ARM: stackprotector: prefer compiler for TLS based per-task protector

Currently, we implement the per-task stack protector for ARM using a GCC
plugin, due to lack of native compiler support. However, work is
underway to get this implemented in the compiler, which means we will be
able to deprecate the GCC plugin at some point.

In the meantime, we will need to support both, where the native compiler
implementation is obviously preferred. So let's wire this up in Kconfig
and the Makefile.

Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Marc Zyngier <maz@kernel.org>
Tested-by: Vladimir Murzin <vladimir.murzin@arm.com> # ARMv7M

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index f0f9e8b..4e301e4 100644 (file)
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1607,10 +1607,14 @@ config XEN
        help
          Say Y if you want to run Linux in a Virtual Machine on Xen on ARM.
 
+config CC_HAVE_STACKPROTECTOR_TLS
+       def_bool $(cc-option,-mtp=cp15 -mstack-protector-guard=tls -mstack-protector-guard-offset=0)
+
 config STACKPROTECTOR_PER_TASK
        bool "Use a unique stack canary value for each task"
-       depends on GCC_PLUGINS && STACKPROTECTOR && THREAD_INFO_IN_TASK && !XIP_DEFLATED_DATA
-       select GCC_PLUGIN_ARM_SSP_PER_TASK
+       depends on STACKPROTECTOR && THREAD_INFO_IN_TASK && !XIP_DEFLATED_DATA
+       depends on GCC_PLUGINS || CC_HAVE_STACKPROTECTOR_TLS
+       select GCC_PLUGIN_ARM_SSP_PER_TASK if !CC_HAVE_STACKPROTECTOR_TLS
        default y
        help
          Due to the fact that GCC uses an ordinary symbol reference from

diff --git a/arch/arm/Makefile b/arch/arm/Makefile
index 77172d5..e943624 100644 (file)
--- a/arch/arm/Makefile
+++ b/arch/arm/Makefile
@@ -275,6 +275,14 @@ endif
 
 ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y)
 prepare: stack_protector_prepare
+ifeq ($(CONFIG_CC_HAVE_STACKPROTECTOR_TLS),y)
+stack_protector_prepare: prepare0
+       $(eval KBUILD_CFLAGS += \
+               -mstack-protector-guard=tls \
+               -mstack-protector-guard-offset=$(shell  \
+                       awk '{if ($$2 == "TSK_STACK_CANARY") print $$3;}'\
+                               include/generated/asm-offsets.h))
+else
 stack_protector_prepare: prepare0
        $(eval SSP_PLUGIN_CFLAGS := \
                -fplugin-arg-arm_ssp_per_task_plugin-offset=$(shell     \
@@ -283,6 +291,7 @@ stack_protector_prepare: prepare0
        $(eval KBUILD_CFLAGS += $(SSP_PLUGIN_CFLAGS))
        $(eval GCC_PLUGINS_CFLAGS += $(SSP_PLUGIN_CFLAGS))
 endif
+endif
 
 all:   $(notdir $(KBUILD_IMAGE))