bergmann @ 2015-12-18 21:09 UTC (permalink / raw)
To: linux-arm-kernel
On Friday 18 December 2015 13:04:59 Kees Cook wrote:
> +ifeq ($(CONFIG_ARM_ATAG_DTB_COMPAT),y)
> +CFLAGS_atags_to_fdt.o := -fno-stack-protector
> +CFLAGS_fdt.o := -fno-stack-protector
> +CFLAGS_fdt_ro.o := -fno-stack-protector
> +CFLAGS_fdt_rw.o := -fno-stack-protector
> +CFLAGS_fdt_wip.o := -fno-stack-protector
> +endif
I'm pretty sure you don't need the ifeq there, you can simply define those
flags unconditionally.
You can't just add -fno-stack-protector unconditionally, because that
breaks building the kernel with toolchains that are older than stack-protector,
so this should be
CFLAGS_obj.o += $(call cc-option, -fno-stack-protector)
Other than that, the patch looks ok.
Arnd
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] ARM: fix atags_to_fdt with stack-protector-strong
2015-12-18 21:09 ` Arnd Bergmann
@ 2015-12-18 21:26 ` Kees Cook
-1 siblings, 0 replies; 6+ messages in thread
From: Kees Cook @ 2015-12-18 21:26 UTC (permalink / raw)
To: Arnd Bergmann
Cc: Russell King, LKML, Jeffy, Simon Horman, Geert Uytterhoeven,
Laurent Pinchart, Magnus Damm, linux-arm-kernel
On Fri, Dec 18, 2015 at 1:09 PM, Arnd Bergmann <arnd@arndb.de> wrote:
> On Friday 18 December 2015 13:04:59 Kees Cook wrote:
>> +ifeq ($(CONFIG_ARM_ATAG_DTB_COMPAT),y)
>> +CFLAGS_atags_to_fdt.o := -fno-stack-protector
>> +CFLAGS_fdt.o := -fno-stack-protector
>> +CFLAGS_fdt_ro.o := -fno-stack-protector
>> +CFLAGS_fdt_rw.o := -fno-stack-protector
>> +CFLAGS_fdt_wip.o := -fno-stack-protector
>> +endif
>
> I'm pretty sure you don't need the ifeq there, you can simply define those
> flags unconditionally.
>
> You can't just add -fno-stack-protector unconditionally, because that
> breaks building the kernel with toolchains that are older than stack-protector,
> so this should be
>
> CFLAGS_obj.o += $(call cc-option, -fno-stack-protector)
>
> Other than that, the patch looks ok.
Ah, yes, all excellent points. I'll resend. Thanks!
-Kees
--
Kees Cook
Chrome OS & Brillo Security
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH] ARM: fix atags_to_fdt with stack-protector-strong
@ 2015-12-18 21:26 ` Kees Cook
0 siblings, 0 replies; 6+ messages in thread
From: Kees Cook @ 2015-12-18 21:26 UTC (permalink / raw)
To: linux-arm-kernel
On Fri, Dec 18, 2015 at 1:09 PM, Arnd Bergmann <arnd@arndb.de> wrote:
> On Friday 18 December 2015 13:04:59 Kees Cook wrote:
>> +ifeq ($(CONFIG_ARM_ATAG_DTB_COMPAT),y)
>> +CFLAGS_atags_to_fdt.o := -fno-stack-protector
>> +CFLAGS_fdt.o := -fno-stack-protector
>> +CFLAGS_fdt_ro.o := -fno-stack-protector
>> +CFLAGS_fdt_rw.o := -fno-stack-protector
>> +CFLAGS_fdt_wip.o := -fno-stack-protector
>> +endif
>
> I'm pretty sure you don't need the ifeq there, you can simply define those
> flags unconditionally.
>
> You can't just add -fno-stack-protector unconditionally, because that
> breaks building the kernel with toolchains that are older than stack-protector,
> so this should be
>
> CFLAGS_obj.o += $(call cc-option, -fno-stack-protector)
>
> Other than that, the patch looks ok.
Ah, yes, all excellent points. I'll resend. Thanks!
-Kees
--
Kees Cook
Chrome OS & Brillo Security
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2015-12-18 21:26 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-18 21:04 [PATCH] ARM: fix atags_to_fdt with stack-protector-strong Kees Cook
2015-12-18 21:04 ` Kees Cook
2015-12-18 21:09 ` Arnd Bergmann
2015-12-18 21:09 ` Arnd Bergmann
2015-12-18 21:26 ` Kees Cook
2015-12-18 21:26 ` Kees Cook
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.