src_prepare-overlay/sys-kernel/xanmod-sources/files/Strong_Stack.patch

diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h
index 91e29b6..9804a79 100644
--- a/arch/x86/include/asm/stackprotector.h
+++ b/arch/x86/include/asm/stackprotector.h
@@ -55,8 +55,13 @@
 /*
  * Initialize the stackprotector canary value.
  *
- * NOTE: this must only be called from functions that never return,
+ * NOTE: this must only be called from functions that never return
  * and it must always be inlined.
+ *
+ * In addition, it should be called from a compilation unit for which
+ * stack protector is disabled. Alternatively, the caller should not end
+ * with a function call which gets tail-call optimized as that would
+ * lead to checking a modified canary value.
  */
 static __always_inline void boot_init_stack_canary(void)
 {
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
index fe3ab96..4f275ac 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -266,6 +266,14 @@ static void notrace start_secondary(void *unused)
 
 	wmb();
 	cpu_startup_entry(CPUHP_AP_ONLINE_IDLE);
+
+	/*
+	 * Prevent tail call to cpu_startup_entry() because the stack protector
+	 * guard has been changed a couple of function calls up, in
+	 * boot_init_stack_canary() and must not be checked before tail calling
+	 * another function.
+	 */
+	prevent_tail_call_optimization();
 }
 
 /**
diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c
index 8fb8a50..f2adb63 100644
--- a/arch/x86/xen/smp_pv.c
+++ b/arch/x86/xen/smp_pv.c
@@ -93,6 +93,7 @@ asmlinkage __visible void cpu_bringup_and_idle(void)
 	cpu_bringup();
 	boot_init_stack_canary();
 	cpu_startup_entry(CPUHP_AP_ONLINE_IDLE);
+	prevent_tail_call_optimization();
 }
 
 void xen_smp_intr_free_pv(unsigned int cpu)
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 034b0a6..732754d 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -356,4 +356,10 @@ static inline void *offset_to_ptr(const int *off)
 /* &a[0] degrades to a pointer: a different type from an array */
 #define __must_be_array(a)	BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
 
+/*
+ * This is needed in functions which generate the stack canary, see
+ * arch/x86/kernel/smpboot.c::start_secondary() for an example.
+ */
+#define prevent_tail_call_optimization()	asm("")
+
 #endif /* __LINUX_COMPILER_H */
add patch for Strong Stack Protector kernel option with gcc-10 2020-05-16 09:15:03 +02:00			`diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h`
			`index 91e29b6..9804a79 100644`
			`--- a/arch/x86/include/asm/stackprotector.h`
			`+++ b/arch/x86/include/asm/stackprotector.h`
			`@@ -55,8 +55,13 @@`
			`/*`
			`* Initialize the stackprotector canary value.`
			`*`
			`- * NOTE: this must only be called from functions that never return,`
			`+ * NOTE: this must only be called from functions that never return`
			`* and it must always be inlined.`
			`+ *`
			`+ * In addition, it should be called from a compilation unit for which`
			`+ * stack protector is disabled. Alternatively, the caller should not end`
			`+ * with a function call which gets tail-call optimized as that would`
			`+ * lead to checking a modified canary value.`
			`*/`
			`static __always_inline void boot_init_stack_canary(void)`
			`{`
			`diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c`
			`index fe3ab96..4f275ac 100644`
			`--- a/arch/x86/kernel/smpboot.c`
			`+++ b/arch/x86/kernel/smpboot.c`
			`@@ -266,6 +266,14 @@ static void notrace start_secondary(void *unused)`

			`wmb();`
			`cpu_startup_entry(CPUHP_AP_ONLINE_IDLE);`
			`+`
			`+ /*`
			`+ * Prevent tail call to cpu_startup_entry() because the stack protector`
			`+ * guard has been changed a couple of function calls up, in`
			`+ * boot_init_stack_canary() and must not be checked before tail calling`
			`+ * another function.`
			`+ */`
			`+ prevent_tail_call_optimization();`
			`}`

			`/**`
			`diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c`
			`index 8fb8a50..f2adb63 100644`
			`--- a/arch/x86/xen/smp_pv.c`
			`+++ b/arch/x86/xen/smp_pv.c`
			`@@ -93,6 +93,7 @@ asmlinkage __visible void cpu_bringup_and_idle(void)`
			`cpu_bringup();`
			`boot_init_stack_canary();`
			`cpu_startup_entry(CPUHP_AP_ONLINE_IDLE);`
			`+ prevent_tail_call_optimization();`
			`}`

			`void xen_smp_intr_free_pv(unsigned int cpu)`
			`diff --git a/include/linux/compiler.h b/include/linux/compiler.h`
			`index 034b0a6..732754d 100644`
			`--- a/include/linux/compiler.h`
			`+++ b/include/linux/compiler.h`
			`@@ -356,4 +356,10 @@ static inline void offset_to_ptr(const int off)`
			`/* &a[0] degrades to a pointer: a different type from an array */`
			`#define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))`

			`+/*`
			`+ * This is needed in functions which generate the stack canary, see`
			`+ * arch/x86/kernel/smpboot.c::start_secondary() for an example.`
			`+ */`
			`+#define prevent_tail_call_optimization() asm("")`
			`+`
			`#endif /* __LINUX_COMPILER_H */`