lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <75d07691-1e4f-741f-9852-38c0b4f520bc@synopsys.com>
Date:   Fri, 30 Apr 2021 20:46:16 +0000
From:   Vineet Gupta <Vineet.Gupta1@...opsys.com>
To:     Arnd Bergmann <arnd@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Jann Horn <jannh@...gle.com>
CC:     lkml <linux-kernel@...r.kernel.org>,
        arcml <linux-snps-arc@...ts.infradead.org>,
        "linux-arch@...r.kernel.org" <linux-arch@...r.kernel.org>
Subject: Heads up: gcc miscompiling initramfs zlib decompression code at -O3

Hi,

I've hit a mainline gcc 10.2 (also gcc 9.3) bug which triggers at -O3 
causing wrong codegen.

  Config needs to have initramfs + gzip compressed.

	CONFIG_HAVE_KERNEL_GZIP=y
	CONFIG_KERNEL_GZIP=y
	CONFIG_DECOMPRESS_GZIP=y
	CONFIG_INITRAMFS_COMPRESSION_GZIP=y

  lib/zlib_inflate/inffast.c

     if (dist > 2) {
	unsigned short *sfrom;

	sfrom = (unsigned short *)(from);
	loops = len >> 1;
	do
	    *sout++ = *sfrom++;
              ^^^^^^    ^^^^^^^^
	while (--loops);
	out = (unsigned char *)sout;
	from = (unsigned char *)sfrom;
     }
     ...

The gist of issue is that despite use of unsigned short pointers, gcc is 
generating wider load/stores (8-byte LDD/STD on arcv2 and 16-byte on 
aarch64) causing extraneous bytes to copied into inflated gzip binaries
manifesting later as corrupted fragments in the binaries.

I've opened a gcc bug at:
   https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100363

The workaround is to build lib/zlib_inflate/inffast.c with -O2, although 
I reckon not many arches build with -O3 as default. I'll be proposing an 
ARC only patch to build this file with -O2, unless people think it needs 
to be generalized.

Also problem originally seen on 5.6 kernel, although I confirm it shows 
on latest mainline as well.

Unraveling this pretty fun, gory details for those interested at:

 
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/issues/372


Thx,
-Vineet

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ