From: Russell King - ARM Linux <linux@armlinux.org.uk>
To: Tony Lindgren <tony@atomide.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>,
Rich Felker <dalias@libc.org>,
Yoshinori Sato <ysato@users.sourceforge.jp>,
linux-kernel@vger.kernel.org, Ralf Baechle <ralf@linux-mips.org>,
linux-omap@vger.kernel.org, Huacai Chen <chenhc@lemote.com>,
Andrew Morton <akpm@linux-foundation.org>,
James Hogan <james.hogan@mips.com>,
linux-arm-kernel@lists.infradead.org
Subject: Re: Regression with arm in next with stack protector
Date: Tue, 27 Mar 2018 12:34:53 +0100 [thread overview]
Message-ID: <20180327113453.GC10990@n2100.armlinux.org.uk> (raw)
In-Reply-To: <20180327090409.GA10990@n2100.armlinux.org.uk>
On Tue, Mar 27, 2018 at 10:04:10AM +0100, Russell King - ARM Linux wrote:
> On Fri, Mar 23, 2018 at 11:14:53AM -0700, Tony Lindgren wrote:
> > Hi,
> >
> > Looks like commit 5638790dadae ("zboot: fix stack protector in
> > compressed boot phase") breaks booting on arm.
> >
> > This is all I get from the bootloader on omap3:
> >
> > Starting kernel ...
> >
> > data abort
> > pc : [<810002d0>] lr : [<100110a8>]
> > reloc pc : [<9d6002d0>] lr : [<2c6110a8>]
> > sp : 81467c18 ip : 81466bf0 fp : 81466bf0
> > r10: 80fc2c40 r9 : 81000258 r8 : 86fec000
> > r7 : ffffffff r6 : 81466bf8 r5 : 00000000 r4 : 80008000
> > r3 : 81466c14 r2 : 81466c18 r1 : 000a0dff r0 : 00466bf8
> > Flags: nZCv IRQs off FIQs off Mode SVC_32
> > Resetting CPU ...
> >
> > resetting ...
>
> The reason for this is the following code that was introduced by the
> referenced patch:
>
> + ldr r0, =__stack_chk_guard
> + ldr r1, =0x000a0dff
> + str r1, [r0]
>
> This uses the absolute address of __stack_chk_guard in the decompressor,
> which is a self-relocatable image. As with all constructs like the
> above, this absolute address doesn't get fixed up, and so it ends up
> pointing at invalid memory (in this case 0x466bf8) vs RAM at 0x80000000,
> and the decompressor looks to be around 0x81000000.
>
> Such constructs can not be used in the decompressor for exactly this
> reason - they need to use PC-relative addressing instead just like
> everything else does in head.S.
Is there any reason we can't do this in misc.c:
const unsigned int __stack_chk_guard = 0x000a0dff;
? That would save having runtime code to set that value up, and after
all, it is constant. Arguments about it potentially ending up at a
fixed offset into the image need not be said - that's already the case
with placing it in the early assembly code, and as has been established,
it needs to be initialised prior to any C code being called.
--
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 8.8Mbps down 630kbps up
According to speedtest.net: 8.21Mbps down 510kbps up
WARNING: multiple messages have this Message-ID (diff)
From: linux@armlinux.org.uk (Russell King - ARM Linux)
To: linux-arm-kernel@lists.infradead.org
Subject: Regression with arm in next with stack protector
Date: Tue, 27 Mar 2018 12:34:53 +0100 [thread overview]
Message-ID: <20180327113453.GC10990@n2100.armlinux.org.uk> (raw)
In-Reply-To: <20180327090409.GA10990@n2100.armlinux.org.uk>
On Tue, Mar 27, 2018 at 10:04:10AM +0100, Russell King - ARM Linux wrote:
> On Fri, Mar 23, 2018 at 11:14:53AM -0700, Tony Lindgren wrote:
> > Hi,
> >
> > Looks like commit 5638790dadae ("zboot: fix stack protector in
> > compressed boot phase") breaks booting on arm.
> >
> > This is all I get from the bootloader on omap3:
> >
> > Starting kernel ...
> >
> > data abort
> > pc : [<810002d0>] lr : [<100110a8>]
> > reloc pc : [<9d6002d0>] lr : [<2c6110a8>]
> > sp : 81467c18 ip : 81466bf0 fp : 81466bf0
> > r10: 80fc2c40 r9 : 81000258 r8 : 86fec000
> > r7 : ffffffff r6 : 81466bf8 r5 : 00000000 r4 : 80008000
> > r3 : 81466c14 r2 : 81466c18 r1 : 000a0dff r0 : 00466bf8
> > Flags: nZCv IRQs off FIQs off Mode SVC_32
> > Resetting CPU ...
> >
> > resetting ...
>
> The reason for this is the following code that was introduced by the
> referenced patch:
>
> + ldr r0, =__stack_chk_guard
> + ldr r1, =0x000a0dff
> + str r1, [r0]
>
> This uses the absolute address of __stack_chk_guard in the decompressor,
> which is a self-relocatable image. As with all constructs like the
> above, this absolute address doesn't get fixed up, and so it ends up
> pointing at invalid memory (in this case 0x466bf8) vs RAM at 0x80000000,
> and the decompressor looks to be around 0x81000000.
>
> Such constructs can not be used in the decompressor for exactly this
> reason - they need to use PC-relative addressing instead just like
> everything else does in head.S.
Is there any reason we can't do this in misc.c:
const unsigned int __stack_chk_guard = 0x000a0dff;
? That would save having runtime code to set that value up, and after
all, it is constant. Arguments about it potentially ending up at a
fixed offset into the image need not be said - that's already the case
with placing it in the early assembly code, and as has been established,
it needs to be initialised prior to any C code being called.
--
RMK's Patch system: http://www.armlinux.org.uk/developer/patches/
FTTC broadband for 0.8mile line in suburbia: sync at 8.8Mbps down 630kbps up
According to speedtest.net: 8.21Mbps down 510kbps up
next prev parent reply other threads:[~2018-03-27 11:35 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-23 18:14 Regression with arm in next with stack protector Tony Lindgren
2018-03-23 18:14 ` Tony Lindgren
2018-03-23 18:45 ` Fabio Estevam
2018-03-23 18:45 ` Fabio Estevam
2018-03-23 19:15 ` Andrew Morton
2018-03-23 19:15 ` Andrew Morton
2018-03-23 22:31 ` Stephen Rothwell
2018-03-23 22:31 ` Stephen Rothwell
2018-03-26 6:57 ` 陈华才
2018-03-26 6:57 ` 陈华才
2018-03-26 6:57 ` 陈华才
2018-03-26 15:37 ` Tony Lindgren
2018-03-26 15:37 ` Tony Lindgren
2018-03-27 8:29 ` 陈华才
2018-03-27 8:29 ` 陈华才
2018-03-27 8:29 ` 陈华才
2018-03-27 9:04 ` Russell King - ARM Linux
2018-03-27 9:04 ` Russell King - ARM Linux
2018-03-27 9:11 ` Russell King - ARM Linux
2018-03-27 9:11 ` Russell King - ARM Linux
2018-03-27 11:34 ` Russell King - ARM Linux [this message]
2018-03-27 11:34 ` Russell King - ARM Linux
2018-03-27 15:36 ` Rich Felker
2018-03-27 15:36 ` Rich Felker
2018-03-27 15:35 ` Rich Felker
2018-03-27 15:35 ` Rich Felker
2018-03-27 17:20 ` Russell King - ARM Linux
2018-03-27 17:20 ` Russell King - ARM Linux
2018-03-27 17:27 ` Rich Felker
2018-03-27 17:27 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180327113453.GC10990@n2100.armlinux.org.uk \
--to=linux@armlinux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=chenhc@lemote.com \
--cc=dalias@libc.org \
--cc=james.hogan@mips.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-omap@vger.kernel.org \
--cc=ralf@linux-mips.org \
--cc=sfr@canb.auug.org.au \
--cc=tony@atomide.com \
--cc=ysato@users.sourceforge.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.