Call __stack_chk_guard_setup() in decompress_kernel() is too late that
stack checking always fails for decompress_kernel() itself. So remove
__stack_chk_guard_setup() and initialize __stack_chk_guard before we
call decompress_kernel().
Original code comes from ARM but also used for MIPS and SH, so fix them
together. If without this fix, compressed booting of these archs will
fail because stack checking is enabled by default (>=4.16).
V2: Fix build on ARM.
V3: Fix build on SuperH.
Cc: [email protected]
Signed-off-by: Huacai Chen <[email protected]>
---
arch/arm/boot/compressed/head.S | 4 ++++
arch/arm/boot/compressed/misc.c | 7 -------
arch/mips/boot/compressed/decompress.c | 7 -------
arch/mips/boot/compressed/head.S | 4 ++++
arch/sh/boot/compressed/head_32.S | 8 ++++++++
arch/sh/boot/compressed/head_64.S | 4 ++++
arch/sh/boot/compressed/misc.c | 7 -------
7 files changed, 20 insertions(+), 21 deletions(-)
diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S
index 45c8823..bae1fc6 100644
--- a/arch/arm/boot/compressed/head.S
+++ b/arch/arm/boot/compressed/head.S
@@ -547,6 +547,10 @@ not_relocated: mov r0, #0
bic r4, r4, #1
blne cache_on
+ ldr r0, =__stack_chk_guard
+ ldr r1, =0x000a0dff
+ str r1, [r0]
+
/*
* The C runtime environment should now be setup sufficiently.
* Set up some pointers, and start decompressing.
diff --git a/arch/arm/boot/compressed/misc.c b/arch/arm/boot/compressed/misc.c
index 16a8a80..e518ef5 100644
--- a/arch/arm/boot/compressed/misc.c
+++ b/arch/arm/boot/compressed/misc.c
@@ -130,11 +130,6 @@ asmlinkage void __div0(void)
unsigned long __stack_chk_guard;
-void __stack_chk_guard_setup(void)
-{
- __stack_chk_guard = 0x000a0dff;
-}
-
void __stack_chk_fail(void)
{
error("stack-protector: Kernel stack is corrupted\n");
@@ -150,8 +145,6 @@ decompress_kernel(unsigned long output_start, unsigned long free_mem_ptr_p,
{
int ret;
- __stack_chk_guard_setup();
-
output_data = (unsigned char *)output_start;
free_mem_ptr = free_mem_ptr_p;
free_mem_end_ptr = free_mem_ptr_end_p;
diff --git a/arch/mips/boot/compressed/decompress.c b/arch/mips/boot/compressed/decompress.c
index fdf99e9..5ba431c 100644
--- a/arch/mips/boot/compressed/decompress.c
+++ b/arch/mips/boot/compressed/decompress.c
@@ -78,11 +78,6 @@ void error(char *x)
unsigned long __stack_chk_guard;
-void __stack_chk_guard_setup(void)
-{
- __stack_chk_guard = 0x000a0dff;
-}
-
void __stack_chk_fail(void)
{
error("stack-protector: Kernel stack is corrupted\n");
@@ -92,8 +87,6 @@ void decompress_kernel(unsigned long boot_heap_start)
{
unsigned long zimage_start, zimage_size;
- __stack_chk_guard_setup();
-
zimage_start = (unsigned long)(&__image_begin);
zimage_size = (unsigned long)(&__image_end) -
(unsigned long)(&__image_begin);
diff --git a/arch/mips/boot/compressed/head.S b/arch/mips/boot/compressed/head.S
index 409cb48..00d0ee0 100644
--- a/arch/mips/boot/compressed/head.S
+++ b/arch/mips/boot/compressed/head.S
@@ -32,6 +32,10 @@ start:
bne a2, a0, 1b
addiu a0, a0, 4
+ PTR_LA a0, __stack_chk_guard
+ PTR_LI a1, 0x000a0dff
+ sw a1, 0(a0)
+
PTR_LA a0, (.heap) /* heap address */
PTR_LA sp, (.stack + 8192) /* stack address */
diff --git a/arch/sh/boot/compressed/head_32.S b/arch/sh/boot/compressed/head_32.S
index 7bb1681..e84237d 100644
--- a/arch/sh/boot/compressed/head_32.S
+++ b/arch/sh/boot/compressed/head_32.S
@@ -76,6 +76,10 @@ l1:
mov.l init_stack_addr, r0
mov.l @r0, r15
+ mov.l __stack_chk_guard_addr, r0
+ mov.l __stack_chk_guard_val, r1
+ mov.l r1, @r0
+
/* Decompress the kernel */
mov.l decompress_kernel_addr, r0
jsr @r0
@@ -97,6 +101,10 @@ kexec_magic:
.long 0x400000F0 /* magic used by kexec to parse zImage format */
init_stack_addr:
.long stack_start
+__stack_chk_guard_val:
+ .long 0x000A0DFF
+__stack_chk_guard_addr:
+ .long __stack_chk_guard
decompress_kernel_addr:
.long decompress_kernel
kernel_start_addr:
diff --git a/arch/sh/boot/compressed/head_64.S b/arch/sh/boot/compressed/head_64.S
index 9993113..8b4d540 100644
--- a/arch/sh/boot/compressed/head_64.S
+++ b/arch/sh/boot/compressed/head_64.S
@@ -132,6 +132,10 @@ startup:
addi r22, 4, r22
bne r22, r23, tr1
+ movi datalabel __stack_chk_guard, r0
+ movi 0x000a0dff, r1
+ st.l r0, 0, r1
+
/*
* Decompress the kernel.
*/
diff --git a/arch/sh/boot/compressed/misc.c b/arch/sh/boot/compressed/misc.c
index 627ce8e..fe4c079 100644
--- a/arch/sh/boot/compressed/misc.c
+++ b/arch/sh/boot/compressed/misc.c
@@ -106,11 +106,6 @@ static void error(char *x)
unsigned long __stack_chk_guard;
-void __stack_chk_guard_setup(void)
-{
- __stack_chk_guard = 0x000a0dff;
-}
-
void __stack_chk_fail(void)
{
error("stack-protector: Kernel stack is corrupted\n");
@@ -130,8 +125,6 @@ void decompress_kernel(void)
{
unsigned long output_addr;
- __stack_chk_guard_setup();
-
#ifdef CONFIG_SUPERH64
output_addr = (CONFIG_MEMORY_START + 0x2000);
#else
--
2.7.0
On Fri, 16 Mar 2018 15:55:16 +0800 Huacai Chen <[email protected]> wrote:
> Call __stack_chk_guard_setup() in decompress_kernel() is too late that
> stack checking always fails for decompress_kernel() itself. So remove
> __stack_chk_guard_setup() and initialize __stack_chk_guard before we
> call decompress_kernel().
>
> Original code comes from ARM but also used for MIPS and SH, so fix them
> together. If without this fix, compressed booting of these archs will
> fail because stack checking is enabled by default (>=4.16).
>
> ...
>
> arch/arm/boot/compressed/head.S | 4 ++++
> arch/arm/boot/compressed/misc.c | 7 -------
> arch/mips/boot/compressed/decompress.c | 7 -------
> arch/mips/boot/compressed/head.S | 4 ++++
> arch/sh/boot/compressed/head_32.S | 8 ++++++++
> arch/sh/boot/compressed/head_64.S | 4 ++++
> arch/sh/boot/compressed/misc.c | 7 -------
> 7 files changed, 20 insertions(+), 21 deletions(-)
Perhaps this should be split into three patches and each one routed via
the appropriate arch tree maintainer (for sh, that might be me).
But we can do it this way if the arm and mips teams can send an ack,
please?
On Fri, Mar 16, 2018 at 03:13:37PM -0700, Andrew Morton wrote:
> On Fri, 16 Mar 2018 15:55:16 +0800 Huacai Chen <[email protected]> wrote:
>
> > Call __stack_chk_guard_setup() in decompress_kernel() is too late that
> > stack checking always fails for decompress_kernel() itself. So remove
> > __stack_chk_guard_setup() and initialize __stack_chk_guard before we
> > call decompress_kernel().
> >
> > Original code comes from ARM but also used for MIPS and SH, so fix them
> > together. If without this fix, compressed booting of these archs will
> > fail because stack checking is enabled by default (>=4.16).
> >
> > ...
> >
> > arch/arm/boot/compressed/head.S | 4 ++++
> > arch/arm/boot/compressed/misc.c | 7 -------
> > arch/mips/boot/compressed/decompress.c | 7 -------
> > arch/mips/boot/compressed/head.S | 4 ++++
> > arch/sh/boot/compressed/head_32.S | 8 ++++++++
> > arch/sh/boot/compressed/head_64.S | 4 ++++
> > arch/sh/boot/compressed/misc.c | 7 -------
> > 7 files changed, 20 insertions(+), 21 deletions(-)
>
> Perhaps this should be split into three patches and each one routed via
> the appropriate arch tree maintainer (for sh, that might be me).
Apologies for that. I'm trying to pick back up on things now, now that
I've got both some downtime from other things and funding for core sh
maintenance stuff. If you know any issues you'd especially like me to
put my attention on now, please let me know. I have a few patches
queued up from myself and others, but I believe there's a lot more I
haven't been able to get to for quite a while. I should have new SH
hardware to test on soon and in the meantime I've improved my qemu
setup.
One question I have about this specific patch is why any code is
needed at all. Why can't __stack_chk_guard just be moved to
initialized data, or left uninitialized, for the compressed kernel
image loader? Assuming it is needed, the code looks ok, but I question
the premise.
Rich
On Fri, Mar 16, 2018 at 03:55:16PM +0800, Huacai Chen wrote:
> diff --git a/arch/mips/boot/compressed/decompress.c b/arch/mips/boot/compressed/decompress.c
> index fdf99e9..5ba431c 100644
> --- a/arch/mips/boot/compressed/decompress.c
> +++ b/arch/mips/boot/compressed/decompress.c
> @@ -78,11 +78,6 @@ void error(char *x)
>
> unsigned long __stack_chk_guard;
...
> diff --git a/arch/mips/boot/compressed/head.S b/arch/mips/boot/compressed/head.S
> index 409cb48..00d0ee0 100644
> --- a/arch/mips/boot/compressed/head.S
> +++ b/arch/mips/boot/compressed/head.S
> @@ -32,6 +32,10 @@ start:
> bne a2, a0, 1b
> addiu a0, a0, 4
>
> + PTR_LA a0, __stack_chk_guard
> + PTR_LI a1, 0x000a0dff
> + sw a1, 0(a0)
Should that not be LONG_S? Otherwise big endian MIPS64 would get a
word-swapped canary (which is probably mostly harmless, but still).
Also I think it worth mentioning in the commit message the MIPS
configuration you hit this with, presumably a Loongson one? For me
decompress_kernel() gets a stack guard on loongson3_defconfig, but not
malta_defconfig or malta_defconfig + 64-bit. I presume its sensitive to
the compiler inlining stuff into decompress_kernel() or something such
that it suddenly qualifies for a stack guard.
Cheers
James
在 2018-03-22四的 22:21 +0000,James Hogan写道:
> On Fri, Mar 16, 2018 at 03:55:16PM +0800, Huacai Chen wrote:
> > diff --git a/arch/mips/boot/compressed/decompress.c
> > b/arch/mips/boot/compressed/decompress.c
> > index fdf99e9..5ba431c 100644
> > --- a/arch/mips/boot/compressed/decompress.c
> > +++ b/arch/mips/boot/compressed/decompress.c
> > @@ -78,11 +78,6 @@ void error(char *x)
> >
> > unsigned long __stack_chk_guard;
>
> ...
>
> > diff --git a/arch/mips/boot/compressed/head.S
> > b/arch/mips/boot/compressed/head.S
> > index 409cb48..00d0ee0 100644
> > --- a/arch/mips/boot/compressed/head.S
> > +++ b/arch/mips/boot/compressed/head.S
> > @@ -32,6 +32,10 @@ start:
> > bne a2, a0, 1b
> > addiu a0, a0, 4
> >
> > + PTR_LA a0, __stack_chk_guard
> > + PTR_LI a1, 0x000a0dff
> > + sw a1, 0(a0)
>
Hi James
Huacai Can't reply this mail. His [email protected] is blcoked by
Linux-MIPS mailing list while his Gmail didn't receive this email, so
I'm replying for him.
> Should that not be LONG_S? Otherwise big endian MIPS64 would get a
> word-swapped canary (which is probably mostly harmless, but still).
Yes, he said it's considerable.
>
> Also I think it worth mentioning in the commit message the MIPS
> configuration you hit this with, presumably a Loongson one? For me
> decompress_kernel() gets a stack guard on loongson3_defconfig, but
> not
> malta_defconfig or malta_defconfig + 64-bit. I presume its sensitive
> to
> the compiler inlining stuff into decompress_kernel() or something
> such
> that it suddenly qualifies for a stack guard.
Have you tested with CONFIG_CC_STACKPROTECTOR_STRONG=y ?
Huacai reproduced the issue by this[1] config with GCC 4.9.
[1] https://github.com/loongson-community/linux-stable/blob/rebase-4.14
/arch/mips/configs/loongson3_defconfig
>
> Cheers
> James
Hi Huacai,
On 2018-03-16 08:55, Huacai Chen wrote:
> Call __stack_chk_guard_setup() in decompress_kernel() is too late that
> stack checking always fails for decompress_kernel() itself. So remove
> __stack_chk_guard_setup() and initialize __stack_chk_guard before we
> call decompress_kernel().
>
> Original code comes from ARM but also used for MIPS and SH, so fix them
> together. If without this fix, compressed booting of these archs will
> fail because stack checking is enabled by default (>=4.16).
>
> V2: Fix build on ARM.
> V3: Fix build on SuperH.
>
> Cc: [email protected]
> Signed-off-by: Huacai Chen <[email protected]>
This patch breaks booting on ARM Exynos4210 based boards (tested with
next-20180323, exynos_defconfig, both Trats and Origen fails to boot).
That's a bit strange, because all other Exynos SoC works fine (I've
checked 3250, 4412, 5250, 5410 and 542x). I really have no idea what
is so specific inc case of Exynos4210, that causes this failure.
> ---
> arch/arm/boot/compressed/head.S | 4 ++++
> arch/arm/boot/compressed/misc.c | 7 -------
> arch/mips/boot/compressed/decompress.c | 7 -------
> arch/mips/boot/compressed/head.S | 4 ++++
> arch/sh/boot/compressed/head_32.S | 8 ++++++++
> arch/sh/boot/compressed/head_64.S | 4 ++++
> arch/sh/boot/compressed/misc.c | 7 -------
> 7 files changed, 20 insertions(+), 21 deletions(-)
>
> diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S
> index 45c8823..bae1fc6 100644
> --- a/arch/arm/boot/compressed/head.S
> +++ b/arch/arm/boot/compressed/head.S
> @@ -547,6 +547,10 @@ not_relocated: mov r0, #0
> bic r4, r4, #1
> blne cache_on
>
> + ldr r0, =__stack_chk_guard
> + ldr r1, =0x000a0dff
> + str r1, [r0]
> +
> /*
> * The C runtime environment should now be setup sufficiently.
> * Set up some pointers, and start decompressing.
> diff --git a/arch/arm/boot/compressed/misc.c b/arch/arm/boot/compressed/misc.c
> index 16a8a80..e518ef5 100644
> --- a/arch/arm/boot/compressed/misc.c
> +++ b/arch/arm/boot/compressed/misc.c
> @@ -130,11 +130,6 @@ asmlinkage void __div0(void)
>
> unsigned long __stack_chk_guard;
>
> -void __stack_chk_guard_setup(void)
> -{
> - __stack_chk_guard = 0x000a0dff;
> -}
> -
> void __stack_chk_fail(void)
> {
> error("stack-protector: Kernel stack is corrupted\n");
> @@ -150,8 +145,6 @@ decompress_kernel(unsigned long output_start, unsigned long free_mem_ptr_p,
> {
> int ret;
>
> - __stack_chk_guard_setup();
> -
> output_data = (unsigned char *)output_start;
> free_mem_ptr = free_mem_ptr_p;
> free_mem_end_ptr = free_mem_ptr_end_p;
> diff --git a/arch/mips/boot/compressed/decompress.c b/arch/mips/boot/compressed/decompress.c
> index fdf99e9..5ba431c 100644
> --- a/arch/mips/boot/compressed/decompress.c
> +++ b/arch/mips/boot/compressed/decompress.c
> @@ -78,11 +78,6 @@ void error(char *x)
>
> unsigned long __stack_chk_guard;
>
> -void __stack_chk_guard_setup(void)
> -{
> - __stack_chk_guard = 0x000a0dff;
> -}
> -
> void __stack_chk_fail(void)
> {
> error("stack-protector: Kernel stack is corrupted\n");
> @@ -92,8 +87,6 @@ void decompress_kernel(unsigned long boot_heap_start)
> {
> unsigned long zimage_start, zimage_size;
>
> - __stack_chk_guard_setup();
> -
> zimage_start = (unsigned long)(&__image_begin);
> zimage_size = (unsigned long)(&__image_end) -
> (unsigned long)(&__image_begin);
> diff --git a/arch/mips/boot/compressed/head.S b/arch/mips/boot/compressed/head.S
> index 409cb48..00d0ee0 100644
> --- a/arch/mips/boot/compressed/head.S
> +++ b/arch/mips/boot/compressed/head.S
> @@ -32,6 +32,10 @@ start:
> bne a2, a0, 1b
> addiu a0, a0, 4
>
> + PTR_LA a0, __stack_chk_guard
> + PTR_LI a1, 0x000a0dff
> + sw a1, 0(a0)
> +
> PTR_LA a0, (.heap) /* heap address */
> PTR_LA sp, (.stack + 8192) /* stack address */
>
> diff --git a/arch/sh/boot/compressed/head_32.S b/arch/sh/boot/compressed/head_32.S
> index 7bb1681..e84237d 100644
> --- a/arch/sh/boot/compressed/head_32.S
> +++ b/arch/sh/boot/compressed/head_32.S
> @@ -76,6 +76,10 @@ l1:
> mov.l init_stack_addr, r0
> mov.l @r0, r15
>
> + mov.l __stack_chk_guard_addr, r0
> + mov.l __stack_chk_guard_val, r1
> + mov.l r1, @r0
> +
> /* Decompress the kernel */
> mov.l decompress_kernel_addr, r0
> jsr @r0
> @@ -97,6 +101,10 @@ kexec_magic:
> .long 0x400000F0 /* magic used by kexec to parse zImage format */
> init_stack_addr:
> .long stack_start
> +__stack_chk_guard_val:
> + .long 0x000A0DFF
> +__stack_chk_guard_addr:
> + .long __stack_chk_guard
> decompress_kernel_addr:
> .long decompress_kernel
> kernel_start_addr:
> diff --git a/arch/sh/boot/compressed/head_64.S b/arch/sh/boot/compressed/head_64.S
> index 9993113..8b4d540 100644
> --- a/arch/sh/boot/compressed/head_64.S
> +++ b/arch/sh/boot/compressed/head_64.S
> @@ -132,6 +132,10 @@ startup:
> addi r22, 4, r22
> bne r22, r23, tr1
>
> + movi datalabel __stack_chk_guard, r0
> + movi 0x000a0dff, r1
> + st.l r0, 0, r1
> +
> /*
> * Decompress the kernel.
> */
> diff --git a/arch/sh/boot/compressed/misc.c b/arch/sh/boot/compressed/misc.c
> index 627ce8e..fe4c079 100644
> --- a/arch/sh/boot/compressed/misc.c
> +++ b/arch/sh/boot/compressed/misc.c
> @@ -106,11 +106,6 @@ static void error(char *x)
>
> unsigned long __stack_chk_guard;
>
> -void __stack_chk_guard_setup(void)
> -{
> - __stack_chk_guard = 0x000a0dff;
> -}
> -
> void __stack_chk_fail(void)
> {
> error("stack-protector: Kernel stack is corrupted\n");
> @@ -130,8 +125,6 @@ void decompress_kernel(void)
> {
> unsigned long output_addr;
>
> - __stack_chk_guard_setup();
> -
> #ifdef CONFIG_SUPERH64
> output_addr = (CONFIG_MEMORY_START + 0x2000);
> #else
Best regards
--
Marek Szyprowski, PhD
Samsung R&D Institute Poland
On Fri, Mar 23, 2018 at 11:50:55AM +0800, Jiaxun Yang wrote:
> 在 2018-03-22四的 22:21 +0000,James Hogan写道:
> > Also I think it worth mentioning in the commit message the MIPS
> > configuration you hit this with, presumably a Loongson one? For me
> > decompress_kernel() gets a stack guard on loongson3_defconfig, but
> > not
> > malta_defconfig or malta_defconfig + 64-bit. I presume its sensitive
> > to
> > the compiler inlining stuff into decompress_kernel() or something
> > such
> > that it suddenly qualifies for a stack guard.
>
> Have you tested with CONFIG_CC_STACKPROTECTOR_STRONG=y ?
Yes. for malta_defconfig I could only reproduce by adding an array to
decompress_kernel() so that it would get the guard.
Cheers
James