x86/entry: Actually disable stack protector

Some builds of GCC enable stack protector by default. Simply removing
the arguments is not sufficient to disable stack protector, as the stack
protector for those GCC builds must be explicitly disabled. Remove the
argument removals and add -fno-stack-protector. Additionally include
missed x32 argument updates, and adjust whitespace for readability.

Fixes: 20355e5f73a7 ("x86/entry: Exclude low level entry code from sanitizing")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/202006261333.585319CA6B@keescook

diff --git a/arch/x86/entry/Makefile b/arch/x86/entry/Makefile
index b7a5790d8d63e4df84f0e553377b3dcb5ba70499..08bf95dbc91126d25fc93cdc55526f6cbb064977 100644 (file)
--- a/arch/x86/entry/Makefile
+++ b/arch/x86/entry/Makefile
@@ -7,12 +7,20 @@ KASAN_SANITIZE := n
 UBSAN_SANITIZE := n
 KCOV_INSTRUMENT := n
 
-CFLAGS_REMOVE_common.o = $(CC_FLAGS_FTRACE) -fstack-protector -fstack-protector-strong
-CFLAGS_REMOVE_syscall_32.o = $(CC_FLAGS_FTRACE) -fstack-protector -fstack-protector-strong
-CFLAGS_REMOVE_syscall_64.o = $(CC_FLAGS_FTRACE) -fstack-protector -fstack-protector-strong
+CFLAGS_REMOVE_common.o         = $(CC_FLAGS_FTRACE)
+CFLAGS_REMOVE_syscall_64.o     = $(CC_FLAGS_FTRACE)
+CFLAGS_REMOVE_syscall_32.o     = $(CC_FLAGS_FTRACE)
+CFLAGS_REMOVE_syscall_x32.o    = $(CC_FLAGS_FTRACE)
+
+CFLAGS_common.o                        += -fno-stack-protector
+CFLAGS_syscall_64.o            += -fno-stack-protector
+CFLAGS_syscall_32.o            += -fno-stack-protector
+CFLAGS_syscall_x32.o           += -fno-stack-protector
 
 CFLAGS_syscall_64.o            += $(call cc-option,-Wno-override-init,)
 CFLAGS_syscall_32.o            += $(call cc-option,-Wno-override-init,)
+CFLAGS_syscall_x32.o           += $(call cc-option,-Wno-override-init,)
+
 obj-y                          := entry_$(BITS).o thunk_$(BITS).o syscall_$(BITS).o
 obj-y                          += common.o