* How to define some additional KBUILD_CFLAGS after building include/generated/asm-offsets.h ?
@ 2018-09-18 23:41 Christophe Leroy
2018-09-24 12:10 ` Michael Ellerman
0 siblings, 1 reply; 7+ messages in thread
From: Christophe Leroy @ 2018-09-18 23:41 UTC (permalink / raw)
To: linuxppc-dev, linux-kbuild, Masahiro Yamada, Michal Marek,
Segher Boessenkool
Cc: LKML
I'm trying to implement TLS based stack protector in the Linux Kernel.
For that I need to give to GCC the offset at which it will find the
canary (register r2 is pointing to the current task struct).
I have been able to do it with the below patch, but it only works when
include/generated/asm-offsets.h already exists from the start of the build.
Is there a way to evaluate CANARY_OFFSET and add the stack-protector
flags to KBUILD_FLAGS only after include/generated/asm-offsets.h is built ?
Or another way of add -mstack-protector-guard-offset=offsetof(struct
task_struct, stack_canary) ?
diff --git a/arch/powerpc/kernel/asm-offsets.c
b/arch/powerpc/kernel/asm-offsets.c
index 89cf15566c4e..b25483946921 100644
--- a/arch/powerpc/kernel/asm-offsets.c
+++ b/arch/powerpc/kernel/asm-offsets.c
@@ -89,6 +89,9 @@ int main(void)
DEFINE(THREAD_INFO_GAP, _ALIGN_UP(sizeof(struct thread_info), 16));
OFFSET(KSP_LIMIT, thread_struct, ksp_limit);
#endif /* CONFIG_PPC64 */
+#ifdef CONFIG_STACKPROTECTOR
+ DEFINE(TSK_STACK_CANARY, offsetof(struct task_struct,
stack_canary));
+#endif
#ifdef CONFIG_LIVEPATCH
OFFSET(TI_livepatch_sp, thread_info, livepatch_sp);
diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
index e58c3f467db5..051b907b5c02 100644
[root@pc16082vm linux-powerpc]# git diff
diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
index 748e34e81a03..7b5a23a8afe8 100644
--- a/arch/powerpc/Makefile
+++ b/arch/powerpc/Makefile
@@ -113,7 +113,8 @@ KBUILD_ARFLAGS += --target=elf$(BITS)-$(GNUTARGET)
endif
ifdef CONFIG_STACKPROTECTOR
-KBUILD_CFLAGS += -mstack-protector-guard=global
+CANARY_OFFSET := $(shell awk '{if ($$2 == "TSK_STACK_CANARY") print
$$3;}' include/generated/asm-offsets.h)
+KBUILD_CFLAGS += -mstack-protector-guard=tls
-mstack-protector-guard-reg=r2
-mstack-protector-guard-offset=$(CANARY_OFFSET)
endif
LDFLAGS_vmlinux-y := -Bstatic
Thanks
Christophe
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: How to define some additional KBUILD_CFLAGS after building include/generated/asm-offsets.h ?
2018-09-18 23:41 How to define some additional KBUILD_CFLAGS after building include/generated/asm-offsets.h ? Christophe Leroy
@ 2018-09-24 12:10 ` Michael Ellerman
2018-09-24 15:26 ` Christophe LEROY
0 siblings, 1 reply; 7+ messages in thread
From: Michael Ellerman @ 2018-09-24 12:10 UTC (permalink / raw)
To: Christophe Leroy, linuxppc-dev, linux-kbuild, Masahiro Yamada,
Michal Marek, Segher Boessenkool
Cc: LKML
Christophe Leroy <christophe.leroy@c-s.fr> writes:
> I'm trying to implement TLS based stack protector in the Linux Kernel.
> For that I need to give to GCC the offset at which it will find the
> canary (register r2 is pointing to the current task struct).
>
> I have been able to do it with the below patch, but it only works when
> include/generated/asm-offsets.h already exists from the start of the build.
>
> Is there a way to evaluate CANARY_OFFSET and add the stack-protector
> flags to KBUILD_FLAGS only after include/generated/asm-offsets.h is built ?
>
> Or another way of add -mstack-protector-guard-offset=offsetof(struct
> task_struct, stack_canary) ?
This seems to work, at least I see the value in CFLAGS:
diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
index 07d9dce..39ee113 100644
--- a/arch/powerpc/Makefile
+++ b/arch/powerpc/Makefile
@@ -404,6 +394,11 @@ archclean:
archprepare: checkbin
+prepare: stack_protector_prepare
+
+stack_protector_prepare: prepare0
+ $(eval KBUILD_CFLAGS += -mstack-protector-guard-offset=$(shell awk '{if ($$2 == "TSK_STACK_CANARY") print $$3;}' include/generated/asm-offsets.h))
+
# Use the file '.tmp_gas_check' for binutils tests, as gas won't output
# to stdout and these checks are run even on install targets.
TOUT := .tmp_gas_check
cheers
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: How to define some additional KBUILD_CFLAGS after building include/generated/asm-offsets.h ?
2018-09-24 12:10 ` Michael Ellerman
@ 2018-09-24 15:26 ` Christophe LEROY
2018-09-25 1:16 ` Michael Ellerman
0 siblings, 1 reply; 7+ messages in thread
From: Christophe LEROY @ 2018-09-24 15:26 UTC (permalink / raw)
To: Michael Ellerman, linuxppc-dev, linux-kbuild, Masahiro Yamada,
Michal Marek, Segher Boessenkool
Cc: LKML
Le 24/09/2018 à 14:10, Michael Ellerman a écrit :
> Christophe Leroy <christophe.leroy@c-s.fr> writes:
>
>> I'm trying to implement TLS based stack protector in the Linux Kernel.
>> For that I need to give to GCC the offset at which it will find the
>> canary (register r2 is pointing to the current task struct).
>>
>> I have been able to do it with the below patch, but it only works when
>> include/generated/asm-offsets.h already exists from the start of the build.
>>
>> Is there a way to evaluate CANARY_OFFSET and add the stack-protector
>> flags to KBUILD_FLAGS only after include/generated/asm-offsets.h is built ?
>>
>> Or another way of add -mstack-protector-guard-offset=offsetof(struct
>> task_struct, stack_canary) ?
>
> This seems to work, at least I see the value in CFLAGS:
>
> diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
> index 07d9dce..39ee113 100644
> --- a/arch/powerpc/Makefile
> +++ b/arch/powerpc/Makefile
> @@ -404,6 +394,11 @@ archclean:
>
> archprepare: checkbin
>
> +prepare: stack_protector_prepare
> +
> +stack_protector_prepare: prepare0
> + $(eval KBUILD_CFLAGS += -mstack-protector-guard-offset=$(shell awk '{if ($$2 == "TSK_STACK_CANARY") print $$3;}' include/generated/asm-offsets.h))
> +
Great, it works !
Thanks, I have sent v3 of the patches.
Christophe
> # Use the file '.tmp_gas_check' for binutils tests, as gas won't output
> # to stdout and these checks are run even on install targets.
> TOUT := .tmp_gas_check
>
>
> cheers
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: How to define some additional KBUILD_CFLAGS after building include/generated/asm-offsets.h ?
2018-09-24 15:26 ` Christophe LEROY
@ 2018-09-25 1:16 ` Michael Ellerman
2018-09-25 12:39 ` Michael Ellerman
2018-09-27 5:24 ` Masahiro Yamada
0 siblings, 2 replies; 7+ messages in thread
From: Michael Ellerman @ 2018-09-25 1:16 UTC (permalink / raw)
To: Christophe LEROY, linuxppc-dev, linux-kbuild, Masahiro Yamada,
Michal Marek, Segher Boessenkool
Cc: LKML
Christophe LEROY <christophe.leroy@c-s.fr> writes:
> Le 24/09/2018 à 14:10, Michael Ellerman a écrit :
>> Christophe Leroy <christophe.leroy@c-s.fr> writes:
>>
>>> I'm trying to implement TLS based stack protector in the Linux Kernel.
>>> For that I need to give to GCC the offset at which it will find the
>>> canary (register r2 is pointing to the current task struct).
>>>
>>> I have been able to do it with the below patch, but it only works when
>>> include/generated/asm-offsets.h already exists from the start of the build.
>>>
>>> Is there a way to evaluate CANARY_OFFSET and add the stack-protector
>>> flags to KBUILD_FLAGS only after include/generated/asm-offsets.h is built ?
>>>
>>> Or another way of add -mstack-protector-guard-offset=offsetof(struct
>>> task_struct, stack_canary) ?
>>
>> This seems to work, at least I see the value in CFLAGS:
>>
>> diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
>> index 07d9dce..39ee113 100644
>> --- a/arch/powerpc/Makefile
>> +++ b/arch/powerpc/Makefile
>> @@ -404,6 +394,11 @@ archclean:
>>
>> archprepare: checkbin
>>
>> +prepare: stack_protector_prepare
>> +
>> +stack_protector_prepare: prepare0
>> + $(eval KBUILD_CFLAGS += -mstack-protector-guard-offset=$(shell awk '{if ($$2 == "TSK_STACK_CANARY") print $$3;}' include/generated/asm-offsets.h))
>> +
>
> Great, it works !
> Thanks, I have sent v3 of the patches.
Cool.
It would be good to here from someone who knows Kbuild better than me if
this is acceptable or just a gross hack :)
cheers
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: How to define some additional KBUILD_CFLAGS after building include/generated/asm-offsets.h ?
2018-09-25 1:16 ` Michael Ellerman
@ 2018-09-25 12:39 ` Michael Ellerman
2018-09-27 5:24 ` Masahiro Yamada
1 sibling, 0 replies; 7+ messages in thread
From: Michael Ellerman @ 2018-09-25 12:39 UTC (permalink / raw)
To: Christophe LEROY, linuxppc-dev, linux-kbuild, Masahiro Yamada,
Michal Marek, Segher Boessenkool
Cc: LKML
Michael Ellerman <mpe@ellerman.id.au> writes:
> Christophe LEROY <christophe.leroy@c-s.fr> writes:
>> Le 24/09/2018 à 14:10, Michael Ellerman a écrit :
>>> Christophe Leroy <christophe.leroy@c-s.fr> writes:
>>>> I'm trying to implement TLS based stack protector in the Linux Kernel.
>>>> For that I need to give to GCC the offset at which it will find the
>>>> canary (register r2 is pointing to the current task struct).
>>>>
>>>> I have been able to do it with the below patch, but it only works when
>>>> include/generated/asm-offsets.h already exists from the start of the build.
>>>>
>>>> Is there a way to evaluate CANARY_OFFSET and add the stack-protector
>>>> flags to KBUILD_FLAGS only after include/generated/asm-offsets.h is built ?
>>>>
>>>> Or another way of add -mstack-protector-guard-offset=offsetof(struct
>>>> task_struct, stack_canary) ?
>>>
>>> This seems to work, at least I see the value in CFLAGS:
>>>
>>> diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
>>> index 07d9dce..39ee113 100644
>>> --- a/arch/powerpc/Makefile
>>> +++ b/arch/powerpc/Makefile
>>> @@ -404,6 +394,11 @@ archclean:
>>>
>>> archprepare: checkbin
>>>
>>> +prepare: stack_protector_prepare
>>> +
>>> +stack_protector_prepare: prepare0
>>> + $(eval KBUILD_CFLAGS += -mstack-protector-guard-offset=$(shell awk '{if ($$2 == "TSK_STACK_CANARY") print $$3;}' include/generated/asm-offsets.h))
>>> +
>>
>> Great, it works !
>> Thanks, I have sent v3 of the patches.
>
> Cool.
>
> It would be good to here from someone who knows Kbuild better than me if
^
hear
Still learning English.
cheers
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: How to define some additional KBUILD_CFLAGS after building include/generated/asm-offsets.h ?
2018-09-25 1:16 ` Michael Ellerman
2018-09-25 12:39 ` Michael Ellerman
@ 2018-09-27 5:24 ` Masahiro Yamada
2018-09-27 6:31 ` Michael Ellerman
1 sibling, 1 reply; 7+ messages in thread
From: Masahiro Yamada @ 2018-09-27 5:24 UTC (permalink / raw)
To: Michael Ellerman
Cc: Christophe LEROY, linuxppc-dev, Linux Kbuild mailing list,
Michal Marek, Segher Boessenkool, LKML
Hi.
2018-09-25 10:16 GMT+09:00 Michael Ellerman <mpe@ellerman.id.au>:
> Christophe LEROY <christophe.leroy@c-s.fr> writes:
>
>> Le 24/09/2018 à 14:10, Michael Ellerman a écrit :
>>> Christophe Leroy <christophe.leroy@c-s.fr> writes:
>>>
>>>> I'm trying to implement TLS based stack protector in the Linux Kernel.
>>>> For that I need to give to GCC the offset at which it will find the
>>>> canary (register r2 is pointing to the current task struct).
>>>>
>>>> I have been able to do it with the below patch, but it only works when
>>>> include/generated/asm-offsets.h already exists from the start of the build.
>>>>
>>>> Is there a way to evaluate CANARY_OFFSET and add the stack-protector
>>>> flags to KBUILD_FLAGS only after include/generated/asm-offsets.h is built ?
>>>>
>>>> Or another way of add -mstack-protector-guard-offset=offsetof(struct
>>>> task_struct, stack_canary) ?
>>>
>>> This seems to work, at least I see the value in CFLAGS:
>>>
>>> diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
>>> index 07d9dce..39ee113 100644
>>> --- a/arch/powerpc/Makefile
>>> +++ b/arch/powerpc/Makefile
>>> @@ -404,6 +394,11 @@ archclean:
>>>
>>> archprepare: checkbin
>>>
>>> +prepare: stack_protector_prepare
>>> +
>>> +stack_protector_prepare: prepare0
>>> + $(eval KBUILD_CFLAGS += -mstack-protector-guard-offset=$(shell awk '{if ($$2 == "TSK_STACK_CANARY") print $$3;}' include/generated/asm-offsets.h))
>>> +
>>
>> Great, it works !
>> Thanks, I have sent v3 of the patches.
>
> Cool.
>
> It would be good to here from someone who knows Kbuild better than me if
> this is acceptable or just a gross hack :)
I am fine with this solution.
Thanks.
--
Best Regards
Masahiro Yamada
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: How to define some additional KBUILD_CFLAGS after building include/generated/asm-offsets.h ?
2018-09-27 5:24 ` Masahiro Yamada
@ 2018-09-27 6:31 ` Michael Ellerman
0 siblings, 0 replies; 7+ messages in thread
From: Michael Ellerman @ 2018-09-27 6:31 UTC (permalink / raw)
To: Masahiro Yamada
Cc: Christophe LEROY, linuxppc-dev, Linux Kbuild mailing list,
Michal Marek, Segher Boessenkool, LKML
Masahiro Yamada <yamada.masahiro@socionext.com> writes:
> 2018-09-25 10:16 GMT+09:00 Michael Ellerman <mpe@ellerman.id.au>:
>> Christophe LEROY <christophe.leroy@c-s.fr> writes:
>>
>>> Le 24/09/2018 à 14:10, Michael Ellerman a écrit :
>>>> Christophe Leroy <christophe.leroy@c-s.fr> writes:
>>>>
>>>>> I'm trying to implement TLS based stack protector in the Linux Kernel.
>>>>> For that I need to give to GCC the offset at which it will find the
>>>>> canary (register r2 is pointing to the current task struct).
>>>>>
>>>>> I have been able to do it with the below patch, but it only works when
>>>>> include/generated/asm-offsets.h already exists from the start of the build.
>>>>>
>>>>> Is there a way to evaluate CANARY_OFFSET and add the stack-protector
>>>>> flags to KBUILD_FLAGS only after include/generated/asm-offsets.h is built ?
>>>>>
>>>>> Or another way of add -mstack-protector-guard-offset=offsetof(struct
>>>>> task_struct, stack_canary) ?
>>>>
>>>> This seems to work, at least I see the value in CFLAGS:
>>>>
>>>> diff --git a/arch/powerpc/Makefile b/arch/powerpc/Makefile
>>>> index 07d9dce..39ee113 100644
>>>> --- a/arch/powerpc/Makefile
>>>> +++ b/arch/powerpc/Makefile
>>>> @@ -404,6 +394,11 @@ archclean:
>>>>
>>>> archprepare: checkbin
>>>>
>>>> +prepare: stack_protector_prepare
>>>> +
>>>> +stack_protector_prepare: prepare0
>>>> + $(eval KBUILD_CFLAGS += -mstack-protector-guard-offset=$(shell awk '{if ($$2 == "TSK_STACK_CANARY") print $$3;}' include/generated/asm-offsets.h))
>>>> +
>>>
>>> Great, it works !
>>> Thanks, I have sent v3 of the patches.
>>
>> Cool.
>>
>> It would be good to here from someone who knows Kbuild better than me if
>> this is acceptable or just a gross hack :)
>
> I am fine with this solution.
Thanks.
cheers
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2018-09-27 6:31 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-18 23:41 How to define some additional KBUILD_CFLAGS after building include/generated/asm-offsets.h ? Christophe Leroy
2018-09-24 12:10 ` Michael Ellerman
2018-09-24 15:26 ` Christophe LEROY
2018-09-25 1:16 ` Michael Ellerman
2018-09-25 12:39 ` Michael Ellerman
2018-09-27 5:24 ` Masahiro Yamada
2018-09-27 6:31 ` Michael Ellerman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).