On Tue, May 02, 2017 at 02:30:37PM +0100, Marc Zyngier wrote: > We like living dangerously. Nothing explicitely forbids stack-protector > to be used in the EL2 code, while distributions routinely compile their > kernel with it. We're just lucky that no code actually triggers the > instrumentation. > > Let's not try our luck for much longer, and disable stack-protector > for code living at EL2. > > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Marc Zyngier <marc.zyngier@xxxxxxx> > --- > arch/arm64/kvm/hyp/Makefile | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/arch/arm64/kvm/hyp/Makefile b/arch/arm64/kvm/hyp/Makefile > index aaf42ae8d8c3..14c4e3b14bcb 100644 > --- a/arch/arm64/kvm/hyp/Makefile > +++ b/arch/arm64/kvm/hyp/Makefile > @@ -2,6 +2,8 @@ > # Makefile for Kernel-based Virtual Machine module, HYP part > # > > +ccflags-y += -fno-stack-protector > + While you are at it, should we have a -fpic here as well? The hyp code runs at a different location than the rest of the kernel. -- Catalin
