[PATCH 1/5] arm64: KVM: Do not use stack-protector to compile EL2 code
Catalin Marinas
catalin.marinas at arm.com
Tue May 2 07:40:29 PDT 2017
On Tue, May 02, 2017 at 02:30:37PM +0100, Marc Zyngier wrote:
> We like living dangerously. Nothing explicitely forbids stack-protector
> to be used in the EL2 code, while distributions routinely compile their
> kernel with it. We're just lucky that no code actually triggers the
> instrumentation.
>
> Let's not try our luck for much longer, and disable stack-protector
> for code living at EL2.
>
> Cc: stable at vger.kernel.org
> Signed-off-by: Marc Zyngier <marc.zyngier at arm.com>
> ---
> arch/arm64/kvm/hyp/Makefile | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/arch/arm64/kvm/hyp/Makefile b/arch/arm64/kvm/hyp/Makefile
> index aaf42ae8d8c3..14c4e3b14bcb 100644
> --- a/arch/arm64/kvm/hyp/Makefile
> +++ b/arch/arm64/kvm/hyp/Makefile
> @@ -2,6 +2,8 @@
> # Makefile for Kernel-based Virtual Machine module, HYP part
> #
>
> +ccflags-y += -fno-stack-protector
> +
While you are at it, should we have a -fpic here as well? The hyp code
runs at a different location than the rest of the kernel.
--
Catalin
More information about the linux-arm-kernel
mailing list