diff --git a/sys-kernel/xanmod-sources/files/Strong_Stack.patch b/sys-kernel/xanmod-sources/files/Strong_Stack.patch new file mode 100644 index 0000000..07ad1ed --- /dev/null +++ b/sys-kernel/xanmod-sources/files/Strong_Stack.patch @@ -0,0 +1,65 @@ +diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h +index 91e29b6..9804a79 100644 +--- a/arch/x86/include/asm/stackprotector.h ++++ b/arch/x86/include/asm/stackprotector.h +@@ -55,8 +55,13 @@ + /* + * Initialize the stackprotector canary value. + * +- * NOTE: this must only be called from functions that never return, ++ * NOTE: this must only be called from functions that never return + * and it must always be inlined. ++ * ++ * In addition, it should be called from a compilation unit for which ++ * stack protector is disabled. Alternatively, the caller should not end ++ * with a function call which gets tail-call optimized as that would ++ * lead to checking a modified canary value. + */ + static __always_inline void boot_init_stack_canary(void) + { +diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c +index fe3ab96..4f275ac 100644 +--- a/arch/x86/kernel/smpboot.c ++++ b/arch/x86/kernel/smpboot.c +@@ -266,6 +266,14 @@ static void notrace start_secondary(void *unused) + + wmb(); + cpu_startup_entry(CPUHP_AP_ONLINE_IDLE); ++ ++ /* ++ * Prevent tail call to cpu_startup_entry() because the stack protector ++ * guard has been changed a couple of function calls up, in ++ * boot_init_stack_canary() and must not be checked before tail calling ++ * another function. ++ */ ++ prevent_tail_call_optimization(); + } + + /** +diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c +index 8fb8a50..f2adb63 100644 +--- a/arch/x86/xen/smp_pv.c ++++ b/arch/x86/xen/smp_pv.c +@@ -93,6 +93,7 @@ asmlinkage __visible void cpu_bringup_and_idle(void) + cpu_bringup(); + boot_init_stack_canary(); + cpu_startup_entry(CPUHP_AP_ONLINE_IDLE); ++ prevent_tail_call_optimization(); + } + + void xen_smp_intr_free_pv(unsigned int cpu) +diff --git a/include/linux/compiler.h b/include/linux/compiler.h +index 034b0a6..732754d 100644 +--- a/include/linux/compiler.h ++++ b/include/linux/compiler.h +@@ -356,4 +356,10 @@ static inline void *offset_to_ptr(const int *off) + /* &a[0] degrades to a pointer: a different type from an array */ + #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) + ++/* ++ * This is needed in functions which generate the stack canary, see ++ * arch/x86/kernel/smpboot.c::start_secondary() for an example. ++ */ ++#define prevent_tail_call_optimization() asm("") ++ + #endif /* __LINUX_COMPILER_H */ diff --git a/sys-kernel/xanmod-sources/xanmod-sources-5.6.12.ebuild b/sys-kernel/xanmod-sources/xanmod-sources-5.6.12.ebuild index 945d327..3fd5981 100644 --- a/sys-kernel/xanmod-sources/xanmod-sources-5.6.12.ebuild +++ b/sys-kernel/xanmod-sources/xanmod-sources-5.6.12.ebuild @@ -20,7 +20,7 @@ UNIPATCH_LIST="${DISTDIR}/patch-${OKV}-xanmod${XANMOD_VERSION}.xz" KEYWORDS="~amd64" src_prepare() { - + eapply "${FILESDIR}/Strong_Stack.patch" #add a temporary patch for failing Strong Stack Protector for gcc-10 kernel-2-src-prepare-overlay_src_prepare rm "${S}"/.config || die