PhilE wrote: ↑
Wed Apr 08, 2020 11:25 am
The problem is triggered by the following commit, introduced in the 5.2 kernel:
[ https://git.kernel.org/pub/scm/linux/ke ... d82b2ccddc
Code: Select all
Author: Ard Biesheuvel <email@example.com>
Date: Thu Dec 6 09:32:57 2018 +0100
ARM: smp: add support for per-task stack canaries
On ARM, we currently only change the value of the stack canary when
switching tasks if the kernel was built for UP. On SMP kernels, this
is impossible since the stack canary value is obtained via a global
symbol reference, which means
a) all running tasks on all CPUs must use the same value
b) we can only modify the value when no kernel stack frames are live
on any CPU, which is effectively never.
So instead, use a GCC plugin to add a RTL pass that replaces each
reference to the address of the __stack_chk_guard symbol with an
expression that produces the address of the 'stack_canary' field
that is added to struct thread_info. This way, each task will use
its own randomized value.
Cc: Russell King <firstname.lastname@example.org>
Cc: Kees Cook <email@example.com>
Cc: Emese Revfy <firstname.lastname@example.org>
Cc: Arnd Bergmann <email@example.com>
Cc: Laura Abbott <firstname.lastname@example.org>
Acked-by: Nicolas Pitre <email@example.com>
Signed-off-by: Ard Biesheuvel <firstname.lastname@example.org>
Signed-off-by: Kees Cook <email@example.com>
Reverting that commit (a slightly messy operation) brings back the __stack_chk_guard on 5.2 and later kernels, proving the connection.
So the question now becomes, why are your builds expecting __stack_chk_guard to be present for SMP platforms when it shouldn't be?
Sorry but I don't understand what that commit is all about. My knowledge of coding is very very limited. Can you possibly explain what stack canary and SMP platform are?
I assume kernels +, -v7+ and -v7l+ to be compiled with the same compiler version and -v8+ with a 64bit compiler so why do Module.symvers and Module8.symvers include __stack_chk_guard and Module7.symvers and Module7l.sysmvers do not include __stack_chk_guard.
When I fully compile the -v7+ and -v7l+ kernels so the compile creates the Module.symvers file they both include __stack_chk_guard.
Are you saying -v7+ and -v7l+ kernels are for SMP platforms and + and -v8+ kernels are not for SMP platforms?
Sorry but I'm feeling really dumb as I'm find it hard understanding this stuff. Is there anything you would like me to look at to try and figure out what is happening?
I have logs of the compiles which show a number of warnings which need sorting out, although these do not stop drivers for kernels + and -v8+ compiling, and the final error regarding __stack_chk_guard for kernels -v7+ and -v7l+. Searching the compiled files, *.o files, in the driver I'm currently working on shows around 68 files which include the value __stack_check_guard.
Thanks for your time in looking at this issue.
Simplicity is a prerequisite for reliability. Edsger W. Dijkstra
Please post ALL technical questions on the forum. Please Do Not send private messages.