Call __stack_chk_guard_setup() in decompress_kernel() is too late that stack checking always fails for decompress_kernel() itself. So remove __stack_chk_guard_setup() and initialize __stack_chk_guard before we call decompress_kernel().
Original code comes from ARM but also used for MIPS and SH, so fix them together. If without this fix, compressed booting of these archs will fail because stack checking is enabled by default (>=4.16).
V2: Fix build on ARM. V3: Fix build on SuperH.
Cc: stable@vger.kernel.org Signed-off-by: Huacai Chen chenhc@lemote.com --- arch/arm/boot/compressed/head.S | 4 ++++ arch/arm/boot/compressed/misc.c | 7 ------- arch/mips/boot/compressed/decompress.c | 7 ------- arch/mips/boot/compressed/head.S | 4 ++++ arch/sh/boot/compressed/head_32.S | 8 ++++++++ arch/sh/boot/compressed/head_64.S | 4 ++++ arch/sh/boot/compressed/misc.c | 7 ------- 7 files changed, 20 insertions(+), 21 deletions(-)
diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S index 45c8823..bae1fc6 100644 --- a/arch/arm/boot/compressed/head.S +++ b/arch/arm/boot/compressed/head.S @@ -547,6 +547,10 @@ not_relocated: mov r0, #0 bic r4, r4, #1 blne cache_on
+ ldr r0, =__stack_chk_guard + ldr r1, =0x000a0dff + str r1, [r0] + /* * The C runtime environment should now be setup sufficiently. * Set up some pointers, and start decompressing. diff --git a/arch/arm/boot/compressed/misc.c b/arch/arm/boot/compressed/misc.c index 16a8a80..e518ef5 100644 --- a/arch/arm/boot/compressed/misc.c +++ b/arch/arm/boot/compressed/misc.c @@ -130,11 +130,6 @@ asmlinkage void __div0(void)
unsigned long __stack_chk_guard;
-void __stack_chk_guard_setup(void) -{ - __stack_chk_guard = 0x000a0dff; -} - void __stack_chk_fail(void) { error("stack-protector: Kernel stack is corrupted\n"); @@ -150,8 +145,6 @@ decompress_kernel(unsigned long output_start, unsigned long free_mem_ptr_p, { int ret;
- __stack_chk_guard_setup(); - output_data = (unsigned char *)output_start; free_mem_ptr = free_mem_ptr_p; free_mem_end_ptr = free_mem_ptr_end_p; diff --git a/arch/mips/boot/compressed/decompress.c b/arch/mips/boot/compressed/decompress.c index fdf99e9..5ba431c 100644 --- a/arch/mips/boot/compressed/decompress.c +++ b/arch/mips/boot/compressed/decompress.c @@ -78,11 +78,6 @@ void error(char *x)
unsigned long __stack_chk_guard;
-void __stack_chk_guard_setup(void) -{ - __stack_chk_guard = 0x000a0dff; -} - void __stack_chk_fail(void) { error("stack-protector: Kernel stack is corrupted\n"); @@ -92,8 +87,6 @@ void decompress_kernel(unsigned long boot_heap_start) { unsigned long zimage_start, zimage_size;
- __stack_chk_guard_setup(); - zimage_start = (unsigned long)(&__image_begin); zimage_size = (unsigned long)(&__image_end) - (unsigned long)(&__image_begin); diff --git a/arch/mips/boot/compressed/head.S b/arch/mips/boot/compressed/head.S index 409cb48..00d0ee0 100644 --- a/arch/mips/boot/compressed/head.S +++ b/arch/mips/boot/compressed/head.S @@ -32,6 +32,10 @@ start: bne a2, a0, 1b addiu a0, a0, 4
+ PTR_LA a0, __stack_chk_guard + PTR_LI a1, 0x000a0dff + sw a1, 0(a0) + PTR_LA a0, (.heap) /* heap address */ PTR_LA sp, (.stack + 8192) /* stack address */
diff --git a/arch/sh/boot/compressed/head_32.S b/arch/sh/boot/compressed/head_32.S index 7bb1681..e84237d 100644 --- a/arch/sh/boot/compressed/head_32.S +++ b/arch/sh/boot/compressed/head_32.S @@ -76,6 +76,10 @@ l1: mov.l init_stack_addr, r0 mov.l @r0, r15
+ mov.l __stack_chk_guard_addr, r0 + mov.l __stack_chk_guard_val, r1 + mov.l r1, @r0 + /* Decompress the kernel */ mov.l decompress_kernel_addr, r0 jsr @r0 @@ -97,6 +101,10 @@ kexec_magic: .long 0x400000F0 /* magic used by kexec to parse zImage format */ init_stack_addr: .long stack_start +__stack_chk_guard_val: + .long 0x000A0DFF +__stack_chk_guard_addr: + .long __stack_chk_guard decompress_kernel_addr: .long decompress_kernel kernel_start_addr: diff --git a/arch/sh/boot/compressed/head_64.S b/arch/sh/boot/compressed/head_64.S index 9993113..8b4d540 100644 --- a/arch/sh/boot/compressed/head_64.S +++ b/arch/sh/boot/compressed/head_64.S @@ -132,6 +132,10 @@ startup: addi r22, 4, r22 bne r22, r23, tr1
+ movi datalabel __stack_chk_guard, r0 + movi 0x000a0dff, r1 + st.l r0, 0, r1 + /* * Decompress the kernel. */ diff --git a/arch/sh/boot/compressed/misc.c b/arch/sh/boot/compressed/misc.c index 627ce8e..fe4c079 100644 --- a/arch/sh/boot/compressed/misc.c +++ b/arch/sh/boot/compressed/misc.c @@ -106,11 +106,6 @@ static void error(char *x)
unsigned long __stack_chk_guard;
-void __stack_chk_guard_setup(void) -{ - __stack_chk_guard = 0x000a0dff; -} - void __stack_chk_fail(void) { error("stack-protector: Kernel stack is corrupted\n"); @@ -130,8 +125,6 @@ void decompress_kernel(void) { unsigned long output_addr;
- __stack_chk_guard_setup(); - #ifdef CONFIG_SUPERH64 output_addr = (CONFIG_MEMORY_START + 0x2000); #else
On Fri, 16 Mar 2018 15:55:16 +0800 Huacai Chen chenhc@lemote.com wrote:
Call __stack_chk_guard_setup() in decompress_kernel() is too late that stack checking always fails for decompress_kernel() itself. So remove __stack_chk_guard_setup() and initialize __stack_chk_guard before we call decompress_kernel().
Original code comes from ARM but also used for MIPS and SH, so fix them together. If without this fix, compressed booting of these archs will fail because stack checking is enabled by default (>=4.16).
...
arch/arm/boot/compressed/head.S | 4 ++++ arch/arm/boot/compressed/misc.c | 7 ------- arch/mips/boot/compressed/decompress.c | 7 ------- arch/mips/boot/compressed/head.S | 4 ++++ arch/sh/boot/compressed/head_32.S | 8 ++++++++ arch/sh/boot/compressed/head_64.S | 4 ++++ arch/sh/boot/compressed/misc.c | 7 ------- 7 files changed, 20 insertions(+), 21 deletions(-)
Perhaps this should be split into three patches and each one routed via the appropriate arch tree maintainer (for sh, that might be me).
But we can do it this way if the arm and mips teams can send an ack, please?
On Fri, Mar 16, 2018 at 03:13:37PM -0700, Andrew Morton wrote:
On Fri, 16 Mar 2018 15:55:16 +0800 Huacai Chen chenhc@lemote.com wrote:
Call __stack_chk_guard_setup() in decompress_kernel() is too late that stack checking always fails for decompress_kernel() itself. So remove __stack_chk_guard_setup() and initialize __stack_chk_guard before we call decompress_kernel().
Original code comes from ARM but also used for MIPS and SH, so fix them together. If without this fix, compressed booting of these archs will fail because stack checking is enabled by default (>=4.16).
...
arch/arm/boot/compressed/head.S | 4 ++++ arch/arm/boot/compressed/misc.c | 7 ------- arch/mips/boot/compressed/decompress.c | 7 ------- arch/mips/boot/compressed/head.S | 4 ++++ arch/sh/boot/compressed/head_32.S | 8 ++++++++ arch/sh/boot/compressed/head_64.S | 4 ++++ arch/sh/boot/compressed/misc.c | 7 ------- 7 files changed, 20 insertions(+), 21 deletions(-)
Perhaps this should be split into three patches and each one routed via the appropriate arch tree maintainer (for sh, that might be me).
Apologies for that. I'm trying to pick back up on things now, now that I've got both some downtime from other things and funding for core sh maintenance stuff. If you know any issues you'd especially like me to put my attention on now, please let me know. I have a few patches queued up from myself and others, but I believe there's a lot more I haven't been able to get to for quite a while. I should have new SH hardware to test on soon and in the meantime I've improved my qemu setup.
One question I have about this specific patch is why any code is needed at all. Why can't __stack_chk_guard just be moved to initialized data, or left uninitialized, for the compressed kernel image loader? Assuming it is needed, the code looks ok, but I question the premise.
Rich
On Fri, Mar 16, 2018 at 03:55:16PM +0800, Huacai Chen wrote:
diff --git a/arch/mips/boot/compressed/decompress.c b/arch/mips/boot/compressed/decompress.c index fdf99e9..5ba431c 100644 --- a/arch/mips/boot/compressed/decompress.c +++ b/arch/mips/boot/compressed/decompress.c @@ -78,11 +78,6 @@ void error(char *x) unsigned long __stack_chk_guard;
...
diff --git a/arch/mips/boot/compressed/head.S b/arch/mips/boot/compressed/head.S index 409cb48..00d0ee0 100644 --- a/arch/mips/boot/compressed/head.S +++ b/arch/mips/boot/compressed/head.S @@ -32,6 +32,10 @@ start: bne a2, a0, 1b addiu a0, a0, 4
- PTR_LA a0, __stack_chk_guard
- PTR_LI a1, 0x000a0dff
- sw a1, 0(a0)
Should that not be LONG_S? Otherwise big endian MIPS64 would get a word-swapped canary (which is probably mostly harmless, but still).
Also I think it worth mentioning in the commit message the MIPS configuration you hit this with, presumably a Loongson one? For me decompress_kernel() gets a stack guard on loongson3_defconfig, but not malta_defconfig or malta_defconfig + 64-bit. I presume its sensitive to the compiler inlining stuff into decompress_kernel() or something such that it suddenly qualifies for a stack guard.
Cheers James
在 2018-03-22四的 22:21 +0000,James Hogan写道:
On Fri, Mar 16, 2018 at 03:55:16PM +0800, Huacai Chen wrote:
diff --git a/arch/mips/boot/compressed/decompress.c b/arch/mips/boot/compressed/decompress.c index fdf99e9..5ba431c 100644 --- a/arch/mips/boot/compressed/decompress.c +++ b/arch/mips/boot/compressed/decompress.c @@ -78,11 +78,6 @@ void error(char *x) unsigned long __stack_chk_guard;
...
diff --git a/arch/mips/boot/compressed/head.S b/arch/mips/boot/compressed/head.S index 409cb48..00d0ee0 100644 --- a/arch/mips/boot/compressed/head.S +++ b/arch/mips/boot/compressed/head.S @@ -32,6 +32,10 @@ start: bne a2, a0, 1b addiu a0, a0, 4
- PTR_LA a0, __stack_chk_guard
- PTR_LI a1, 0x000a0dff
- sw a1, 0(a0)
Hi James
Huacai Can't reply this mail. His chenhc@lemote.com is blcoked by Linux-MIPS mailing list while his Gmail didn't receive this email, so I'm replying for him.
Should that not be LONG_S? Otherwise big endian MIPS64 would get a word-swapped canary (which is probably mostly harmless, but still).
Yes, he said it's considerable.
Also I think it worth mentioning in the commit message the MIPS configuration you hit this with, presumably a Loongson one? For me decompress_kernel() gets a stack guard on loongson3_defconfig, but not malta_defconfig or malta_defconfig + 64-bit. I presume its sensitive to the compiler inlining stuff into decompress_kernel() or something such that it suddenly qualifies for a stack guard.
Have you tested with CONFIG_CC_STACKPROTECTOR_STRONG=y ? Huacai reproduced the issue by this[1] config with GCC 4.9.
[1] https://github.com/loongson-community/linux-stable/blob/rebase-4.14 /arch/mips/configs/loongson3_defconfig
Cheers James
On Fri, Mar 23, 2018 at 11:50:55AM +0800, Jiaxun Yang wrote:
在 2018-03-22四的 22:21 +0000,James Hogan写道:
Also I think it worth mentioning in the commit message the MIPS configuration you hit this with, presumably a Loongson one? For me decompress_kernel() gets a stack guard on loongson3_defconfig, but not malta_defconfig or malta_defconfig + 64-bit. I presume its sensitive to the compiler inlining stuff into decompress_kernel() or something such that it suddenly qualifies for a stack guard.
Have you tested with CONFIG_CC_STACKPROTECTOR_STRONG=y ?
Yes. for malta_defconfig I could only reproduce by adding an array to decompress_kernel() so that it would get the guard.
Cheers James
Hi Huacai,
On 2018-03-16 08:55, Huacai Chen wrote:
Call __stack_chk_guard_setup() in decompress_kernel() is too late that stack checking always fails for decompress_kernel() itself. So remove __stack_chk_guard_setup() and initialize __stack_chk_guard before we call decompress_kernel().
Original code comes from ARM but also used for MIPS and SH, so fix them together. If without this fix, compressed booting of these archs will fail because stack checking is enabled by default (>=4.16).
V2: Fix build on ARM. V3: Fix build on SuperH.
Cc: stable@vger.kernel.org Signed-off-by: Huacai Chen chenhc@lemote.com
This patch breaks booting on ARM Exynos4210 based boards (tested with next-20180323, exynos_defconfig, both Trats and Origen fails to boot). That's a bit strange, because all other Exynos SoC works fine (I've checked 3250, 4412, 5250, 5410 and 542x). I really have no idea what is so specific inc case of Exynos4210, that causes this failure.
arch/arm/boot/compressed/head.S | 4 ++++ arch/arm/boot/compressed/misc.c | 7 ------- arch/mips/boot/compressed/decompress.c | 7 ------- arch/mips/boot/compressed/head.S | 4 ++++ arch/sh/boot/compressed/head_32.S | 8 ++++++++ arch/sh/boot/compressed/head_64.S | 4 ++++ arch/sh/boot/compressed/misc.c | 7 ------- 7 files changed, 20 insertions(+), 21 deletions(-)
diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S index 45c8823..bae1fc6 100644 --- a/arch/arm/boot/compressed/head.S +++ b/arch/arm/boot/compressed/head.S @@ -547,6 +547,10 @@ not_relocated: mov r0, #0 bic r4, r4, #1 blne cache_on
ldr r0, =__stack_chk_guardldr r1, =0x000a0dffstr r1, [r0]- /*
- The C runtime environment should now be setup sufficiently.
- Set up some pointers, and start decompressing.
diff --git a/arch/arm/boot/compressed/misc.c b/arch/arm/boot/compressed/misc.c index 16a8a80..e518ef5 100644 --- a/arch/arm/boot/compressed/misc.c +++ b/arch/arm/boot/compressed/misc.c @@ -130,11 +130,6 @@ asmlinkage void __div0(void) unsigned long __stack_chk_guard; -void __stack_chk_guard_setup(void) -{
- __stack_chk_guard = 0x000a0dff;
-}
- void __stack_chk_fail(void) { error("stack-protector: Kernel stack is corrupted\n");
@@ -150,8 +145,6 @@ decompress_kernel(unsigned long output_start, unsigned long free_mem_ptr_p, { int ret;
- __stack_chk_guard_setup();
- output_data = (unsigned char *)output_start; free_mem_ptr = free_mem_ptr_p; free_mem_end_ptr = free_mem_ptr_end_p;
diff --git a/arch/mips/boot/compressed/decompress.c b/arch/mips/boot/compressed/decompress.c index fdf99e9..5ba431c 100644 --- a/arch/mips/boot/compressed/decompress.c +++ b/arch/mips/boot/compressed/decompress.c @@ -78,11 +78,6 @@ void error(char *x) unsigned long __stack_chk_guard; -void __stack_chk_guard_setup(void) -{
- __stack_chk_guard = 0x000a0dff;
-}
- void __stack_chk_fail(void) { error("stack-protector: Kernel stack is corrupted\n");
@@ -92,8 +87,6 @@ void decompress_kernel(unsigned long boot_heap_start) { unsigned long zimage_start, zimage_size;
- __stack_chk_guard_setup();
- zimage_start = (unsigned long)(&__image_begin); zimage_size = (unsigned long)(&__image_end) - (unsigned long)(&__image_begin);
diff --git a/arch/mips/boot/compressed/head.S b/arch/mips/boot/compressed/head.S index 409cb48..00d0ee0 100644 --- a/arch/mips/boot/compressed/head.S +++ b/arch/mips/boot/compressed/head.S @@ -32,6 +32,10 @@ start: bne a2, a0, 1b addiu a0, a0, 4
- PTR_LA a0, __stack_chk_guard
- PTR_LI a1, 0x000a0dff
- sw a1, 0(a0)
- PTR_LA a0, (.heap) /* heap address */ PTR_LA sp, (.stack + 8192) /* stack address */
diff --git a/arch/sh/boot/compressed/head_32.S b/arch/sh/boot/compressed/head_32.S index 7bb1681..e84237d 100644 --- a/arch/sh/boot/compressed/head_32.S +++ b/arch/sh/boot/compressed/head_32.S @@ -76,6 +76,10 @@ l1: mov.l init_stack_addr, r0 mov.l @r0, r15
- mov.l __stack_chk_guard_addr, r0
- mov.l __stack_chk_guard_val, r1
- mov.l r1, @r0
- /* Decompress the kernel */ mov.l decompress_kernel_addr, r0 jsr @r0
@@ -97,6 +101,10 @@ kexec_magic: .long 0x400000F0 /* magic used by kexec to parse zImage format */ init_stack_addr: .long stack_start +__stack_chk_guard_val:
- .long 0x000A0DFF
+__stack_chk_guard_addr:
- .long __stack_chk_guard decompress_kernel_addr: .long decompress_kernel kernel_start_addr:
diff --git a/arch/sh/boot/compressed/head_64.S b/arch/sh/boot/compressed/head_64.S index 9993113..8b4d540 100644 --- a/arch/sh/boot/compressed/head_64.S +++ b/arch/sh/boot/compressed/head_64.S @@ -132,6 +132,10 @@ startup: addi r22, 4, r22 bne r22, r23, tr1
- movi datalabel __stack_chk_guard, r0
- movi 0x000a0dff, r1
- st.l r0, 0, r1
- /*
*/
- Decompress the kernel.
diff --git a/arch/sh/boot/compressed/misc.c b/arch/sh/boot/compressed/misc.c index 627ce8e..fe4c079 100644 --- a/arch/sh/boot/compressed/misc.c +++ b/arch/sh/boot/compressed/misc.c @@ -106,11 +106,6 @@ static void error(char *x) unsigned long __stack_chk_guard; -void __stack_chk_guard_setup(void) -{
- __stack_chk_guard = 0x000a0dff;
-}
- void __stack_chk_fail(void) { error("stack-protector: Kernel stack is corrupted\n");
@@ -130,8 +125,6 @@ void decompress_kernel(void) { unsigned long output_addr;
- __stack_chk_guard_setup();
- #ifdef CONFIG_SUPERH64 output_addr = (CONFIG_MEMORY_START + 0x2000); #else
Best regards
linux-stable-mirror@lists.linaro.org
-
Andrew Morton -
Huacai Chen -
James Hogan -
Jiaxun Yang -
Marek Szyprowski -
Rich Felker