[PATCH] Add support for stack-protector

Heinrich Schuchardt xypron.glpk at gmx.de
Sun Jan 10 23:20:43 CET 2021

Am 10. Januar 2021 20:44:15 MEZ schrieb Joel Peshkin <joel.peshkin at broadcom.com>:
>Hi Heinrich,
>Thank you for your comments.  I have 2 questions about how to
>1) Unit test
>I can add a function that can be used to trigger an overrun, but I am
>sure where to include it as the stack protector prints the error
>and then resets uboot so it wouldn't fir in a unit test suite.
>"test_stackprotector fail" command to the CLI and you could call the
>underlying stackprot_test_fail() from code hacked into SPL and TPL

Additonally to the test command you will nedd a Python test (in /test/py/tests/) to excercise it.

>2) Standalone/EFI
>What we did for our own standalone code was to add the KBUILD_CFLAGS +=
>-fno-stack-protector   to the Makefile for our specific standalone.  
>problem is there is no generic place from which all standalone/EFI is
>called, so I could just leave this for maintainers of specific
>standalone/EPI programs to add IF they are enabling STACKPROTECTOR (If
>don't enable it, they don't need to do anything) or I could add
>KBUILD_CFLAGS += -fno-stack-protector  to  both

This would lead to contradictory arguments on the GCC command line.

>and lib/efi_loader/Makefile

Have a look at CFLAGS_REMOVE in aforementioned Makefiles. 

Best regards


>What would you suggest?

More information about the U-Boot mailing list