On Mon, Jul 30, 2018 at 11:31 AM, Laura Abbott <labb...@redhat.com> wrote: > arm64 uses the full KBUILD_CFLAGS for building libstub as opposed > to x86 which doesn't. This means that x86 doesn't pick up > the gcc-plugins. We need to disable the stackleak plugin but > doing this unconditionally breaks x86 build since it doesn't > have any plugins. Switch to disabling the stackleak plugin for > arm64 only. > > Signed-off-by: Laura Abbott <labb...@redhat.com>
Reviewed-by: Kees Cook <keesc...@chromium.org> Thanks! -Kees > --- > drivers/firmware/efi/libstub/Makefile | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/drivers/firmware/efi/libstub/Makefile > b/drivers/firmware/efi/libstub/Makefile > index 25dd2a14560d..88c322d7c71e 100644 > --- a/drivers/firmware/efi/libstub/Makefile > +++ b/drivers/firmware/efi/libstub/Makefile > @@ -11,7 +11,10 @@ cflags-$(CONFIG_X86) += -m$(BITS) -D__KERNEL__ -O2 > \ > -fPIC -fno-strict-aliasing -mno-red-zone \ > -mno-mmx -mno-sse -fshort-wchar > > -cflags-$(CONFIG_ARM64) := $(subst -pg,,$(KBUILD_CFLAGS)) -fpie > +# arm64 uses the full KBUILD_CFLAGS so it's necessary to explicitly > +# disable the stackleak plugin > +cflags-$(CONFIG_ARM64) := $(subst -pg,,$(KBUILD_CFLAGS)) -fpie \ > + $(DISABLE_STACKLEAK_PLUGIN) > cflags-$(CONFIG_ARM) := $(subst -pg,,$(KBUILD_CFLAGS)) \ > -fno-builtin -fpic -mno-single-pic-base > > @@ -21,7 +24,6 @@ KBUILD_CFLAGS := $(cflags-y) > -DDISABLE_BRANCH_PROFILING \ > -D__NO_FORTIFY \ > $(call cc-option,-ffreestanding) \ > $(call cc-option,-fno-stack-protector) \ > - $(DISABLE_STACKLEAK_PLUGIN) > > GCOV_PROFILE := n > KASAN_SANITIZE := n > -- > 2.17.1 > -- Kees Cook Pixel Security
