From patchwork Sun May 21 09:36:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13249335 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B238EC7EE2E for ; Sun, 21 May 2023 09:37:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230210AbjEUJhX (ORCPT ); Sun, 21 May 2023 05:37:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58276 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230167AbjEUJhH (ORCPT ); Sun, 21 May 2023 05:37:07 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B762D110; Sun, 21 May 2023 02:36:46 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1684661803; bh=YXp2m9tgYYm3XozTrNcpFRPq3F1yaY8YO1GDQgtWycY=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=cuTkVRdFSD8aU1GXz396vgHtB3VNSch92C6kqZT4CsY7NU9Dkk8yeLI5r9BpMlSwv c+NT8Q2JxQVi67MNAXm4LGgjGmx8+AZdHWztwK8/SCQYuliuCBiNK6uC77RLVJdkRd ECbbHpnAJs0mPpYnRhfWoy61Ori7ZZzSJ+nrQjuM= Date: Sun, 21 May 2023 11:36:29 +0200 Subject: [PATCH 1/7] tools/nolibc: fix typo pint -> point MIME-Version: 1.0 Message-Id: <20230521-nolibc-automatic-stack-protector-v1-1-dad6c80c51c1@weissschuh.net> References: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> In-Reply-To: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> To: Willy Tarreau , "Paul E. McKenney" , Shuah Khan , Paul Walmsley , Palmer Dabbelt , Albert Ou , Nathan Chancellor , Nick Desaulniers , Tom Rix Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-riscv@lists.infradead.org, llvm@lists.linux.dev, =?utf-8?q?Thomas_Wei?= =?utf-8?q?=C3=9Fschuh?= X-Mailer: b4 0.12.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1684661802; l=911; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=YXp2m9tgYYm3XozTrNcpFRPq3F1yaY8YO1GDQgtWycY=; b=hXQEK2yzyvKcrsxqvCHHnlybPxqEKT+8f4pT6eqA/4X/1MZFG78E12gDhxYaloJHAY4BeGZ3w c4uyKXfeu17Cd4cftB+6y8+NA+RVvZ+myHSirZZyBr1tDhkGJOxFJj3 X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/arch.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/include/nolibc/arch.h b/tools/include/nolibc/arch.h index 2d5386a8d6aa..82b43935650f 100644 --- a/tools/include/nolibc/arch.h +++ b/tools/include/nolibc/arch.h @@ -7,7 +7,7 @@ * the syscall declarations and the _start code definition. This is the only * global part. On all architectures the kernel puts everything in the stack * before jumping to _start just above us, without any return address (_start - * is not a function but an entry pint). So at the stack pointer we find argc. + * is not a function but an entry point). So at the stack pointer we find argc. * Then argv[] begins, and ends at the first NULL. Then we have envp which * starts and ends with a NULL as well. So envp=argv+argc+1. */ From patchwork Sun May 21 09:36:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13249331 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD3EFC77B73 for ; Sun, 21 May 2023 09:37:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230159AbjEUJhU (ORCPT ); Sun, 21 May 2023 05:37:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58284 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230168AbjEUJhH (ORCPT ); Sun, 21 May 2023 05:37:07 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B6B9C109; Sun, 21 May 2023 02:36:46 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1684661803; bh=lj2geLr/EdywhNVRdZihjVutdtlzdrTLYrnqWuCaRHI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=cFDVWF4VRJK30uYLVDvSQLOKcqHfOapaHKy+uCiYEHV8joFGCP1VNLTw5YTPsrZdu tKcAKkoYbj7IucjFJRilU2Xdy+lRiSR3cTBsitu86G2g61qPlvLRSWYVEYyWSjooCV 85iXyDnx1wO3gM4uzxU1VGrjVCV4siMhkPC8TJwY= Date: Sun, 21 May 2023 11:36:30 +0200 Subject: [PATCH 2/7] tools/nolibc: x86_64: disable stack protector for _start MIME-Version: 1.0 Message-Id: <20230521-nolibc-automatic-stack-protector-v1-2-dad6c80c51c1@weissschuh.net> References: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> In-Reply-To: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> To: Willy Tarreau , "Paul E. McKenney" , Shuah Khan , Paul Walmsley , Palmer Dabbelt , Albert Ou , Nathan Chancellor , Nick Desaulniers , Tom Rix Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-riscv@lists.infradead.org, llvm@lists.linux.dev, =?utf-8?q?Thomas_Wei?= =?utf-8?q?=C3=9Fschuh?= X-Mailer: b4 0.12.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1684661802; l=1079; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=lj2geLr/EdywhNVRdZihjVutdtlzdrTLYrnqWuCaRHI=; b=JVbhHarzeBvvcx5vDuAxt69sG68MA2ijZHbow7ctpQ1HKfKs70ByaOsPMJGeyj+rVqnfqQVyk 1O4/8Fg7pOIBbY4WpL5JP7Mj+mvvpxTiEIflujBujsb3if9KDfDQVZN X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org This was forgotten in the original submission. It is unknown why it worked for x86_64 on some compiler without this attribute. Reported-by: Willy Tarreau Closes: https://lore.kernel.org/lkml/20230520133237.GA27501@1wt.eu/ Fixes: 0d8c461adbc4 ("tools/nolibc: x86_64: add stackprotector support") Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/arch-x86_64.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/include/nolibc/arch-x86_64.h b/tools/include/nolibc/arch-x86_64.h index d98f6c89d143..e201af15e142 100644 --- a/tools/include/nolibc/arch-x86_64.h +++ b/tools/include/nolibc/arch-x86_64.h @@ -190,7 +190,7 @@ const unsigned long *_auxv __attribute__((weak)); * 2) The deepest stack frame should be zero (the %rbp). * */ -void __attribute__((weak,noreturn,optimize("omit-frame-pointer"))) _start(void) +void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) _start(void) { __asm__ volatile ( #ifdef NOLIBC_STACKPROTECTOR From patchwork Sun May 21 09:36:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13249334 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 38E8AC77B7C for ; Sun, 21 May 2023 09:37:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230116AbjEUJhW (ORCPT ); Sun, 21 May 2023 05:37:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230163AbjEUJhH (ORCPT ); Sun, 21 May 2023 05:37:07 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B753E10E; Sun, 21 May 2023 02:36:46 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1684661803; bh=LZiWAVpExLBqMgeJqjse39jIjxB9mRmhb4XKNlxTTGk=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=aKPzR6j+3huZtpSLF6YDH0fFJla9wIq7qHOrQgL4kdykhoBWitzclVVYMTjGIXhRY YEKn2pRpmzaX5O0q1ghuQU1KLWWBq3Wyp6KM4a3KVPPSviZSSyWLWA65gBFhBV+eWA gWQLFyPVd6E2w2q7BGEJP+igoKeNHubZX97EpE1Y= Date: Sun, 21 May 2023 11:36:31 +0200 Subject: [PATCH 3/7] tools/nolibc: ensure stack protector guard is never zero MIME-Version: 1.0 Message-Id: <20230521-nolibc-automatic-stack-protector-v1-3-dad6c80c51c1@weissschuh.net> References: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> In-Reply-To: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> To: Willy Tarreau , "Paul E. McKenney" , Shuah Khan , Paul Walmsley , Palmer Dabbelt , Albert Ou , Nathan Chancellor , Nick Desaulniers , Tom Rix Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-riscv@lists.infradead.org, llvm@lists.linux.dev, =?utf-8?q?Thomas_Wei?= =?utf-8?q?=C3=9Fschuh?= X-Mailer: b4 0.12.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1684661802; l=1200; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=LZiWAVpExLBqMgeJqjse39jIjxB9mRmhb4XKNlxTTGk=; b=sO8HDPN/K4znD0QaY3SiD7iD6F2CEv31bBVfF6lPq1g8WZhC0+3FhV31SKjCcBcefvKdmKPMR u0UkQrt0A7sCyn8icIX+chE7SpWFl/tZHzoxx5uxcXyRtJCO35gOzf4 X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org The all-zero pattern is one of the more probable out-of-bound writes so add a special case to not accidentally accept it. Also it enables the reliable detection of stack protector initialization during testing. Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/stackprotector.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tools/include/nolibc/stackprotector.h b/tools/include/nolibc/stackprotector.h index 77e5251c4490..b0156fc077a0 100644 --- a/tools/include/nolibc/stackprotector.h +++ b/tools/include/nolibc/stackprotector.h @@ -45,8 +45,9 @@ __attribute__((weak,no_stack_protector,section(".text.nolibc_stack_chk"))) void __stack_chk_init(void) { my_syscall3(__NR_getrandom, &__stack_chk_guard, sizeof(__stack_chk_guard), 0); - /* a bit more randomness in case getrandom() fails */ - __stack_chk_guard ^= (uintptr_t) &__stack_chk_guard; + /* a bit more randomness in case getrandom() fails, ensure the guard is never 0 */ + if (__stack_chk_guard != (uintptr_t) &__stack_chk_guard) + __stack_chk_guard ^= (uintptr_t) &__stack_chk_guard; } #endif /* defined(NOLIBC_STACKPROTECTOR) */ From patchwork Sun May 21 09:36:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13249336 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B675C77B73 for ; Sun, 21 May 2023 09:37:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230241AbjEUJh0 (ORCPT ); Sun, 21 May 2023 05:37:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58282 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230187AbjEUJhH (ORCPT ); Sun, 21 May 2023 05:37:07 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [159.69.126.157]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B740710D; Sun, 21 May 2023 02:36:46 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1684661803; bh=oLTaTevv3k80SApzPl3sC5k69tzfv/sUdDz9hEu9AXU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=EVIsm97U6hspOISLz9ZkoZ//yLstU5Paxq2AbGwXTOMqrQbGKyFY0AH9JSYJPwldQ 4RGacL4K8+kn2z5fmBIN0ip99iQ/Kz5Pturk+/Of9nX1yVmMXX91Xv1Zz15tgi9oY6 3qo9uvtT7IdogZqQbFO5ZQrxu4Quvu8oCON6CzjE= Date: Sun, 21 May 2023 11:36:32 +0200 Subject: [PATCH 4/7] tools/nolibc: add test for __stack_chk_guard initialization MIME-Version: 1.0 Message-Id: <20230521-nolibc-automatic-stack-protector-v1-4-dad6c80c51c1@weissschuh.net> References: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> In-Reply-To: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> To: Willy Tarreau , "Paul E. McKenney" , Shuah Khan , Paul Walmsley , Palmer Dabbelt , Albert Ou , Nathan Chancellor , Nick Desaulniers , Tom Rix Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-riscv@lists.infradead.org, llvm@lists.linux.dev, =?utf-8?q?Thomas_Wei?= =?utf-8?q?=C3=9Fschuh?= X-Mailer: b4 0.12.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1684661802; l=737; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=oLTaTevv3k80SApzPl3sC5k69tzfv/sUdDz9hEu9AXU=; b=8XeDn2bNa5olwhqFKmuOVv/Y2l1qpUlcqMMKVlNWL29/GDmokGkH5PtrMdPY2qmVkaOW+rQMG ukmwfsiBBjjBGSgBiSPqAT5uQqfU3LNeeObcPPkOlh4tTWg/TZJiFcq X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Signed-off-by: Thomas Weißschuh --- tools/testing/selftests/nolibc/nolibc-test.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/selftests/nolibc/nolibc-test.c index d8b59c8f6c03..995dc39a177e 100644 --- a/tools/testing/selftests/nolibc/nolibc-test.c +++ b/tools/testing/selftests/nolibc/nolibc-test.c @@ -808,6 +808,14 @@ static int run_protection(int min, int max) return 0; #endif +#if defined(NOLIBC_STACKPROTECTOR) + if (!__stack_chk_guard) { + llen += printf("__stack_chk_guard not initialized"); + pad_spc(llen, 64, "[FAIL]\n"); + return 1; + } +#endif + pid = -1; pid = fork(); From patchwork Sun May 21 09:36:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13249338 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2284AC7EE2D for ; Sun, 21 May 2023 09:37:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230262AbjEUJh1 (ORCPT ); Sun, 21 May 2023 05:37:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58304 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230180AbjEUJhH (ORCPT ); Sun, 21 May 2023 05:37:07 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DDB97124; Sun, 21 May 2023 02:36:49 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1684661803; bh=KkdsW9VXfNNBI6sP0ntlx33DPNCyB2uOxDEqiGEf2wU=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=RdpfqaQoyGQXLZ4oSh4gSS+fa4ntLUJSJ+BTBwKdA+ZohbITgg7DP4w6h/Rvnfq5R Lqo4qICVTQGNvwcYUitfO7CRTCoMDHx64OoX/jV66bQOrbJAPUmtIZAXOe8dJtAvP1 LFr5kgG6Vu554SvJ2nNgIFHASIJgCCWujtCD4Ak8= Date: Sun, 21 May 2023 11:36:33 +0200 Subject: [PATCH 5/7] tools/nolibc: reformat list of headers to be installed MIME-Version: 1.0 Message-Id: <20230521-nolibc-automatic-stack-protector-v1-5-dad6c80c51c1@weissschuh.net> References: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> In-Reply-To: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> To: Willy Tarreau , "Paul E. McKenney" , Shuah Khan , Paul Walmsley , Palmer Dabbelt , Albert Ou , Nathan Chancellor , Nick Desaulniers , Tom Rix Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-riscv@lists.infradead.org, llvm@lists.linux.dev, =?utf-8?q?Thomas_Wei?= =?utf-8?q?=C3=9Fschuh?= X-Mailer: b4 0.12.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1684661802; l=1064; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=KkdsW9VXfNNBI6sP0ntlx33DPNCyB2uOxDEqiGEf2wU=; b=HmqDEXUj86k+sCTx7kSFyyZmSkwOFjknXc2XT/iZXgF9ShYYJ+3e3o9ak9JftRvYgatJUZAZ9 erlY0GjTc2QCCoJU5J7KOTchwQ0j6e0q00Qivlm5cdviCW8McaI2uSo X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org This makes it easier to add and remove more entries in the future without creating spurious diff hunks. Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/Makefile | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/tools/include/nolibc/Makefile b/tools/include/nolibc/Makefile index 9839feafd38a..e37c3ac86e23 100644 --- a/tools/include/nolibc/Makefile +++ b/tools/include/nolibc/Makefile @@ -25,8 +25,22 @@ endif nolibc_arch := $(patsubst arm64,aarch64,$(ARCH)) arch_file := arch-$(nolibc_arch).h -all_files := ctype.h errno.h nolibc.h signal.h stackprotector.h std.h stdint.h \ - stdio.h stdlib.h string.h sys.h time.h types.h unistd.h +all_files := \ + ctype.h \ + errno.h \ + nolibc.h \ + signal.h \ + stackprotector.h \ + std.h \ + stdint.h \ + stdlib.h \ + string.h \ + sys.h \ + time.h \ + types.h \ + unistd.h \ + stdio.h \ + # install all headers needed to support a bare-metal compiler all: headers From patchwork Sun May 21 09:36:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13249337 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A30FC77B7C for ; Sun, 21 May 2023 09:37:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230144AbjEUJhY (ORCPT ); Sun, 21 May 2023 05:37:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58296 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230186AbjEUJhH (ORCPT ); Sun, 21 May 2023 05:37:07 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F285D133; Sun, 21 May 2023 02:36:49 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1684661803; bh=MYNdli6hs/YQlXowe6lIgWe2+UVlxPNq7jbDJxfhbow=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=uCHf35uqGV+RnVLRUx3YGrVXvn4vTxSjsdairOMpqHIZ9hExzD6vbcSByP+dm3z9y YUyHP+vYgKQ3zOAk+wSrTH6eTSn09gRO7no6AjL8+cCuncFuXrs7EDeD5mkVxR4r6I weQo/Bhkuruw7U0vyda9v25WWDMOOh00GdmXqM58= Date: Sun, 21 May 2023 11:36:34 +0200 Subject: [PATCH 6/7] tools/nolibc: add autodetection for stackprotector support MIME-Version: 1.0 Message-Id: <20230521-nolibc-automatic-stack-protector-v1-6-dad6c80c51c1@weissschuh.net> References: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> In-Reply-To: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> To: Willy Tarreau , "Paul E. McKenney" , Shuah Khan , Paul Walmsley , Palmer Dabbelt , Albert Ou , Nathan Chancellor , Nick Desaulniers , Tom Rix Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-riscv@lists.infradead.org, llvm@lists.linux.dev, =?utf-8?q?Thomas_Wei?= =?utf-8?q?=C3=9Fschuh?= X-Mailer: b4 0.12.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1684661802; l=12062; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=MYNdli6hs/YQlXowe6lIgWe2+UVlxPNq7jbDJxfhbow=; b=5A4VUqAcEOasbjoT8yXzgXuhzXN2kcLDEmTfdcdLtYjSNsRdFJRMC0H0Dbg/jn8FFwb0MDalr 5YxCAzEkeq2Cvgq+3/5MHXVO6gVNIcV2nLP+T0VdOqUsMcj5KorKkYV X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org The stackprotector support in nolibc should be enabled iff it is also enabled in the compiler. Use the preprocessor defines added by gcc and clang if stackprotector support is enable to automatically do so in nolibc. This completely removes the need for any user-visible API. To avoid inlining the lengthy preprocessor check into every user introduce a new header compiler.h that abstracts the logic away. As the define NOLIBC_STACKPROTECTOR is now not user-relevant anymore prefix it with an underscore. Suggested-by: Willy Tarreau Link: https://lore.kernel.org/lkml/20230520133237.GA27501@1wt.eu/ Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/Makefile | 1 + tools/include/nolibc/arch-aarch64.h | 6 +++--- tools/include/nolibc/arch-arm.h | 6 +++--- tools/include/nolibc/arch-i386.h | 6 +++--- tools/include/nolibc/arch-loongarch.h | 6 +++--- tools/include/nolibc/arch-mips.h | 6 +++--- tools/include/nolibc/arch-riscv.h | 6 +++--- tools/include/nolibc/arch-x86_64.h | 6 +++--- tools/include/nolibc/compiler.h | 15 +++++++++++++++ tools/include/nolibc/stackprotector.h | 10 +++------- tools/testing/selftests/nolibc/nolibc-test.c | 4 ++-- 11 files changed, 42 insertions(+), 30 deletions(-) diff --git a/tools/include/nolibc/Makefile b/tools/include/nolibc/Makefile index e37c3ac86e23..64d67b080744 100644 --- a/tools/include/nolibc/Makefile +++ b/tools/include/nolibc/Makefile @@ -26,6 +26,7 @@ endif nolibc_arch := $(patsubst arm64,aarch64,$(ARCH)) arch_file := arch-$(nolibc_arch).h all_files := \ + compiler.h \ ctype.h \ errno.h \ nolibc.h \ diff --git a/tools/include/nolibc/arch-aarch64.h b/tools/include/nolibc/arch-aarch64.h index 6a859131c530..64ec65b4ee38 100644 --- a/tools/include/nolibc/arch-aarch64.h +++ b/tools/include/nolibc/arch-aarch64.h @@ -7,6 +7,8 @@ #ifndef _NOLIBC_ARCH_AARCH64_H #define _NOLIBC_ARCH_AARCH64_H +#include "compiler.h" + /* The struct returned by the newfstatat() syscall. Differs slightly from the * x86_64's stat one by field ordering, so be careful. */ @@ -172,13 +174,11 @@ struct sys_stat_struct { char **environ __attribute__((weak)); const unsigned long *_auxv __attribute__((weak)); -#define __ARCH_SUPPORTS_STACK_PROTECTOR - /* startup code */ void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) _start(void) { __asm__ volatile ( -#ifdef NOLIBC_STACKPROTECTOR +#ifdef _NOLIBC_STACKPROTECTOR "bl __stack_chk_init\n" /* initialize stack protector */ #endif "ldr x0, [sp]\n" /* argc (x0) was in the stack */ diff --git a/tools/include/nolibc/arch-arm.h b/tools/include/nolibc/arch-arm.h index 202e64f537dc..924169522cf7 100644 --- a/tools/include/nolibc/arch-arm.h +++ b/tools/include/nolibc/arch-arm.h @@ -7,6 +7,8 @@ #ifndef _NOLIBC_ARCH_ARM_H #define _NOLIBC_ARCH_ARM_H +#include "compiler.h" + /* The struct returned by the stat() syscall, 32-bit only, the syscall returns * exactly 56 bytes (stops before the unused array). In big endian, the format * differs as devices are returned as short only. @@ -199,13 +201,11 @@ struct sys_stat_struct { char **environ __attribute__((weak)); const unsigned long *_auxv __attribute__((weak)); -#define __ARCH_SUPPORTS_STACK_PROTECTOR - /* startup code */ void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) _start(void) { __asm__ volatile ( -#ifdef NOLIBC_STACKPROTECTOR +#ifdef _NOLIBC_STACKPROTECTOR "bl __stack_chk_init\n" /* initialize stack protector */ #endif "pop {%r0}\n" /* argc was in the stack */ diff --git a/tools/include/nolibc/arch-i386.h b/tools/include/nolibc/arch-i386.h index 7c41897a08ce..37f813912957 100644 --- a/tools/include/nolibc/arch-i386.h +++ b/tools/include/nolibc/arch-i386.h @@ -7,6 +7,8 @@ #ifndef _NOLIBC_ARCH_I386_H #define _NOLIBC_ARCH_I386_H +#include "compiler.h" + /* The struct returned by the stat() syscall, 32-bit only, the syscall returns * exactly 56 bytes (stops before the unused array). */ @@ -181,8 +183,6 @@ struct sys_stat_struct { char **environ __attribute__((weak)); const unsigned long *_auxv __attribute__((weak)); -#define __ARCH_SUPPORTS_STACK_PROTECTOR - /* startup code */ /* * i386 System V ABI mandates: @@ -193,7 +193,7 @@ const unsigned long *_auxv __attribute__((weak)); void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) _start(void) { __asm__ volatile ( -#ifdef NOLIBC_STACKPROTECTOR +#ifdef _NOLIBC_STACKPROTECTOR "call __stack_chk_init\n" /* initialize stack protector */ #endif "pop %eax\n" /* argc (first arg, %eax) */ diff --git a/tools/include/nolibc/arch-loongarch.h b/tools/include/nolibc/arch-loongarch.h index 07e3b1fd7262..d8ea7e787df4 100644 --- a/tools/include/nolibc/arch-loongarch.h +++ b/tools/include/nolibc/arch-loongarch.h @@ -7,6 +7,8 @@ #ifndef _NOLIBC_ARCH_LOONGARCH_H #define _NOLIBC_ARCH_LOONGARCH_H +#include "compiler.h" + /* Syscalls for LoongArch : * - stack is 16-byte aligned * - syscall number is passed in a7 @@ -149,8 +151,6 @@ char **environ __attribute__((weak)); const unsigned long *_auxv __attribute__((weak)); -#define __ARCH_SUPPORTS_STACK_PROTECTOR - #if __loongarch_grlen == 32 #define LONGLOG "2" #define SZREG "4" @@ -175,7 +175,7 @@ const unsigned long *_auxv __attribute__((weak)); void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) _start(void) { __asm__ volatile ( -#ifdef NOLIBC_STACKPROTECTOR +#ifdef _NOLIBC_STACKPROTECTOR "bl __stack_chk_init\n" /* initialize stack protector */ #endif REG_L " $a0, $sp, 0\n" /* argc (a0) was in the stack */ diff --git a/tools/include/nolibc/arch-mips.h b/tools/include/nolibc/arch-mips.h index 65c19ccc7f9d..9860236e5340 100644 --- a/tools/include/nolibc/arch-mips.h +++ b/tools/include/nolibc/arch-mips.h @@ -7,6 +7,8 @@ #ifndef _NOLIBC_ARCH_MIPS_H #define _NOLIBC_ARCH_MIPS_H +#include "compiler.h" + /* The struct returned by the stat() syscall. 88 bytes are returned by the * syscall. */ @@ -179,8 +181,6 @@ struct sys_stat_struct { char **environ __attribute__((weak)); const unsigned long *_auxv __attribute__((weak)); -#define __ARCH_SUPPORTS_STACK_PROTECTOR - /* startup code, note that it's called __start on MIPS */ void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) __start(void) { @@ -189,7 +189,7 @@ void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protec ".set push\n" ".set noreorder\n" ".option pic0\n" -#ifdef NOLIBC_STACKPROTECTOR +#ifdef _NOLIBC_STACKPROTECTOR "jal __stack_chk_init\n" /* initialize stack protector */ "nop\n" /* delayed slot */ #endif diff --git a/tools/include/nolibc/arch-riscv.h b/tools/include/nolibc/arch-riscv.h index d0439249c9c9..86616aeb77a0 100644 --- a/tools/include/nolibc/arch-riscv.h +++ b/tools/include/nolibc/arch-riscv.h @@ -7,6 +7,8 @@ #ifndef _NOLIBC_ARCH_RISCV_H #define _NOLIBC_ARCH_RISCV_H +#include "compiler.h" + struct sys_stat_struct { unsigned long st_dev; /* Device. */ unsigned long st_ino; /* File serial number. */ @@ -177,8 +179,6 @@ struct sys_stat_struct { char **environ __attribute__((weak)); const unsigned long *_auxv __attribute__((weak)); -#define __ARCH_SUPPORTS_STACK_PROTECTOR - /* startup code */ void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) _start(void) { @@ -187,7 +187,7 @@ void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protec ".option norelax\n" "lla gp, __global_pointer$\n" ".option pop\n" -#ifdef NOLIBC_STACKPROTECTOR +#ifdef _NOLIBC_STACKPROTECTOR "call __stack_chk_init\n" /* initialize stack protector */ #endif REG_L" a0, 0(sp)\n" /* argc (a0) was in the stack */ diff --git a/tools/include/nolibc/arch-x86_64.h b/tools/include/nolibc/arch-x86_64.h index e201af15e142..485a7ff72a87 100644 --- a/tools/include/nolibc/arch-x86_64.h +++ b/tools/include/nolibc/arch-x86_64.h @@ -7,6 +7,8 @@ #ifndef _NOLIBC_ARCH_X86_64_H #define _NOLIBC_ARCH_X86_64_H +#include "compiler.h" + /* The struct returned by the stat() syscall, equivalent to stat64(). The * syscall returns 116 bytes and stops in the middle of __unused. */ @@ -181,8 +183,6 @@ struct sys_stat_struct { char **environ __attribute__((weak)); const unsigned long *_auxv __attribute__((weak)); -#define __ARCH_SUPPORTS_STACK_PROTECTOR - /* startup code */ /* * x86-64 System V ABI mandates: @@ -193,7 +193,7 @@ const unsigned long *_auxv __attribute__((weak)); void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) _start(void) { __asm__ volatile ( -#ifdef NOLIBC_STACKPROTECTOR +#ifdef _NOLIBC_STACKPROTECTOR "call __stack_chk_init\n" /* initialize stack protector */ #endif "pop %rdi\n" /* argc (first arg, %rdi) */ diff --git a/tools/include/nolibc/compiler.h b/tools/include/nolibc/compiler.h new file mode 100644 index 000000000000..57da75cea799 --- /dev/null +++ b/tools/include/nolibc/compiler.h @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: LGPL-2.1 OR MIT */ +/* + * NOLIBC compiler support header + * Copyright (C) 2023 Thomas Weißschuh + */ +#ifndef _NOLIBC_COMPILER_H +#define _NOLIBC_COMPILER_H + +#if defined(__SSP__) || defined(__SSP_STRONG__) || defined(__SSP_ALL__) || defined(__SSP_EXPLICIT__) + +#define _NOLIBC_STACKPROTECTOR + +#endif /* defined(__SSP__) ... */ + +#endif /* _NOLIBC_COMPILER_H */ diff --git a/tools/include/nolibc/stackprotector.h b/tools/include/nolibc/stackprotector.h index b0156fc077a0..0a89e2b89ca6 100644 --- a/tools/include/nolibc/stackprotector.h +++ b/tools/include/nolibc/stackprotector.h @@ -7,13 +7,9 @@ #ifndef _NOLIBC_STACKPROTECTOR_H #define _NOLIBC_STACKPROTECTOR_H -#include "arch.h" +#include "compiler.h" -#if defined(NOLIBC_STACKPROTECTOR) - -#if !defined(__ARCH_SUPPORTS_STACK_PROTECTOR) -#error "nolibc does not support stack protectors on this arch" -#endif +#if defined(_NOLIBC_STACKPROTECTOR) #include "sys.h" #include "stdlib.h" @@ -49,6 +45,6 @@ void __stack_chk_init(void) if (__stack_chk_guard != (uintptr_t) &__stack_chk_guard) __stack_chk_guard ^= (uintptr_t) &__stack_chk_guard; } -#endif /* defined(NOLIBC_STACKPROTECTOR) */ +#endif /* defined(_NOLIBC_STACKPROTECTOR) */ #endif /* _NOLIBC_STACKPROTECTOR_H */ diff --git a/tools/testing/selftests/nolibc/nolibc-test.c b/tools/testing/selftests/nolibc/nolibc-test.c index 995dc39a177e..6e0a4dbe321e 100644 --- a/tools/testing/selftests/nolibc/nolibc-test.c +++ b/tools/testing/selftests/nolibc/nolibc-test.c @@ -802,13 +802,13 @@ static int run_protection(int min, int max) llen += printf("0 -fstackprotector "); -#if !defined(NOLIBC_STACKPROTECTOR) +#if !defined(_NOLIBC_STACKPROTECTOR) llen += printf("not supported"); pad_spc(llen, 64, "[SKIPPED]\n"); return 0; #endif -#if defined(NOLIBC_STACKPROTECTOR) +#if defined(_NOLIBC_STACKPROTECTOR) if (!__stack_chk_guard) { llen += printf("__stack_chk_guard not initialized"); pad_spc(llen, 64, "[FAIL]\n"); From patchwork Sun May 21 09:36:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= X-Patchwork-Id: 13249333 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 93CB2C7EE29 for ; Sun, 21 May 2023 09:37:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229570AbjEUJhV (ORCPT ); Sun, 21 May 2023 05:37:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58280 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230177AbjEUJhH (ORCPT ); Sun, 21 May 2023 05:37:07 -0400 Received: from todd.t-8ch.de (todd.t-8ch.de [IPv6:2a01:4f8:c010:41de::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD5F7E6; Sun, 21 May 2023 02:36:49 -0700 (PDT) From: =?utf-8?q?Thomas_Wei=C3=9Fschuh?= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=weissschuh.net; s=mail; t=1684661804; bh=OtZaR9VeuPmOojjtUgQSBdMGO5O2wKJgryXGtmTqRzI=; h=From:Date:Subject:References:In-Reply-To:To:Cc:From; b=qhrhQOOMS89DvZWNK5Af0kDzvUeY+vJnHje0Yv/lqShv8qVQxvPu7lLqOxLdaHDbb yg7wwTACqQ699CQiFqiHYVuIpHZfQMKuNwT2AyogjeH4mqTU1vmIvrxFgkdbLkNxF/ nsk2legjwR2ozCkPxi3xQjS0XL+LYgRhmOHn0l14= Date: Sun, 21 May 2023 11:36:35 +0200 Subject: [PATCH 7/7] tools/nolibc: simplify stackprotector compiler flags MIME-Version: 1.0 Message-Id: <20230521-nolibc-automatic-stack-protector-v1-7-dad6c80c51c1@weissschuh.net> References: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> In-Reply-To: <20230521-nolibc-automatic-stack-protector-v1-0-dad6c80c51c1@weissschuh.net> To: Willy Tarreau , "Paul E. McKenney" , Shuah Khan , Paul Walmsley , Palmer Dabbelt , Albert Ou , Nathan Chancellor , Nick Desaulniers , Tom Rix Cc: linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-riscv@lists.infradead.org, llvm@lists.linux.dev, =?utf-8?q?Thomas_Wei?= =?utf-8?q?=C3=9Fschuh?= X-Mailer: b4 0.12.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1684661802; l=1698; i=linux@weissschuh.net; s=20221212; h=from:subject:message-id; bh=OtZaR9VeuPmOojjtUgQSBdMGO5O2wKJgryXGtmTqRzI=; b=DomoIsmXsRZwQWk0ScmwjLFDuu1dnN26YCXUzo34GqOdYuAtwSgkUrabKkFdr4rSI27UuPoCc 06iKjlgljDsC3ma9RvH/A7hClYqSQSwPisv/goaAeqLfKemkx+wOWfn X-Developer-Key: i=linux@weissschuh.net; a=ed25519; pk=KcycQgFPX2wGR5azS7RhpBqedglOZVgRPfdFSPB1LNw= Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Now that nolibc enable stackprotector support automatically when the compiler enables it we only have to get the -fstack-protector flags correct. The cc-options are structured so that -fstack-protector-all is only enabled if -mstack-protector=guard works, as that is the only mode supported by nolibc. Signed-off-by: Thomas Weißschuh --- tools/testing/selftests/nolibc/Makefile | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/tools/testing/selftests/nolibc/Makefile b/tools/testing/selftests/nolibc/Makefile index bd41102ea299..445c352b1b33 100644 --- a/tools/testing/selftests/nolibc/Makefile +++ b/tools/testing/selftests/nolibc/Makefile @@ -76,20 +76,11 @@ else Q=@ endif -CFLAGS_STACKPROTECTOR = -DNOLIBC_STACKPROTECTOR \ - $(call cc-option,-mstack-protector-guard=global) \ - $(call cc-option,-fstack-protector-all) -CFLAGS_STKP_i386 = $(CFLAGS_STACKPROTECTOR) -CFLAGS_STKP_x86_64 = $(CFLAGS_STACKPROTECTOR) -CFLAGS_STKP_x86 = $(CFLAGS_STACKPROTECTOR) -CFLAGS_STKP_arm64 = $(CFLAGS_STACKPROTECTOR) -CFLAGS_STKP_arm = $(CFLAGS_STACKPROTECTOR) -CFLAGS_STKP_mips = $(CFLAGS_STACKPROTECTOR) -CFLAGS_STKP_riscv = $(CFLAGS_STACKPROTECTOR) -CFLAGS_STKP_loongarch = $(CFLAGS_STACKPROTECTOR) +CFLAGS_STACKPROTECTOR = $(call cc-option,-mstack-protector-guard=global -fstack-protector-all) CFLAGS_s390 = -m64 CFLAGS ?= -Os -fno-ident -fno-asynchronous-unwind-tables -std=c89 \ $(call cc-option,-fno-stack-protector) \ + $(call cc-option,-mstack-protector-guard=global $(call cc-option,-fstack-protector-all)) \ $(CFLAGS_STKP_$(ARCH)) $(CFLAGS_$(ARCH)) LDFLAGS := -s