Re: [lfs-dev] gcc-10 and stack protector in kernel

Tue, 19 May 2020 07:20:20 -0700 

Am Montag, den 11.05.2020, 09:50 +0200 schrieb Pierre Labastie via
lfs-dev:
> Sorry if this has already been reported. With gcc 10 and kernel 5.6.11,
> I get:
> Kernel panic - not syncing: stack-protector: Kernel stack is corrupted
> in: start_secondary+0x169/0x170
> 
> at early boot.
> this has been reported upstream [1], who made a complicated patch,
> mainly consisting of comments. It seems it occurs only when
> CONFIG_STACKPROTECTOR_STRONG=y. I do not know which kernel will have
> it. 5.6.12 doesn't.
> 
> Two possibilities: remove the STACK_PROTECTOR_STRONG config, or apply
> this sed:
> 
> sed -e '/cpu_startup/a asm("");' -i arch/x86/kernel/smpboot.c
> 
> which does not fix xen kernel, but does everything else the patch does.
> 
> Pierre
> 
> [1] end of a long thread on lkml: 
> https://lore.kernel.org/lkml/158798746828.28353.6010675315553653459.tip-bot2@tip-bot2/
> 
Sorry for not responding in time.

I just compiled linux-5.6.13 first without the modifications and i
failed to boot with exactly the same kernel-panic.

According to a patch which can be found on lkml, i modified the
sources by applying

====
diff -Naur linux-5.6.13.orig/arch/x86/kernel/smpboot.c linux-
5.6.13/arch/x86/kernel/smpboot.c
--- linux-5.6.13.orig/arch/x86/kernel/smpboot.c 2020-03-30
00:25:41.000000000 +0200
+++ linux-5.6.13/arch/x86/kernel/smpboot.c      2020-05-19
14:00:42.250125049 +0200
@@ -262,6 +262,7 @@
 
        wmb();
        cpu_startup_entry(CPUHP_AP_ONLINE_IDLE);
+       asm("");  // disable tail-call optimization
 }
 
 /**
diff -Naur linux-5.6.13.orig/arch/x86/xen/smp_pv.c linux-
5.6.13/arch/x86/xen/smp_pv.c
--- linux-5.6.13.orig/arch/x86/xen/smp_pv.c     2020-03-30
00:25:41.000000000 +0200
+++ linux-5.6.13/arch/x86/xen/smp_pv.c  2020-05-19 14:01:41.717566594
+0200
@@ -92,6 +92,7 @@
        cpu_bringup();
        boot_init_stack_canary();
        cpu_startup_entry(CPUHP_AP_ONLINE_IDLE);
+       asm("");  // disable tail-call optimization
 }
 
 void xen_smp_intr_free_pv(unsigned int cpu)
====

And with this, machine boots. Btw, i have
CONFIG_STACKPROTECTOR_STRONG=y

I'd vote for applying the patch (or a sed) rather than unsetting
CONFIG_STACKPROTECTOR_STRONG as at least the name of this option
sounds like it has to do with security. Switching off security i think
is the second best. But i also have to admit that i haven't read the
documentation about those options, yet.

--
Thomas

-- 
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

Reply via email to