Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp4304841ybb; Tue, 7 Apr 2020 05:01:41 -0700 (PDT) X-Google-Smtp-Source: APiQypKo0Wy29/DM1lsk7iVh5JmIpm1jvzHnYRLSUJg7CswFuVWWTGwQhjgdnWJppCHiXwhWCJog X-Received: by 2002:a9d:7f19:: with SMTP id j25mr1235899otq.129.1586260901139; Tue, 07 Apr 2020 05:01:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586260901; cv=none; d=google.com; s=arc-20160816; b=jOp1Dq1vlWhysTNQ2wdf7GixSIGpzA+BlzikQJI+VX0R+Z6BOBzTA33046/q3vFtFt 64yBZnzVHKT/kTF2soQz6xfcsy2BP/pcliDNHUpMoawVjHho++l/679zPY0t98gIo2l4 EVEzdo3CxQN7DegkFY5lEF0uCRZnSX3G2B6UyModP4ECEn/dlVdYgKH3ujsI8JH0+JBk j+AnG3tKEaMLccKQ4Pki6dZvfkWHATKykHb1lflG6ZsnXd6WQqMQsa1rh3lQmndfYASj OJasQQcEJC3EH6gHYy1NyPLUbHzRyNe/+6ICt/1y/1QDl7aEHNumGo9X/2V4aItaAInG +Lpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=3JDjlzD1FFJ32QToP2vqu4ohQm1AhkGZMvyuHLjn3Pc=; b=sINGThhNv8MChFVCPQBE9kwG06VM24hqEkZyMhP7d1N3/Zo5e6YgN4dtka1LOka+8Q OLUmawJ2iBsqULZFGTAaEz5GUk+/2qfwXLtSBQhlCUBObS96yp+2w+sSoAo5QzC9q7O3 zOEg03eTBKQTHM2shhNAVvsvGxYn8CkzIjhrqKU/KPfjr65eVT79cOfy6abZk8qnlOTb J5cDUuz/djI00CUrBpKu23ZqpKtHV/Re2/10OkK8Old8X2IWUX87m5p9KDhVEYka0myO peZIBQ1n68Dbv+r5o5bbCvwZMN0Mno7ViDk0MyR1ABrHs7TfN7p7tDQceZ2UX7oBS0iG triQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=E935JBus; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j18si1119493otk.166.2020.04.07.05.01.25; Tue, 07 Apr 2020 05:01:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=E935JBus; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728474AbgDGMA0 (ORCPT + 99 others); Tue, 7 Apr 2020 08:00:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:52810 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728209AbgDGMAZ (ORCPT ); Tue, 7 Apr 2020 08:00:25 -0400 Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C6A6320936 for ; Tue, 7 Apr 2020 12:00:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1586260825; bh=Uqf4rhYga9NNaBB0Dvwp58Stj1GsGS4Ihxkd+ju3McQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=E935JBusz1dhcXd3k8A7zx8suuSJMLf0ayQTBsmc45RUI8lyhrdrtTnNAJzYj5xNA xLcqMb2m5Wkp9tmsyPfaUElwuRYUAtn0Uzc3nJVlsN0CeeXhByB1bPusMB8jCgB2DI L1XZSs/zEpyiinCUV/kxNIp6wYGvhhMxZuAOTsN8= Received: by mail-wr1-f51.google.com with SMTP id p10so3551177wrt.6 for ; Tue, 07 Apr 2020 05:00:24 -0700 (PDT) X-Gm-Message-State: AGi0PuZeQC8SISUijGAS2fyZNnBpbwmGdzwOp0lxmBKB/hLDPYT4uEY/ a3/XKZF1ammc6aITqZ60UzGBrx3KbEy6CLB0kYL4vA== X-Received: by 2002:a05:6000:1002:: with SMTP id a2mr2399545wrx.151.1586260823114; Tue, 07 Apr 2020 05:00:23 -0700 (PDT) MIME-Version: 1.0 References: <20191018161033.261971-1-samitolvanen@google.com> <20200406164121.154322-1-samitolvanen@google.com> <20200406164121.154322-13-samitolvanen@google.com> In-Reply-To: <20200406164121.154322-13-samitolvanen@google.com> From: Ard Biesheuvel Date: Tue, 7 Apr 2020 14:00:12 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v10 12/12] efi/libstub: disable SCS To: Sami Tolvanen Cc: Will Deacon , Catalin Marinas , James Morse , Steven Rostedt , Masami Hiramatsu , Mark Rutland , Dave Martin , Kees Cook , Laura Abbott , Marc Zyngier , Nick Desaulniers , Jann Horn , Miguel Ojeda , Masahiro Yamada , clang-built-linux , Kernel Hardening , linux-arm-kernel , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 6 Apr 2020 at 18:42, Sami Tolvanen wrote: > > Shadow stacks are not available in the EFI stub, filter out SCS flags. > > Suggested-by: James Morse > Signed-off-by: Sami Tolvanen Acked-by: Ard Biesheuvel > --- > drivers/firmware/efi/libstub/Makefile | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile > index 094eabdecfe6..fa0bb64f93d6 100644 > --- a/drivers/firmware/efi/libstub/Makefile > +++ b/drivers/firmware/efi/libstub/Makefile > @@ -32,6 +32,9 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \ > $(call cc-option,-fno-stack-protector) \ > -D__DISABLE_EXPORTS > > +# remove SCS flags from all objects in this directory > +KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS)) > + > GCOV_PROFILE := n > KASAN_SANITIZE := n > UBSAN_SANITIZE := n > -- > 2.26.0.292.g33ef6b2f38-goog >