firmware: disable stack protector by default

Disable stack protector for all boards/apps by default, not only qmod-dfu. Use 'make STACK_PROTECTOR=1' to enable. This was recommened by Eric: "I'd argue that we do not want this in general, since it adds canaries to all functions that deal with buffers, and therefore impacts the overall timing in a non determinstic way depending on inlining and optimizations, while contributing nothing in non debug builds." Related: OS#5081 Change-Id: I30ad97f231ea5b401def650bc9adc7e9f2770df0
2026-03-16 21:28:33 +03:00 · 2021-04-08 11:58:59 +02:00
parent 9e0e0ddd5a
commit 878fadd74f
1 changed files with 8 additions and 6 deletions
--- a/firmware/Makefile
+++ b/firmware/Makefile
@@ -59,11 +59,6 @@ OUTPUT = $(BOARD)-$(APP)
 BIN = bin
 OBJ = obj/$(BOARD)

-# Disable stack protector for code in small ROM regions (OS#5081)
-ifeq ($(BOARD)-$(APP), qmod-dfu)
-CFLAGS_EXTRA ?= -fno-stack-protector
-endif
-
 #-------------------------------------------------------------------------------
 #		Tools
 #-------------------------------------------------------------------------------
@@ -183,7 +178,14 @@ CFLAGS += -ffunction-sections -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -DTRACE_L
 CFLAGS += -DGIT_VERSION=\"$(GIT_VERSION)\"
 CFLAGS += -DBOARD=\"$(BOARD)\" -DBOARD_$(BOARD)
 CFLAGS += -DAPPLICATION=\"$(APP)\" -DAPPLICATION_$(APP)
-CFLAGS += $(CFLAGS_EXTRA)
+
+# Disable stack protector by default (OS#5081)
+ifeq ($(STACK_PROTECTOR), 1)
+CFLAGS += -fstack-protector
+else
+CFLAGS += -fno-stack-protector
+endif
+
 ASFLAGS = -mcpu=cortex-m3 -mthumb -Wall -g $(OPTIMIZATION) $(INCLUDES) -D$(CHIP) -D__ASSEMBLY__
 LDFLAGS = -mcpu=cortex-m3 -mthumb -Wl,--cref -Wl,--check-sections -Wl,--gc-sections -Wl,--entry=ResetException -Wl,--unresolved-symbols=report-all -Wl,--warn-common -Wl,--warn-section-align -Wl,--print-memory-usage -Wl,--no-undefined $(LIB)
 #LD_OPTIONAL=-Wl,--print-gc-sections -Wl,--stats