gcc-plugins: Remove ARM_SSP_PER_TASK plugin

As part of trying to remove GCC plugins from Linux, drop the
ARM_SSP_PER_TASK plugin. The feature is available upstream since GCC
12, so anyone needing newer kernels with per-task ssp can update their
compiler[1].

Suggested-by: Arnd Bergmann <arnd@arndb.de>
Link: https://lore.kernel.org/all/08393aa3-05a3-4e3f-8004-f374a3ec4b7e@app.fastmail.com/
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20250409160409.work.168-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 25ed6f1a7c7ae54cae3102c66257de598f04db3c..3072731fe09c5911996d2e5fcc384c424f72f638 100644 (file)
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -1380,8 +1380,7 @@ config CC_HAVE_STACKPROTECTOR_TLS
 config STACKPROTECTOR_PER_TASK
        bool "Use a unique stack canary value for each task"
        depends on STACKPROTECTOR && CURRENT_POINTER_IN_TPIDRURO && !XIP_DEFLATED_DATA
-       depends on GCC_PLUGINS || CC_HAVE_STACKPROTECTOR_TLS
-       select GCC_PLUGIN_ARM_SSP_PER_TASK if !CC_HAVE_STACKPROTECTOR_TLS
+       depends on CC_HAVE_STACKPROTECTOR_TLS
        default y
        help
          Due to the fact that GCC uses an ordinary symbol reference from

diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile
index 945b5975fce20008c9c5ed15e2fb05894357efd9..d61369b1eabe8e3d6d1830156faa30f74bd1586c 100644 (file)
--- a/arch/arm/boot/compressed/Makefile
+++ b/arch/arm/boot/compressed/Makefile
@@ -96,7 +96,7 @@ KBUILD_CFLAGS += -DDISABLE_BRANCH_PROFILING
 
 ccflags-y := -fpic $(call cc-option,-mno-single-pic-base,) -fno-builtin \
             -I$(srctree)/scripts/dtc/libfdt -fno-stack-protector \
-            -I$(obj) $(DISABLE_ARM_SSP_PER_TASK_PLUGIN)
+            -I$(obj)
 ccflags-remove-$(CONFIG_FUNCTION_TRACER) += -pg
 asflags-y := -DZIMAGE
 

diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
index e4deaf5fa571d52073dffddfb77fbb6b4db63419..5b8a8378ca8ad5d10edaf9d007338429b1bde967 100644 (file)
--- a/scripts/Makefile.gcc-plugins
+++ b/scripts/Makefile.gcc-plugins
@@ -36,12 +36,6 @@ ifdef CONFIG_GCC_PLUGIN_STACKLEAK
 endif
 export DISABLE_STACKLEAK_PLUGIN
 
-gcc-plugin-$(CONFIG_GCC_PLUGIN_ARM_SSP_PER_TASK) += arm_ssp_per_task_plugin.so
-ifdef CONFIG_GCC_PLUGIN_ARM_SSP_PER_TASK
-    DISABLE_ARM_SSP_PER_TASK_PLUGIN += -fplugin-arg-arm_ssp_per_task_plugin-disable
-endif
-export DISABLE_ARM_SSP_PER_TASK_PLUGIN
-
 # All the plugin CFLAGS are collected here in case a build target needs to
 # filter them out of the KBUILD_CFLAGS.
 GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y))

diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig
index e383cda05367a3d48498b2afaacf265bd3ea74ab..231f4a20d61767e3fa61bea7772d3f06cf113fd0 100644 (file)
--- a/scripts/gcc-plugins/Kconfig
+++ b/scripts/gcc-plugins/Kconfig
@@ -46,8 +46,4 @@ config GCC_PLUGIN_LATENT_ENTROPY
           * https://grsecurity.net/
           * https://pax.grsecurity.net/
 
-config GCC_PLUGIN_ARM_SSP_PER_TASK
-       bool
-       depends on GCC_PLUGINS && ARM
-
 endif

diff --git a/scripts/gcc-plugins/arm_ssp_per_task_plugin.c b/scripts/gcc-plugins/arm_ssp_per_task_plugin.c
deleted file mode 100644 (file)
index 7328d03..0000000
--- a/scripts/gcc-plugins/arm_ssp_per_task_plugin.c
+++ /dev/null
@@ -1,107 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0
-
-#include "gcc-common.h"
-
-__visible int plugin_is_GPL_compatible;
-
-static unsigned int canary_offset;
-
-static unsigned int arm_pertask_ssp_rtl_execute(void)
-{
-       rtx_insn *insn;
-
-       for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) {
-               const char *sym;
-               rtx body;
-               rtx current;
-
-               /*
-                * Find a SET insn involving a SYMBOL_REF to __stack_chk_guard
-                */
-               if (!INSN_P(insn))
-                       continue;
-               body = PATTERN(insn);
-               if (GET_CODE(body) != SET ||
-                   GET_CODE(SET_SRC(body)) != SYMBOL_REF)
-                       continue;
-               sym = XSTR(SET_SRC(body), 0);
-               if (strcmp(sym, "__stack_chk_guard"))
-                       continue;
-
-               /*
-                * Replace the source of the SET insn with an expression that
-                * produces the address of the current task's stack canary value
-                */
-               current = gen_reg_rtx(Pmode);
-
-               emit_insn_before(gen_load_tp_hard(current), insn);
-
-               SET_SRC(body) = gen_rtx_PLUS(Pmode, current,
-                                            GEN_INT(canary_offset));
-       }
-       return 0;
-}
-
-#define PASS_NAME arm_pertask_ssp_rtl
-
-#define NO_GATE
-#include "gcc-generate-rtl-pass.h"
-
-#if BUILDING_GCC_VERSION >= 9000
-static bool no(void)
-{
-       return false;
-}
-
-static void arm_pertask_ssp_start_unit(void *gcc_data, void *user_data)
-{
-       targetm.have_stack_protect_combined_set = no;
-       targetm.have_stack_protect_combined_test = no;
-}
-#endif
-
-__visible int plugin_init(struct plugin_name_args *plugin_info,
-                         struct plugin_gcc_version *version)
-{
-       const char * const plugin_name = plugin_info->base_name;
-       const int argc = plugin_info->argc;
-       const struct plugin_argument *argv = plugin_info->argv;
-       int i;
-
-       if (!plugin_default_version_check(version, &gcc_version)) {
-               error(G_("incompatible gcc/plugin versions"));
-               return 1;
-       }
-
-       for (i = 0; i < argc; ++i) {
-               if (!strcmp(argv[i].key, "disable"))
-                       return 0;
-
-               /* all remaining options require a value */
-               if (!argv[i].value) {
-                       error(G_("no value supplied for option '-fplugin-arg-%s-%s'"),
-                             plugin_name, argv[i].key);
-                       return 1;
-               }
-
-               if (!strcmp(argv[i].key, "offset")) {
-                       canary_offset = atoi(argv[i].value);
-                       continue;
-               }
-               error(G_("unknown option '-fplugin-arg-%s-%s'"),
-                     plugin_name, argv[i].key);
-               return 1;
-       }
-
-       PASS_INFO(arm_pertask_ssp_rtl, "expand", 1, PASS_POS_INSERT_AFTER);
-
-       register_callback(plugin_info->base_name, PLUGIN_PASS_MANAGER_SETUP,
-                         NULL, &arm_pertask_ssp_rtl_pass_info);
-
-#if BUILDING_GCC_VERSION >= 9000
-       register_callback(plugin_info->base_name, PLUGIN_START_UNIT,
-                         arm_pertask_ssp_start_unit, NULL);
-#endif
-
-       return 0;
-}