From: Sami Tolvanen <samitolvanen@google.com>
Date: Mon, 27 Apr 2020 09:00:18 -0700
Subject: efi/libstub: Disable Shadow Call Stack
Patch-mainline: v5.8-rc1
Git-commit: cc49c71d2abe99c1c2c9bedf0693ad2d3ee4a067
References: jsc#SLE-16407
Shadow stacks are not available in the EFI stub, filter out SCS flags.
Suggested-by: James Morse <james.morse@arm.com>
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Will Deacon <will@kernel.org>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
---
drivers/firmware/efi/libstub/Makefile | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -33,6 +33,9 @@ KBUILD_CFLAGS := $(cflags-y) -Os -DDIS
$(call cc-option,-fno-addrsig) \
-D__DISABLE_EXPORTS
+# remove SCS flags from all objects in this directory
+KBUILD_CFLAGS := $(filter-out $(CC_FLAGS_SCS), $(KBUILD_CFLAGS))
+
GCOV_PROFILE := n
KASAN_SANITIZE := n
UBSAN_SANITIZE := n