Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp1947807pxp; Mon, 7 Mar 2022 05:42:22 -0800 (PST) X-Google-Smtp-Source: ABdhPJy1P9KQV37XyjtXTDRPoR7GiizGDw892YZGTF5/HyxKkOsrddoERfuBzTT0nfFkDg9QLwqp X-Received: by 2002:a63:8643:0:b0:37c:9aff:13bf with SMTP id x64-20020a638643000000b0037c9aff13bfmr9803946pgd.392.1646660542630; Mon, 07 Mar 2022 05:42:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646660542; cv=none; d=google.com; s=arc-20160816; b=u8PpC4CycqxI7WhtbYrtZcfsBfi78056ABdGvqaXQok+tOCSv2xUYIbo6BZahZY9dq bFTvwGVlNPNKsyx/GCkYE0C2xURmD4JrkHYYrxi7D3sDjP2bOnLmlaKJrLeh1hj04Zdj 9m9RUVRhW9v0UAEflt2wu04Gh7Ij9jrc5FyC4t6q+VOXvvPQKWOPgjn2WrT1iFir5HsW vGcifEfrNGfjT7N2Ns1oD9c1n4e7xCZfocu5ClFMRHY1liWG+fPOhFdyN/KomJe01i7T sIQ6l2qdSIMjJSM8i9Hie2sKINioE0OkHWlOgu/Ryd4+6ACNZAllwlJhth66l8VU3J1O HTwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=htak6aOLm+13L3LF4AqGqpC+1rQtQOI98ox80FF7MBs=; b=YX86tufrNkE30NtG9cNGu/UOUu2y2DJhwd4dWAFT7uZRrte1m+0JIiGBKgXcxqjS5n PaJPeTse9hP+u7DCIhEd/EFIUkfFp9Hnl/kz3BoloSRAqt7ICgZFSeP0cGjC2CpWiygE asOBUl+dRR0HFrkB+3qs7q2aZWL6gdWYQXtW/QC81tOw19NTaFkolmtEfULSIS+PxRyF IieoM5J3hunOJsRGBE+zlCqpwyc+ViJlQdCM9aS1bWzh2Buckrdbxj32zlWUODXfo3qK IP63LljBSZwj4161D/5hkPgQ14lLc8NC9aEevElkHiAfGn5B2cqk2+cpmM2sMfkvIuDY njuw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n3-20020a17090a928300b001bd14e01f7esi6999911pjo.108.2022.03.07.05.42.04; Mon, 07 Mar 2022 05:42:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242253AbiCGM0m (ORCPT + 99 others); Mon, 7 Mar 2022 07:26:42 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33910 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242181AbiCGM0U (ORCPT ); Mon, 7 Mar 2022 07:26:20 -0500 Received: from elvis.franken.de (elvis.franken.de [193.175.24.41]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 3FE988092E; Mon, 7 Mar 2022 04:25:26 -0800 (PST) Received: from uucp (helo=alpha) by elvis.franken.de with local-bsmtp (Exim 3.36 #1) id 1nRCQS-00072o-00; Mon, 07 Mar 2022 13:25:20 +0100 Received: by alpha.franken.de (Postfix, from userid 1000) id 3DF34C122A; Mon, 7 Mar 2022 13:20:04 +0100 (CET) Date: Mon, 7 Mar 2022 13:20:04 +0100 From: Thomas Bogendoerfer To: Alexander Lobakin Cc: "Eric W. Biederman" , Mike Rapoport , Davidlohr Bueso , Florian Fainelli , Liam Howlett , Ralf Baechle , Atsushi Nemoto , linux-mips@vger.kernel.org, stable@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH mips-fixes] MIPS: fix fortify panic when copying asm exception handlers Message-ID: <20220307122004.GA14422@alpha.franken.de> References: <20220223012338.262041-1-alobakin@pm.me> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220223012338.262041-1-alobakin@pm.me> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, SPF_NONE,T_SCC_BODY_TEXT_LINE,T_SPF_HELO_PERMERROR autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 23, 2022 at 01:30:23AM +0000, Alexander Lobakin wrote: > With KCFLAGS="-O3", I was able to trigger a fortify-source > memcpy() overflow panic on set_vi_srs_handler(). > Although O3 level is not supported in the mainline, under some > conditions that may've happened with any optimization settings, > it's just a matter of inlining luck. The panic itself is correct, > more precisely, 50/50 false-positive and not at the same time. > >From the one side, no real overflow happens. Exception handler > defined in asm just gets copied to some reserved places in the > memory. > But the reason behind is that C code refers to that exception > handler declares it as `char`, i.e. something of 1 byte length. > It's obvious that the asm function itself is way more than 1 byte, > so fortify logics thought we are going to past the symbol declared. > The standard way to refer to asm symbols from C code which is not > supposed to be called from C is to declare them as > `extern const u8[]`. This is fully correct from any point of view, > as any code itself is just a bunch of bytes (including 0 as it is > for syms like _stext/_etext/etc.), and the exact size is not known > at the moment of compilation. > Adjust the type of the except_vec_vi_*() and related variables. > Make set_handler() take `const` as a second argument to avoid > cast-away warnings and give a little more room for optimization. > > Fixes: e01402b115cc ("More AP / SP bits for the 34K, the Malta bits and things. Still wants") > Fixes: c65a5480ff29 ("[MIPS] Fix potential latency problem due to non-atomic cpu_wait.") > Cc: stable@vger.kernel.org # 3.10+ > Signed-off-by: Alexander Lobakin > --- > arch/mips/include/asm/setup.h | 2 +- > arch/mips/kernel/traps.c | 22 +++++++++++----------- > 2 files changed, 12 insertions(+), 12 deletions(-) applied to mips-next. Thomas. -- Crap can work. Given enough thrust pigs will fly, but it's not necessarily a good idea. [ RFC1925, 2.3 ]