add patch for Strong Stack Protector kernel option with gcc-10
This commit is contained in:
parent
27cfee9b99
commit
a2d5098987
65
sys-kernel/xanmod-sources/files/Strong_Stack.patch
Normal file
65
sys-kernel/xanmod-sources/files/Strong_Stack.patch
Normal file
@ -0,0 +1,65 @@
|
||||
diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h
|
||||
index 91e29b6..9804a79 100644
|
||||
--- a/arch/x86/include/asm/stackprotector.h
|
||||
+++ b/arch/x86/include/asm/stackprotector.h
|
||||
@@ -55,8 +55,13 @@
|
||||
/*
|
||||
* Initialize the stackprotector canary value.
|
||||
*
|
||||
- * NOTE: this must only be called from functions that never return,
|
||||
+ * NOTE: this must only be called from functions that never return
|
||||
* and it must always be inlined.
|
||||
+ *
|
||||
+ * In addition, it should be called from a compilation unit for which
|
||||
+ * stack protector is disabled. Alternatively, the caller should not end
|
||||
+ * with a function call which gets tail-call optimized as that would
|
||||
+ * lead to checking a modified canary value.
|
||||
*/
|
||||
static __always_inline void boot_init_stack_canary(void)
|
||||
{
|
||||
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
|
||||
index fe3ab96..4f275ac 100644
|
||||
--- a/arch/x86/kernel/smpboot.c
|
||||
+++ b/arch/x86/kernel/smpboot.c
|
||||
@@ -266,6 +266,14 @@ static void notrace start_secondary(void *unused)
|
||||
|
||||
wmb();
|
||||
cpu_startup_entry(CPUHP_AP_ONLINE_IDLE);
|
||||
+
|
||||
+ /*
|
||||
+ * Prevent tail call to cpu_startup_entry() because the stack protector
|
||||
+ * guard has been changed a couple of function calls up, in
|
||||
+ * boot_init_stack_canary() and must not be checked before tail calling
|
||||
+ * another function.
|
||||
+ */
|
||||
+ prevent_tail_call_optimization();
|
||||
}
|
||||
|
||||
/**
|
||||
diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c
|
||||
index 8fb8a50..f2adb63 100644
|
||||
--- a/arch/x86/xen/smp_pv.c
|
||||
+++ b/arch/x86/xen/smp_pv.c
|
||||
@@ -93,6 +93,7 @@ asmlinkage __visible void cpu_bringup_and_idle(void)
|
||||
cpu_bringup();
|
||||
boot_init_stack_canary();
|
||||
cpu_startup_entry(CPUHP_AP_ONLINE_IDLE);
|
||||
+ prevent_tail_call_optimization();
|
||||
}
|
||||
|
||||
void xen_smp_intr_free_pv(unsigned int cpu)
|
||||
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
|
||||
index 034b0a6..732754d 100644
|
||||
--- a/include/linux/compiler.h
|
||||
+++ b/include/linux/compiler.h
|
||||
@@ -356,4 +356,10 @@ static inline void *offset_to_ptr(const int *off)
|
||||
/* &a[0] degrades to a pointer: a different type from an array */
|
||||
#define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0]))
|
||||
|
||||
+/*
|
||||
+ * This is needed in functions which generate the stack canary, see
|
||||
+ * arch/x86/kernel/smpboot.c::start_secondary() for an example.
|
||||
+ */
|
||||
+#define prevent_tail_call_optimization() asm("")
|
||||
+
|
||||
#endif /* __LINUX_COMPILER_H */
|
@ -20,7 +20,7 @@ UNIPATCH_LIST="${DISTDIR}/patch-${OKV}-xanmod${XANMOD_VERSION}.xz"
|
||||
KEYWORDS="~amd64"
|
||||
|
||||
src_prepare() {
|
||||
|
||||
eapply "${FILESDIR}/Strong_Stack.patch" #add a temporary patch for failing Strong Stack Protector for gcc-10
|
||||
kernel-2-src-prepare-overlay_src_prepare
|
||||
|
||||
rm "${S}"/.config || die
|
||||
|
Loading…
x
Reference in New Issue
Block a user