From: Sami Tolvanen samitolvanen@google.com
[ Upstream commit cc49c71d2abe99c1c2c9bedf0693ad2d3ee4a067 ]
Shadow stacks are not available in the EFI stub, filter out SCS flags.
Suggested-by: James Morse james.morse@arm.com Signed-off-by: Sami Tolvanen samitolvanen@google.com Reviewed-by: Kees Cook keescook@chromium.org Acked-by: Ard Biesheuvel ardb@kernel.org Signed-off-by: Will Deacon will@kernel.org Stable-dep-of: 1a3887924a7e ("efi: libstub: Disable struct randomization") Signed-off-by: Sasha Levin sashal@kernel.org --- drivers/firmware/efi/libstub/Makefile | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index 678bc910e080..54dbcec7e06f 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -23,6 +23,9 @@ KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \ $(call cc-option,-ffreestanding) \ $(call cc-option,-fno-stack-protector)
+# remove SCS flags from all objects in this directory +KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS)) + GCOV_PROFILE := n KASAN_SANITIZE := n UBSAN_SANITIZE := n