summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authoreggz2020-05-15 17:26:30 +0200
committereggz2020-05-15 17:26:30 +0200
commit7ed36e48c0835f33b33d0190952ca6c845c6a95b (patch)
tree93eb546a790751d70f54e7ce1bb15b67af03f3e3
parent7cd1e70d196f77012b28939db7766890bcb04e80 (diff)
downloadaur-7ed36e48c0835f33b33d0190952ca6c845c6a95b.tar.gz
Fixed stackleak, Structleak still needs more work...
-rw-r--r--.SRCINFO6
-rw-r--r--PKGBUILD13
-rw-r--r--config.x86_643
-rw-r--r--stackcanary.patch65
4 files changed, 82 insertions, 5 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 3a5aa428386..a3feb8dd0c0 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
pkgbase = linux-amd-raven
pkgver = 5.4.v.41
- pkgrel = 3
+ pkgrel = 4
url = https://www.kernel.org/
arch = x86_64
license = GPL2
@@ -18,12 +18,14 @@ pkgbase = linux-amd-raven
source = 5012_enable-cpu-optimizations-for-gcc91.patch
source = disable_proc_ac.patch
source = timerrework.patch
+ source = stackcanary.patch
sha256sums = SKIP
- sha256sums = 7971dcdb001c9a13e0f5b29af30ba382cf7d7e0fd13328c6c38297a4b2708ce0
+ sha256sums = 924ab9d27310b353437482941b214e2cb91c85de00b41cff261d24d8af29f5aa
sha256sums = 0ac0cf410b0f3eeaa07d41505613e118ea59e01144e905f2dc0a808379f87e87
sha256sums = fb98e49d7a640e05bf0d3a65ca49d0adb19de7547cb7ffca7a6cbacb1f461f0b
sha256sums = f412d719977af563ca74b41b218977e49672ac93ab7cc96a0833b66abbfb8b10
sha256sums = 44e739d674b0909d3dd1edb29ad9c4ab6543c32f488cbbcc30ba0fdc2bf902dc
+ sha256sums = 74ac43843b60805cc21cdadf6f4768281a61106107154f6830f26d6c142343e6
pkgname = linux-amd-raven
pkgdesc = Linux kernel with working amdgpu for Raven Ridge hardware
diff --git a/PKGBUILD b/PKGBUILD
index 50b8e3b7a16..614f5eaad34 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -4,7 +4,7 @@ pkgbase=linux-amd-raven
_srcname=linux
gitver=v5.4.41
pkgver=5.4.v.41
-pkgrel=3
+pkgrel=4
arch=('x86_64')
url="https://www.kernel.org/"
license=('GPL2')
@@ -25,10 +25,13 @@ source=('git+https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git'
'disable_proc_ac.patch'
# i2c write rework patch
'timerrework.patch'
+ # stackprotection fix
+ 'stackcanary.patch'
+
)
sha256sums=('SKIP'
#config.x86_64
- '7971dcdb001c9a13e0f5b29af30ba382cf7d7e0fd13328c6c38297a4b2708ce0'
+ '924ab9d27310b353437482941b214e2cb91c85de00b41cff261d24d8af29f5aa'
#.preset file
'0ac0cf410b0f3eeaa07d41505613e118ea59e01144e905f2dc0a808379f87e87'
#patch file
@@ -37,6 +40,9 @@ sha256sums=('SKIP'
'f412d719977af563ca74b41b218977e49672ac93ab7cc96a0833b66abbfb8b10'
#i2c write rework patchfile
'44e739d674b0909d3dd1edb29ad9c4ab6543c32f488cbbcc30ba0fdc2bf902dc'
+ #stackprotection fix
+ '74ac43843b60805cc21cdadf6f4768281a61106107154f6830f26d6c142343e6'
+
)
_kernelname=${pkgbase#linux}
@@ -68,6 +74,9 @@ prepare() {
# Implement i2c write retimers patch
git apply ../timerrework.patch
+ # Fix the source for stack canaries to work
+ git apply ../stackcanary.patch
+
# get kernel version
yes "" | make prepare
diff --git a/config.x86_64 b/config.x86_64
index 30e990b9a82..48ed0fba18c 100644
--- a/config.x86_64
+++ b/config.x86_64
@@ -791,7 +791,8 @@ CONFIG_SECCOMP_FILTER=y
CONFIG_HAVE_ARCH_STACKLEAK=y
CONFIG_HAVE_STACKPROTECTOR=y
CONFIG_CC_HAS_STACKPROTECTOR_NONE=y
-# CONFIG_STACKPROTECTOR is not set
+CONFIG_STACKPROTECTOR=y
+CONFIG_STACKPROTECTOR_STRONG=y
CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y
CONFIG_HAVE_CONTEXT_TRACKING=y
CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
diff --git a/stackcanary.patch b/stackcanary.patch
new file mode 100644
index 00000000000..50e58c8cb37
--- /dev/null
+++ b/stackcanary.patch
@@ -0,0 +1,65 @@
+diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h
+index 91e29b6a86a5..9804a7957f4e 100644
+--- a/arch/x86/include/asm/stackprotector.h
++++ b/arch/x86/include/asm/stackprotector.h
+@@ -55,8 +55,13 @@
+ /*
+ * Initialize the stackprotector canary value.
+ *
+- * NOTE: this must only be called from functions that never return,
++ * NOTE: this must only be called from functions that never return
+ * and it must always be inlined.
++ *
++ * In addition, it should be called from a compilation unit for which
++ * stack protector is disabled. Alternatively, the caller should not end
++ * with a function call which gets tail-call optimized as that would
++ * lead to checking a modified canary value.
+ */
+ static __always_inline void boot_init_stack_canary(void)
+ {
+diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
+index 69881b2d446c..9674321ce3a3 100644
+--- a/arch/x86/kernel/smpboot.c
++++ b/arch/x86/kernel/smpboot.c
+@@ -262,6 +262,14 @@ static void notrace start_secondary(void *unused)
+
+ wmb();
+ cpu_startup_entry(CPUHP_AP_ONLINE_IDLE);
++
++ /*
++ * Prevent tail call to cpu_startup_entry() because the stack protector
++ * guard has been changed a couple of function calls up, in
++ * boot_init_stack_canary() and must not be checked before tail calling
++ * another function.
++ */
++ prevent_tail_call_optimization();
+ }
+
+ /**
+diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c
+index 802ee5bba66c..0cebe5db691d 100644
+--- a/arch/x86/xen/smp_pv.c
++++ b/arch/x86/xen/smp_pv.c
+@@ -92,6 +92,7 @@ asmlinkage __visible void cpu_bringup_and_idle(void)
+ cpu_bringup();
+ boot_init_stack_canary();
+ cpu_startup_entry(CPUHP_AP_ONLINE_IDLE);
++ prevent_tail_call_optimization();
+ }
+
+ void xen_smp_intr_free_pv(unsigned int cpu)
+diff --git a/include/linux/compiler.h b/include/linux/compiler.h
+index 034b0a644efc..732754d96039 100644
+--- a/include/linux/compiler.h
++++ b/include/linux/compiler.h
+@@ -356,4 +356,10 @@ static inline void *offset_to_ptr(const int *off)
+ /* &a[0] degrades to a pointer: a different type from an array */
+ #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
+
++/*
++ * This is needed in functions which generate the stack canary, see
++ * arch/x86/kernel/smpboot.c::start_secondary() for an example.
++ */
++#define prevent_tail_call_optimization() asm("")
++
+ #endif /* __LINUX_COMPILER_H */