lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.LRH.2.00.1712301404570.1449@gjva.wvxbf.pm>
Date:   Sat, 30 Dec 2017 14:14:57 +0100 (CET)
From:   Jiri Kosina <jikos@...nel.org>
To:     Toralf Förster <toralf.foerster@....de>
cc:     Alexander Tsoy <alexander@...y.me>,
        Andy Lutomirski <luto@...capital.net>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        stable <stable@...r.kernel.org>,
        Linux Kernel <linux-kernel@...r.kernel.org>,
        the arch/x86 maintainers <x86@...nel.org>,
        jpoimboe@...hat.com
Subject: Re: 4.14.9 doesn't boot (regression)

On Sat, 30 Dec 2017, Toralf Förster wrote:

> This made the issue go away :
> 
> diff --git a/Makefile b/Makefile
> index ac8c441866b7..11a12947c550 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -414,7 +414,7 @@ LINUXINCLUDE    := \
>  
>  KBUILD_AFLAGS   := -D__ASSEMBLY__
>  KBUILD_CFLAGS   := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \
> -                  -fno-strict-aliasing -fno-common -fshort-wchar \
> +                  -fno-strict-aliasing -fno-common -fshort-wchar -fstack-check=no \
>                    -Werror-implicit-function-declaration \
>                    -Wno-format-security \
>                    -std=gnu89
> 
> But this doesn't solve the root cause, right ? So if the root cause is 
> "Gentoo hardened GCC is broken" please just let me know this - FWIW I'm 
> in #gentoo-dev on freenode.

-fstack-check for kernel is never going to work properly.

That option is purely for userspace, and assumes all the logic around 
'stack guard gap' and the auto-growing semantics being in place; which is 
there for user stack VMA, but definitely not for kernel stack.

It's probably the "hardened" flavor of your distro trying to push 
'-fstack-check' to everything it compiles; so I actually think the 
Makefile patch, sanitizing CFLAGS by force-disabling -fstack-check is 
exactly what we should be doing.

Thanks,

-- 
Jiri Kosina
SUSE Labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ