lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180316231359.GU1436@brightrain.aerifal.cx>
Date:   Fri, 16 Mar 2018 19:13:59 -0400
From:   Rich Felker <dalias@...c.org>
To:     Andrew Morton <akpm@...ux-foundation.org>
Cc:     Huacai Chen <chenhc@...ote.com>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org, Ralf Baechle <ralf@...ux-mips.org>,
        James Hogan <james.hogan@...s.com>, linux-mips@...ux-mips.org,
        Russell King <linux@....linux.org.uk>,
        linux-arm-kernel@...ts.infradead.org,
        Yoshinori Sato <ysato@...rs.sourceforge.jp>,
        linux-sh@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH V3] ZBOOT: fix stack protector in compressed boot phase

On Fri, Mar 16, 2018 at 03:13:37PM -0700, Andrew Morton wrote:
> On Fri, 16 Mar 2018 15:55:16 +0800 Huacai Chen <chenhc@...ote.com> wrote:
> 
> > Call __stack_chk_guard_setup() in decompress_kernel() is too late that
> > stack checking always fails for decompress_kernel() itself. So remove
> > __stack_chk_guard_setup() and initialize __stack_chk_guard before we
> > call decompress_kernel().
> > 
> > Original code comes from ARM but also used for MIPS and SH, so fix them
> > together. If without this fix, compressed booting of these archs will
> > fail because stack checking is enabled by default (>=4.16).
> > 
> > ...
> >
> >  arch/arm/boot/compressed/head.S        | 4 ++++
> >  arch/arm/boot/compressed/misc.c        | 7 -------
> >  arch/mips/boot/compressed/decompress.c | 7 -------
> >  arch/mips/boot/compressed/head.S       | 4 ++++
> >  arch/sh/boot/compressed/head_32.S      | 8 ++++++++
> >  arch/sh/boot/compressed/head_64.S      | 4 ++++
> >  arch/sh/boot/compressed/misc.c         | 7 -------
> >  7 files changed, 20 insertions(+), 21 deletions(-)
> 
> Perhaps this should be split into three patches and each one routed via
> the appropriate arch tree maintainer (for sh, that might be me).

Apologies for that. I'm trying to pick back up on things now, now that
I've got both some downtime from other things and funding for core sh
maintenance stuff. If you know any issues you'd especially like me to
put my attention on now, please let me know. I have a few patches
queued up from myself and others, but I believe there's a lot more I
haven't been able to get to for quite a while. I should have new SH
hardware to test on soon and in the meantime I've improved my qemu
setup.

One question I have about this specific patch is why any code is
needed at all. Why can't __stack_chk_guard just be moved to
initialized data, or left uninitialized, for the compressed kernel
image loader? Assuming it is needed, the code looks ok, but I question
the premise.

Rich

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ