gcc for PowerPC generates references to __stack_chk_guard_local and aliasing it to __stack_chk_guard doesn't lead to a bootable barebox, so let's disable stack protector on that architecture.
The other architectures are assumed to work, but this should be verified per CI test in future. Signed-off-by: Ahmad Fatoum <[email protected]> --- arch/Kconfig | 6 ++++++ arch/arm/Kconfig | 1 + arch/kvx/Kconfig | 1 + arch/mips/Kconfig | 1 + arch/openrisc/Kconfig | 1 + arch/riscv/Kconfig | 1 + arch/sandbox/Kconfig | 1 + arch/x86/Kconfig | 1 + lib/Kconfig.hardening | 2 ++ 9 files changed, 15 insertions(+) diff --git a/arch/Kconfig b/arch/Kconfig index ca9aa25a9c4b..ba9dd0e6f4df 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -131,6 +131,12 @@ config HAVE_ARCH_KASAN config ARCH_HAS_UBSAN_SANITIZE_ALL bool +config HAVE_STACKPROTECTOR + bool + help + An arch should select this symbol if: + - it has implemented a stack canary (e.g. __stack_chk_guard) + config ARCH_HAS_FORTIFY_SOURCE bool help diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 65856977ab41..c7514acb775f 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -3,6 +3,7 @@ config ARM bool select HAS_KALLSYMS + select HAVE_STACKPROTECTOR select HAVE_IMAGE_COMPRESSION select HAVE_ARCH_KASAN select ARCH_HAS_SJLJ diff --git a/arch/kvx/Kconfig b/arch/kvx/Kconfig index 987fdb2e1e89..bbbec6471f06 100644 --- a/arch/kvx/Kconfig +++ b/arch/kvx/Kconfig @@ -3,6 +3,7 @@ config KVX bool select 64BIT + select HAVE_STACKPROTECTOR select BOOTM select HAVE_ARCH_BOOTM_OFTREE select BOOTM_OFTREE diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig index 44c4fc82ae5b..d34377a33d47 100644 --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig @@ -3,6 +3,7 @@ config MIPS bool select GENERIC_LIB_ASHLDI3 + select HAVE_STACKPROTECTOR select GENERIC_LIB_ASHRDI3 select GENERIC_LIB_LSHRDI3 select HAS_KALLSYMS diff --git a/arch/openrisc/Kconfig b/arch/openrisc/Kconfig index 10cbfa1ffbce..f82d160a3a15 100644 --- a/arch/openrisc/Kconfig +++ b/arch/openrisc/Kconfig @@ -3,6 +3,7 @@ config OPENRISC bool select OFTREE + select HAVE_STACKPROTECTOR select HAVE_CONFIGURABLE_MEMORY_LAYOUT select GENERIC_FIND_NEXT_BIT select ARCH_HAS_SJLJ diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index cc9b15ce6409..f1d98d1b33a5 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -3,6 +3,7 @@ config RISCV def_bool y select GENERIC_FIND_NEXT_BIT + select HAVE_STACKPROTECTOR select GPIOLIB select OFTREE select OFDEVICE diff --git a/arch/sandbox/Kconfig b/arch/sandbox/Kconfig index 5c7948b215cf..504171809193 100644 --- a/arch/sandbox/Kconfig +++ b/arch/sandbox/Kconfig @@ -5,6 +5,7 @@ source "scripts/Kconfig.include" config SANDBOX bool select OFTREE + select HAVE_STACKPROTECTOR select GPIOLIB select ARCH_HAS_UBSAN_SANITIZE_ALL select ARCH_HAS_FORTIFY_SOURCE diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index b453890f022b..3426392bc463 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -3,6 +3,7 @@ config X86 bool select HAS_KALLSYMS + select HAVE_STACKPROTECTOR select HAS_DMA select GENERIC_FIND_NEXT_BIT select ARCH_DMA_DEFAULT_COHERENT diff --git a/lib/Kconfig.hardening b/lib/Kconfig.hardening index 59dd02c9cfae..6374576f489c 100644 --- a/lib/Kconfig.hardening +++ b/lib/Kconfig.hardening @@ -162,6 +162,7 @@ config STACKPROTECTOR choice prompt "Stack Protector buffer overflow detection" + depends on HAVE_STACKPROTECTOR config STACKPROTECTOR_NONE bool "None" @@ -211,6 +212,7 @@ endchoice choice prompt "Stack Protector buffer overflow detection for PBL" if PBL_IMAGE + depends on HAVE_STACKPROTECTOR config PBL_STACKPROTECTOR_NONE bool "None" -- 2.47.3
