mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-09 15:29:16 +00:00
fea2fed201
This enables the use of per-task stack canary values if GCC has support for emitting the stack canary reference relative to the value of tp, which holds the task struct pointer in the riscv kernel. After compare arm64 and x86 implementations, seems arm64's is more flexible and readable. The key point is how gcc get the offset of stack_canary from gs/el0_sp. x86: Use a fix offset from gs, not flexible. struct fixed_percpu_data { /* * GCC hardcodes the stack canary as %gs:40. Since the * irq_stack is the object at %gs:0, we reserve the bottom * 48 bytes of the irq stack for the canary. */ char gs_base[40]; // :( unsigned long stack_canary; }; arm64: Use -mstack-protector-guard-offset & guard-reg gcc options: -mstack-protector-guard=sysreg -mstack-protector-guard-reg=sp_el0 -mstack-protector-guard-offset=xxx riscv: Use -mstack-protector-guard-offset & guard-reg gcc options: -mstack-protector-guard=tls -mstack-protector-guard-reg=tp -mstack-protector-guard-offset=xxx GCC's implementation has been merged: commit c931e8d5a96463427040b0d11f9c4352ac22b2b0 Author: Cooper Qu <cooper.qu@linux.alibaba.com> Date: Mon Jul 13 16:15:08 2020 +0800 RISC-V: Add support for TLS stack protector canary access In the end, these codes are inserted by gcc before return: * 0xffffffe00020b396 <+120>: ld a5,1008(tp) # 0x3f0 * 0xffffffe00020b39a <+124>: xor a5,a5,a4 * 0xffffffe00020b39c <+126>: mv a0,s5 * 0xffffffe00020b39e <+128>: bnez a5,0xffffffe00020b61c <_do_fork+766> 0xffffffe00020b3a2 <+132>: ld ra,136(sp) 0xffffffe00020b3a4 <+134>: ld s0,128(sp) 0xffffffe00020b3a6 <+136>: ld s1,120(sp) 0xffffffe00020b3a8 <+138>: ld s2,112(sp) 0xffffffe00020b3aa <+140>: ld s3,104(sp) 0xffffffe00020b3ac <+142>: ld s4,96(sp) 0xffffffe00020b3ae <+144>: ld s5,88(sp) 0xffffffe00020b3b0 <+146>: ld s6,80(sp) 0xffffffe00020b3b2 <+148>: ld s7,72(sp) 0xffffffe00020b3b4 <+150>: addi sp,sp,144 0xffffffe00020b3b6 <+152>: ret ... * 0xffffffe00020b61c <+766>: auipc ra,0x7f8 * 0xffffffe00020b620 <+770>: jalr -1764(ra) # 0xffffffe000a02f38 <__stack_chk_fail> Signed-off-by: Guo Ren <guoren@linux.alibaba.com> Signed-off-by: Cooper Qu <cooper.qu@linux.alibaba.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
119 lines
3.3 KiB
Makefile
119 lines
3.3 KiB
Makefile
# This file is included by the global makefile so that you can add your own
|
|
# architecture-specific flags and dependencies. Remember to do have actions
|
|
# for "archclean" and "archdep" for cleaning up and making dependencies for
|
|
# this architecture
|
|
#
|
|
# This file is subject to the terms and conditions of the GNU General Public
|
|
# License. See the file "COPYING" in the main directory of this archive
|
|
# for more details.
|
|
#
|
|
|
|
OBJCOPYFLAGS := -O binary
|
|
LDFLAGS_vmlinux :=
|
|
ifeq ($(CONFIG_DYNAMIC_FTRACE),y)
|
|
LDFLAGS_vmlinux := --no-relax
|
|
KBUILD_CPPFLAGS += -DCC_USING_PATCHABLE_FUNCTION_ENTRY
|
|
CC_FLAGS_FTRACE := -fpatchable-function-entry=8
|
|
endif
|
|
|
|
ifeq ($(CONFIG_64BIT)$(CONFIG_CMODEL_MEDLOW),yy)
|
|
KBUILD_CFLAGS_MODULE += -mcmodel=medany
|
|
endif
|
|
|
|
export BITS
|
|
ifeq ($(CONFIG_ARCH_RV64I),y)
|
|
BITS := 64
|
|
UTS_MACHINE := riscv64
|
|
|
|
KBUILD_CFLAGS += -mabi=lp64
|
|
KBUILD_AFLAGS += -mabi=lp64
|
|
|
|
KBUILD_LDFLAGS += -melf64lriscv
|
|
else
|
|
BITS := 32
|
|
UTS_MACHINE := riscv32
|
|
|
|
KBUILD_CFLAGS += -mabi=ilp32
|
|
KBUILD_AFLAGS += -mabi=ilp32
|
|
KBUILD_LDFLAGS += -melf32lriscv
|
|
endif
|
|
|
|
# ISA string setting
|
|
riscv-march-$(CONFIG_ARCH_RV32I) := rv32ima
|
|
riscv-march-$(CONFIG_ARCH_RV64I) := rv64ima
|
|
riscv-march-$(CONFIG_FPU) := $(riscv-march-y)fd
|
|
riscv-march-$(CONFIG_RISCV_ISA_C) := $(riscv-march-y)c
|
|
KBUILD_CFLAGS += -march=$(subst fd,,$(riscv-march-y))
|
|
KBUILD_AFLAGS += -march=$(riscv-march-y)
|
|
|
|
KBUILD_CFLAGS += -mno-save-restore
|
|
KBUILD_CFLAGS += -DCONFIG_PAGE_OFFSET=$(CONFIG_PAGE_OFFSET)
|
|
|
|
ifeq ($(CONFIG_CMODEL_MEDLOW),y)
|
|
KBUILD_CFLAGS += -mcmodel=medlow
|
|
endif
|
|
ifeq ($(CONFIG_CMODEL_MEDANY),y)
|
|
KBUILD_CFLAGS += -mcmodel=medany
|
|
endif
|
|
ifeq ($(CONFIG_PERF_EVENTS),y)
|
|
KBUILD_CFLAGS += -fno-omit-frame-pointer
|
|
endif
|
|
|
|
KBUILD_CFLAGS_MODULE += $(call cc-option,-mno-relax)
|
|
|
|
# GCC versions that support the "-mstrict-align" option default to allowing
|
|
# unaligned accesses. While unaligned accesses are explicitly allowed in the
|
|
# RISC-V ISA, they're emulated by machine mode traps on all extant
|
|
# architectures. It's faster to have GCC emit only aligned accesses.
|
|
KBUILD_CFLAGS += $(call cc-option,-mstrict-align)
|
|
|
|
ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y)
|
|
prepare: stack_protector_prepare
|
|
stack_protector_prepare: prepare0
|
|
$(eval KBUILD_CFLAGS += -mstack-protector-guard=tls \
|
|
-mstack-protector-guard-reg=tp \
|
|
-mstack-protector-guard-offset=$(shell \
|
|
awk '{if ($$2 == "TSK_STACK_CANARY") print $$3;}' \
|
|
include/generated/asm-offsets.h))
|
|
endif
|
|
|
|
# arch specific predefines for sparse
|
|
CHECKFLAGS += -D__riscv -D__riscv_xlen=$(BITS)
|
|
|
|
# Default target when executing plain make
|
|
boot := arch/riscv/boot
|
|
KBUILD_IMAGE := $(boot)/Image.gz
|
|
|
|
head-y := arch/riscv/kernel/head.o
|
|
|
|
core-y += arch/riscv/
|
|
|
|
libs-y += arch/riscv/lib/
|
|
libs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a
|
|
|
|
PHONY += vdso_install
|
|
vdso_install:
|
|
$(Q)$(MAKE) $(build)=arch/riscv/kernel/vdso $@
|
|
|
|
ifeq ($(CONFIG_RISCV_M_MODE)$(CONFIG_SOC_CANAAN),yy)
|
|
KBUILD_IMAGE := $(boot)/loader.bin
|
|
else
|
|
KBUILD_IMAGE := $(boot)/Image.gz
|
|
endif
|
|
BOOT_TARGETS := Image Image.gz loader loader.bin
|
|
|
|
all: $(notdir $(KBUILD_IMAGE))
|
|
|
|
$(BOOT_TARGETS): vmlinux
|
|
$(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
|
|
@$(kecho) ' Kernel: $(boot)/$@ is ready'
|
|
|
|
Image.%: Image
|
|
$(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
|
|
|
|
zinstall install:
|
|
$(Q)$(MAKE) $(build)=$(boot) $@
|
|
|
|
archclean:
|
|
$(Q)$(MAKE) $(clean)=$(boot)
|