From patchwork Mon Jun 22 19:02:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 11618725 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 937A514B7 for ; Mon, 22 Jun 2020 19:07:54 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6806320732 for ; Mon, 22 Jun 2020 19:07:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="bMwDIvpV"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="tsEVDzBZ"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="DBz0dKus" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6806320732 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-ID:Subject:To:From:Date: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=bpyyzEJVWVTm/13/g6EUvbeUVFCbbUd7vVIERwFgMZM=; b=bMwDIvpV+1IhVu6KaSPXuVFrBB kLGZ0q/Fs0ayzq5aZg6BhRgFp0M/TkgJD9d0n85ujMuxPoepMIYy2T6Z7Oh2n97vDJ7EBKLEN4jJB oFnNI1sjFaNemIfm7L8W6LsihrkdL91Xpj8y/PJt+j2DbEaFZwVktd/Lu0t1TSuVZih8I1uAcxqNL FhFW+/vHYjnRQi/XTCD0k7kmVBxTGDJ4NibycuMvs4Q3SjzIp97v26dXCx8W8ebOUIoG6TvLDEr3s rWpaet/DArpoCXSICAk0itgYM7+loWfRZABbXMUox5DaX+jjVY5bulw9GPiUFmEmoYf5u8AjmOD3t I8RaAJBA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnRkg-000583-Vh; Mon, 22 Jun 2020 19:05:07 +0000 Received: from casper.infradead.org ([2001:8b0:10b:1236::1]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnRiC-0003sx-Av for linux-arm-kernel@merlin.infradead.org; Mon, 22 Jun 2020 19:02:32 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Type:MIME-Version:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:In-Reply-To:References; bh=zQ7Fc6ymovBX46AtuWXiLA7hl6B9Jd4vMKWs5H4KplE=; b=tsEVDzBZL1fR13RS0ks2ED955D 4fVfSo1ZP+QdomIK5AXP99bXY11KualVgUNuIGV+KjNgFpD3z+5l67k0cCVARpK2qmrH9z5S0r5L0 hZOFK/6AMhma5ZDhlpQr2JFXZg70D2/GzwymrpWDYsn/AoGAm1Ai5h55P71xxRwsBVUCzMBO5ifPf LAJxDAUe+ocheOMYEB3tqWOO5SDm6xe3V7l40+vAq68lZXu5tf8qwf+g5qe1PWhBirHKyhoCgu4Xf JoQlVVI+a+m+TEGCRqHFPlKuJBxOzOyf6FeYPDzI5dw6+Ef799MaRgdttCMecWfnj+4LeRpaxHohm GNxGhdbQ==; Received: from mail-pj1-x1043.google.com ([2607:f8b0:4864:20::1043]) by casper.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1jnRi8-0000yG-CG for linux-arm-kernel@lists.infradead.org; Mon, 22 Jun 2020 19:02:31 +0000 Received: by mail-pj1-x1043.google.com with SMTP id i12so280578pju.3 for ; Mon, 22 Jun 2020 12:02:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=zQ7Fc6ymovBX46AtuWXiLA7hl6B9Jd4vMKWs5H4KplE=; b=DBz0dKuszl36wXQ6sn5V61cf5DmaVK4x/ZlfgB01Olr6OHelbW+AmTvvVCWxX4vWj+ vNHU7zBFKqECPB1XvmmPLVKYUvqlj/OLuKxtRcitLtNhxWLh3H2CBFfmUFWAKn8vXbKd FHeIHXFaZxD7DGc7iOkJG042M594aXF1wpO+8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=zQ7Fc6ymovBX46AtuWXiLA7hl6B9Jd4vMKWs5H4KplE=; b=leR9cuT/hzLMhZj2R+GFf8puw+DOlg86emAVRfrqfOrftvwS1qLXSnKE3xRoLmSc0r +DtHvFQPqdTSGmUl2gysUK0J+5aflwiy044WwoOaVfOmWgOIoJ5eSKl9JnYpf8Zcjvr9 pRwfYxhq9jvobhfEA8q+YtwB6O8PRAlRWIENC1d4yPmkP7lcaxDhf0xpImIqKneLpG/m YtY9S+GqP18JTkfYbA6MHZP8PWKlvenOZ1pjyVkPDDMWVjAo8dP0pJcArv0D5VgBm7d0 HEjXnK8J9/7KyRDKyOPX5VaVkdVgknj0g+pzPZwDvqMUF2ExO4ZWY2PYhh1NzZ+kNQky hpfQ== X-Gm-Message-State: AOAM531rjkUEYUiJVVwXjchytHPhCEGd6YEajmmnTRyWXgVvB2vyKke5 r1gLKuObNlSktrVOhL5IUHrbjQ== X-Google-Smtp-Source: ABdhPJzYWGx1/QYv1WNGyh6xIyuMqFkAlAYkLY1QYvZf7PS/CQ3PsKEfg6ITZ1U79y+4dkHywK+pbw== X-Received: by 2002:a17:902:8a95:: with SMTP id p21mr19614038plo.230.1592852544295; Mon, 22 Jun 2020 12:02:24 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id dw17sm238180pjb.40.2020.06.22.12.02.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jun 2020 12:02:23 -0700 (PDT) Date: Mon, 22 Jun 2020 12:02:22 -0700 From: Kees Cook To: Peter Zijlstra , Thomas Gleixner Subject: [PATCH] kbuild: Provide way to actually disable stack protector Message-ID: <202006221201.3641ED037E@keescook> MIME-Version: 1.0 Content-Disposition: inline X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200622_200228_650209_882939AB X-CRM114-Status: GOOD ( 17.13 ) X-Spam-Score: -2.1 (--) X-Spam-Report: SpamAssassin version 3.4.4 on casper.infradead.org summary: Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1043 listed in] [list.dnswl.org] -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.0 DKIMWL_WL_HIGH DKIMwl.org - Whitelisted High sender X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Masahiro Yamada , x86@kernel.org, linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kbuild@vger.kernel.org Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org Some builds of GCC enable stack protector by default. Simply removing the arguments is not sufficient to disable stack protector, as the stack protector for those GCC builds must be explicitly disabled. (Removing the arguments is left as-is just to be sure there are no ordering problems. If -fno-stack-protector ended up _before_ -fstack-protector, it would not disable it: GCC uses whichever -f... comes last on the command line.) Fixes: 20355e5f73a7 ("x86/entry: Exclude low level entry code from sanitizing") Signed-off-by: Kees Cook --- Makefile | 4 +++- arch/Kconfig | 3 --- arch/arm/boot/compressed/Makefile | 4 ++-- arch/x86/entry/Makefile | 3 +++ 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index ac2c61c37a73..b46e91bf0b0e 100644 --- a/Makefile +++ b/Makefile @@ -762,7 +762,9 @@ ifneq ($(CONFIG_FRAME_WARN),0) KBUILD_CFLAGS += -Wframe-larger-than=$(CONFIG_FRAME_WARN) endif -stackp-flags-$(CONFIG_CC_HAS_STACKPROTECTOR_NONE) := -fno-stack-protector +DISABLE_STACKPROTECTOR := $(call cc-option,-fno-stack-protector) +export DISABLE_STACKPROTECTOR +stackp-flags-y := $(DISABLE_STACKPROTECTOR) stackp-flags-$(CONFIG_STACKPROTECTOR) := -fstack-protector stackp-flags-$(CONFIG_STACKPROTECTOR_STRONG) := -fstack-protector-strong diff --git a/arch/Kconfig b/arch/Kconfig index 8cc35dc556c7..1ea61290900a 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -478,9 +478,6 @@ config HAVE_STACKPROTECTOR An arch should select this symbol if: - it has implemented a stack canary (e.g. __stack_chk_guard) -config CC_HAS_STACKPROTECTOR_NONE - def_bool $(cc-option,-fno-stack-protector) - config STACKPROTECTOR bool "Stack Protector buffer overflow detection" depends on HAVE_STACKPROTECTOR diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile index 00602a6fba04..3693bac525d2 100644 --- a/arch/arm/boot/compressed/Makefile +++ b/arch/arm/boot/compressed/Makefile @@ -84,9 +84,9 @@ endif # -fstack-protector-strong triggers protection checks in this code, # but it is being used too early to link to meaningful stack_chk logic. -nossp-flags-$(CONFIG_CC_HAS_STACKPROTECTOR_NONE) := -fno-stack-protector $(foreach o, $(libfdt_objs) atags_to_fdt.o, \ - $(eval CFLAGS_$(o) := -I $(srctree)/scripts/dtc/libfdt $(nossp-flags-y))) + $(eval CFLAGS_$(o) := -I $(srctree)/scripts/dtc/libfdt \ + $(DISABLE_STACKPROTECTOR))) # These were previously generated C files. When you are building the kernel # with O=, make sure to remove the stale files in the output tree. Otherwise, diff --git a/arch/x86/entry/Makefile b/arch/x86/entry/Makefile index b7a5790d8d63..79902decc3d1 100644 --- a/arch/x86/entry/Makefile +++ b/arch/x86/entry/Makefile @@ -10,6 +10,9 @@ KCOV_INSTRUMENT := n CFLAGS_REMOVE_common.o = $(CC_FLAGS_FTRACE) -fstack-protector -fstack-protector-strong CFLAGS_REMOVE_syscall_32.o = $(CC_FLAGS_FTRACE) -fstack-protector -fstack-protector-strong CFLAGS_REMOVE_syscall_64.o = $(CC_FLAGS_FTRACE) -fstack-protector -fstack-protector-strong +CFLAGS_common.o += $(DISABLE_STACKPROTECTOR) +CFLAGS_syscall_32.o += $(DISABLE_STACKPROTECTOR) +CFLAGS_syscall_64.o += $(DISABLE_STACKPROTECTOR) CFLAGS_syscall_64.o += $(call cc-option,-Wno-override-init,) CFLAGS_syscall_32.o += $(call cc-option,-Wno-override-init,)