stackprotector: Unify the HAVE_CC_STACKPROTECTOR logic between architectures
Instead of duplicating the CC_STACKPROTECTOR Kconfig and Makefile logic in each architecture, switch to using HAVE_CC_STACKPROTECTOR and keep everything in one place. This retains the x86-specific bug verification scripts. Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Michal Marek <mmarek@suse.cz> Cc: Russell King <linux@arm.linux.org.uk> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Paul Mundt <lethal@linux-sh.org> Cc: James Hogan <james.hogan@imgtec.com> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Shawn Guo <shawn.guo@linaro.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-arm-kernel@lists.infradead.org Cc: linux-mips@linux-mips.org Cc: linux-arch@vger.kernel.org Link: http://lkml.kernel.org/r/1387481759-14535-2-git-send-email-keescook@chromium.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
This commit is contained in:
parent
b0031f227e
commit
19952a9203
14
Makefile
14
Makefile
@ -595,10 +595,18 @@ ifneq ($(CONFIG_FRAME_WARN),0)
|
||||
KBUILD_CFLAGS += $(call cc-option,-Wframe-larger-than=${CONFIG_FRAME_WARN})
|
||||
endif
|
||||
|
||||
# Force gcc to behave correct even for buggy distributions
|
||||
ifndef CONFIG_CC_STACKPROTECTOR
|
||||
KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector)
|
||||
# Handle stack protector mode.
|
||||
ifdef CONFIG_CC_STACKPROTECTOR
|
||||
stackp-flag := -fstack-protector
|
||||
ifeq ($(call cc-option, $(stackp-flag)),)
|
||||
$(warning Cannot use CONFIG_CC_STACKPROTECTOR: \
|
||||
-fstack-protector not supported by compiler))
|
||||
endif
|
||||
else
|
||||
# Force off for distro compilers that enable stack protector by default.
|
||||
stackp-flag := $(call cc-option, -fno-stack-protector)
|
||||
endif
|
||||
KBUILD_CFLAGS += $(stackp-flag)
|
||||
|
||||
# This warning generated too much noise in a regular build.
|
||||
# Use make W=1 to enable this warning (see scripts/Makefile.build)
|
||||
|
22
arch/Kconfig
22
arch/Kconfig
@ -336,6 +336,28 @@ config SECCOMP_FILTER
|
||||
|
||||
See Documentation/prctl/seccomp_filter.txt for details.
|
||||
|
||||
config HAVE_CC_STACKPROTECTOR
|
||||
bool
|
||||
help
|
||||
An arch should select this symbol if:
|
||||
- its compiler supports the -fstack-protector option
|
||||
- it has implemented a stack canary (e.g. __stack_chk_guard)
|
||||
|
||||
config CC_STACKPROTECTOR
|
||||
bool "Enable -fstack-protector buffer overflow detection"
|
||||
depends on HAVE_CC_STACKPROTECTOR
|
||||
help
|
||||
This option turns on the -fstack-protector GCC feature. This
|
||||
feature puts, at the beginning of functions, a canary value on
|
||||
the stack just before the return address, and validates
|
||||
the value just before actually returning. Stack based buffer
|
||||
overflows (that need to overwrite this return address) now also
|
||||
overwrite the canary, which gets detected and the attack is then
|
||||
neutralized via a kernel panic.
|
||||
|
||||
This feature requires gcc version 4.2 or above, or a distribution
|
||||
gcc with the feature backported.
|
||||
|
||||
config HAVE_CONTEXT_TRACKING
|
||||
bool
|
||||
help
|
||||
|
@ -30,6 +30,7 @@ config ARM
|
||||
select HAVE_BPF_JIT
|
||||
select HAVE_CONTEXT_TRACKING
|
||||
select HAVE_C_RECORDMCOUNT
|
||||
select HAVE_CC_STACKPROTECTOR
|
||||
select HAVE_DEBUG_KMEMLEAK
|
||||
select HAVE_DMA_API_DEBUG
|
||||
select HAVE_DMA_ATTRS
|
||||
@ -1856,18 +1857,6 @@ config SECCOMP
|
||||
and the task is only allowed to execute a few safe syscalls
|
||||
defined by each seccomp mode.
|
||||
|
||||
config CC_STACKPROTECTOR
|
||||
bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
|
||||
help
|
||||
This option turns on the -fstack-protector GCC feature. This
|
||||
feature puts, at the beginning of functions, a canary value on
|
||||
the stack just before the return address, and validates
|
||||
the value just before actually returning. Stack based buffer
|
||||
overflows (that need to overwrite this return address) now also
|
||||
overwrite the canary, which gets detected and the attack is then
|
||||
neutralized via a kernel panic.
|
||||
This feature requires gcc version 4.2 or above.
|
||||
|
||||
config SWIOTLB
|
||||
def_bool y
|
||||
|
||||
|
@ -40,10 +40,6 @@ ifeq ($(CONFIG_FRAME_POINTER),y)
|
||||
KBUILD_CFLAGS +=-fno-omit-frame-pointer -mapcs -mno-sched-prolog
|
||||
endif
|
||||
|
||||
ifeq ($(CONFIG_CC_STACKPROTECTOR),y)
|
||||
KBUILD_CFLAGS +=-fstack-protector
|
||||
endif
|
||||
|
||||
ifeq ($(CONFIG_CPU_BIG_ENDIAN),y)
|
||||
KBUILD_CPPFLAGS += -mbig-endian
|
||||
AS += -EB
|
||||
|
@ -47,6 +47,7 @@ config MIPS
|
||||
select MODULES_USE_ELF_RELA if MODULES && 64BIT
|
||||
select CLONE_BACKWARDS
|
||||
select HAVE_DEBUG_STACKOVERFLOW
|
||||
select HAVE_CC_STACKPROTECTOR
|
||||
|
||||
menu "Machine selection"
|
||||
|
||||
@ -2322,19 +2323,6 @@ config SECCOMP
|
||||
|
||||
If unsure, say Y. Only embedded should say N here.
|
||||
|
||||
config CC_STACKPROTECTOR
|
||||
bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
|
||||
help
|
||||
This option turns on the -fstack-protector GCC feature. This
|
||||
feature puts, at the beginning of functions, a canary value on
|
||||
the stack just before the return address, and validates
|
||||
the value just before actually returning. Stack based buffer
|
||||
overflows (that need to overwrite this return address) now also
|
||||
overwrite the canary, which gets detected and the attack is then
|
||||
neutralized via a kernel panic.
|
||||
|
||||
This feature requires gcc version 4.2 or above.
|
||||
|
||||
config USE_OF
|
||||
bool
|
||||
select OF
|
||||
|
@ -232,10 +232,6 @@ bootvars-y = VMLINUX_LOAD_ADDRESS=$(load-y) \
|
||||
|
||||
LDFLAGS += -m $(ld-emul)
|
||||
|
||||
ifdef CONFIG_CC_STACKPROTECTOR
|
||||
KBUILD_CFLAGS += -fstack-protector
|
||||
endif
|
||||
|
||||
ifdef CONFIG_MIPS
|
||||
CHECKFLAGS += $(shell $(CC) $(KBUILD_CFLAGS) -dM -E -x c /dev/null | \
|
||||
egrep -vw '__GNUC_(|MINOR_|PATCHLEVEL_)_' | \
|
||||
|
@ -66,6 +66,7 @@ config SUPERH32
|
||||
select PERF_EVENTS
|
||||
select ARCH_HIBERNATION_POSSIBLE if MMU
|
||||
select SPARSE_IRQ
|
||||
select HAVE_CC_STACKPROTECTOR
|
||||
|
||||
config SUPERH64
|
||||
def_bool ARCH = "sh64"
|
||||
@ -695,20 +696,6 @@ config SECCOMP
|
||||
|
||||
If unsure, say N.
|
||||
|
||||
config CC_STACKPROTECTOR
|
||||
bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
|
||||
depends on SUPERH32
|
||||
help
|
||||
This option turns on the -fstack-protector GCC feature. This
|
||||
feature puts, at the beginning of functions, a canary value on
|
||||
the stack just before the return address, and validates
|
||||
the value just before actually returning. Stack based buffer
|
||||
overflows (that need to overwrite this return address) now also
|
||||
overwrite the canary, which gets detected and the attack is then
|
||||
neutralized via a kernel panic.
|
||||
|
||||
This feature requires gcc version 4.2 or above.
|
||||
|
||||
config SMP
|
||||
bool "Symmetric multi-processing support"
|
||||
depends on SYS_SUPPORTS_SMP
|
||||
|
@ -199,10 +199,6 @@ ifeq ($(CONFIG_DWARF_UNWINDER),y)
|
||||
KBUILD_CFLAGS += -fasynchronous-unwind-tables
|
||||
endif
|
||||
|
||||
ifeq ($(CONFIG_CC_STACKPROTECTOR),y)
|
||||
KBUILD_CFLAGS += -fstack-protector
|
||||
endif
|
||||
|
||||
libs-$(CONFIG_SUPERH32) := arch/sh/lib/ $(libs-y)
|
||||
libs-$(CONFIG_SUPERH64) := arch/sh/lib64/ $(libs-y)
|
||||
|
||||
|
@ -125,6 +125,7 @@ config X86
|
||||
select RTC_LIB
|
||||
select HAVE_DEBUG_STACKOVERFLOW
|
||||
select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64
|
||||
select HAVE_CC_STACKPROTECTOR
|
||||
|
||||
config INSTRUCTION_DECODER
|
||||
def_bool y
|
||||
@ -1617,22 +1618,6 @@ config SECCOMP
|
||||
|
||||
If unsure, say Y. Only embedded should say N here.
|
||||
|
||||
config CC_STACKPROTECTOR
|
||||
bool "Enable -fstack-protector buffer overflow detection"
|
||||
---help---
|
||||
This option turns on the -fstack-protector GCC feature. This
|
||||
feature puts, at the beginning of functions, a canary value on
|
||||
the stack just before the return address, and validates
|
||||
the value just before actually returning. Stack based buffer
|
||||
overflows (that need to overwrite this return address) now also
|
||||
overwrite the canary, which gets detected and the attack is then
|
||||
neutralized via a kernel panic.
|
||||
|
||||
This feature requires gcc version 4.2 or above, or a distribution
|
||||
gcc with the feature backported. Older versions are automatically
|
||||
detected and for those versions, this configuration option is
|
||||
ignored. (and a warning is printed during bootup)
|
||||
|
||||
source kernel/Kconfig.hz
|
||||
|
||||
config KEXEC
|
||||
|
@ -89,13 +89,11 @@ else
|
||||
KBUILD_CFLAGS += -maccumulate-outgoing-args
|
||||
endif
|
||||
|
||||
# Make sure compiler does not have buggy stack-protector support.
|
||||
ifdef CONFIG_CC_STACKPROTECTOR
|
||||
cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh
|
||||
ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y)
|
||||
stackp-y := -fstack-protector
|
||||
KBUILD_CFLAGS += $(stackp-y)
|
||||
else
|
||||
$(warning stack protector enabled but no compiler support)
|
||||
ifneq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y)
|
||||
$(warning stack-protector enabled but compiler support broken)
|
||||
endif
|
||||
endif
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user