diff options
| author | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2020-05-28 11:50:24 -0700 |
|---|---|---|
| committer | jc_gargma <jc_gargma@iserlohn-fortress.net> | 2020-05-28 11:50:24 -0700 |
| commit | 798381b2641347c1697487c0cfbff35c0096b7a4 (patch) | |
| tree | 73194314dd97a6f3e4936441222b450ecf03b9d1 | |
| parent | Updated to 5.6.13.a (diff) | |
| download | linux-libre-hardened-798381b2641347c1697487c0cfbff35c0096b7a4.tar.xz | |
Updated to 5.6.15.b
Updated gcc patch to 20200527
| -rw-r--r-- | 0002-gcc-plugins-drop-support-for-GCC-47.patch | 277 | ||||
| -rw-r--r-- | 0003-gcc-common.h-Update-for-GCC-10.patch | 86 | ||||
| -rw-r--r-- | 0004-Makefile-disallow-data-races-on-gcc-10-as-well.patch | 32 | ||||
| -rw-r--r-- | 0005-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch | 131 | ||||
| -rw-r--r-- | PKGBUILD | 30 | ||||
| -rw-r--r-- | config | 6 |
6 files changed, 12 insertions, 550 deletions
diff --git a/0002-gcc-plugins-drop-support-for-GCC-47.patch b/0002-gcc-plugins-drop-support-for-GCC-47.patch deleted file mode 100644 index 81698a8..0000000 --- a/0002-gcc-plugins-drop-support-for-GCC-47.patch +++ /dev/null @@ -1,277 +0,0 @@ -From dba68a9d4df76d49d32245e4236713a43fb321da Mon Sep 17 00:00:00 2001 -From: Masahiro Yamada <masahiroy@kernel.org> -Date: Sun, 29 Mar 2020 20:08:32 +0900 -Subject: gcc-plugins: drop support for GCC <= 4.7 - -Nobody was opposed to raising minimum GCC version to 4.8 [1] -So, we will drop GCC <= 4.7 support sooner or later. - -We always use C++ compiler for building plugins for GCC >= 4.8. - -This commit drops the plugin support for GCC <= 4.7 a bit earlier, -which allows us to dump lots of code. - -[1] https://lkml.org/lkml/2020/1/23/545 - -Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> -Acked-by: Kees Cook <keescook@chromium.org> ---- - scripts/Kconfig.include | 3 --- - scripts/Makefile.build | 2 +- - scripts/Makefile.clean | 1 - - scripts/Makefile.host | 23 +----------------- - scripts/gcc-plugin.sh | 55 ++++---------------------------------------- - scripts/gcc-plugins/Kconfig | 12 ++-------- - scripts/gcc-plugins/Makefile | 21 +++++------------ - 7 files changed, 14 insertions(+), 103 deletions(-) - -diff --git a/scripts/Kconfig.include b/scripts/Kconfig.include -index 496d11c92c97..033f6efd92d3 100644 ---- a/scripts/Kconfig.include -+++ b/scripts/Kconfig.include -@@ -42,9 +42,6 @@ $(error-if,$(failure,command -v $(LD)),linker '$(LD)' not found) - # Fail if the linker is gold as it's not capable of linking the kernel proper - $(error-if,$(success, $(LD) -v | grep -q gold), gold linker '$(LD)' not supported) - --# gcc version including patch level --gcc-version := $(shell,$(srctree)/scripts/gcc-version.sh $(CC)) -- - # machine bit flags - # $(m32-flag): -m32 if the compiler supports it, or an empty string otherwise. - # $(m64-flag): -m64 if the compiler supports it, or an empty string otherwise. -diff --git a/scripts/Makefile.build b/scripts/Makefile.build -index a1730d42e5f3..eec789d7a63a 100644 ---- a/scripts/Makefile.build -+++ b/scripts/Makefile.build -@@ -46,7 +46,7 @@ include $(kbuild-file) - include scripts/Makefile.lib - - # Do not include host rules unless needed --ifneq ($(hostprogs)$(hostlibs-y)$(hostlibs-m)$(hostcxxlibs-y)$(hostcxxlibs-m),) -+ifneq ($(hostprogs)$(hostcxxlibs-y)$(hostcxxlibs-m),) - include scripts/Makefile.host - endif - -diff --git a/scripts/Makefile.clean b/scripts/Makefile.clean -index 1e4206566a82..075f0cc2d8d7 100644 ---- a/scripts/Makefile.clean -+++ b/scripts/Makefile.clean -@@ -30,7 +30,6 @@ subdir-ymn := $(addprefix $(obj)/,$(subdir-ymn)) - __clean-files := $(extra-y) $(extra-m) $(extra-) \ - $(always) $(always-y) $(always-m) $(always-) $(targets) $(clean-files) \ - $(hostprogs) $(hostprogs-y) $(hostprogs-m) $(hostprogs-) \ -- $(hostlibs-y) $(hostlibs-m) $(hostlibs-) \ - $(hostcxxlibs-y) $(hostcxxlibs-m) - - __clean-files := $(filter-out $(no-clean-files), $(__clean-files)) -diff --git a/scripts/Makefile.host b/scripts/Makefile.host -index 3b7121d43324..2045855d0b75 100644 ---- a/scripts/Makefile.host -+++ b/scripts/Makefile.host -@@ -39,7 +39,6 @@ $(obj)/%.tab.c $(obj)/%.tab.h: $(src)/%.y FORCE - # They are linked as C++ code to the executable qconf - - __hostprogs := $(sort $(hostprogs)) --host-cshlib := $(sort $(hostlibs-y) $(hostlibs-m)) - host-cxxshlib := $(sort $(hostcxxlibs-y) $(hostcxxlibs-m)) - - # C code -@@ -63,7 +62,6 @@ host-cxxmulti := $(foreach m,$(__hostprogs),$(if $($(m)-cxxobjs),$(m))) - host-cxxobjs := $(sort $(foreach m,$(host-cxxmulti),$($(m)-cxxobjs))) - - # Object (.o) files used by the shared libaries --host-cshobjs := $(sort $(foreach m,$(host-cshlib),$($(m:.so=-objs)))) - host-cxxshobjs := $(sort $(foreach m,$(host-cxxshlib),$($(m:.so=-objs)))) - - host-csingle := $(addprefix $(obj)/,$(host-csingle)) -@@ -71,9 +69,7 @@ host-cmulti := $(addprefix $(obj)/,$(host-cmulti)) - host-cobjs := $(addprefix $(obj)/,$(host-cobjs)) - host-cxxmulti := $(addprefix $(obj)/,$(host-cxxmulti)) - host-cxxobjs := $(addprefix $(obj)/,$(host-cxxobjs)) --host-cshlib := $(addprefix $(obj)/,$(host-cshlib)) - host-cxxshlib := $(addprefix $(obj)/,$(host-cxxshlib)) --host-cshobjs := $(addprefix $(obj)/,$(host-cshobjs)) - host-cxxshobjs := $(addprefix $(obj)/,$(host-cxxshobjs)) - - ##### -@@ -140,13 +136,6 @@ quiet_cmd_host-cxxobjs = HOSTCXX $@ - $(host-cxxobjs): $(obj)/%.o: $(src)/%.cc FORCE - $(call if_changed_dep,host-cxxobjs) - --# Compile .c file, create position independent .o file --# host-cshobjs -> .o --quiet_cmd_host-cshobjs = HOSTCC -fPIC $@ -- cmd_host-cshobjs = $(HOSTCC) $(hostc_flags) -fPIC -c -o $@ $< --$(host-cshobjs): $(obj)/%.o: $(src)/%.c FORCE -- $(call if_changed_dep,host-cshobjs) -- - # Compile .c file, create position independent .o file - # Note that plugin capable gcc versions can be either C or C++ based - # therefore plugin source files have to be compilable in both C and C++ mode. -@@ -157,16 +146,6 @@ quiet_cmd_host-cxxshobjs = HOSTCXX -fPIC $@ - $(host-cxxshobjs): $(obj)/%.o: $(src)/%.c FORCE - $(call if_changed_dep,host-cxxshobjs) - --# Link a shared library, based on position independent .o files --# *.o -> .so shared library (host-cshlib) --quiet_cmd_host-cshlib = HOSTLLD -shared $@ -- cmd_host-cshlib = $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -shared -o $@ \ -- $(addprefix $(obj)/, $($(target-stem)-objs)) \ -- $(KBUILD_HOSTLDLIBS) $(HOSTLDLIBS_$(target-stem).so) --$(host-cshlib): FORCE -- $(call if_changed,host-cshlib) --$(call multi_depend, $(host-cshlib), .so, -objs) -- - # Link a shared library, based on position independent .o files - # *.o -> .so shared library (host-cxxshlib) - quiet_cmd_host-cxxshlib = HOSTLLD -shared $@ -@@ -178,4 +157,4 @@ $(host-cxxshlib): FORCE - $(call multi_depend, $(host-cxxshlib), .so, -objs) - - targets += $(host-csingle) $(host-cmulti) $(host-cobjs)\ -- $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) $(host-cxxshlib) $(host-cxxshobjs) -+ $(host-cxxmulti) $(host-cxxobjs) $(host-cxxshlib) $(host-cxxshobjs) -diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh -index d3caefe53eab..b79fd0bea838 100755 ---- a/scripts/gcc-plugin.sh -+++ b/scripts/gcc-plugin.sh -@@ -1,49 +1,14 @@ - #!/bin/sh - # SPDX-License-Identifier: GPL-2.0 --srctree=$(dirname "$0") -- --SHOW_ERROR= --if [ "$1" = "--show-error" ] ; then -- SHOW_ERROR=1 -- shift || true --fi -- --gccplugins_dir=$($3 -print-file-name=plugin) --plugincc=$($1 -E -x c++ - -o /dev/null -I"${srctree}"/gcc-plugins -I"${gccplugins_dir}"/include 2>&1 <<EOF --#include "gcc-common.h" --#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX) --#warning $2 CXX --#else --#warning $1 CC --#endif --EOF --) - --if [ $? -ne 0 ] --then -- if [ -n "$SHOW_ERROR" ] ; then -- echo "${plugincc}" >&2 -- fi -- exit 1 --fi -+set -e - --case "$plugincc" in -- *"$1 CC"*) -- echo "$1" -- exit 0 -- ;; -- -- *"$2 CXX"*) -- # the c++ compiler needs another test, see below -- ;; -+srctree=$(dirname "$0") - -- *) -- exit 1 -- ;; --esac -+gccplugins_dir=$($* -print-file-name=plugin) - - # we need a c++ compiler that supports the designated initializer GNU extension --plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I"${srctree}"/gcc-plugins -I"${gccplugins_dir}"/include 2>&1 <<EOF -+$HOSTCC -c -x c++ -std=gnu++98 - -fsyntax-only -I $srctree/gcc-plugins -I $gccplugins_dir/include 2>/dev/null <<EOF - #include "gcc-common.h" - class test { - public: -@@ -52,15 +17,3 @@ public: - .test = 1 - }; - EOF --) -- --if [ $? -eq 0 ] --then -- echo "$2" -- exit 0 --fi -- --if [ -n "$SHOW_ERROR" ] ; then -- echo "${plugincc}" >&2 --fi --exit 1 -diff --git a/scripts/gcc-plugins/Kconfig b/scripts/gcc-plugins/Kconfig -index e3569543bdac..fd31ed5b435f 100644 ---- a/scripts/gcc-plugins/Kconfig -+++ b/scripts/gcc-plugins/Kconfig -@@ -1,13 +1,4 @@ - # SPDX-License-Identifier: GPL-2.0-only --preferred-plugin-hostcc := $(if-success,[ $(gcc-version) -ge 40800 ],$(HOSTCXX),$(HOSTCC)) -- --config PLUGIN_HOSTCC -- string -- default "$(shell,$(srctree)/scripts/gcc-plugin.sh "$(preferred-plugin-hostcc)" "$(HOSTCXX)" "$(CC)")" if CC_IS_GCC -- help -- Host compiler used to build GCC plugins. This can be $(HOSTCXX), -- $(HOSTCC), or a null string if GCC plugin is unsupported. -- - config HAVE_GCC_PLUGINS - bool - help -@@ -17,7 +8,8 @@ config HAVE_GCC_PLUGINS - menuconfig GCC_PLUGINS - bool "GCC plugins" - depends on HAVE_GCC_PLUGINS -- depends on PLUGIN_HOSTCC != "" -+ depends on CC_IS_GCC && GCC_VERSION >= 40800 -+ depends on $(success,$(srctree)/scripts/gcc-plugin.sh $(CC)) - default y - help - GCC plugins are loadable modules that provide extra features to the -diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile -index f2ee8bd7abc6..f22858b2c3d6 100644 ---- a/scripts/gcc-plugins/Makefile -+++ b/scripts/gcc-plugins/Makefile -@@ -1,18 +1,9 @@ - # SPDX-License-Identifier: GPL-2.0 --PLUGINCC := $(CONFIG_PLUGIN_HOSTCC:"%"=%) - GCC_PLUGINS_DIR := $(shell $(CC) -print-file-name=plugin) - --ifeq ($(PLUGINCC),$(HOSTCC)) -- HOSTLIBS := hostlibs -- HOST_EXTRACFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu99 -ggdb -- export HOST_EXTRACFLAGS --else -- HOSTLIBS := hostcxxlibs -- HOST_EXTRACXXFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu++98 -fno-rtti -- HOST_EXTRACXXFLAGS += -fno-exceptions -fasynchronous-unwind-tables -ggdb -- HOST_EXTRACXXFLAGS += -Wno-narrowing -Wno-unused-variable -- export HOST_EXTRACXXFLAGS --endif -+HOST_EXTRACXXFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu++98 -fno-rtti -+HOST_EXTRACXXFLAGS += -fno-exceptions -fasynchronous-unwind-tables -ggdb -+HOST_EXTRACXXFLAGS += -Wno-narrowing -Wno-unused-variable -Wno-c++11-compat - - $(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h - quiet_cmd_create_randomize_layout_seed = GENSEED $@ -@@ -22,9 +13,9 @@ $(objtree)/$(obj)/randomize_layout_seed.h: FORCE - $(call if_changed,create_randomize_layout_seed) - targets = randomize_layout_seed.h randomize_layout_hash.h - --$(HOSTLIBS)-y := $(foreach p,$(GCC_PLUGIN),$(if $(findstring /,$(p)),,$(p))) --always-y := $($(HOSTLIBS)-y) -+hostcxxlibs-y := $(foreach p,$(GCC_PLUGIN),$(if $(findstring /,$(p)),,$(p))) -+always-y := $(hostcxxlibs-y) - --$(foreach p,$($(HOSTLIBS)-y:%.so=%),$(eval $(p)-objs := $(p).o)) -+$(foreach p,$(hostcxxlibs-y:%.so=%),$(eval $(p)-objs := $(p).o)) - - clean-files += *.so --- -cgit v1.2.3-1-gf6bb5 - diff --git a/0003-gcc-common.h-Update-for-GCC-10.patch b/0003-gcc-common.h-Update-for-GCC-10.patch deleted file mode 100644 index ec4fc15..0000000 --- a/0003-gcc-common.h-Update-for-GCC-10.patch +++ /dev/null @@ -1,86 +0,0 @@ -From 41e53fdbbf5121960fd44427c2ae7536d8fdd701 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Pierret=20=28fepitre=29?= - <frederic.pierret@qubes-os.org> -Date: Tue, 7 Apr 2020 13:32:59 +0200 -Subject: gcc-common.h: Update for GCC 10 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Remove "params.h" include, which has been dropped in GCC 10. - -Remove is_a_helper() macro, which is now defined in gimple.h, as seen -when running './scripts/gcc-plugin.sh g++ g++ gcc': - -In file included from <stdin>:1: -./gcc-plugins/gcc-common.h:852:13: error: redefinition of ‘static bool is_a_helper<T>::test(U*) [with U = const gimple; T = const ggoto*]’ - 852 | inline bool is_a_helper<const ggoto *>::test(const_gimple gs) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~ -In file included from ./gcc-plugins/gcc-common.h:125, - from <stdin>:1: -/usr/lib/gcc/x86_64-redhat-linux/10/plugin/include/gimple.h:1037:1: note: ‘static bool is_a_helper<T>::test(U*) [with U = const gimple; T = const ggoto*]’ previously declared here - 1037 | is_a_helper <const ggoto *>::test (const gimple *gs) - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Add -Wno-format-diag to scripts/gcc-plugins/Makefile to avoid -meaningless warnings from error() formats used by plugins: - -scripts/gcc-plugins/structleak_plugin.c: In function ‘int plugin_init(plugin_name_args*, plugin_gcc_version*)’: -scripts/gcc-plugins/structleak_plugin.c:253:12: warning: unquoted sequence of 2 consecutive punctuation characters ‘'-’ in format [-Wformat-diag] - 253 | error(G_("unknown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); - | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Signed-off-by: Frédéric Pierret (fepitre) <frederic.pierret@qubes-os.org> -Link: https://lore.kernel.org/r/20200407113259.270172-1-frederic.pierret@qubes-os.org -[kees: include -Wno-format-diag for plugin builds] -Signed-off-by: Kees Cook <keescook@chromium.org> ---- - scripts/gcc-plugins/Makefile | 1 + - scripts/gcc-plugins/gcc-common.h | 4 ++++ - 2 files changed, 5 insertions(+) - -diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile -index f22858b2c3d6..80f354289eeb 100644 ---- a/scripts/gcc-plugins/Makefile -+++ b/scripts/gcc-plugins/Makefile -@@ -4,6 +4,7 @@ GCC_PLUGINS_DIR := $(shell $(CC) -print-file-name=plugin) - HOST_EXTRACXXFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu++98 -fno-rtti - HOST_EXTRACXXFLAGS += -fno-exceptions -fasynchronous-unwind-tables -ggdb - HOST_EXTRACXXFLAGS += -Wno-narrowing -Wno-unused-variable -Wno-c++11-compat -+HOST_EXTRACXXFLAGS += -Wno-format-diag - - $(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h - quiet_cmd_create_randomize_layout_seed = GENSEED $@ -diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h -index 17f06079a712..9ad76b7f3f10 100644 ---- a/scripts/gcc-plugins/gcc-common.h -+++ b/scripts/gcc-plugins/gcc-common.h -@@ -35,7 +35,9 @@ - #include "ggc.h" - #include "timevar.h" - -+#if BUILDING_GCC_VERSION < 10000 - #include "params.h" -+#endif - - #if BUILDING_GCC_VERSION <= 4009 - #include "pointer-set.h" -@@ -847,6 +849,7 @@ static inline gimple gimple_build_assign_with_ops(enum tree_code subcode, tree l - return gimple_build_assign(lhs, subcode, op1, op2 PASS_MEM_STAT); - } - -+#if BUILDING_GCC_VERSION < 10000 - template <> - template <> - inline bool is_a_helper<const ggoto *>::test(const_gimple gs) -@@ -860,6 +863,7 @@ inline bool is_a_helper<const greturn *>::test(const_gimple gs) - { - return gs->code == GIMPLE_RETURN; - } -+#endif - - static inline gasm *as_a_gasm(gimple stmt) - { --- -cgit v1.2.3-1-gf6bb5 - diff --git a/0004-Makefile-disallow-data-races-on-gcc-10-as-well.patch b/0004-Makefile-disallow-data-races-on-gcc-10-as-well.patch deleted file mode 100644 index 26537e4..0000000 --- a/0004-Makefile-disallow-data-races-on-gcc-10-as-well.patch +++ /dev/null @@ -1,32 +0,0 @@ -From af805f5f1d2e61dd2cf907d9635f0abc66fe1197 Mon Sep 17 00:00:00 2001 -From: Sergei Trofimovich <slyfox@gentoo.org> -Date: Tue, 17 Mar 2020 00:07:18 +0000 -Subject: Makefile: disallow data races on gcc-10 as well - -gcc-10 will rename --param=allow-store-data-races=0 -to -fno-allow-store-data-races. - -The flag change happened at https://gcc.gnu.org/PR92046. - -Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> -Acked-by: Jiri Kosina <jkosina@suse.cz> -Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> ---- - Makefile | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Makefile b/Makefile -index 5dedd6f9ad75..6899bfc9dc7b 100644 ---- a/Makefile -+++ b/Makefile -@@ -714,6 +714,7 @@ endif - - # Tell gcc to never replace conditional load with a non-conditional one - KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) -+KBUILD_CFLAGS += $(call cc-option,-fno-allow-store-data-races) - - include scripts/Makefile.kcov - include scripts/Makefile.gcc-plugins --- -cgit v1.2.3-1-gf6bb5 - diff --git a/0005-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch b/0005-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch deleted file mode 100644 index 140111c..0000000 --- a/0005-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 309b6eca2e2605accf7a3b02b47b5c2732dbe543 Mon Sep 17 00:00:00 2001 -From: Borislav Petkov <bp@suse.de> -Date: Wed, 22 Apr 2020 18:11:30 +0200 -Subject: x86: Fix early boot crash on gcc-10, next try -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -... or the odyssey of trying to disable the stack protector for the -function which generates the stack canary value. - -The whole story started with Sergei reporting a boot crash with a kernel -built with gcc-10: - - Kernel panic — not syncing: stack-protector: Kernel stack is corrupted in: start_secondary - CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.6.0-rc5—00235—gfffb08b37df9 #139 - Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./H77M—D3H, BIOS F12 11/14/2013 - Call Trace: - dump_stack - panic - ? start_secondary - __stack_chk_fail - start_secondary - secondary_startup_64 - -—-[ end Kernel panic — not syncing: stack—protector: Kernel stack is corrupted in: start_secondary - -This happens because gcc-10 tail-call optimizes the last function call -in start_secondary() - cpu_startup_entry() - and thus emits a stack -canary check which fails because the canary value changes after the -boot_init_stack_canary() call. - -To fix that, the initial attempt was to mark the one function which -generates the stack canary with: - - __attribute__((optimize("-fno-stack-protector"))) ... start_secondary(void *unused) - -however, using the optimize attribute doesn't work cumulatively -as the attribute does not add to but rather replaces previously -supplied optimization options - roughly all -fxxx options. - -The key one among them being -fno-omit-frame-pointer and thus leading to -not present frame pointer - frame pointer which the kernel needs. - -The next attempt to prevent compilers from tail-call optimizing -the last function call cpu_startup_entry(), shy of carving out -start_secondary() into a separate compilation unit and building it with --fno-stack-protector, is this one. - -The current solution is short and sweet, and reportedly, is supported by -both compilers so let's see how far we'll get this time. - -Reported-by: Sergei Trofimovich <slyfox@gentoo.org> -Signed-off-by: Borislav Petkov <bp@suse.de> -Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> -Reviewed-by: Kees Cook <keescook@chromium.org> -Link: https://lkml.kernel.org/r/20200314164451.346497-1-slyfox@gentoo.org ---- - arch/x86/include/asm/stackprotector.h | 7 ++++++- - arch/x86/kernel/smpboot.c | 8 ++++++++ - arch/x86/xen/smp_pv.c | 1 + - include/linux/compiler.h | 6 ++++++ - 4 files changed, 21 insertions(+), 1 deletion(-) - -diff --git a/arch/x86/include/asm/stackprotector.h b/arch/x86/include/asm/stackprotector.h -index 91e29b6a86a5..9804a7957f4e 100644 ---- a/arch/x86/include/asm/stackprotector.h -+++ b/arch/x86/include/asm/stackprotector.h -@@ -55,8 +55,13 @@ - /* - * Initialize the stackprotector canary value. - * -- * NOTE: this must only be called from functions that never return, -+ * NOTE: this must only be called from functions that never return - * and it must always be inlined. -+ * -+ * In addition, it should be called from a compilation unit for which -+ * stack protector is disabled. Alternatively, the caller should not end -+ * with a function call which gets tail-call optimized as that would -+ * lead to checking a modified canary value. - */ - static __always_inline void boot_init_stack_canary(void) - { -diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 69881b2d446c..9674321ce3a3 100644 ---- a/arch/x86/kernel/smpboot.c -+++ b/arch/x86/kernel/smpboot.c -@@ -262,6 +262,14 @@ static void notrace start_secondary(void *unused) - - wmb(); - cpu_startup_entry(CPUHP_AP_ONLINE_IDLE); -+ -+ /* -+ * Prevent tail call to cpu_startup_entry() because the stack protector -+ * guard has been changed a couple of function calls up, in -+ * boot_init_stack_canary() and must not be checked before tail calling -+ * another function. -+ */ -+ prevent_tail_call_optimization(); - } - - /** -diff --git a/arch/x86/xen/smp_pv.c b/arch/x86/xen/smp_pv.c -index 802ee5bba66c..0cebe5db691d 100644 ---- a/arch/x86/xen/smp_pv.c -+++ b/arch/x86/xen/smp_pv.c -@@ -92,6 +92,7 @@ asmlinkage __visible void cpu_bringup_and_idle(void) - cpu_bringup(); - boot_init_stack_canary(); - cpu_startup_entry(CPUHP_AP_ONLINE_IDLE); -+ prevent_tail_call_optimization(); - } - - void xen_smp_intr_free_pv(unsigned int cpu) -diff --git a/include/linux/compiler.h b/include/linux/compiler.h -index 034b0a644efc..732754d96039 100644 ---- a/include/linux/compiler.h -+++ b/include/linux/compiler.h -@@ -356,4 +356,10 @@ static inline void *offset_to_ptr(const int *off) - /* &a[0] degrades to a pointer: a different type from an array */ - #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) - -+/* -+ * This is needed in functions which generate the stack canary, see -+ * arch/x86/kernel/smpboot.c::start_secondary() for an example. -+ */ -+#define prevent_tail_call_optimization() asm("") -+ - #endif /* __LINUX_COMPILER_H */ --- -cgit v1.2.3-1-gf6bb5 - @@ -19,11 +19,11 @@ _pkgbase=linux-hardened pkgbase=linux-libre-hardened _supver=5 _majver=6 -_minver=13 -_hardenedver=a -_gccpatchver='20191217' -_gccpatchger='9.1' -_gccpatchker='5.5' +_minver=15 +_hardenedver=b +_gccpatchver='20200527' +_gccpatchger='10.1' +_gccpatchker='5.6' if [ "$_minver" == "0" ]; then _pkgver=${_supver}.${_majver} else @@ -48,10 +48,6 @@ _gnupkgver=${_pkgver}-gnu source=( https://linux-libre.fsfla.org/pub/linux-libre/releases/${_gnumajver}/linux-libre-${_gnumajver}.tar.xz{,.sign} https://github.com/anthraxx/${_pkgbase}/releases/download/${pkgver}/${_pkgbase}-${pkgver}.patch{,.sig} - 0002-gcc-plugins-drop-support-for-GCC-47.patch - 0003-gcc-common.h-Update-for-GCC-10.patch - 0004-Makefile-disallow-data-races-on-gcc-10-as-well.patch - 0005-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch graysky_bdver2-hotfix.patch kernel_gcc_patch-${_gccpatchver}.tar.gz::https://github.com/graysky2/kernel_gcc_patch/archive/${_gccpatchver}.tar.gz ath9k-regdom-hack.patch @@ -68,19 +64,15 @@ validpgpkeys=( ) b2sums=('921a3836ffbd5ababb897b8d923ab3e97c10c39b8d01060fe41742005f8111b5c2c9e76c9b7bcf4fe59a056454a364eca5df8006ca8a174205df152007e18dff' 'SKIP' - '5b6225392ab4013dd9d048cd774197fb5a8cab6bcd595054c1ceaa11503e678e18651a4b415f2f64f65a9328393130f4f1833cace841df8c7c2ee1000af1132a' + 'd17fb26b7c99d329d2b8c2980e23528f3abf0ac3930f255172778c697bd5623e93c780c23d35b2c9d701da106a5fa9b874fbbd715b64fb189d26b83615dea7b8' 'SKIP' - 'bb02c251158116f98241f7de95339fb3ffee4748171c89bb5ef666ec28676c4a36fe6ff5d93d315b451aac4cb56343c435cdd46d3249d09e2a8cba47bba594eb' - 'e59aa4ed958bad23f84d1cfb567d97090ca1a4f442c52297786035db89823eac3fc603035304d9466db87b62664b3c444c2749019eb963e0cbc8752d78fc684f' - '0c0115ef2ef1f7b82f6de806b940dca7ef09a99ab872d589996e88dee76ce9946352ab4ef895fc7dfd73cc58a3dac343a426d086bd33d27163fdbf7fdf406021' - '0afcb581c316e94575cde01a320fd165a5bb1e9b0ddda1a9c7eeb132d66395c2544108607495bb35d79a6d56a7f58abb639c2a4b0d21fe1d0d5b6ed8c64adde9' '1892bd22775eac3bcc4d37f4fd30c95346bf3a0888cbbff57fd614973b525390dff2e315ce35b2e498523cceaab94ff21a80475dee8df3de4dd8fc0fab07d74e' - 'd76bd0bf237ea2bb7999fd3715cb664d89148cb0ade8057d57cdb40bc0a7954336e50ee077312e5e192398b0f35f055786deb98af9130d57e60f2ea040fbb66f' + 'c8a52c056ecaeba55bee0b17c6a264d460792694e883b5654b8c1694b376a25be4aff1e6b86b5e3486c6e3adfc2062f805e91a9cac1156d0104d7e781028bec6' '2e58bb89b247b1678355368956e67c1de51fcde97a227b2162f6771e30f17fa5520faafe7be4b6816a542e7ae10d05f64c6b6354f352c12746d4b8da632936dd' 'fde132f3705d908e6f2147c78a2193289916d72304ca5efa2229d79fc3e57a857314ce94e71425caef2f7f7b6cf87f05ef86335dc8bd4be78e7035afe608005a' - '26722fd089d161b50702718cd5e6a85a8aac971ef3af3168b6854bfc450e7cfb58307956d7f73ed051a74a3e09ee6e91979bcf911d68885d4e604e36c90eecd2' + 'be6ce87746752a05eec4c8b62453ebbb5be304ea92e76b8f33f6dd2610bd5dc11adc4b9458784fb4ff712e7c17b3c4dd0751d54f07e6f23caccacb685f3496b6' 'b4e1377d97ad7e8144d6e55b6d43731e3271a5aec65b65ca6d81026a95f15f549b9303fb3c6f492099ca691e3f65f4cf7f0c3aa742df03b396d7f6d81813aa95' - 'b6b50376d15867f42c0e071e103739c370092ea762d618c41874bb35d1c6c975235e24f119aaecf88715637fba361458d69caad6a13f0ff11ba6d3fb7f41aec4' + '118e75887377a60634591e4aced718f9098ba57df5e517ac1b20725b5423f7e0a5d8f04b51ba6bfb080c2739721d7795f342df125ca514d0dc5d850223b09757' 'SKIP') export KBUILD_BUILD_HOST=$pkgbase @@ -99,10 +91,6 @@ prepare() { # Hotfixes echo "Applying hotfixes" - patch -p1 -i ../0002-gcc-plugins-drop-support-for-GCC-47.patch - patch -p1 -i ../0003-gcc-common.h-Update-for-GCC-10.patch - patch -p1 -i ../0004-Makefile-disallow-data-races-on-gcc-10-as-well.patch - patch -p1 -i ../0005-x86-Fix-early-boot-crash-on-gcc-10-next-try.patch patch -p1 -i ../sphinx-workaround.patch @@ -4,15 +4,14 @@ # # -# Compiler: gcc (GCC) 9.3.0 +# Compiler: gcc (GCC) 10.1.0 # CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=90300 +CONFIG_GCC_VERSION=100100 CONFIG_CLANG_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_HAS_ASM_GOTO=y CONFIG_CC_HAS_ASM_INLINE=y -CONFIG_CC_HAS_WARN_MAYBE_UNINITIALIZED=y CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_TABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y @@ -985,6 +984,7 @@ CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y CONFIG_QUEUED_SPINLOCKS=y CONFIG_ARCH_USE_QUEUED_RWLOCKS=y CONFIG_QUEUED_RWLOCKS=y +CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y CONFIG_FREEZER=y |