subject:"Re\: \[PATCH 1\/2\] powerpc\: initial stack protector \(\-fstack\-protector\) support"

Re: [PATCH 1/2] powerpc: initial stack protector (-fstack-protector) support

2018-09-20 Thread Segher Boessenkool

Hi!

On Mon, Sep 17, 2018 at 12:15:05PM +, Christophe Leroy wrote:
> Now, GCC offers the possibility to manually set the
> stack-protector mode (global or tls) regardless of libc support.

Yup :-)

> This time, the patch selects HAVE_STACKPROTECTOR only if
> -mstack-protector-guard=global is supported by GCC.

"global" is weaker than "tls" (it is easier to read the cookie in an
exploit).  It is better to use tls if you can.


Segher

Re: [PATCH 1/2] powerpc: initial stack protector (-fstack-protector) support

2018-09-17 Thread kbuild test robot

Hi Christophe,

Thank you for the patch! Yet something to improve:

[auto build test ERROR on powerpc/next]
[also build test ERROR on v4.19-rc4 next-20180913]
[if your patch is applied to the wrong git tree, please drop us a note to help 
improve the system]

url:
https://github.com/0day-ci/linux/commits/Christophe-Leroy/powerpc-initial-stack-protector-fstack-protector-support/20180917-202227
base:   https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git next
config: powerpc-ppc6xx_defconfig (attached as .config)
compiler: powerpc-linux-gnu-gcc (Debian 7.2.0-11) 7.2.0
reproduce:
wget 
https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O 
~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
GCC_VERSION=7.2.0 make.cross ARCH=powerpc 

All errors (new ones prefixed by >>):

   arch/powerpc/platforms/powermac/bootx_init.o: In function `bootx_printf':
>> bootx_init.c:(.init.text+0x2bc): undefined reference to 
>> `__stack_chk_fail_local'
   arch/powerpc/platforms/powermac/bootx_init.o: In function 
`bootx_add_display_props.isra.1':
   bootx_init.c:(.init.text+0x750): undefined reference to 
`__stack_chk_fail_local'
   arch/powerpc/platforms/powermac/bootx_init.o: In function 
`bootx_scan_dt_build_struct':
   bootx_init.c:(.init.text+0xa84): undefined reference to 
`__stack_chk_fail_local'
   arch/powerpc/platforms/powermac/bootx_init.o: In function `bootx_init':
   bootx_init.c:(.init.text+0xf48): undefined reference to 
`__stack_chk_fail_local'
   powerpc-linux-gnu-ld: .tmp_vmlinux1: hidden symbol `__stack_chk_fail_local' 
isn't defined
   powerpc-linux-gnu-ld: final link failed: Bad value

---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all   Intel Corporation


.config.gz
Description: application/gzip

Re: [PATCH 1/2] powerpc: initial stack protector (-fstack-protector) support

2016-11-22 Thread Christophe LEROY




Le 17/11/2016 à 12:05, Michael Ellerman a écrit :

Hi Michael,

I took your comments into account in v2. Shame on me, I forgot to add 
the list of changes from v1 to v2 in the commit log.


Christophe


Christophe Leroy  writes:


diff --git a/arch/powerpc/include/asm/stackprotector.h 
b/arch/powerpc/include/asm/stackprotector.h
new file mode 100644
index 000..de00332
--- /dev/null
+++ b/arch/powerpc/include/asm/stackprotector.h
@@ -0,0 +1,38 @@
+/*
+ * GCC stack protector support.
+ *
+ * Stack protector works by putting predefined pattern at the start of
+ * the stack frame and verifying that it hasn't been overwritten when
+ * returning from the function.  The pattern is called stack canary
+ * and gcc expects it to be defined by a global variable called
+ * "__stack_chk_guard" on ARM.  This unfortunately means that on SMP

 ^
 PPC


+ * we cannot have a different canary value per task.
+ */
+
+#ifndef _ASM_STACKPROTECTOR_H
+#define _ASM_STACKPROTECTOR_H 1


We usually just define it, not define it to 1.


+
+#include 
+#include 
+
+extern unsigned long __stack_chk_guard;
+
+/*
+ * Initialize the stackprotector canary value.
+ *
+ * NOTE: this must only be called from functions that never return,
+ * and it must always be inlined.
+ */
+static __always_inline void boot_init_stack_canary(void)
+{
+   unsigned long canary;
+
+   /* Try to get a semi random initial value. */
+   get_random_bytes(&canary, sizeof(canary));
+   canary ^= LINUX_VERSION_CODE;


What about mixing in an mftb() as well ?


diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
index e59ed6a..4a62179 100644
--- a/arch/powerpc/kernel/Makefile
+++ b/arch/powerpc/kernel/Makefile
@@ -19,6 +19,11 @@ CFLAGS_init.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
 CFLAGS_btext.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
 CFLAGS_prom.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)

+# -fstack-protector triggers protection checks in this code,
+# but it is being used too early to link to meaningful stack_chk logic.
+nossp_flags := $(call cc-option, -fno-stack-protector)
+CFLAGS_prom_init.o := $(nossp_flags)


We've already assigned to CFLAGS_prom_init.o so I think you should be
using += not := shouldn't you?

Also it could just be a single line:

CFLAGS_prom_init.o += $(call cc-option, -fno-stack-protector)


cheers

Re: [PATCH 1/2] powerpc: initial stack protector (-fstack-protector) support

2016-11-17 Thread Michael Ellerman

Christophe Leroy  writes:

> diff --git a/arch/powerpc/include/asm/stackprotector.h 
> b/arch/powerpc/include/asm/stackprotector.h
> new file mode 100644
> index 000..de00332
> --- /dev/null
> +++ b/arch/powerpc/include/asm/stackprotector.h
> @@ -0,0 +1,38 @@
> +/*
> + * GCC stack protector support.
> + *
> + * Stack protector works by putting predefined pattern at the start of
> + * the stack frame and verifying that it hasn't been overwritten when
> + * returning from the function.  The pattern is called stack canary
> + * and gcc expects it to be defined by a global variable called
> + * "__stack_chk_guard" on ARM.  This unfortunately means that on SMP
 ^
 PPC
 
> + * we cannot have a different canary value per task.
> + */
> +
> +#ifndef _ASM_STACKPROTECTOR_H
> +#define _ASM_STACKPROTECTOR_H 1

We usually just define it, not define it to 1.

> +
> +#include 
> +#include 
> +
> +extern unsigned long __stack_chk_guard;
> +
> +/*
> + * Initialize the stackprotector canary value.
> + *
> + * NOTE: this must only be called from functions that never return,
> + * and it must always be inlined.
> + */
> +static __always_inline void boot_init_stack_canary(void)
> +{
> + unsigned long canary;
> +
> + /* Try to get a semi random initial value. */
> + get_random_bytes(&canary, sizeof(canary));
> + canary ^= LINUX_VERSION_CODE;

What about mixing in an mftb() as well ?

> diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
> index e59ed6a..4a62179 100644
> --- a/arch/powerpc/kernel/Makefile
> +++ b/arch/powerpc/kernel/Makefile
> @@ -19,6 +19,11 @@ CFLAGS_init.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
>  CFLAGS_btext.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
>  CFLAGS_prom.o += $(DISABLE_LATENT_ENTROPY_PLUGIN)
>  
> +# -fstack-protector triggers protection checks in this code,
> +# but it is being used too early to link to meaningful stack_chk logic.
> +nossp_flags := $(call cc-option, -fno-stack-protector)
> +CFLAGS_prom_init.o := $(nossp_flags)

We've already assigned to CFLAGS_prom_init.o so I think you should be
using += not := shouldn't you?

Also it could just be a single line:

CFLAGS_prom_init.o += $(call cc-option, -fno-stack-protector)


cheers

Re: [PATCH 1/2] powerpc: initial stack protector (-fstack-protector) support

Re: [PATCH 1/2] powerpc: initial stack protector (-fstack-protector) support

Re: [PATCH 1/2] powerpc: initial stack protector (-fstack-protector) support

Re: [PATCH 1/2] powerpc: initial stack protector (-fstack-protector) support

4 matches

Site Navigation

Mail list logo

Footer information