On Tue, Jul 14, 2020 at 06:34:24PM -0700, Kees Cook wrote:
> On Tue, Jul 14, 2020 at 02:08:36PM +0200, Joerg Roedel wrote:
> > +# make sure head64.c is built without stack protector
> > +nostackp := $(call cc-option, -fno-stack-protector)
> > +CFLAGS_head64.o := $(nostackp)
>
> Recent refactoring[1] for stack protector suggests this should just
> unconditionally be:
>
> CFLAGS_head64.o += -fno-stack-protector
>
> But otherwise, yeah, this should be fine here -- it's all early init
> stuff.
>
> Reviewed-by: Kees Cook <[email protected]>
Thanks, I am not sure this patch will be needed in the next version, as
I am currently rebasing to tip/master, which also made idt_descr static
in kernel/idt.c.
So with that I think I have to move the early IDT init functions to
kernel/idt.c too and setup %gs earlier in head_64.S to make
stack-protector happy.
The %gs setup actually needs to happen two times, one time when the
kernel still runs identity mapped and then again when it switched to
virtual addresses.
Regards,
Joerg
