Fixed stackleak, Structleak still needs more work...

4 files changed, 80 insertions, 5 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 03a5300a75c7..14deca90cc15 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = linux-amd
 	pkgver = 5.6.v.13
-	pkgrel = 2
+	pkgrel = 3
 	url = https://www.kernel.org/
 	arch = x86_64
 	license = GPL2
@@ -17,11 +17,13 @@ pkgbase = linux-amd
 	source = linux-amd.preset
 	source = 5012_enable-cpu-optimizations-for-gcc91.patch
 	source = gcc10.patch
+	source = stackcanary.patch
 	sha256sums = SKIP
-	sha256sums = 57e1a2f3cdc11595adb3766d598feb4a7170a9135eac862916d78648af3ecbf9
+	sha256sums = 056fa9712eaf1f442a208519e6308f847be1a6a519bc9e03059beb95cb7069d4
 	sha256sums = 71caf34adf69e9e2567a38cfc951d1c60b13dbe87f58a9acfeb3fe48ffdc9d08
 	sha256sums = cc739c9c9f7ce08e6bbc161b8232208bbc00820342a32fb1f69bff6326ae1370
 	sha256sums = 97ac1bff7beb5205b89b5199c471ca076023718e52be3d77e219128811337301
+	sha256sums = 74ac43843b60805cc21cdadf6f4768281a61106107154f6830f26d6c142343e6
 
 pkgname = linux-amd
 	pkgdesc = Linux kernel for AMD CPU based hardware
diff --git a/PKGBUILD b/PKGBUILD
index 91e7b5032150..3f200c4d559a 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,7 +4,7 @@ pkgbase=linux-amd
 _srcname=linux
 gitver=v5.6.13
 pkgver=5.6.v.13
-pkgrel=2
+pkgrel=3
 arch=('x86_64')
 url="https://www.kernel.org/"
 license=('GPL2')
@@ -23,16 +23,20 @@ source=('git+https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git'
 	5012_enable-cpu-optimizations-for-gcc91.patch
 	# dear-gcc10-please-ignore-the-mess patch
 	gcc10.patch
+        # stackprotection fix
+        'stackcanary.patch'
 )
 sha256sums=('SKIP'
             #config.x86_64
-            '57e1a2f3cdc11595adb3766d598feb4a7170a9135eac862916d78648af3ecbf9'
+            '056fa9712eaf1f442a208519e6308f847be1a6a519bc9e03059beb95cb7069d4'
             #.preset file
             '71caf34adf69e9e2567a38cfc951d1c60b13dbe87f58a9acfeb3fe48ffdc9d08'
             #patch gentoo
             'cc739c9c9f7ce08e6bbc161b8232208bbc00820342a32fb1f69bff6326ae1370'
             # dear-gcc10-please-ignore-the-mess patch
             '97ac1bff7beb5205b89b5199c471ca076023718e52be3d77e219128811337301'
+            #stackprotection fix
+            '74ac43843b60805cc21cdadf6f4768281a61106107154f6830f26d6c142343e6'
 )
 
 _kernelname=${pkgbase#linux}
@@ -61,6 +65,9 @@ prepare() {
   # ask gcc10 for forgiveness in these early times patch
   git apply ../gcc10.patch
 
+  # Fix the source for stack canaries to work
+  git apply ../stackcanary.patch
+
   # get kernel version
   yes "" | make prepare
 
diff --git a/config.x86_64 b/config.x86_64
index 5eaf9e91bfed..1aa9423fcba2 100644
--- a/config.x86_64
+++ b/config.x86_64
@@ -800,7 +800,8 @@ CONFIG_SECCOMP_FILTER=y
 CONFIG_HAVE_ARCH_STACKLEAK=y
 CONFIG_HAVE_STACKPROTECTOR=y
 CONFIG_CC_HAS_STACKPROTECTOR_NONE=y
-# CONFIG_STACKPROTECTOR is not set
+CONFIG_STACKPROTECTOR=y
+CONFIG_STACKPROTECTOR_STRONG=y
 CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y
 CONFIG_HAVE_CONTEXT_TRACKING=y
 CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
diff --git a/stackcanary.patch b/stackcanary.patch
new file mode 100644
index 000000000000..50e58c8cb371
--- /dev/null
+++ b/stackcanary.patch
@@ -0,0 +1,65 @@
+diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h
+index 91e29b6a86a5..9804a7957f4e 100644
+--- a/arch/x86/include/asm/stackprotector.h
++++ b/arch/x86/include/asm/stackprotector.h
+@@ -55,8 +55,13 @@
+ /*
+  * Initialize the stackprotector canary value.
+  *
+- * NOTE: this must only be called from functions that never return,
++ * NOTE: this must only be called from functions that never return
+  * and it must always be inlined.
++ *
++ * In addition, it should be called from a compilation unit for which
++ * stack protector is disabled. Alternatively, the caller should not end
++ * with a function call which gets tail-call optimized as that would
++ * lead to checking a modified canary value.
+  */
+ static __always_inline void boot_init_stack_canary(void)
+ {
+diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
+index 69881b2d446c..9674321ce3a3 100644
+--- a/arch/x86/kernel/smpboot.c
++++ b/arch/x86/kernel/smpboot.c
+@@ -262,6 +262,14 @@ static void notrace start_secondary(void *unused)
+ 
+ 	wmb();
+ 	cpu_startup_entry(CPUHP_AP_ONLINE_IDLE);
++
++	/*
++	 * Prevent tail call to cpu_startup_entry() because the stack protector
++	 * guard has been changed a couple of function calls up, in
++	 * boot_init_stack_canary() and must not be checked before tail calling
++	 * another function.
++	 */
++	prevent_tail_call_optimization();
+ }
+ 
+ /**
+diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c
+index 802ee5bba66c..0cebe5db691d 100644
+--- a/arch/x86/xen/smp_pv.c
++++ b/arch/x86/xen/smp_pv.c
+@@ -92,6 +92,7 @@ asmlinkage __visible void cpu_bringup_and_idle(void)
+ 	cpu_bringup();
+ 	boot_init_stack_canary();
+ 	cpu_startup_entry(CPUHP_AP_ONLINE_IDLE);
++	prevent_tail_call_optimization();
+ }
+ 
+ void xen_smp_intr_free_pv(unsigned int cpu)
+diff --git a/include/linux/compiler.h b/include/linux/compiler.h
+index 034b0a644efc..732754d96039 100644
+--- a/include/linux/compiler.h
++++ b/include/linux/compiler.h
+@@ -356,4 +356,10 @@ static inline void *offset_to_ptr(const int *off)
+ /* &a[0] degrades to a pointer: a different type from an array */
+ #define __must_be_array(a)	BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
+ 
++/*
++ * This is needed in functions which generate the stack canary, see
++ * arch/x86/kernel/smpboot.c::start_secondary() for an example.
++ */
++#define prevent_tail_call_optimization()	asm("")
++
+ #endif /* __LINUX_COMPILER_H */