Message ID | 20210531212748.2378872-2-geomatsi@gmail.com |
---|---|
State | Changes Requested |
Headers | show |
Series | sunxi: switch to mainline ATF | expand |
Hi Sergey, Am Mo., 31. Mai 2021 um 23:28 Uhr schrieb Sergey Matyukevich <geomatsi@gmail.com>: > > Default value for ATF build flag ENABLE_STACK_PROTECTOR is "none". > Buildroot sets appropriate ENABLE_STACK_PROTECTOR build flag value > based on the enabled BR2_SSP_* options. For any values other than > "none", ATF platform specific hook 'plat_get_stack_protector_canary' > should be implemented. However this hook is not implemented by all > the platforms supported by ATF. For instance, allwinner does not > provide such a hook. > > Add new option BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP to disable > GCC stack protecton when selected ATF platform does not provide > support for this feature. I tested this patch to build a defconfig with buildroot toolchain that has SSP enabled. By using the BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP option I was able to build ATF v2.5 for a imx8m platform without the described error (plat_get_stack_protector_cannary). When you update your patch series I can add a tested-by. > Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com> > --- > boot/arm-trusted-firmware/Config.in | 7 +++++++ > boot/arm-trusted-firmware/arm-trusted-firmware.mk | 4 ++++ > 2 files changed, 11 insertions(+) > > diff --git a/boot/arm-trusted-firmware/Config.in b/boot/arm-trusted-firmware/Config.in > index c06294040e..9b851845b9 100644 > --- a/boot/arm-trusted-firmware/Config.in > +++ b/boot/arm-trusted-firmware/Config.in > @@ -175,4 +175,11 @@ config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN > Select this option if your ATF board configuration requires > an ARM32 bare metal toolchain to be available. > > +config BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP > + bool "Disable stack protection" > + help > + Select this option to explicitly disable stack protection checks in GCC. > + Such checks need to be disabled if ATF platform port does not implement > + plat_get_stack_protector_canary() hook. > + > endif > diff --git a/boot/arm-trusted-firmware/arm-trusted-firmware.mk b/boot/arm-trusted-firmware/arm-trusted-firmware.mk > index 0597cecf71..3fb65a01b3 100644 > --- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk > +++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk > @@ -100,6 +100,9 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR) > ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell > endif > > +ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP),y) > +ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=none > +else > ifeq ($(BR2_SSP_REGULAR),y) > ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default > else ifeq ($(BR2_SSP_STRONG),y) > @@ -107,6 +110,7 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong > else ifeq ($(BR2_SSP_ALL),y) > ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all > endif > +endif > > ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all > Thank you, Heiko
diff --git a/boot/arm-trusted-firmware/Config.in b/boot/arm-trusted-firmware/Config.in index c06294040e..9b851845b9 100644 --- a/boot/arm-trusted-firmware/Config.in +++ b/boot/arm-trusted-firmware/Config.in @@ -175,4 +175,11 @@ config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN Select this option if your ATF board configuration requires an ARM32 bare metal toolchain to be available. +config BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP + bool "Disable stack protection" + help + Select this option to explicitly disable stack protection checks in GCC. + Such checks need to be disabled if ATF platform port does not implement + plat_get_stack_protector_canary() hook. + endif diff --git a/boot/arm-trusted-firmware/arm-trusted-firmware.mk b/boot/arm-trusted-firmware/arm-trusted-firmware.mk index 0597cecf71..3fb65a01b3 100644 --- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk +++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk @@ -100,6 +100,9 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR) ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell endif +ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP),y) +ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=none +else ifeq ($(BR2_SSP_REGULAR),y) ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default else ifeq ($(BR2_SSP_STRONG),y) @@ -107,6 +110,7 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong else ifeq ($(BR2_SSP_ALL),y) ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all endif +endif ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all
Default value for ATF build flag ENABLE_STACK_PROTECTOR is "none". Buildroot sets appropriate ENABLE_STACK_PROTECTOR build flag value based on the enabled BR2_SSP_* options. For any values other than "none", ATF platform specific hook 'plat_get_stack_protector_canary' should be implemented. However this hook is not implemented by all the platforms supported by ATF. For instance, allwinner does not provide such a hook. Add new option BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP to disable GCC stack protecton when selected ATF platform does not provide support for this feature. Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com> --- boot/arm-trusted-firmware/Config.in | 7 +++++++ boot/arm-trusted-firmware/arm-trusted-firmware.mk | 4 ++++ 2 files changed, 11 insertions(+)