Hi! > These structs look like the ideal randomization candidates to the > randstruct plugin (as they only carry function pointers), but of course, > these protocols are contracts between the firmware that exposes them, > and the EFI applications (including our stubbed kernel) that invoke > them. This means that struct randomization for EFI protocols is not a > great idea, and given that the stub shares very little data with the > core kernel that is represented as a randomizable struct, we're better > off just disabling it completely here. > Cc: <stable@xxxxxxxxxxxxxxx> # v4.14+ AFAICT RANDSTRUCT_CFLAGS is not available in v4.19, so we should not take this patch. Best regards, Pavel > +++ b/drivers/firmware/efi/libstub/Makefile > @@ -23,6 +23,13 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \ > $(call cc-option,-ffreestanding) \ > $(call cc-option,-fno-stack-protector) > > +# > +# struct randomization only makes sense for Linux internal types, which the EFI > +# stub code never touches, so let's turn off struct randomization for the stub > +# altogether > +# > +KBUILD_CFLAGS := $(filter-out $(RANDSTRUCT_CFLAGS), $(KBUILD_CFLAGS)) > + > # remove SCS flags from all objects in this directory > KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS)) > -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Attachment:
signature.asc
Description: Digital signature