On Fri, Jun 14, 2019 at 06:05:19PM +0200, Jann Horn wrote:
> On Fri, Jun 14, 2019 at 5:10 PM Denis 'GNUtoo' Carikli
> <GNUtoo@xxxxxxxxxxxxxxxxxx> wrote:
> > Booting was broken by the following commit:
> > 9f671e58159a ("security: Create "kernel hardening" config area")
>
> I don't think GCC_PLUGINS alone is supposed to generate any code? It
> just makes it possible to enable a bunch of other kconfig flags that
> can generate code.
>
> STACKPROTECTOR_PER_TASK defaults to y and depends on GCC_PLUGINS, so
> is that perhaps what broke? Can you try whether disabling just that
> works for you?
Yes, this has come up before: the option you want to disable is as Jann
mentions: CONFIG_STACKPROTECTOR_PER_TASK.
> My guess is that maybe there is some early boot code that needs to
> have the stack protector disabled, or something like that.
Right, though I'm not sure what portion would be specific to that
device. You can turn off SSP on a per-file basis with:
CFLAGS_target.o += $(DISABLE_ARM_SSP_PER_TASK_PLUGIN)
or per-Makefile, as in arch/arm/boot/compressed/Makefile.
--
Kees Cook
