The __restore_processor_state() fn restores %gs on resume from S3. As
such, it cannot be protected by the stack-protector guard since %gs will
not be correct on function entry.
There are only a few other fns in this file and it should not negatively
impact kernel security that they will also have the stack-protector
guard removed (and so it's not worth moving them to another file).
Without this change, S3 resume on a kernel built with
CONFIG_CC_STACKPROTECTOR_ALL=y will fail.
Signed-off-by: Joseph Cihula <[email protected]>
--- ../linux.trees.git/arch/x86/power/Makefile 2009-03-29
12:12:13.000000000 -0700
+++ arch/x86/power/Makefile 2009-03-30 12:21:19.000000000 -0700
@@ -1,2 +1,7 @@
+# __restore_processor_state() restores %gs after S3 resume and so
should not
+# itself be stack-protected
+nostackp := $(call cc-option, -fno-stack-protector)
+CFLAGS_cpu_$(BITS).o := $(nostackp)
+
obj-$(CONFIG_PM_SLEEP) += cpu_$(BITS).o
obj-$(CONFIG_HIBERNATION) += hibernate_$(BITS).o hibernate_asm_$(BITS).o
* Joseph Cihula <[email protected]> wrote:
> The __restore_processor_state() fn restores %gs on resume from S3.
> As such, it cannot be protected by the stack-protector guard since
> %gs will not be correct on function entry.
>
> There are only a few other fns in this file and it should not
> negatively impact kernel security that they will also have the
> stack-protector guard removed (and so it's not worth moving them
> to another file).
>
> Without this change, S3 resume on a kernel built with
> CONFIG_CC_STACKPROTECTOR_ALL=y will fail.
>
> Signed-off-by: Joseph Cihula <[email protected]>
ah ... very nice!
applied to tip:x86/urgent, thanks Joseph!
Ingo
Commit-ID: 1f23b77e09be10edb30eb03c1b03879083e3cc72
Gitweb: http://git.kernel.org/tip/1f23b77e09be10edb30eb03c1b03879083e3cc72
Author: Joseph Cihula <[email protected]>
AuthorDate: Mon, 30 Mar 2009 14:03:01 -0700
Committer: Ingo Molnar <[email protected]>
CommitDate: Fri, 3 Apr 2009 19:30:23 +0200
x86: disable stack-protector for __restore_processor_state()
The __restore_processor_state() fn restores %gs on resume from S3. As
such, it cannot be protected by the stack-protector guard since %gs will
not be correct on function entry.
There are only a few other fns in this file and it should not negatively
impact kernel security that they will also have the stack-protector
guard removed (and so it's not worth moving them to another file).
Without this change, S3 resume on a kernel built with
CONFIG_CC_STACKPROTECTOR_ALL=y will fail.
Signed-off-by: Joseph Cihula <[email protected]>
Cc: Arjan van de Ven <[email protected]>
Cc: Tejun Heo <[email protected]>
LKML-Reference: <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
---
arch/x86/power/Makefile | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/arch/x86/power/Makefile b/arch/x86/power/Makefile
index 9ff4d5b..58b32db 100644
--- a/arch/x86/power/Makefile
+++ b/arch/x86/power/Makefile
@@ -1,2 +1,7 @@
+# __restore_processor_state() restores %gs after S3 resume and so should not
+# itself be stack-protected
+nostackp := $(call cc-option, -fno-stack-protector)
+CFLAGS_cpu_$(BITS).o := $(nostackp)
+
obj-$(CONFIG_PM_SLEEP) += cpu_$(BITS).o
obj-$(CONFIG_HIBERNATION) += hibernate_$(BITS).o hibernate_asm_$(BITS).o
Commit-ID: 9b7b89efa3bdaceaa2efb93e2d635391835da209
Gitweb: http://git.kernel.org/tip/9b7b89efa3bdaceaa2efb93e2d635391835da209
Author: Joseph Cihula <[email protected]>
AuthorDate: Mon, 30 Mar 2009 14:03:01 -0700
Committer: Ingo Molnar <[email protected]>
CommitDate: Fri, 3 Apr 2009 19:48:41 +0200
x86: disable stack-protector for __restore_processor_state()
The __restore_processor_state() fn restores %gs on resume from S3. As
such, it cannot be protected by the stack-protector guard since %gs will
not be correct on function entry.
There are only a few other fns in this file and it should not negatively
impact kernel security that they will also have the stack-protector
guard removed (and so it's not worth moving them to another file).
Without this change, S3 resume on a kernel built with
CONFIG_CC_STACKPROTECTOR_ALL=y will fail.
Signed-off-by: Joseph Cihula <[email protected]>
Tested-by: Chris Wright <[email protected]>
Cc: Arjan van de Ven <[email protected]>
Cc: Tejun Heo <[email protected]>
LKML-Reference: <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
---
arch/x86/power/Makefile | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/arch/x86/power/Makefile b/arch/x86/power/Makefile
index 9ff4d5b..58b32db 100644
--- a/arch/x86/power/Makefile
+++ b/arch/x86/power/Makefile
@@ -1,2 +1,7 @@
+# __restore_processor_state() restores %gs after S3 resume and so should not
+# itself be stack-protected
+nostackp := $(call cc-option, -fno-stack-protector)
+CFLAGS_cpu_$(BITS).o := $(nostackp)
+
obj-$(CONFIG_PM_SLEEP) += cpu_$(BITS).o
obj-$(CONFIG_HIBERNATION) += hibernate_$(BITS).o hibernate_asm_$(BITS).o