From f4a0318f278d98d9492916722e85f258c2221f88 Mon Sep 17 00:00:00 2001 From: Xiu Jianfeng Date: Fri, 1 Jul 2022 16:24:35 +0800 Subject: powerpc: add support for syscall stack randomization Add support for adding a random offset to the stack while handling syscalls. This patch uses mftb() instead of get_random_int() for better performance. In order to avoid unconditional stack canaries on syscall entry (due to the use of alloca()), also disable stack protector to avoid triggering needless checks and slowing down the entry path. As there is no general way to control stack protector coverage with a function attribute, this must be disabled at the compilation unit level. Signed-off-by: Xiu Jianfeng Reviewed-by: Kees Cook Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20220701082435.126596-3-xiujianfeng@huawei.com --- arch/powerpc/kernel/Makefile | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'arch/powerpc/kernel/Makefile') diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile index 0963d39464c8..06d2d1f78f71 100644 --- a/arch/powerpc/kernel/Makefile +++ b/arch/powerpc/kernel/Makefile @@ -54,6 +54,13 @@ CFLAGS_cputable.o += -DDISABLE_BRANCH_PROFILING CFLAGS_btext.o += -DDISABLE_BRANCH_PROFILING endif +#ifdef CONFIG_RANDOMIZE_KSTACK_OFFSET +# Remove stack protector to avoid triggering unneeded stack canary +# checks due to randomize_kstack_offset. +CFLAGS_REMOVE_syscall.o = -fstack-protector -fstack-protector-strong +CFLAGS_syscall.o += -fno-stack-protector +#endif + obj-y := cputable.o syscalls.o \ irq.o align.o signal_$(BITS).o pmc.o vdso.o \ process.o systbl.o idle.o \ -- cgit