| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Jul 2022 14:41:23 +1000
From: Michael Ellerman <mpe@...erman.id.au>
To: Sudip Mukherjee <sudipm.mukherjee@...il.com>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Paul Mackerras <paulus@...ba.org>,
Kees Cook <keescook@...omium.org>
Cc: linuxppc-dev@...ts.ozlabs.org,
linux-kernel <linux-kernel@...r.kernel.org>,
linux-hardening@...r.kernel.org,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: mainline build failure of powerpc allmodconfig for prom_init_check
Sudip Mukherjee <sudipm.mukherjee@...il.com> writes:
> On Thu, Jul 14, 2022 at 9:55 AM Sudip Mukherjee (Codethink)
> <sudipm.mukherjee@...il.com> wrote:
>>
>> Hi All,
>>
>> Not sure if it has been reported before but the latest mainline kernel
>> branch fails to build for powerpc allmodconfig with gcc-12 and the error is:
>>
>> Error: External symbol 'memset' referenced from prom_init.c
>> make[2]: *** [arch/powerpc/kernel/Makefile:204: arch/powerpc/kernel/prom_init_check] Error 1
>
> I was trying to check it. With gcc-11 the assembly code generated is
> not using memset, but using __memset.
> But with gcc-12, I can see the assembly code is using memset. One
> example from the assembly:
>
> call_prom:
> .quad .call_prom,.TOC.@...base,0
> .previous
> .size call_prom,24
> .type .call_prom,@function
> .call_prom:
> mflr 0 #,
> std 29,-24(1) #,
> std 30,-16(1) #,
> std 31,-8(1) #,
> mr 29,3 # tmp166, service
> mr 31,4 # nargs, tmp167
> mr 30,5 # tmp168, nret
> # arch/powerpc/kernel/prom_init.c:396: struct prom_args args;
> li 4,254 #,
Here we load 254 into r4, which is the 2nd parameter to memset (c).
> li 5,52 #,
This is r5, the 3rd parameter (n), ie. the size of the structure.
That tells us we're memsetting the entire structure, ie. the 10 x 4
bytes of args.args plus 3 x 4 bytes for the other members.
> # arch/powerpc/kernel/prom_init.c:394: {
> std 0,16(1) #,
> stdu 1,-208(1) #,,
> # arch/powerpc/kernel/prom_init.c:396: struct prom_args args;
> addi 3,1,112 # tmp174,,
Here we load (calculate) the address of "args" into r3, the first
parameter to memset.
> # arch/powerpc/kernel/prom_init.c:394: {
> std 9,304(1) #,
> std 10,312(1) #,
> std 6,280(1) #,
> std 7,288(1) #,
> std 8,296(1) #,
> # arch/powerpc/kernel/prom_init.c:396: struct prom_args args;
> bl .memset #
So we're memsetting all of args to 254, not zero.
That's happening because allmodconfig with gcc 12 enables
CONFIG_INIT_STACK_ALL_PATTERN, whereas gcc 11 doesn't.
I think the simplest fix in the short term is to just disable stack
initialisation for prom_init.c. It only runs at boot so there's no real
security impact to disabling it.
cheers
Powered by blists - more mailing lists