[PATCH 0/3] Some more changes for stack protector config symbols

[PATCH 0/3] Some more changes for stack protector config symbols

[Masahiro Yamada]

Hi Linus,

While I was checking the renaming commit,
I noticed some more fixups.

The first two patches take care of what I missed to update.

The last one is another renaming for consistency.
(Sorry, I should have asked you that.)

Please consider applying this series.



Masahiro Yamada (3):
  x86: fix dependency of X86_32_LAZY_GS
  kconfig: tinyconfig: remove stale stack protector fixups
  Kbuild: rename HAVE_CC_STACKPROTECTOR config variable

 Documentation/features/debug/stackprotector/arch-support.txt | 2 +-
 arch/Kconfig                                                 | 4 ++--
 arch/arm/Kconfig                                             | 2 +-
 arch/arm64/Kconfig                                           | 2 +-
 arch/mips/Kconfig                                            | 2 +-
 arch/sh/Kconfig                                              | 2 +-
 arch/x86/Kconfig                                             | 4 ++--
 arch/xtensa/Kconfig                                          | 2 +-
 kernel/configs/tiny.config                                   | 4 ----
 9 files changed, 10 insertions(+), 14 deletions(-)

-- 
2.7.4

[PATCH 1/3] x86: fix dependency of X86_32_LAZY_GS

[Masahiro Yamada]

Commit 2a61f4747eea ("stack-protector: test compiler capability in
Kconfig and drop AUTO mode") replaced the 'choice' with two boolean
symbols, so CC_STACKPROTECTOR_NONE no longer exists.

Prior to commit 2bc2f688fdf8 ("Makefile: move stack-protector
availability out of Kconfig"), this line was like this:

  depends on X86_32 && !CC_STACKPROTECTOR

The CC_ prefix was dropped by commit 050e9baa9dc9 ("Kbuild: rename
CC_STACKPROTECTOR[_STRONG] config variables"), so the dependency
now should be:

  depends on X86_32 && !STACKPROTECTOR

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
---

 arch/x86/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 455a670..d6c6ee6 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -327,7 +327,7 @@ config X86_64_SMP
 
 config X86_32_LAZY_GS
 	def_bool y
-	depends on X86_32 && CC_STACKPROTECTOR_NONE
+	depends on X86_32 && !STACKPROTECTOR
 
 config ARCH_SUPPORTS_UPROBES
 	def_bool y
-- 
2.7.4

[PATCH 2/3] kconfig: tinyconfig: remove stale stack protector fixups

[Masahiro Yamada]

Prior to commit 2a61f4747eea ("stack-protector: test compiler
capability in Kconfig and drop AUTO mode"), the stack protector
was configured by the choice of NONE, REGULAR, STRONG, AUTO.

tiny.config needed to explicitly set NONE because the default
value of choice, AUTO, did not produce the tiniest kernel.

Now that there are only two boolean symbols, STACKPROTECTOR
and STACKPROTECTOR_STRONG, they are naturally disabled by
"make allnoconfig", which "make tinyconfig" is based on.
Remove unnecessary lines from the tiny.config fragment file.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
---

 kernel/configs/tiny.config | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/kernel/configs/tiny.config b/kernel/configs/tiny.config
index 9bfdffc..7fa0c4a 100644
--- a/kernel/configs/tiny.config
+++ b/kernel/configs/tiny.config
@@ -10,7 +10,3 @@ CONFIG_OPTIMIZE_INLINING=y
 # CONFIG_SLAB is not set
 # CONFIG_SLUB is not set
 CONFIG_SLOB=y
-CONFIG_CC_STACKPROTECTOR_NONE=y
-# CONFIG_CC_STACKPROTECTOR_REGULAR is not set
-# CONFIG_CC_STACKPROTECTOR_STRONG is not set
-# CONFIG_CC_STACKPROTECTOR_AUTO is not set
-- 
2.7.4

[PATCH 3/3] Kbuild: rename HAVE_CC_STACKPROTECTOR config variable

[Masahiro Yamada]

HAVE_CC_STACKPROTECTOR should be selected by architectures with
stack canary implementation.  It is not about the compiler support.

For the consistency with commit 050e9baa9dc9 ("Kbuild: rename
CC_STACKPROTECTOR[_STRONG] config variables"), remove 'CC_'
from the config symbol.

I moved the 'select' lines to keep the alphabetical sorting.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
---

 Documentation/features/debug/stackprotector/arch-support.txt | 2 +-
 arch/Kconfig                                                 | 4 ++--
 arch/arm/Kconfig                                             | 2 +-
 arch/arm64/Kconfig                                           | 2 +-
 arch/mips/Kconfig                                            | 2 +-
 arch/sh/Kconfig                                              | 2 +-
 arch/x86/Kconfig                                             | 2 +-
 arch/xtensa/Kconfig                                          | 2 +-
 8 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Documentation/features/debug/stackprotector/arch-support.txt b/Documentation/features/debug/stackprotector/arch-support.txt
index 74b89a9..954ac1c 100644
--- a/Documentation/features/debug/stackprotector/arch-support.txt
+++ b/Documentation/features/debug/stackprotector/arch-support.txt
@@ -1,6 +1,6 @@
 #
 # Feature name:          stackprotector
-#         Kconfig:       HAVE_CC_STACKPROTECTOR
+#         Kconfig:       HAVE_STACKPROTECTOR
 #         description:   arch supports compiler driven stack overflow protection
 #
     -----------------------
diff --git a/arch/Kconfig b/arch/Kconfig
index c302b3d..47b235d 100644
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -549,7 +549,7 @@ config GCC_PLUGIN_RANDSTRUCT_PERFORMANCE
 	  in structures.  This reduces the performance hit of RANDSTRUCT
 	  at the cost of weakened randomization.
 
-config HAVE_CC_STACKPROTECTOR
+config HAVE_STACKPROTECTOR
 	bool
 	help
 	  An arch should select this symbol if:
@@ -560,7 +560,7 @@ config CC_HAS_STACKPROTECTOR_NONE
 
 config STACKPROTECTOR
 	bool "Stack Protector buffer overflow detection"
-	depends on HAVE_CC_STACKPROTECTOR
+	depends on HAVE_STACKPROTECTOR
 	depends on $(cc-option,-fstack-protector)
 	default y
 	help
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 2a78bde..0be4397 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -57,7 +57,6 @@ config ARM
 	select HAVE_ARCH_TRACEHOOK
 	select HAVE_ARM_SMCCC if CPU_V7
 	select HAVE_EBPF_JIT if !CPU_ENDIAN_BE32
-	select HAVE_CC_STACKPROTECTOR
 	select HAVE_CONTEXT_TRACKING
 	select HAVE_C_RECORDMCOUNT
 	select HAVE_DEBUG_KMEMLEAK
@@ -92,6 +91,7 @@ config ARM
 	select HAVE_RCU_TABLE_FREE if (SMP && ARM_LPAE)
 	select HAVE_REGS_AND_STACK_ACCESS_API
 	select HAVE_RSEQ
+	select HAVE_STACKPROTECTOR
 	select HAVE_SYSCALL_TRACEPOINTS
 	select HAVE_UID16
 	select HAVE_VIRT_CPU_ACCOUNTING_GEN
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 14f204c..42c090c 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -103,7 +103,6 @@ config ARM64
 	select HAVE_ARM_SMCCC
 	select HAVE_EBPF_JIT
 	select HAVE_C_RECORDMCOUNT
-	select HAVE_CC_STACKPROTECTOR
 	select HAVE_CMPXCHG_DOUBLE
 	select HAVE_CMPXCHG_LOCAL
 	select HAVE_CONTEXT_TRACKING
@@ -128,6 +127,7 @@ config ARM64
 	select HAVE_PERF_USER_STACK_DUMP
 	select HAVE_REGS_AND_STACK_ACCESS_API
 	select HAVE_RCU_TABLE_FREE
+	select HAVE_STACKPROTECTOR
 	select HAVE_SYSCALL_TRACEPOINTS
 	select HAVE_KPROBES
 	select HAVE_KRETPROBES
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index fe98e45..3f9deec 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -41,7 +41,6 @@ config MIPS
 	select HAVE_ARCH_TRANSPARENT_HUGEPAGE if CPU_SUPPORTS_HUGEPAGES && 64BIT
 	select HAVE_CBPF_JIT if (!64BIT && !CPU_MICROMIPS)
 	select HAVE_EBPF_JIT if (64BIT && !CPU_MICROMIPS)
-	select HAVE_CC_STACKPROTECTOR
 	select HAVE_CONTEXT_TRACKING
 	select HAVE_COPY_THREAD_TLS
 	select HAVE_C_RECORDMCOUNT
@@ -66,6 +65,7 @@ config MIPS
 	select HAVE_OPROFILE
 	select HAVE_PERF_EVENTS
 	select HAVE_REGS_AND_STACK_ACCESS_API
+	select HAVE_STACKPROTECTOR
 	select HAVE_SYSCALL_TRACEPOINTS
 	select HAVE_VIRT_CPU_ACCOUNTING_GEN if 64BIT || !SMP
 	select IRQ_FORCED_THREADING
diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
index 4d61a08..4bedd1c 100644
--- a/arch/sh/Kconfig
+++ b/arch/sh/Kconfig
@@ -77,7 +77,7 @@ config SUPERH32
 	select PERF_EVENTS
 	select ARCH_HIBERNATION_POSSIBLE if MMU
 	select SPARSE_IRQ
-	select HAVE_CC_STACKPROTECTOR
+	select HAVE_STACKPROTECTOR
 
 config SUPERH64
 	def_bool "$(ARCH)" = "sh64"
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index d6c6ee6..f1dbb4e 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -130,7 +130,6 @@ config X86
 	select HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD if X86_64
 	select HAVE_ARCH_VMAP_STACK		if X86_64
 	select HAVE_ARCH_WITHIN_STACK_FRAMES
-	select HAVE_CC_STACKPROTECTOR		if CC_HAS_SANE_STACKPROTECTOR
 	select HAVE_CMPXCHG_DOUBLE
 	select HAVE_CMPXCHG_LOCAL
 	select HAVE_CONTEXT_TRACKING		if X86_64
@@ -182,6 +181,7 @@ config X86
 	select HAVE_RCU_TABLE_FREE
 	select HAVE_REGS_AND_STACK_ACCESS_API
 	select HAVE_RELIABLE_STACKTRACE		if X86_64 && UNWINDER_FRAME_POINTER && STACK_VALIDATION
+	select HAVE_STACKPROTECTOR		if CC_HAS_SANE_STACKPROTECTOR
 	select HAVE_STACK_VALIDATION		if X86_64
 	select HAVE_RSEQ
 	select HAVE_SYSCALL_TRACEPOINTS
diff --git a/arch/xtensa/Kconfig b/arch/xtensa/Kconfig
index 17df3322..d575e87 100644
--- a/arch/xtensa/Kconfig
+++ b/arch/xtensa/Kconfig
@@ -17,7 +17,6 @@ config XTENSA
 	select GENERIC_SCHED_CLOCK
 	select GENERIC_STRNCPY_FROM_USER if KASAN
 	select HAVE_ARCH_KASAN if MMU
-	select HAVE_CC_STACKPROTECTOR
 	select HAVE_DEBUG_KMEMLEAK
 	select HAVE_DMA_CONTIGUOUS
 	select HAVE_EXIT_THREAD
@@ -28,6 +27,7 @@ config XTENSA
 	select HAVE_MEMBLOCK
 	select HAVE_OPROFILE
 	select HAVE_PERF_EVENTS
+	select HAVE_STACKPROTECTOR
 	select IRQ_DOMAIN
 	select MODULES_USE_ELF_RELA
 	select NO_BOOTMEM
-- 
2.7.4

Re: [PATCH 0/3] Some more changes for stack protector config symbols

[Kees Cook]

On Thu, Jun 14, 2018 at 3:36 AM, Masahiro Yamada
<yamada.masahiro@socionext.com> wrote:
> Hi Linus,
>
> While I was checking the renaming commit,
> I noticed some more fixups.
>
> The first two patches take care of what I missed to update.
>
> The last one is another renaming for consistency.
> (Sorry, I should have asked you that.)
>
> Please consider applying this series.

Consider the series:

Acked-by: Kees Cook <keescook@chromium.org>

Thanks for the fixes!

-Kees

>
>
>
> Masahiro Yamada (3):
>   x86: fix dependency of X86_32_LAZY_GS
>   kconfig: tinyconfig: remove stale stack protector fixups
>   Kbuild: rename HAVE_CC_STACKPROTECTOR config variable
>
>  Documentation/features/debug/stackprotector/arch-support.txt | 2 +-
>  arch/Kconfig                                                 | 4 ++--
>  arch/arm/Kconfig                                             | 2 +-
>  arch/arm64/Kconfig                                           | 2 +-
>  arch/mips/Kconfig                                            | 2 +-
>  arch/sh/Kconfig                                              | 2 +-
>  arch/x86/Kconfig                                             | 4 ++--
>  arch/xtensa/Kconfig                                          | 2 +-
>  kernel/configs/tiny.config                                   | 4 ----
>  9 files changed, 10 insertions(+), 14 deletions(-)
>
> --
> 2.7.4
>



-- 
Kees Cook
Pixel Security