lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87cze3docs.fsf@mpe.ellerman.id.au>
Date:   Mon, 18 Jul 2022 14:41:23 +1000
From:   Michael Ellerman <mpe@...erman.id.au>
To:     Sudip Mukherjee <sudipm.mukherjee@...il.com>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Paul Mackerras <paulus@...ba.org>,
        Kees Cook <keescook@...omium.org>
Cc:     linuxppc-dev@...ts.ozlabs.org,
        linux-kernel <linux-kernel@...r.kernel.org>,
        linux-hardening@...r.kernel.org,
        Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: mainline build failure of powerpc allmodconfig for prom_init_check

Sudip Mukherjee <sudipm.mukherjee@...il.com> writes:
> On Thu, Jul 14, 2022 at 9:55 AM Sudip Mukherjee (Codethink)
> <sudipm.mukherjee@...il.com> wrote:
>>
>> Hi All,
>>
>> Not sure if it has been reported before but the latest mainline kernel
>> branch fails to build for powerpc allmodconfig with gcc-12 and the error is:
>>
>> Error: External symbol 'memset' referenced from prom_init.c
>> make[2]: *** [arch/powerpc/kernel/Makefile:204: arch/powerpc/kernel/prom_init_check] Error 1
>
> I was trying to check it. With gcc-11 the assembly code generated is
> not using memset, but using __memset.
> But with gcc-12, I can see the assembly code is using memset. One
> example from the assembly:
>
> call_prom:
>         .quad   .call_prom,.TOC.@...base,0
>         .previous
>         .size   call_prom,24
>         .type   .call_prom,@function
> .call_prom:
>         mflr 0           #,
>         std 29,-24(1)    #,
>         std 30,-16(1)    #,
>         std 31,-8(1)     #,
>         mr 29,3          # tmp166, service
>         mr 31,4          # nargs, tmp167
>         mr 30,5          # tmp168, nret
>  # arch/powerpc/kernel/prom_init.c:396:         struct prom_args args;
>         li 4,254                 #,

Here we load 254 into r4, which is the 2nd parameter to memset (c).

>         li 5,52          #,

This is r5, the 3rd parameter (n), ie. the size of the structure.

That tells us we're memsetting the entire structure, ie. the 10 x 4
bytes of args.args plus 3 x 4 bytes for the other members.

>  # arch/powerpc/kernel/prom_init.c:394: {
>         std 0,16(1)      #,
>         stdu 1,-208(1)   #,,
>  # arch/powerpc/kernel/prom_init.c:396:         struct prom_args args;
>         addi 3,1,112     # tmp174,,

Here we load (calculate) the address of "args" into r3, the first
parameter to memset.

>  # arch/powerpc/kernel/prom_init.c:394: {
>         std 9,304(1)     #,
>         std 10,312(1)    #,
>         std 6,280(1)     #,
>         std 7,288(1)     #,
>         std 8,296(1)     #,
>  # arch/powerpc/kernel/prom_init.c:396:         struct prom_args args;
>         bl .memset       #

So we're memsetting all of args to 254, not zero.

That's happening because allmodconfig with gcc 12 enables
CONFIG_INIT_STACK_ALL_PATTERN, whereas gcc 11 doesn't.

I think the simplest fix in the short term is to just disable stack
initialisation for prom_init.c. It only runs at boot so there's no real
security impact to disabling it.

cheers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ