lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Tue, 13 Feb 2018 15:33:24 -0800
From:   Kees Cook <keescook@...omium.org>
To:     whiteheadm@....org
Cc:     Tejun Heo <tj@...nel.org>, jeremy@...source.com,
        Rusty Russell <rusty@...tcorp.com.au>,
        Ingo Molnar <mingo@...e.hu>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: x86/stack protector: X86_32_LAZY_GS=n hangs kernel on old processors

On Tue, Feb 13, 2018 at 3:14 PM, tedheadster <tedheadster@...il.com> wrote:
> Kees,
>   I am running the 4.16-rc1 release. My arch/x86/Kconfig has this logic:
>
> config X86_32_LAZY_GS
>         def_bool y
>         depends on X86_32 && CC_STACKPROTECTOR_NONE
>
> I get a hang on i486 when I choose any of these configuration options:
>
> CONFIG_CC_STACKPROTECTOR_AUTO=y
> CONFIG_CC_STACKPROTECTOR_REGULAR=y
> CONFIG_CC_STACKPROTECTOR_STRONG=y
>
> Also, CONFIG_X86_32_LAZY_GS does not appear in any of these config
> files, not even as "# CONFIG_X86_32_LAZY_GS is not set", which I
> thought was strange.

I think that's normal because it's forced to be unselectedable due to
CC_STACKPROTECTOR_NONE not being set.

> The only configuration that works on i486 is:
>
> CONFIG_CC_STACKPROTECTOR_NONE=y
> CONFIG_X86_32_LAZY_GS=y
>
> Now it gets interesting. All four of these configurations boots
> successfully when compiled for, and run on, a Pentium 4 M
> (CONFIG_PENTIUM4). So it certainly is related to what version of the
> processor you use.
>
> I will continue to try other configuration combinations and report back.

Okay, that's pretty weird. And does 4.15 boot with either of:

CONFIG_CC_STACKPROTECTOR_REGULAR=y
CONFIG_CC_STACKPROTECTOR_STRONG=y

Because if so, I'm very confused. If it does _not_ boot, then I can
chalk this up to an untested CPU/compiler combo and disable _AUTO on
X86_32, as there appears to be a pre-existing conflict there. (I doubt
it will turn out to be that easy... it never is.)

FWIW, the core change is 2bc2f688fdf8808de4f36be563ccdb0bde7c0c54
(though the next two commits build on it and introduce _AUTO).

-Kees

-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ