stackprotector: update make rules
Impact: no default -fno-stack-protector if stackp is enabled, cleanup Stackprotector make rules had the following problems. * cc support test and warning are scattered across makefile and kernel/panic.c. * -fno-stack-protector was always added regardless of configuration. Update such that cc support test and warning are contained in makefile and -fno-stack-protector is added iff stackp is turned off. While at it, prepare for 32bit support. Signed-off-by: Tejun Heo <tj@kernel.org> Signed-off-by: Ingo Molnar <mingo@elte.hu>
This commit is contained in:
Tejun Heo
Ingo Molnar
parent
76397f72fb
commit
5d707e9c8e
4 changed files with 15 additions and 13 deletions
3
Makefile
3
Makefile
|
|
@ -532,8 +532,9 @@ KBUILD_CFLAGS += $(call cc-option,-Wframe-larger-than=${CONFIG_FRAME_WARN})
|
||||||
endif
|
endif
|
||||||
|
|
||||||
# Force gcc to behave correct even for buggy distributions
|
# Force gcc to behave correct even for buggy distributions
|
||||||
# Arch Makefiles may override this setting
|
ifndef CONFIG_CC_STACKPROTECTOR
|
||||||
KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector)
|
KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector)
|
||||||
|
endif
|
||||||
|
|
||||||
ifdef CONFIG_FRAME_POINTER
|
ifdef CONFIG_FRAME_POINTER
|
||||||
KBUILD_CFLAGS += -fno-omit-frame-pointer -fno-optimize-sibling-calls
|
KBUILD_CFLAGS += -fno-omit-frame-pointer -fno-optimize-sibling-calls
|
||||||
|
|
|
||||||
|
|
@ -70,14 +70,17 @@ else
|
||||||
# this works around some issues with generating unwind tables in older gccs
|
# this works around some issues with generating unwind tables in older gccs
|
||||||
# newer gccs do it by default
|
# newer gccs do it by default
|
||||||
KBUILD_CFLAGS += -maccumulate-outgoing-args
|
KBUILD_CFLAGS += -maccumulate-outgoing-args
|
||||||
|
endif
|
||||||
|
|
||||||
stackp := $(CONFIG_SHELL) $(srctree)/scripts/gcc-x86_64-has-stack-protector.sh
|
ifdef CONFIG_CC_STACKPROTECTOR
|
||||||
stackp-$(CONFIG_CC_STACKPROTECTOR) := $(shell $(stackp) \
|
cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh
|
||||||
"$(CC)" "-fstack-protector -DGCC_HAS_SP" )
|
ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC)),y)
|
||||||
stackp-$(CONFIG_CC_STACKPROTECTOR_ALL) += $(shell $(stackp) \
|
stackp-y := -fstack-protector
|
||||||
"$(CC)" -fstack-protector-all )
|
stackp-$(CONFIG_CC_STACKPROTECTOR_ALL) += -fstack-protector-all
|
||||||
|
KBUILD_CFLAGS += $(stackp-y)
|
||||||
KBUILD_CFLAGS += $(stackp-y)
|
else
|
||||||
|
$(warning stack protector enabled but no compiler support)
|
||||||
|
endif
|
||||||
endif
|
endif
|
||||||
|
|
||||||
# Stackpointer is addressed different for 32 bit and 64 bit x86
|
# Stackpointer is addressed different for 32 bit and 64 bit x86
|
||||||
|
|
|
||||||
|
|
@ -359,10 +359,6 @@ EXPORT_SYMBOL(warn_slowpath);
|
||||||
|
|
||||||
#ifdef CONFIG_CC_STACKPROTECTOR
|
#ifdef CONFIG_CC_STACKPROTECTOR
|
||||||
|
|
||||||
#ifndef GCC_HAS_SP
|
|
||||||
#warning You have selected the CONFIG_CC_STACKPROTECTOR option, but the gcc used does not support this.
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Called when gcc's -fstack-protector feature is used, and
|
* Called when gcc's -fstack-protector feature is used, and
|
||||||
* gcc detects corruption of the on-stack canary value
|
* gcc detects corruption of the on-stack canary value
|
||||||
|
|
|
||||||
|
|
@ -2,5 +2,7 @@
|
||||||
|
|
||||||
echo "int foo(void) { char X[200]; return 3; }" | $1 -S -xc -c -O0 -mcmodel=kernel -fstack-protector - -o - 2> /dev/null | grep -q "%gs"
|
echo "int foo(void) { char X[200]; return 3; }" | $1 -S -xc -c -O0 -mcmodel=kernel -fstack-protector - -o - 2> /dev/null | grep -q "%gs"
|
||||||
if [ "$?" -eq "0" ] ; then
|
if [ "$?" -eq "0" ] ; then
|
||||||
echo $2
|
echo y
|
||||||
|
else
|
||||||
|
echo n
|
||||||
fi
|
fi
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue