lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Mar 2020 23:16:16 +0000 From: Sergei Trofimovich <slyfox@...too.org> To: linux-kernel@...r.kernel.org Cc: Sergei Trofimovich <slyfox@...too.org>, Jakub Jelinek <jakub@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, "H. Peter Anvin" <hpa@...or.com>, Andy Lutomirski <luto@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Michael Matz <matz@...e.de>, x86@...nel.org Subject: [PATCH v2] x86: fix early boot crash on gcc-10 The change fixes boot failure on physical machine where kernel is built with gcc-10 with stack protector enabled by default: ``` Kernel panic — not syncing: stack-protector: Kernel stack is corrupted in: start_secondary+0x191/0x1a0 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.6.0-rc5—00235—gfffb08b37df9 #139 Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./H77M—D3H, BIOS F12 11/14/2013 Call Trace: dump_stack+0x71/0xa0 panic+0x107/0x2b8 ? start_secondary+0x191/0x1a0 __stack_chk_fail+0x15/0x20 start_secondary+0x191/0x1a0 secondary_startup_64+0xa4/0xb0 -—-[ end Kernel panic — not syncing: stack—protector: Kernel stack is corrupted in: start_secondary+0x191 ``` This happens because `start_secondary()` is responsible for setting up initial stack canary value in `smpboot.c`, but nothing prevents gcc from inserting stack canary into `start_secondary()` itself before `boot_init_stack_canary()` call. The fix inhibits stack canary check foa single `start_secondary()` function. Tested the change by successfully booting the machine. A few similar crashes on VMs: - https://bugzilla.redhat.com/show_bug.cgi?id=1796780 - http://rglinuxtech.com/?p=2694 CC: Jakub Jelinek <jakub@...hat.com> CC: Thomas Gleixner <tglx@...utronix.de> CC: Ingo Molnar <mingo@...hat.com> CC: Borislav Petkov <bp@...en8.de> CC: "H. Peter Anvin" <hpa@...or.com> CC: Andy Lutomirski <luto@...nel.org> CC: Peter Zijlstra <peterz@...radead.org> CC: Michael Matz <matz@...e.de> CC: x86@...nel.org Signed-off-by: Sergei Trofimovich <slyfox@...too.org> --- arch/x86/kernel/smpboot.c | 5 ++++- include/linux/compiler-gcc.h | 1 + include/linux/compiler_types.h | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c index 69881b2d446c..99a4cb631a64 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -207,8 +207,11 @@ static int cpu0_logical_apicid; static int enable_start_cpu0; /* * Activate a secondary processor. + * + * Note: 'boot_init_stack_canary' changes canary value. Omit + * stack protection to avoid canary check (and boot) failure. */ -static void notrace start_secondary(void *unused) +static void __no_stack_protector notrace start_secondary(void *unused) { /* * Don't put *anything* except direct CPU state initialization diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h index d7ee4c6bad48..fb67c743138c 100644 --- a/include/linux/compiler-gcc.h +++ b/include/linux/compiler-gcc.h @@ -172,3 +172,4 @@ #endif #define __no_fgcse __attribute__((optimize("-fno-gcse"))) +#define __no_stack_protector __attribute__((optimize("-fno-stack-protector"))) diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index 72393a8c1a6c..9d5de1ea0b03 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -212,6 +212,10 @@ struct ftrace_likely_data { #define asm_inline asm #endif +#ifndef __no_stack_protector +# define __no_stack_protector +#endif + #ifndef __no_fgcse # define __no_fgcse #endif -- 2.26.0
Powered by blists - more mailing lists