Received: by 10.213.65.68 with SMTP id h4csp641840imn; Wed, 28 Mar 2018 10:01:51 -0700 (PDT) X-Google-Smtp-Source: AIpwx4+jGowdNWpX9z6AQasP3S/MtqGw5+re2iedxvOYpUiCMoifX8uCM77jyxvLG6oyne7gpMCh X-Received: by 10.101.101.66 with SMTP id a2mr3148867pgw.223.1522256511132; Wed, 28 Mar 2018 10:01:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522256511; cv=none; d=google.com; s=arc-20160816; b=PuC0aRwgeVxGXaBzhgOXuV/pu48nvCysq7JvbcFpRirGMsJrhBTfDr0ikdJSd0Te5n 13SCrnMabzIEv7curvSpO7Eu2+WAUX2CfDMZnAvOL0rpBoZpZj0bP8IwcKJ3uWeLxIdM CzChNSXu83SWYkKErG67mKkO4zXwOXihEow+EpTrlpOSAS2EsAH3qgirVnolWTY7Rrj+ uxIZYLWT6ZlrUlW1G1UUY+CGg7Q3BoE137juZgxHAltwoENpHeWx12IuPerQNhY+YgK8 g7Hu4hqgvaMgm/JVluEMd3k4AcgUx4ajSsSqYJh4o336cENKggST+ew2+8Wl7aOpz4QQ ehDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=CPdPM3LwLxcdA+gSh17Fed0Qb7oAnHOLZ9fJvXCe/YY=; b=Dc4Cc8Fy1NeVfLPvR/Ctbk2yIShN3XFl7ibY5Lq2XAXmUjGJt+lLH+Yf++0wqdHyzE WNVV5WN0CNEIycr19LgAJaDxqIKys0XHTDWZyZX7Cxboh+tw/196aGYBViI+xs0VpTXH BZPGDxpdEFDtHQjrLNzUk4nOtAoTKO5vs2idICAFGnC0BOB1Iqu7MPbHrUi2TXVrR1c7 OjBqwr9knh59v6O9zbDxaMzcNytCbKnzUjb00JZvvA91EkDSxWrF7YnISUwkN8co9ZS0 Qh5La5dTDAGuSosXk+29hlB77FwfGJWX9DARGtGHXI5ktk9UFgPka+6Csbhb1gfOEHFg uhTA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=iGsYH/qg; dkim=fail header.i=@chromium.org header.s=google header.b=gr6pMACa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p2si2696033pgv.741.2018.03.28.10.01.32; Wed, 28 Mar 2018 10:01:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=iGsYH/qg; dkim=fail header.i=@chromium.org header.s=google header.b=gr6pMACa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753045AbeC1RAJ (ORCPT + 99 others); Wed, 28 Mar 2018 13:00:09 -0400 Received: from mail-ua0-f195.google.com ([209.85.217.195]:36819 "EHLO mail-ua0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752237AbeC1RAH (ORCPT ); Wed, 28 Mar 2018 13:00:07 -0400 Received: by mail-ua0-f195.google.com with SMTP id v4so1490699uaj.3 for ; Wed, 28 Mar 2018 10:00:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=CPdPM3LwLxcdA+gSh17Fed0Qb7oAnHOLZ9fJvXCe/YY=; b=iGsYH/qg0H4ZE93CQ7r+xXTNjD3kQAveDf3rG49Hqdr/QBD0BoNjitatoQoV+XPiQO J03A+M+v4bjDwZHL5jf3Z89ZBLhgVdmy12nFcKzCNUYS5KV8F0CiYTnrRdkJy1O42QjL O6NOwrgfhU+33jGGsLJi8KXCdN6ldCzp/nNpfHFtzsEuY5LrTYgTVuAWGqz7Rnzk8Jtt O9u5LxWlzE4iProzXsnYyJj+NzWxLmX41TSp7bcVcbHpjAqEdha/98Mz2Ia3DdRvpi30 vfITiQ5QSMNFCM6sVDxI7P5EmHt4chR+2BitxJywaySy23+OVwvE94a6Gsc9L8ubRjVQ D+PA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=CPdPM3LwLxcdA+gSh17Fed0Qb7oAnHOLZ9fJvXCe/YY=; b=gr6pMACaog9X5YbibZrtdUB8wer2dCXFuMFdqBJMOdwuMI7z8L766IRMZZGLcf0m4+ OcNS9/VVwL2LvKxpN6w3CZWdDdCm9RdJzeHSfq0BMAtayaV7jPop8UW4VjPMPX436E0j +yJAh1HTq9WKBqqW+YqrfNNjPAMFBiT26tjzA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=CPdPM3LwLxcdA+gSh17Fed0Qb7oAnHOLZ9fJvXCe/YY=; b=WwPSugwIxeXI/3FbSYH3U/ntCgb6Vnk7upYskA0eQyoA5oHajuc8TyO6JyBIzZrNu/ /TlajKEeyPC5AiFvyHVXR65AAhtFKmL0agO1YmGLrxkhoAih+oC66TikA9DN348xhD/r LT0klesQPx5GL94rqAIbhdAwN97JVeB1jNfA6HfchKP7duzW1+xD08co72Tv/pYuN1/+ NjIP/Rk77mxYCpM3QPL3RVaSQEAlF7hIq1lwOjkpQIt22HfUz6qcxu7BTHuYI+RWpgDA HDw4WpUkv/H+J22EtOSt3nH1AnQkOOtDoO2znVHoNhPnQ+6QLIchL8L6JDHaGbtucguN 6YAA== X-Gm-Message-State: AElRT7GzNs9K4+CmQj8mrIRa4GzphswR1o2N8sWZOhbp1P1HjGWpO/t/ 1uuDbTJwf1jm3Akv4Wvk3sNPpv/OxKj73afne8erTA== X-Received: by 10.176.14.3 with SMTP id g3mr3021461uak.83.1522256406114; Wed, 28 Mar 2018 10:00:06 -0700 (PDT) MIME-Version: 1.0 Received: by 10.31.129.9 with HTTP; Wed, 28 Mar 2018 10:00:05 -0700 (PDT) In-Reply-To: <20180328152115.GB1991@saruman> References: <1522226933-29317-1-git-send-email-chenhc@lemote.com> <20180328152115.GB1991@saruman> From: Kees Cook Date: Wed, 28 Mar 2018 10:00:05 -0700 X-Google-Sender-Auth: CiAUwqRpYRkqCJ4B_OZoSVGmCAU Message-ID: Subject: Re: [PATCH V4 Resend] ZBOOT: fix stack protector in compressed boot phase To: James Hogan Cc: Huacai Chen , Andrew Morton , Linux-MM , LKML , Ralf Baechle , Linux MIPS Mailing List , Russell King , linux-arm-kernel , Yoshinori Sato , Rich Felker , linux-sh , "# 3.4.x" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 28, 2018 at 8:21 AM, James Hogan wrote: > On Wed, Mar 28, 2018 at 04:48:53PM +0800, Huacai Chen wrote: >> diff --git a/arch/mips/boot/compressed/decompress.c b/arch/mips/boot/compressed/decompress.c >> index fdf99e9..81df904 100644 >> --- a/arch/mips/boot/compressed/decompress.c >> +++ b/arch/mips/boot/compressed/decompress.c >> @@ -76,12 +76,7 @@ void error(char *x) >> #include "../../../../lib/decompress_unxz.c" >> #endif >> >> -unsigned long __stack_chk_guard; >> - >> -void __stack_chk_guard_setup(void) >> -{ >> - __stack_chk_guard = 0x000a0dff; >> -} >> +const unsigned long __stack_chk_guard = 0x000a0dff; >> >> void __stack_chk_fail(void) >> { >> @@ -92,8 +87,6 @@ void decompress_kernel(unsigned long boot_heap_start) >> { >> unsigned long zimage_start, zimage_size; >> >> - __stack_chk_guard_setup(); >> - >> zimage_start = (unsigned long)(&__image_begin); >> zimage_size = (unsigned long)(&__image_end) - >> (unsigned long)(&__image_begin); > > This looks good to me, though I've Cc'd Kees as apparently the original > author from commit 8779657d29c0 ("stackprotector: Introduce I wonder what changed in the compiler -- I regularly boot stack-protected ARM images. Regardless, this is fine. :) > CONFIG_CC_STACKPROTECTOR_STRONG") in case there was a particular reason > this wasn't done in the first place. I think I was copying from other places? It's been long enough that I don't remember, actually. :) > Acked-by: James Hogan Acked-by: Kees Cook > (Happy to apply with acks from Kees and ARM, SH maintainers if nobody > else does). That'd be fine by me, FWIW. Thanks! -Kees -- Kees Cook Pixel Security