Received: by 10.213.65.68 with SMTP id h4csp839794imn; Wed, 14 Mar 2018 01:23:04 -0700 (PDT) X-Google-Smtp-Source: AG47ELt/to5nIR5HpEJR0xRP7Ybs6SUisrI2HhhHREt/mqaTO0tmLBD46vK6bgyQp/7C1GnWugI3 X-Received: by 10.98.134.10 with SMTP id x10mr3482742pfd.78.1521015784714; Wed, 14 Mar 2018 01:23:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521015784; cv=none; d=google.com; s=arc-20160816; b=ZaiyJ+qgZYMlDB5lIfJUNVsygR6iR112rDiWYwuRMZQow0HNAFzx7OBgZH+aHtxsM3 BjgX0XSZbc44FlNjbYws7jZK6mdodDAwaP9gTWmE/Kv5xgmLYTMSAw2KGpM9352hTJlK 7zPBRGXXugI0/WZyI6bk2ZPfgRBt+9nyLoLisxlwMfcz5wiqknPWKvE8cahSEgNcL8Dz pG04Rftp8ijnuIUzFVuV9vcjGSD5uDjPc7j7Qguhi9xURFSP7ZC8IaJ2RDMu05QjRDuA l68GitWDo+xtY3D2vwRQWhY6B4TwlgBMm+dKwSLc3IefVTTA3o9CLnAktmjQe7FPyZO9 OcIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:subject:cc:to:from:message-id:date :arc-authentication-results; bh=yVNq48kkyDRdTZoeowkBCzqLCUqAXP34ErLOI5mNpXU=; b=eIH1bpxPxMtC3eAkqn920BevHCxARuIdAIwCscF7P7tVJkTVSqYXii25a5cWKnort/ 0lRnJh2FWjXASAOXsBmurM9X90Yi6dd58fqi0XoyQBS31jznQ/00JM65fQM3pZNlB7bK SbosxBJg1U5cpkxeHFOBtpL2s+4r1QNrUELhiiFsykQqi8ClWRaRuFgOu6WnfPc9a0d9 p9xf6Z06xpUAHcW5YKh9vxweyrVwNJnAjmTt7t60wb9SfT/Rpay7EIN3ZIDD18F04gpx 5SGYeLVXT9EB7I237N0Itkj0melZObD078rEdTVA6diPFyZFYzd5mzKxxXvojnPwFUJ9 /iCw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c15si1482157pgn.25.2018.03.14.01.22.50; Wed, 14 Mar 2018 01:23:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753682AbeCNIU3 (ORCPT + 99 others); Wed, 14 Mar 2018 04:20:29 -0400 Received: from mail01.asahi-net.or.jp ([202.224.55.13]:48346 "EHLO mail01.asahi-net.or.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752949AbeCNIUW (ORCPT ); Wed, 14 Mar 2018 04:20:22 -0400 X-Greylist: delayed 575 seconds by postgrey-1.27 at vger.kernel.org; Wed, 14 Mar 2018 04:20:22 EDT Received: from h61-195-96-97.vps.ablenet.jp (h61-195-96-97.vps.ablenet.jp [61.195.96.97]) (Authenticated sender: PQ4Y-STU) by mail01.asahi-net.or.jp (Postfix) with ESMTPA id 9304D550EE; Wed, 14 Mar 2018 17:10:41 +0900 (JST) Received: from yo-satoh-debian.labs.sios.com (y243143.dynamic.ppp.asahi-net.or.jp [118.243.243.143]) by h61-195-96-97.vps.ablenet.jp (Postfix) with ESMTPSA id D8B9724006D; Wed, 14 Mar 2018 17:10:40 +0900 (JST) Date: Wed, 14 Mar 2018 17:10:40 +0900 Message-ID: <87po47axhb.wl-ysato@users.sourceforge.jp> From: Yoshinori Sato To: Huacai Chen Cc: Andrew Morton , linux-mm@kvack.org, LKML , Ralf Baechle , James Hogan , Linux MIPS Mailing List , Russell King , linux-arm-kernel@lists.infradead.org, Rich Felker , linux-sh@vger.kernel.org, stable Subject: Re: [PATCH V2] ZBOOT: fix stack protector in compressed boot phase In-Reply-To: References: <1520820258-19225-1-git-send-email-chenhc@lemote.com> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 13 Mar 2018 17:55:53 +0900, Huacai Chen wrote: > > Hi, Yoshinori, Rich and SuperH developers, > > I'm not familiar with SuperH assembly, but SuperH has the same bug > obviously. Could you please fix that? > > Huacai > Sorry. Previous mail bounced. It resend. OK. Apply this fix. SuperH can not handle long int directly. diff --git a/arch/sh/boot/compressed/head_32.S b/arch/sh/boot/compressed/head_32.S index a3fdb053f351..7411fcb5764a 100644 --- a/arch/sh/boot/compressed/head_32.S +++ b/arch/sh/boot/compressed/head_32.S @@ -76,8 +76,8 @@ l1: mov.l init_stack_addr, r0 mov.l @r0, r15 - mov.l __stack_chk_guard, r0 - mov #0x000a0dff, r1 + mov.l __stack_chk_guard_ptr, r0 + mov.l __stack_chk_val, r1 mov.l r1, @r0 /* Decompress the kernel */ @@ -109,6 +109,10 @@ kernel_start_addr: #else .long _text+PAGE_SIZE #endif +__stack_chk_guard_ptr: + .long __stack_chk_guard +__stack_chk_val: + .long 0x000a0dff .align 9 fake_headers_as_bzImage: > On Mon, Mar 12, 2018 at 10:04 AM, Huacai Chen wrote: > > Call __stack_chk_guard_setup() in decompress_kernel() is too late that > > stack checking always fails for decompress_kernel() itself. So remove > > __stack_chk_guard_setup() and initialize __stack_chk_guard before we > > call decompress_kernel(). > > > > Original code comes from ARM but also used for MIPS and SH, so fix them > > together. If without this fix, compressed booting of these archs will > > fail because stack checking is enabled by default (>=4.16). > > > > V2: Fix build on ARM. > > > > Cc: stable@vger.kernel.org > > Signed-off-by: Huacai Chen > > --- > > arch/arm/boot/compressed/head.S | 4 ++++ > > arch/arm/boot/compressed/misc.c | 7 ------- > > arch/mips/boot/compressed/decompress.c | 7 ------- > > arch/mips/boot/compressed/head.S | 4 ++++ > > arch/sh/boot/compressed/head_32.S | 4 ++++ > > arch/sh/boot/compressed/head_64.S | 4 ++++ > > arch/sh/boot/compressed/misc.c | 7 ------- > > 7 files changed, 16 insertions(+), 21 deletions(-) > > > > diff --git a/arch/arm/boot/compressed/head.S b/arch/arm/boot/compressed/head.S > > index 45c8823..bae1fc6 100644 > > --- a/arch/arm/boot/compressed/head.S > > +++ b/arch/arm/boot/compressed/head.S > > @@ -547,6 +547,10 @@ not_relocated: mov r0, #0 > > bic r4, r4, #1 > > blne cache_on > > > > + ldr r0, =__stack_chk_guard > > + ldr r1, =0x000a0dff > > + str r1, [r0] > > + > > /* > > * The C runtime environment should now be setup sufficiently. > > * Set up some pointers, and start decompressing. > > diff --git a/arch/arm/boot/compressed/misc.c b/arch/arm/boot/compressed/misc.c > > index 16a8a80..e518ef5 100644 > > --- a/arch/arm/boot/compressed/misc.c > > +++ b/arch/arm/boot/compressed/misc.c > > @@ -130,11 +130,6 @@ asmlinkage void __div0(void) > > > > unsigned long __stack_chk_guard; > > > > -void __stack_chk_guard_setup(void) > > -{ > > - __stack_chk_guard = 0x000a0dff; > > -} > > - > > void __stack_chk_fail(void) > > { > > error("stack-protector: Kernel stack is corrupted\n"); > > @@ -150,8 +145,6 @@ decompress_kernel(unsigned long output_start, unsigned long free_mem_ptr_p, > > { > > int ret; > > > > - __stack_chk_guard_setup(); > > - > > output_data = (unsigned char *)output_start; > > free_mem_ptr = free_mem_ptr_p; > > free_mem_end_ptr = free_mem_ptr_end_p; > > diff --git a/arch/mips/boot/compressed/decompress.c b/arch/mips/boot/compressed/decompress.c > > index fdf99e9..5ba431c 100644 > > --- a/arch/mips/boot/compressed/decompress.c > > +++ b/arch/mips/boot/compressed/decompress.c > > @@ -78,11 +78,6 @@ void error(char *x) > > > > unsigned long __stack_chk_guard; > > > > -void __stack_chk_guard_setup(void) > > -{ > > - __stack_chk_guard = 0x000a0dff; > > -} > > - > > void __stack_chk_fail(void) > > { > > error("stack-protector: Kernel stack is corrupted\n"); > > @@ -92,8 +87,6 @@ void decompress_kernel(unsigned long boot_heap_start) > > { > > unsigned long zimage_start, zimage_size; > > > > - __stack_chk_guard_setup(); > > - > > zimage_start = (unsigned long)(&__image_begin); > > zimage_size = (unsigned long)(&__image_end) - > > (unsigned long)(&__image_begin); > > diff --git a/arch/mips/boot/compressed/head.S b/arch/mips/boot/compressed/head.S > > index 409cb48..00d0ee0 100644 > > --- a/arch/mips/boot/compressed/head.S > > +++ b/arch/mips/boot/compressed/head.S > > @@ -32,6 +32,10 @@ start: > > bne a2, a0, 1b > > addiu a0, a0, 4 > > > > + PTR_LA a0, __stack_chk_guard > > + PTR_LI a1, 0x000a0dff > > + sw a1, 0(a0) > > + > > PTR_LA a0, (.heap) /* heap address */ > > PTR_LA sp, (.stack + 8192) /* stack address */ > > > > diff --git a/arch/sh/boot/compressed/head_32.S b/arch/sh/boot/compressed/head_32.S > > index 7bb1681..a3fdb05 100644 > > --- a/arch/sh/boot/compressed/head_32.S > > +++ b/arch/sh/boot/compressed/head_32.S > > @@ -76,6 +76,10 @@ l1: > > mov.l init_stack_addr, r0 > > mov.l @r0, r15 > > > > + mov.l __stack_chk_guard, r0 > > + mov #0x000a0dff, r1 > > + mov.l r1, @r0 > > + > > /* Decompress the kernel */ > > mov.l decompress_kernel_addr, r0 > > jsr @r0 > > diff --git a/arch/sh/boot/compressed/head_64.S b/arch/sh/boot/compressed/head_64.S > > index 9993113..8b4d540 100644 > > --- a/arch/sh/boot/compressed/head_64.S > > +++ b/arch/sh/boot/compressed/head_64.S > > @@ -132,6 +132,10 @@ startup: > > addi r22, 4, r22 > > bne r22, r23, tr1 > > > > + movi datalabel __stack_chk_guard, r0 > > + movi 0x000a0dff, r1 > > + st.l r0, 0, r1 > > + > > /* > > * Decompress the kernel. > > */ > > diff --git a/arch/sh/boot/compressed/misc.c b/arch/sh/boot/compressed/misc.c > > index 627ce8e..fe4c079 100644 > > --- a/arch/sh/boot/compressed/misc.c > > +++ b/arch/sh/boot/compressed/misc.c > > @@ -106,11 +106,6 @@ static void error(char *x) > > > > unsigned long __stack_chk_guard; > > > > -void __stack_chk_guard_setup(void) > > -{ > > - __stack_chk_guard = 0x000a0dff; > > -} > > - > > void __stack_chk_fail(void) > > { > > error("stack-protector: Kernel stack is corrupted\n"); > > @@ -130,8 +125,6 @@ void decompress_kernel(void) > > { > > unsigned long output_addr; > > > > - __stack_chk_guard_setup(); > > - > > #ifdef CONFIG_SUPERH64 > > output_addr = (CONFIG_MEMORY_START + 0x2000); > > #else > > -- > > 2.7.0 > > -- Yoshinori Sato