Commit 2bc2f688 authored by Kees Cook's avatar Kees Cook Committed by Linus Torvalds

Makefile: move stack-protector availability out of Kconfig

Various portions of the kernel, especially per-architecture pieces,
need to know if the compiler is building with the stack protector.
This was done in the arch/Kconfig with 'select', but this doesn't
allow a way to do auto-detected compiler support. In preparation for
creating an on-if-available default, move the logic for the definition of
CONFIG_CC_STACKPROTECTOR into the Makefile.

Link: http://lkml.kernel.org/r/1510076320-69931-3-git-send-email-keescook@chromium.orgSigned-off-by: default avatarKees Cook <keescook@chromium.org>
Tested-by: default avatarLaura Abbott <labbott@redhat.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Josh Triplett <josh@joshtriplett.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 2b838392
...@@ -693,7 +693,7 @@ else ...@@ -693,7 +693,7 @@ else
endif endif
endif endif
# Find arch-specific stack protector compiler sanity-checking script. # Find arch-specific stack protector compiler sanity-checking script.
ifdef CONFIG_CC_STACKPROTECTOR ifdef stackp-name
stackp-path := $(srctree)/scripts/gcc-$(SRCARCH)_$(BITS)-has-stack-protector.sh stackp-path := $(srctree)/scripts/gcc-$(SRCARCH)_$(BITS)-has-stack-protector.sh
stackp-check := $(wildcard $(stackp-path)) stackp-check := $(wildcard $(stackp-path))
# If the wildcard test matches a test script, run it to check functionality. # If the wildcard test matches a test script, run it to check functionality.
...@@ -702,6 +702,10 @@ ifdef CONFIG_CC_STACKPROTECTOR ...@@ -702,6 +702,10 @@ ifdef CONFIG_CC_STACKPROTECTOR
stackp-broken := y stackp-broken := y
endif endif
endif endif
ifndef stackp-broken
# If the stack protector is functional, enable code that depends on it.
KBUILD_CPPFLAGS += -DCONFIG_CC_STACKPROTECTOR
endif
endif endif
KBUILD_CFLAGS += $(stackp-flag) KBUILD_CFLAGS += $(stackp-flag)
......
...@@ -538,12 +538,6 @@ config HAVE_CC_STACKPROTECTOR ...@@ -538,12 +538,6 @@ config HAVE_CC_STACKPROTECTOR
- its compiler supports the -fstack-protector option - its compiler supports the -fstack-protector option
- it has implemented a stack canary (e.g. __stack_chk_guard) - it has implemented a stack canary (e.g. __stack_chk_guard)
config CC_STACKPROTECTOR
def_bool n
help
Set when a stack-protector mode is enabled, so that the build
can enable kernel-side support for the GCC feature.
choice choice
prompt "Stack Protector buffer overflow detection" prompt "Stack Protector buffer overflow detection"
depends on HAVE_CC_STACKPROTECTOR depends on HAVE_CC_STACKPROTECTOR
...@@ -564,7 +558,6 @@ config CC_STACKPROTECTOR_NONE ...@@ -564,7 +558,6 @@ config CC_STACKPROTECTOR_NONE
config CC_STACKPROTECTOR_REGULAR config CC_STACKPROTECTOR_REGULAR
bool "Regular" bool "Regular"
select CC_STACKPROTECTOR
help help
Functions will have the stack-protector canary logic added if they Functions will have the stack-protector canary logic added if they
have an 8-byte or larger character array on the stack. have an 8-byte or larger character array on the stack.
...@@ -578,7 +571,6 @@ config CC_STACKPROTECTOR_REGULAR ...@@ -578,7 +571,6 @@ config CC_STACKPROTECTOR_REGULAR
config CC_STACKPROTECTOR_STRONG config CC_STACKPROTECTOR_STRONG
bool "Strong" bool "Strong"
select CC_STACKPROTECTOR
help help
Functions will have the stack-protector canary logic added in any Functions will have the stack-protector canary logic added in any
of the following conditions: of the following conditions:
......
...@@ -322,7 +322,7 @@ config X86_64_SMP ...@@ -322,7 +322,7 @@ config X86_64_SMP
config X86_32_LAZY_GS config X86_32_LAZY_GS
def_bool y def_bool y
depends on X86_32 && !CC_STACKPROTECTOR depends on X86_32 && CC_STACKPROTECTOR_NONE
config ARCH_SUPPORTS_UPROBES config ARCH_SUPPORTS_UPROBES
def_bool y def_bool y
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment