From patchwork Wed Jun 9 19:59:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sergey Matyukevich X-Patchwork-Id: 1490049 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=2605:bc80:3010::133; helo=smtp2.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=Z+c5AsWl; dkim-atps=neutral Received: from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4G0dJ55WYXz9sW8 for ; Thu, 10 Jun 2021 06:00:21 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id AB2B5401F6; Wed, 9 Jun 2021 20:00:19 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RX_p025YVdnf; Wed, 9 Jun 2021 20:00:18 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp2.osuosl.org (Postfix) with ESMTP id EA8D1402CB; Wed, 9 Jun 2021 20:00:17 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 4DA711BF9B5 for ; Wed, 9 Jun 2021 20:00:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 3D8A383CF7 for ; Wed, 9 Jun 2021 20:00:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Authentication-Results: smtp1.osuosl.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IIx4pBXfHlE1 for ; Wed, 9 Jun 2021 20:00:15 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.8.0 Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) by smtp1.osuosl.org (Postfix) with ESMTPS id B1BBA83CD5 for ; Wed, 9 Jun 2021 20:00:14 +0000 (UTC) Received: by mail-lf1-x131.google.com with SMTP id j20so10615884lfe.8 for ; Wed, 09 Jun 2021 13:00:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=9+LmGLD2Oavkv2tvV0HcCGHMEaMaYz7Dw6ri9v+9Dp4=; b=Z+c5AsWlOEUvfLR882bLiZqRbtlCihePgljcaeryupmI2RefI3dcnAkG7VrImVR5uw jmTp7RyEqkowsBsO4pRTxCquIbmIhhBPj+rTgaEHMHVLstbrBQ249Bc21XXe1vmQ44Cw 3XH/Sak731E6EDwivbLqGocqIyVcYHf6/+hEiCrcqgizBdSj+Tw9ZxlZ6ezhChoqOj5d A+WNCQ8M+UDg7hPXCa5kxstFGCrfexhCwHloJL9N72YrrjfV65ekr0V4vPsHf3l0x6jW gj1lPxGblzguEBR0ypPD6wbM3/MsbgYMvkjA2exmK3iAFQHFIRAivhLTMwE0wfMyv5aw yj8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=9+LmGLD2Oavkv2tvV0HcCGHMEaMaYz7Dw6ri9v+9Dp4=; b=lsNtqoiDYWN9Xp9l6PF8fdNcxQ9nB0A7/fbbSu6aQbGd95+0OO/lpSoWZs9/HBPNGk DVf/DnVZAJ1fA6Blue2sWkCeTFuRlNk+JkspdBU6/Vy8v3F8TIedCWLFufp5RkKxc1wE OvijgPIf+90b+KG+zg5jomGFdxEgDSLN3JN57foyoLz0nc84Yactsr5RUzExxzr2CzPQ XZVEGryjaWaLKZSQ+6487rLOzbUu2gKv/6d6pqzi36XtA2daMtAzXWi8nF6JSMoCIc8h 3aH4pPE3l7ALcdTQIUsaJx4qNBoZFF1ZgNUMbiWCqlhBkoYx0MXK1EVRz6TzQ9wTwwhA EVtQ== X-Gm-Message-State: AOAM530EV3pV5PaEriuPuv59ZXOPMWuOxUreVrb7IkfHCOrWEk744WOk jm8Q3YsKJTQb+OsMiXwGwX3yzmw934l2fQ== X-Google-Smtp-Source: ABdhPJxIvy2oYi/2UTf7AksOnZhG2r+loqDX05kSx1QOKdpRp0rxmwhf/6NKDujq7SS+cP762k2C5Q== X-Received: by 2002:a05:6512:390b:: with SMTP id a11mr664639lfu.521.1623268812203; Wed, 09 Jun 2021 13:00:12 -0700 (PDT) Received: from localhost.localdomain ([5.188.167.245]) by smtp.googlemail.com with ESMTPSA id y21sm77100lfk.191.2021.06.09.13.00.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Jun 2021 13:00:11 -0700 (PDT) From: Sergey Matyukevich To: buildroot@buildroot.org Date: Wed, 9 Jun 2021 22:59:36 +0300 Message-Id: <20210609200003.2866122-2-geomatsi@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210609200003.2866122-1-geomatsi@gmail.com> References: <20210609200003.2866122-1-geomatsi@gmail.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH v2 01/28] boot/arm-trusted-firmware: option to disable stack protection X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Louis Aussedat , Sergey Matyukevich , Jan Kraval , Marcin Niestroj , Jagan Teki , Suniel Mahesh , Heiko Thiery Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Default value for ATF build flag ENABLE_STACK_PROTECTOR is "none". Buildroot sets appropriate ENABLE_STACK_PROTECTOR build flag value based on the enabled BR2_SSP_* options. For any values other than "none", ATF platform specific hook 'plat_get_stack_protector_canary' should be implemented. However this hook is not implemented by all the platforms supported by ATF. For instance, allwinner does not provide such a hook. Add new option BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP to disable GCC stack protecton when selected ATF platform does not provide support for this feature. Signed-off-by: Sergey Matyukevich --- boot/arm-trusted-firmware/Config.in | 7 +++++++ boot/arm-trusted-firmware/arm-trusted-firmware.mk | 4 ++++ 2 files changed, 11 insertions(+) diff --git a/boot/arm-trusted-firmware/Config.in b/boot/arm-trusted-firmware/Config.in index a5a8c5bfc3..ba371986d8 100644 --- a/boot/arm-trusted-firmware/Config.in +++ b/boot/arm-trusted-firmware/Config.in @@ -188,4 +188,11 @@ config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN Select this option if your ATF board configuration requires an ARM32 bare metal toolchain to be available. +config BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP + bool "Disable stack protection" + help + Select this option to explicitly disable stack protection checks in GCC. + Such checks need to be disabled if ATF platform port does not implement + plat_get_stack_protector_canary() hook. + endif diff --git a/boot/arm-trusted-firmware/arm-trusted-firmware.mk b/boot/arm-trusted-firmware/arm-trusted-firmware.mk index 279658712b..00d20aac94 100644 --- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk +++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk @@ -109,6 +109,9 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR) ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell endif +ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP),y) +ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=none +else ifeq ($(BR2_SSP_REGULAR),y) ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default else ifeq ($(BR2_SSP_STRONG),y) @@ -116,6 +119,7 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong else ifeq ($(BR2_SSP_ALL),y) ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all endif +endif ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all