From patchwork Thu Feb 8 16:19:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Masahiro Yamada X-Patchwork-Id: 127678 Delivered-To: patch@linaro.org Received: by 10.46.124.24 with SMTP id x24csp1641567ljc; Thu, 8 Feb 2018 08:22:17 -0800 (PST) X-Google-Smtp-Source: AH8x225zW6dy/j9gvLSutVnCNcRqV5cCCdQc/dQpdelHd9ti5IO2sv814BaThHs3o25xsGsiNGZv X-Received: by 10.98.71.146 with SMTP id p18mr1220049pfi.3.1518106937536; Thu, 08 Feb 2018 08:22:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518106937; cv=none; d=google.com; s=arc-20160816; b=mAtsin2YEv3tUlh0xD+9+woXnlP1s3wFYLYLqotVzWdBRqKHjzuYvFYUrIQQikXUmn A+MuquCFYg+ov9nvAldIsBqcIvMulqMZVGCZwMkNv45i3k5PuwfOOFsRtAwqW6yL+DhW t/Lxdog3PUKKLINMmvIHMq5irWVasZ6uo/2yKCXAm4PvGVvaalBg8KeKfIBQ8kS5+0uv Af0gh4JoO9VJh46JOuUn8LDQhNZXZLOjA6v32/xZtL5G1UeL0nPA3xJnx96CCVTYY+We iZSJKv7Uh3i0eCX9IOFMD9ewHHxWz3TSG7tgOgvgj2h3cNqj43N0HenPE04JPiK+NOhz docA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:dkim-filter :arc-authentication-results; bh=dIcQHxJOo1WEOZ1InbfU14tiSNMjCN+ELjZYvOPLjWU=; b=OTZVXVSzPuucKoSbudgAViKwNqAnESwcCtegVsrYD6hH8xPu863JxAukZCNCf+OWFE RdhZDPyMrnPkYhwdHWQcBZGGSCX7chv05H4PKjKonZeNuyhWrtftp5SsoOQ8UST0iucU 3dMmDVbJPMBUSVoWFzV8CwavxkmZtmrQWbZPfdXtXIfXsrGSJApylYzGguI1tjO5Wyni CykqujoTvM94rhzUbkW4xiEH8vhkJh1In41hx47TRnrTj5iVcvzAlv0ZS6nOEeIudlC9 8GNLU4/ILOFg7OoT3oB4nsApJC8QMOJ8CSNkYFbXbNGn50YtK/sper3NLepQq5jdXIkr cxjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=vku4TdNu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u8si133503pgr.631.2018.02.08.08.22.17; Thu, 08 Feb 2018 08:22:17 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=vku4TdNu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752444AbeBHQVj (ORCPT + 13 others); Thu, 8 Feb 2018 11:21:39 -0500 Received: from conuserg-12.nifty.com ([210.131.2.79]:19340 "EHLO conuserg-12.nifty.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751706AbeBHQVg (ORCPT ); Thu, 8 Feb 2018 11:21:36 -0500 X-Greylist: delayed 59751 seconds by postgrey-1.27 at vger.kernel.org; Thu, 08 Feb 2018 11:21:36 EST Received: from grover.sesame (FL1-125-199-20-195.osk.mesh.ad.jp [125.199.20.195]) (authenticated) by conuserg-12.nifty.com with ESMTP id w18GJP1J021191; Fri, 9 Feb 2018 01:19:33 +0900 DKIM-Filter: OpenDKIM Filter v2.10.3 conuserg-12.nifty.com w18GJP1J021191 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com; s=dec2015msa; t=1518106774; bh=dIcQHxJOo1WEOZ1InbfU14tiSNMjCN+ELjZYvOPLjWU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vku4TdNuz4PfC9iSe3DGdfioMprQoYs9TloIDDGqFXnOn4Fjwn1u6k8Esv7j4V6Xm aMjQpAIoPGjjlz6K+SN/O9+uCxetZi004vmZ806oFeAIHACX6iB9QaZN72m4OLbWdz KpGwxv7nzphUsIiOFSAxriLH6TkhnTtBvTkhOepWlgiVsPuV0cCNcqiI98ElY4UdSD PUbxODx4H7U/Wsu2N5S3IbIi1yTB3mDrSve6k/mWt0rJCfsyC8I9ktmrSYYDwYfKZE LfWOep4TdztXrl+5HQMtlhSvwwIuF6G63kGDVp5V48s3zqz9dvqoqs8ge80dL9WE76 zaCWMMHe0ZNCw== X-Nifty-SrcIP: [125.199.20.195] From: Masahiro Yamada To: linux-kbuild@vger.kernel.org, Linus Torvalds Cc: Greg Kroah-Hartman , Andrew Morton , Kees Cook , Nicolas Pitre , "Luis R . Rodriguez" , Randy Dunlap , Ulf Magnusson , Sam Ravnborg , Michal Marek , Martin Schwidefsky , Pavel Machek , linux-s390@vger.kernel.org, Jiri Kosina , Masahiro Yamada , linux-kernel@vger.kernel.org Subject: [RFC PATCH 7/7] Test stackprotector options in Kconfig to kill CC_STACKPROTECTOR_AUTO Date: Fri, 9 Feb 2018 01:19:12 +0900 Message-Id: <1518106752-29228-8-git-send-email-yamada.masahiro@socionext.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1518106752-29228-1-git-send-email-yamada.masahiro@socionext.com> References: <1518106752-29228-1-git-send-email-yamada.masahiro@socionext.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add CC_HAS_STACKPROTECTOR(_STRONG) and proper dependency. I re-arranged the choice values, _STRONG, _REGULAR, _NONE in this order because the default of choice is the first visible symbol. TODO: Broken stackprotector is not tested. scripts/gcc-$(SRCARCH)_$(BITS)-has-stack-protector.sh should be evaluated in Kconfig. Signed-off-by: Masahiro Yamada Test stackprotector options in Kconfig to kill CC_STACKPROTECTOR_AUTO Add CC_HAS_STACKPROTECTOR(_STRONG) and proper dependency. I re-arranged the choice values, _STRONG, _REGULAR, _NONE in this order because the default of choice is the first visible symbol. TODO: Broken stackprotector is not tested. scripts/gcc-$(SRCARCH)_$(BITS)-has-stack-protector.sh should be evaluated in Kconfig. --- Makefile | 58 +++++++++++----------------------------------------------- arch/Kconfig | 54 +++++++++++++++++++++++++++++++----------------------- 2 files changed, 42 insertions(+), 70 deletions(-) -- 2.7.4 diff --git a/Makefile b/Makefile index 9afd617..8123ccf 100644 --- a/Makefile +++ b/Makefile @@ -679,56 +679,20 @@ ifneq ($(CONFIG_FRAME_WARN),0) KBUILD_CFLAGS += $(call cc-option,-Wframe-larger-than=${CONFIG_FRAME_WARN}) endif -# This selects the stack protector compiler flag. Testing it is delayed -# until after .config has been reprocessed, in the prepare-compiler-check -# target. -ifdef CONFIG_CC_STACKPROTECTOR_AUTO - stackp-flag := $(call cc-option,-fstack-protector-strong,$(call cc-option,-fstack-protector)) - stackp-name := AUTO -else -ifdef CONFIG_CC_STACKPROTECTOR_REGULAR - stackp-flag := -fstack-protector - stackp-name := REGULAR -else -ifdef CONFIG_CC_STACKPROTECTOR_STRONG - stackp-flag := -fstack-protector-strong - stackp-name := STRONG -else - # If either there is no stack protector for this architecture or - # CONFIG_CC_STACKPROTECTOR_NONE is selected, we're done, and $(stackp-name) - # is empty, skipping all remaining stack protector tests. - # - # Force off for distro compilers that enable stack protector by default. - KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector) -endif -endif -endif -# Find arch-specific stack protector compiler sanity-checking script. -ifdef stackp-name -ifneq ($(stackp-flag),) - stackp-path := $(srctree)/scripts/gcc-$(SRCARCH)_$(BITS)-has-stack-protector.sh - stackp-check := $(wildcard $(stackp-path)) - # If the wildcard test matches a test script, run it to check functionality. - ifdef stackp-check - ifneq ($(shell $(CONFIG_SHELL) $(stackp-check) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y) - stackp-broken := y - endif - endif - ifndef stackp-broken - # If the stack protector is functional, enable code that depends on it. - KBUILD_CPPFLAGS += -DCONFIG_CC_STACKPROTECTOR - # Either we've already detected the flag (for AUTO) or we'll fail the - # build in the prepare-compiler-check rule (for specific flag). - KBUILD_CFLAGS += $(stackp-flag) - else - # We have to make sure stack protector is unconditionally disabled if - # the compiler is broken (in case we're going to continue the build in - # AUTO mode). - KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector) - endif +ifeq ($(CONFIG_CC_STACKPROTECTOR_STRONG),y) +KBUILD_CFLAGS += -fstack-protector-strong endif +ifeq ($(CONFIG_CC_STACKPROTECTOR_REGULAR),y) +KBUILD_CFLAGS += -fstack-protector endif +# is this necessary? +#ifeq ($(CONFIG_CC_STACKPROTECTOR_NONE),y) +#KBUILD_CFLAGS += -fno-stack-protector +#endif + +# TODO: run scripts/gcc-$(SRCARCH)_$(BITS)-has-stack-protector.sh from Kconfig + ifeq ($(cc-name),clang) KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,) KBUILD_CFLAGS += $(call cc-disable-warning, unused-variable) diff --git a/arch/Kconfig b/arch/Kconfig index 76c0b54..50723d8 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -538,10 +538,20 @@ config HAVE_CC_STACKPROTECTOR - its compiler supports the -fstack-protector option - it has implemented a stack canary (e.g. __stack_chk_guard) +config CC_HAS_STACKPROTECTOR + bool + option shell="$CC -Werror -fstack-protector -c -x c /dev/null" + +config CC_HAS_STACKPROTECTOR_STRONG + bool + option shell="$CC -Werror -fstack-protector-strong -c -x c /dev/null" + +config CC_STACKPROTECTOR + bool + choice prompt "Stack Protector buffer overflow detection" depends on HAVE_CC_STACKPROTECTOR - default CC_STACKPROTECTOR_AUTO help This option turns on the "stack-protector" GCC feature. This feature puts, at the beginning of functions, a canary value on @@ -551,26 +561,10 @@ choice overwrite the canary, which gets detected and the attack is then neutralized via a kernel panic. -config CC_STACKPROTECTOR_NONE - bool "None" - help - Disable "stack-protector" GCC feature. - -config CC_STACKPROTECTOR_REGULAR - bool "Regular" - help - Functions will have the stack-protector canary logic added if they - have an 8-byte or larger character array on the stack. - - This feature requires gcc version 4.2 or above, or a distribution - gcc with the feature backported ("-fstack-protector"). - - On an x86 "defconfig" build, this feature adds canary checks to - about 3% of all kernel functions, which increases kernel code size - by about 0.3%. - config CC_STACKPROTECTOR_STRONG bool "Strong" + depends on CC_HAS_STACKPROTECTOR_STRONG + select CC_STACKPROTECTOR help Functions will have the stack-protector canary logic added in any of the following conditions: @@ -588,11 +582,25 @@ config CC_STACKPROTECTOR_STRONG about 20% of all kernel functions, which increases the kernel code size by about 2%. -config CC_STACKPROTECTOR_AUTO - bool "Automatic" +config CC_STACKPROTECTOR_REGULAR + bool "Regular" + depends on CC_HAS_STACKPROTECTOR + select CC_STACKPROTECTOR + help + Functions will have the stack-protector canary logic added if they + have an 8-byte or larger character array on the stack. + + This feature requires gcc version 4.2 or above, or a distribution + gcc with the feature backported ("-fstack-protector"). + + On an x86 "defconfig" build, this feature adds canary checks to + about 3% of all kernel functions, which increases kernel code size + by about 0.3%. + +config CC_STACKPROTECTOR_NONE + bool "None" help - If the compiler supports it, the best available stack-protector - option will be chosen. + Disable "stack-protector" GCC feature. endchoice