Received: by 10.223.176.5 with SMTP id f5csp2096518wra; Thu, 8 Feb 2018 08:23:12 -0800 (PST) X-Google-Smtp-Source: AH8x226iYuC9pno8jm37f44Pd4YQLLESzXsHhgflCjQ+T8FZmU6N0OeTMW9PZiSfCEaNklx+J75F X-Received: by 2002:a17:902:44c:: with SMTP id 70-v6mr1104220ple.221.1518106992522; Thu, 08 Feb 2018 08:23:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518106992; cv=none; d=google.com; s=arc-20160816; b=tPfmSFiCTHcnBzsqOK4Y06ssETJQ7orDH7/FcvsaUlXKrdrXXbQOISdJPQbVUcRd7p 3mkd0nyxGYZ1Rmt7CIMhkrxPxpQqXeCPxC7xY4Yfo32mHAfLhp+Y16raOnmAogaXWHeD hZsWxOYdqdriH5wBHQhKDwTjxTO3377pzq6yoEB8EaueqCtBxee5H2XJ6BIBPUizyppH OHqlOPsdT6A5MOy9pp5zkW1MKw475VSbpab+v4BKhZqcJBX1XGuY8yb5oi+U+JjgYq5e kGJ6VEus03KIzpSDs2oXShBuehBiY33rgl8i5YNUtdYwdHngJc8AQ0LXEjaSk0M8dSK4 Q/pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:dkim-filter :arc-authentication-results; bh=dIcQHxJOo1WEOZ1InbfU14tiSNMjCN+ELjZYvOPLjWU=; b=OTZVXVSzPuucKoSbudgAViKwNqAnESwcCtegVsrYD6hH8xPu863JxAukZCNCf+OWFE RdhZDPyMrnPkYhwdHWQcBZGGSCX7chv05H4PKjKonZeNuyhWrtftp5SsoOQ8UST0iucU 3dMmDVbJPMBUSVoWFzV8CwavxkmZtmrQWbZPfdXtXIfXsrGSJApylYzGguI1tjO5Wyni CykqujoTvM94rhzUbkW4xiEH8vhkJh1In41hx47TRnrTj5iVcvzAlv0ZS6nOEeIudlC9 8GNLU4/ILOFg7OoT3oB4nsApJC8QMOJ8CSNkYFbXbNGn50YtK/sper3NLepQq5jdXIkr cxjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=vku4TdNu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u1si129114pgc.802.2018.02.08.08.22.56; Thu, 08 Feb 2018 08:23:12 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@nifty.com header.s=dec2015msa header.b=vku4TdNu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752408AbeBHQVj (ORCPT + 99 others); Thu, 8 Feb 2018 11:21:39 -0500 Received: from conuserg-12.nifty.com ([210.131.2.79]:19340 "EHLO conuserg-12.nifty.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751706AbeBHQVg (ORCPT ); Thu, 8 Feb 2018 11:21:36 -0500 X-Greylist: delayed 59751 seconds by postgrey-1.27 at vger.kernel.org; Thu, 08 Feb 2018 11:21:36 EST Received: from grover.sesame (FL1-125-199-20-195.osk.mesh.ad.jp [125.199.20.195]) (authenticated) by conuserg-12.nifty.com with ESMTP id w18GJP1J021191; Fri, 9 Feb 2018 01:19:33 +0900 DKIM-Filter: OpenDKIM Filter v2.10.3 conuserg-12.nifty.com w18GJP1J021191 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com; s=dec2015msa; t=1518106774; bh=dIcQHxJOo1WEOZ1InbfU14tiSNMjCN+ELjZYvOPLjWU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vku4TdNuz4PfC9iSe3DGdfioMprQoYs9TloIDDGqFXnOn4Fjwn1u6k8Esv7j4V6Xm aMjQpAIoPGjjlz6K+SN/O9+uCxetZi004vmZ806oFeAIHACX6iB9QaZN72m4OLbWdz KpGwxv7nzphUsIiOFSAxriLH6TkhnTtBvTkhOepWlgiVsPuV0cCNcqiI98ElY4UdSD PUbxODx4H7U/Wsu2N5S3IbIi1yTB3mDrSve6k/mWt0rJCfsyC8I9ktmrSYYDwYfKZE LfWOep4TdztXrl+5HQMtlhSvwwIuF6G63kGDVp5V48s3zqz9dvqoqs8ge80dL9WE76 zaCWMMHe0ZNCw== X-Nifty-SrcIP: [125.199.20.195] From: Masahiro Yamada To: linux-kbuild@vger.kernel.org, Linus Torvalds Cc: Greg Kroah-Hartman , Andrew Morton , Kees Cook , Nicolas Pitre , "Luis R . Rodriguez" , Randy Dunlap , Ulf Magnusson , Sam Ravnborg , Michal Marek , Martin Schwidefsky , Pavel Machek , linux-s390@vger.kernel.org, Jiri Kosina , Masahiro Yamada , linux-kernel@vger.kernel.org Subject: [RFC PATCH 7/7] Test stackprotector options in Kconfig to kill CC_STACKPROTECTOR_AUTO Date: Fri, 9 Feb 2018 01:19:12 +0900 Message-Id: <1518106752-29228-8-git-send-email-yamada.masahiro@socionext.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1518106752-29228-1-git-send-email-yamada.masahiro@socionext.com> References: <1518106752-29228-1-git-send-email-yamada.masahiro@socionext.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add CC_HAS_STACKPROTECTOR(_STRONG) and proper dependency. I re-arranged the choice values, _STRONG, _REGULAR, _NONE in this order because the default of choice is the first visible symbol. TODO: Broken stackprotector is not tested. scripts/gcc-$(SRCARCH)_$(BITS)-has-stack-protector.sh should be evaluated in Kconfig. Signed-off-by: Masahiro Yamada Test stackprotector options in Kconfig to kill CC_STACKPROTECTOR_AUTO Add CC_HAS_STACKPROTECTOR(_STRONG) and proper dependency. I re-arranged the choice values, _STRONG, _REGULAR, _NONE in this order because the default of choice is the first visible symbol. TODO: Broken stackprotector is not tested. scripts/gcc-$(SRCARCH)_$(BITS)-has-stack-protector.sh should be evaluated in Kconfig. --- Makefile | 58 +++++++++++----------------------------------------------- arch/Kconfig | 54 +++++++++++++++++++++++++++++++----------------------- 2 files changed, 42 insertions(+), 70 deletions(-) diff --git a/Makefile b/Makefile index 9afd617..8123ccf 100644 --- a/Makefile +++ b/Makefile @@ -679,56 +679,20 @@ ifneq ($(CONFIG_FRAME_WARN),0) KBUILD_CFLAGS += $(call cc-option,-Wframe-larger-than=${CONFIG_FRAME_WARN}) endif -# This selects the stack protector compiler flag. Testing it is delayed -# until after .config has been reprocessed, in the prepare-compiler-check -# target. -ifdef CONFIG_CC_STACKPROTECTOR_AUTO - stackp-flag := $(call cc-option,-fstack-protector-strong,$(call cc-option,-fstack-protector)) - stackp-name := AUTO -else -ifdef CONFIG_CC_STACKPROTECTOR_REGULAR - stackp-flag := -fstack-protector - stackp-name := REGULAR -else -ifdef CONFIG_CC_STACKPROTECTOR_STRONG - stackp-flag := -fstack-protector-strong - stackp-name := STRONG -else - # If either there is no stack protector for this architecture or - # CONFIG_CC_STACKPROTECTOR_NONE is selected, we're done, and $(stackp-name) - # is empty, skipping all remaining stack protector tests. - # - # Force off for distro compilers that enable stack protector by default. - KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector) -endif -endif -endif -# Find arch-specific stack protector compiler sanity-checking script. -ifdef stackp-name -ifneq ($(stackp-flag),) - stackp-path := $(srctree)/scripts/gcc-$(SRCARCH)_$(BITS)-has-stack-protector.sh - stackp-check := $(wildcard $(stackp-path)) - # If the wildcard test matches a test script, run it to check functionality. - ifdef stackp-check - ifneq ($(shell $(CONFIG_SHELL) $(stackp-check) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y) - stackp-broken := y - endif - endif - ifndef stackp-broken - # If the stack protector is functional, enable code that depends on it. - KBUILD_CPPFLAGS += -DCONFIG_CC_STACKPROTECTOR - # Either we've already detected the flag (for AUTO) or we'll fail the - # build in the prepare-compiler-check rule (for specific flag). - KBUILD_CFLAGS += $(stackp-flag) - else - # We have to make sure stack protector is unconditionally disabled if - # the compiler is broken (in case we're going to continue the build in - # AUTO mode). - KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector) - endif +ifeq ($(CONFIG_CC_STACKPROTECTOR_STRONG),y) +KBUILD_CFLAGS += -fstack-protector-strong endif +ifeq ($(CONFIG_CC_STACKPROTECTOR_REGULAR),y) +KBUILD_CFLAGS += -fstack-protector endif +# is this necessary? +#ifeq ($(CONFIG_CC_STACKPROTECTOR_NONE),y) +#KBUILD_CFLAGS += -fno-stack-protector +#endif + +# TODO: run scripts/gcc-$(SRCARCH)_$(BITS)-has-stack-protector.sh from Kconfig + ifeq ($(cc-name),clang) KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,) KBUILD_CFLAGS += $(call cc-disable-warning, unused-variable) diff --git a/arch/Kconfig b/arch/Kconfig index 76c0b54..50723d8 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -538,10 +538,20 @@ config HAVE_CC_STACKPROTECTOR - its compiler supports the -fstack-protector option - it has implemented a stack canary (e.g. __stack_chk_guard) +config CC_HAS_STACKPROTECTOR + bool + option shell="$CC -Werror -fstack-protector -c -x c /dev/null" + +config CC_HAS_STACKPROTECTOR_STRONG + bool + option shell="$CC -Werror -fstack-protector-strong -c -x c /dev/null" + +config CC_STACKPROTECTOR + bool + choice prompt "Stack Protector buffer overflow detection" depends on HAVE_CC_STACKPROTECTOR - default CC_STACKPROTECTOR_AUTO help This option turns on the "stack-protector" GCC feature. This feature puts, at the beginning of functions, a canary value on @@ -551,26 +561,10 @@ choice overwrite the canary, which gets detected and the attack is then neutralized via a kernel panic. -config CC_STACKPROTECTOR_NONE - bool "None" - help - Disable "stack-protector" GCC feature. - -config CC_STACKPROTECTOR_REGULAR - bool "Regular" - help - Functions will have the stack-protector canary logic added if they - have an 8-byte or larger character array on the stack. - - This feature requires gcc version 4.2 or above, or a distribution - gcc with the feature backported ("-fstack-protector"). - - On an x86 "defconfig" build, this feature adds canary checks to - about 3% of all kernel functions, which increases kernel code size - by about 0.3%. - config CC_STACKPROTECTOR_STRONG bool "Strong" + depends on CC_HAS_STACKPROTECTOR_STRONG + select CC_STACKPROTECTOR help Functions will have the stack-protector canary logic added in any of the following conditions: @@ -588,11 +582,25 @@ config CC_STACKPROTECTOR_STRONG about 20% of all kernel functions, which increases the kernel code size by about 2%. -config CC_STACKPROTECTOR_AUTO - bool "Automatic" +config CC_STACKPROTECTOR_REGULAR + bool "Regular" + depends on CC_HAS_STACKPROTECTOR + select CC_STACKPROTECTOR + help + Functions will have the stack-protector canary logic added if they + have an 8-byte or larger character array on the stack. + + This feature requires gcc version 4.2 or above, or a distribution + gcc with the feature backported ("-fstack-protector"). + + On an x86 "defconfig" build, this feature adds canary checks to + about 3% of all kernel functions, which increases kernel code size + by about 0.3%. + +config CC_STACKPROTECTOR_NONE + bool "None" help - If the compiler supports it, the best available stack-protector - option will be chosen. + Disable "stack-protector" GCC feature. endchoice -- 2.7.4