Makefile: move stack-protector availability out of Kconfig

Various portions of the kernel, especially per-architecture pieces,
need to know if the compiler is building with the stack protector.
This was done in the arch/Kconfig with 'select', but this doesn't
allow a way to do auto-detected compiler support. In preparation for
creating an on-if-available default, move the logic for the definition of
CONFIG_CC_STACKPROTECTOR into the Makefile.

Link: http://lkml.kernel.org/r/1510076320-69931-3-git-send-email-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Laura Abbott <labbott@redhat.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Josh Triplett <josh@joshtriplett.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/Makefile b/Makefile
index 20b1aa928d7812174a9722e3c909fe190627a020..f0f934097f64e8cbb5906170f73964bcaa9ba42a 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -693,7 +693,7 @@ else
 endif
 endif
 # Find arch-specific stack protector compiler sanity-checking script.
-ifdef CONFIG_CC_STACKPROTECTOR
+ifdef stackp-name
   stackp-path := $(srctree)/scripts/gcc-$(SRCARCH)_$(BITS)-has-stack-protector.sh
   stackp-check := $(wildcard $(stackp-path))
   # If the wildcard test matches a test script, run it to check functionality.
@@ -702,6 +702,10 @@ ifdef CONFIG_CC_STACKPROTECTOR
       stackp-broken := y
     endif
   endif
+  ifndef stackp-broken
+    # If the stack protector is functional, enable code that depends on it.
+    KBUILD_CPPFLAGS += -DCONFIG_CC_STACKPROTECTOR
+  endif
 endif
 KBUILD_CFLAGS += $(stackp-flag)
 

diff --git a/arch/Kconfig b/arch/Kconfig
index 467dfa35bf969b568cf974da432e563785d4a502..9330a9d79dc357d3a28438965b71cf8aee67f761 100644 (file)
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -538,12 +538,6 @@ config HAVE_CC_STACKPROTECTOR
          - its compiler supports the -fstack-protector option
          - it has implemented a stack canary (e.g. __stack_chk_guard)
 
-config CC_STACKPROTECTOR
-       def_bool n
-       help
-         Set when a stack-protector mode is enabled, so that the build
-         can enable kernel-side support for the GCC feature.
-
 choice
        prompt "Stack Protector buffer overflow detection"
        depends on HAVE_CC_STACKPROTECTOR
@@ -564,7 +558,6 @@ config CC_STACKPROTECTOR_NONE
 
 config CC_STACKPROTECTOR_REGULAR
        bool "Regular"
-       select CC_STACKPROTECTOR
        help
          Functions will have the stack-protector canary logic added if they
          have an 8-byte or larger character array on the stack.
@@ -578,7 +571,6 @@ config CC_STACKPROTECTOR_REGULAR
 
 config CC_STACKPROTECTOR_STRONG
        bool "Strong"
-       select CC_STACKPROTECTOR
        help
          Functions will have the stack-protector canary logic added in any
          of the following conditions:

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index b0771ceabb4b223199a31adb7993c4b62ded0754..d9878f1f3bac717bd3397da0816e52325b67d0fe 100644 (file)
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -322,7 +322,7 @@ config X86_64_SMP
 
 config X86_32_LAZY_GS
        def_bool y
-       depends on X86_32 && !CC_STACKPROTECTOR
+       depends on X86_32 && CC_STACKPROTECTOR_NONE
 
 config ARCH_SUPPORTS_UPROBES
        def_bool y