[PATCH] ARM: decompressor: disable stack protector
Kees Cook
keescook at chromium.org
Tue Oct 26 10:14:36 PDT 2021
On Tue, Oct 26, 2021 at 10:27:52AM +0200, Ard Biesheuvel wrote:
> Enabling the stack protector in the decompressor is of dubious value,
> given that it uses a fixed value for the canary, cannot print any output
> unless CONFIG_DEBUG_LL is enabled (which relies on board specific build
> time settings), and is already disabled for a good chunk of the code
> (libfdt).
>
> So let's just disable it in the decompressor. This will make it easier
> in the future to manage the command line options that would need to be
> removed again in this context for the TLS register based stack
> protector.
>
> Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
Yeah, that's fine. There's no good reason to complicate the decompressor
for the stack protector. If someone is trying to exploit the kernel at
this stage, the system has a much bigger problem. ;)
Acked-by: Kees Cook <keescook at chromium.org>
--
Kees Cook
More information about the linux-arm-kernel
mailing list