diff options
author | eggz | 2020-05-15 17:26:30 +0200 |
---|---|---|
committer | eggz | 2020-05-15 17:26:30 +0200 |
commit | 7ed36e48c0835f33b33d0190952ca6c845c6a95b (patch) | |
tree | 93eb546a790751d70f54e7ce1bb15b67af03f3e3 | |
parent | 7cd1e70d196f77012b28939db7766890bcb04e80 (diff) | |
download | aur-7ed36e48c0835f33b33d0190952ca6c845c6a95b.tar.gz |
Fixed stackleak, Structleak still needs more work...
-rw-r--r-- | .SRCINFO | 6 | ||||
-rw-r--r-- | PKGBUILD | 13 | ||||
-rw-r--r-- | config.x86_64 | 3 | ||||
-rw-r--r-- | stackcanary.patch | 65 |
4 files changed, 82 insertions, 5 deletions
@@ -1,6 +1,6 @@ pkgbase = linux-amd-raven pkgver = 5.4.v.41 - pkgrel = 3 + pkgrel = 4 url = https://www.kernel.org/ arch = x86_64 license = GPL2 @@ -18,12 +18,14 @@ pkgbase = linux-amd-raven source = 5012_enable-cpu-optimizations-for-gcc91.patch source = disable_proc_ac.patch source = timerrework.patch + source = stackcanary.patch sha256sums = SKIP - sha256sums = 7971dcdb001c9a13e0f5b29af30ba382cf7d7e0fd13328c6c38297a4b2708ce0 + sha256sums = 924ab9d27310b353437482941b214e2cb91c85de00b41cff261d24d8af29f5aa sha256sums = 0ac0cf410b0f3eeaa07d41505613e118ea59e01144e905f2dc0a808379f87e87 sha256sums = fb98e49d7a640e05bf0d3a65ca49d0adb19de7547cb7ffca7a6cbacb1f461f0b sha256sums = f412d719977af563ca74b41b218977e49672ac93ab7cc96a0833b66abbfb8b10 sha256sums = 44e739d674b0909d3dd1edb29ad9c4ab6543c32f488cbbcc30ba0fdc2bf902dc + sha256sums = 74ac43843b60805cc21cdadf6f4768281a61106107154f6830f26d6c142343e6 pkgname = linux-amd-raven pkgdesc = Linux kernel with working amdgpu for Raven Ridge hardware @@ -4,7 +4,7 @@ pkgbase=linux-amd-raven _srcname=linux gitver=v5.4.41 pkgver=5.4.v.41 -pkgrel=3 +pkgrel=4 arch=('x86_64') url="https://www.kernel.org/" license=('GPL2') @@ -25,10 +25,13 @@ source=('git+https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git' 'disable_proc_ac.patch' # i2c write rework patch 'timerrework.patch' + # stackprotection fix + 'stackcanary.patch' + ) sha256sums=('SKIP' #config.x86_64 - '7971dcdb001c9a13e0f5b29af30ba382cf7d7e0fd13328c6c38297a4b2708ce0' + '924ab9d27310b353437482941b214e2cb91c85de00b41cff261d24d8af29f5aa' #.preset file '0ac0cf410b0f3eeaa07d41505613e118ea59e01144e905f2dc0a808379f87e87' #patch file @@ -37,6 +40,9 @@ sha256sums=('SKIP' 'f412d719977af563ca74b41b218977e49672ac93ab7cc96a0833b66abbfb8b10' #i2c write rework patchfile '44e739d674b0909d3dd1edb29ad9c4ab6543c32f488cbbcc30ba0fdc2bf902dc' + #stackprotection fix + '74ac43843b60805cc21cdadf6f4768281a61106107154f6830f26d6c142343e6' + ) _kernelname=${pkgbase#linux} @@ -68,6 +74,9 @@ prepare() { # Implement i2c write retimers patch git apply ../timerrework.patch + # Fix the source for stack canaries to work + git apply ../stackcanary.patch + # get kernel version yes "" | make prepare diff --git a/config.x86_64 b/config.x86_64 index 30e990b9a82f..48ed0fba18cb 100644 --- a/config.x86_64 +++ b/config.x86_64 @@ -791,7 +791,8 @@ CONFIG_SECCOMP_FILTER=y CONFIG_HAVE_ARCH_STACKLEAK=y CONFIG_HAVE_STACKPROTECTOR=y CONFIG_CC_HAS_STACKPROTECTOR_NONE=y -# CONFIG_STACKPROTECTOR is not set +CONFIG_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR_STRONG=y CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y CONFIG_HAVE_CONTEXT_TRACKING=y CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y diff --git a/stackcanary.patch b/stackcanary.patch new file mode 100644 index 000000000000..50e58c8cb371 --- /dev/null +++ b/stackcanary.patch @@ -0,0 +1,65 @@ +diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h +index 91e29b6a86a5..9804a7957f4e 100644 +--- a/arch/x86/include/asm/stackprotector.h ++++ b/arch/x86/include/asm/stackprotector.h +@@ -55,8 +55,13 @@ + /* + * Initialize the stackprotector canary value. + * +- * NOTE: this must only be called from functions that never return, ++ * NOTE: this must only be called from functions that never return + * and it must always be inlined. ++ * ++ * In addition, it should be called from a compilation unit for which ++ * stack protector is disabled. Alternatively, the caller should not end ++ * with a function call which gets tail-call optimized as that would ++ * lead to checking a modified canary value. + */ + static __always_inline void boot_init_stack_canary(void) + { +diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c +index 69881b2d446c..9674321ce3a3 100644 +--- a/arch/x86/kernel/smpboot.c ++++ b/arch/x86/kernel/smpboot.c +@@ -262,6 +262,14 @@ static void notrace start_secondary(void *unused) + + wmb(); + cpu_startup_entry(CPUHP_AP_ONLINE_IDLE); ++ ++ /* ++ * Prevent tail call to cpu_startup_entry() because the stack protector ++ * guard has been changed a couple of function calls up, in ++ * boot_init_stack_canary() and must not be checked before tail calling ++ * another function. ++ */ ++ prevent_tail_call_optimization(); + } + + /** +diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c +index 802ee5bba66c..0cebe5db691d 100644 +--- a/arch/x86/xen/smp_pv.c ++++ b/arch/x86/xen/smp_pv.c +@@ -92,6 +92,7 @@ asmlinkage __visible void cpu_bringup_and_idle(void) + cpu_bringup(); + boot_init_stack_canary(); + cpu_startup_entry(CPUHP_AP_ONLINE_IDLE); ++ prevent_tail_call_optimization(); + } + + void xen_smp_intr_free_pv(unsigned int cpu) +diff --git a/include/linux/compiler.h b/include/linux/compiler.h +index 034b0a644efc..732754d96039 100644 +--- a/include/linux/compiler.h ++++ b/include/linux/compiler.h +@@ -356,4 +356,10 @@ static inline void *offset_to_ptr(const int *off) + /* &a[0] degrades to a pointer: a different type from an array */ + #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) + ++/* ++ * This is needed in functions which generate the stack canary, see ++ * arch/x86/kernel/smpboot.c::start_secondary() for an example. ++ */ ++#define prevent_tail_call_optimization() asm("") ++ + #endif /* __LINUX_COMPILER_H */ |