x86/entry: Actually disable stack protector (58ac3154) · Commits · 戴 / test

Some builds of GCC enable stack protector by default. Simply removing the arguments is not sufficient to disable stack protector, as the stack protector for those GCC builds must be explicitly disabled. Remove the argument removals and add -fno-stack-protector. Additionally include missed x32 argument updates, and adjust whitespace for readability. Fixes: ("x86/entry: Exclude low level entry code from sanitizing") Signed-off-by:

Kees Cook <keescook@chromium.org> Signed-off-by:

Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/202006261333.585319CA6B@keescook

arch/x86/entry/Makefile

+11 −3

Original line number	Diff line number	Diff line
		@@ -7,12 +7,20 @@ KASAN_SANITIZE := n
		UBSAN_SANITIZE := n
		KCOV_INSTRUMENT := n

		CFLAGS_REMOVE_common.o = $(CC_FLAGS_FTRACE) -fstack-protector -fstack-protector-strong
		CFLAGS_REMOVE_syscall_32.o = $(CC_FLAGS_FTRACE) -fstack-protector -fstack-protector-strong
		CFLAGS_REMOVE_syscall_64.o = $(CC_FLAGS_FTRACE) -fstack-protector -fstack-protector-strong
		CFLAGS_REMOVE_common.o = $(CC_FLAGS_FTRACE)
		CFLAGS_REMOVE_syscall_64.o = $(CC_FLAGS_FTRACE)
		CFLAGS_REMOVE_syscall_32.o = $(CC_FLAGS_FTRACE)
		CFLAGS_REMOVE_syscall_x32.o = $(CC_FLAGS_FTRACE)

		CFLAGS_common.o += -fno-stack-protector
		CFLAGS_syscall_64.o += -fno-stack-protector
		CFLAGS_syscall_32.o += -fno-stack-protector
		CFLAGS_syscall_x32.o += -fno-stack-protector

		CFLAGS_syscall_64.o += $(call cc-option,-Wno-override-init,)
		CFLAGS_syscall_32.o += $(call cc-option,-Wno-override-init,)
		CFLAGS_syscall_x32.o += $(call cc-option,-Wno-override-init,)

		obj-y := entry_$(BITS).o thunk_$(BITS).o syscall_$(BITS).o
		obj-y += common.o

Admin message