diff options
| author | Brian Gerst <brgerst@gmail.com> | 2025-01-23 14:07:35 -0500 |
|---|---|---|
| committer | Ingo Molnar <mingo@kernel.org> | 2025-02-18 10:14:51 +0100 |
| commit | a9a76b38aaf577887103e3ebb41d70e6aa5a4b19 (patch) | |
| tree | 893a2f9c7f621d4c76827b84cc48334568e457e3 | |
| parent | 0ee2689b9374d6fd5f43b703713a532278654749 (diff) | |
| download | linux-stable-a9a76b38aaf577887103e3ebb41d70e6aa5a4b19.tar.gz linux-stable-a9a76b38aaf577887103e3ebb41d70e6aa5a4b19.tar.bz2 linux-stable-a9a76b38aaf577887103e3ebb41d70e6aa5a4b19.zip | |
x86/boot: Disable stack protector for early boot code
On 64-bit, this will prevent crashes when the canary access is changed
from %gs:40 to %gs:__stack_chk_guard(%rip). RIP-relative addresses from
the identity-mapped early boot code will target the wrong address with
zero-based percpu. KASLR could then shift that address to an unmapped
page causing a crash on boot.
This early boot code runs well before user-space is active and does not
need stack protector enabled.
Signed-off-by: Brian Gerst <brgerst@gmail.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/r/20250123190747.745588-4-brgerst@gmail.com
| -rw-r--r-- | arch/x86/kernel/Makefile | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index b43eb7e384eb..84cfa179802c 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -44,6 +44,8 @@ KCOV_INSTRUMENT_unwind_orc.o := n KCOV_INSTRUMENT_unwind_frame.o := n KCOV_INSTRUMENT_unwind_guess.o := n +CFLAGS_head32.o := -fno-stack-protector +CFLAGS_head64.o := -fno-stack-protector CFLAGS_irq.o := -I $(src)/../include/asm/trace obj-y += head_$(BITS).o |