From: Kees Cook Date: Wed, 12 Jul 2017 21:35:55 +0000 (-0700) Subject: efi: avoid fortify checks in EFI stub X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=3e2c044a54e6b6373606f8ffad42a4a0759fcf3d;p=openwrt%2Fstaging%2Fblogic.git efi: avoid fortify checks in EFI stub This avoids CONFIG_FORTIFY_SOURCE from being enabled during the EFI stub build, as adding a panic() implementation may not work well. This can be adjusted in the future. Link: http://lkml.kernel.org/r/1497903987-21002-2-git-send-email-keescook@chromium.org Signed-off-by: Kees Cook Suggested-by: Daniel Micay Reviewed-by: Ard Biesheuvel Acked-by: Mark Rutland Cc: Matt Fleming Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile index f7425960f6a5..37e24f525162 100644 --- a/drivers/firmware/efi/libstub/Makefile +++ b/drivers/firmware/efi/libstub/Makefile @@ -17,6 +17,7 @@ cflags-$(CONFIG_ARM) := $(subst -pg,,$(KBUILD_CFLAGS)) \ cflags-$(CONFIG_EFI_ARMSTUB) += -I$(srctree)/scripts/dtc/libfdt KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \ + -D__NO_FORTIFY \ $(call cc-option,-ffreestanding) \ $(call cc-option,-fno-stack-protector)