From patchwork Mon May 8 17:57:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Axtens X-Patchwork-Id: 759739 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3wM9HT1yYyz9s2Q for ; Tue, 9 May 2017 03:59:17 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.b="qsumg6+m"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 3wM9HT0jBgzDqK7 for ; Tue, 9 May 2017 03:59:17 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.b="qsumg6+m"; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Received: from mail-qt0-x242.google.com (mail-qt0-x242.google.com [IPv6:2607:f8b0:400d:c0d::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3wM9FM3mhnzDqHV for ; Tue, 9 May 2017 03:57:26 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.b="qsumg6+m"; dkim-atps=neutral Received: by mail-qt0-x242.google.com with SMTP id a46so10563832qte.0 for ; Mon, 08 May 2017 10:57:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axtens.net; s=google; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version; bh=9P18+lcdnY8x13s4TLPPXZQhzmtm3GVUZtzRxgPir9A=; b=qsumg6+mo4wD4lCuOe0DzhSTnGN0vDqcxe4IXt8RCGuTCHeg8DrebFEu5QNV+2izYq W7BzYTSWIo+6lgBKlrRUXabOOY8LMyZCrIK/zgxEHFt3aEXd8vOCJgXYv6ZyEesilaeM qrJjMVnUyScYjkRLMu/l3v3WMEu/q6zy81e0c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=9P18+lcdnY8x13s4TLPPXZQhzmtm3GVUZtzRxgPir9A=; b=i3Z3IqbC+idBY/AP3Ot5hMI0Oxk2r6B87YJFxxI48QPjukhTQuFwldFwnNL/4gvlK7 nie/i6Ws+VBHakFgWoJKiYuibfyMuvDs4OhHu9Cvm6w9GGQQWjDGri+oxMrhJbC8G6js 6dVDk5i3xKeRDl9RafoRrfEZiH9mK8/73GMfn/XPyvcEYTG3AsxPKZp0Lhty3MREu6sf w25gGIoJ9qRS/URJVR3BtgbqpaeiI9Ii1MSYJmnBxzsQnLYO0UKaViQHO25+LgtTPZEy a34ySM5du+h6BGJpzZBh9BE+8mofY1qWGP7/HKxxCUUp/32+1If+8Xbbc6CfIWeO6Uzf 2TEA== X-Gm-Message-State: AN3rC/6et3mPB2vrvY4dhmWHhDtpQPaaiqW83QTOfTxzvfhAl3QW8InP 8OMhQjhFi0cXTg== X-Received: by 10.237.54.193 with SMTP id f59mr27692962qtb.63.1494266242755; Mon, 08 May 2017 10:57:22 -0700 (PDT) Received: from localhost ([200.73.8.66]) by smtp.gmail.com with ESMTPSA id k65sm9691104qkf.18.2017.05.08.10.57.21 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 08 May 2017 10:57:22 -0700 (PDT) From: Daniel Axtens To: Daniel Micay , Kees Cook , kernel-hardening@lists.openwall.com, linuxppc-dev@lists.ozlabs.org Subject: Re: [kernel-hardening] [PATCH] add the option of fortified string.h functions In-Reply-To: <20170504142435.10175-1-danielmicay@gmail.com> References: <20170504142435.10175-1-danielmicay@gmail.com> Date: Tue, 09 May 2017 03:57:20 +1000 Message-ID: <87pofjqlj3.fsf@possimpible.ozlabs.ibm.com> MIME-Version: 1.0 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Daniel Micay , andrew.donnellan@au1.ibm.com Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" Hi Daniel and ppc people, (ppc people: this does some compile and run time bounds checking on string functions. It's cool - currently it picks up a lot of random things so it will require some more work across the tree, but hopefully it will eventually hit mainline.) I've tested this on ppc with pseries_le_defconfig. I needed a couple of the fixes from github (https://github.com/thestinger/linux-hardened/commits/4.11) in order to build, specifically https://github.com/thestinger/linux-hardened/commit/c65d6a6f309b06703584a23ac2b2bda4bb363143 https://github.com/thestinger/linux-hardened/commit/adcec4756574a8c7f7cb5b6fa51ebeaeeae71aae Once those were added, I needed to disable fortification in prom_init.c, as we apparently can't have new symbols there. (I don't understand that file so I haven't dug into it.) We also have problems with the feature fixup tests leading to a panic on boot. It relates to getting what I think are asm labels(?) and how we address them. I have just disabled fortify here for now; I think the code could be rewritten to take the labels as unsigned char *, but I haven't dug into it. With the following fixups, I can boot a LE buildroot initrd (per https://github.com/linuxppc/linux/wiki/Booting-with-Qemu). Sadly I don't have access to real hardware any more, so I can't say anything more than that. (ajd - perhaps relevant to your interests?) Regards, Daniel From 33db928b21e6bcb78f93b7883b423282d65af609 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Tue, 9 May 2017 03:15:05 +1000 Subject: [PATCH] powerpc fixes for fortify Signed-off-by: Daniel Axtens --- arch/powerpc/kernel/prom_init.c | 3 +++ arch/powerpc/lib/feature-fixups.c | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c index dd8a04f3053a..613f79f03877 100644 --- a/arch/powerpc/kernel/prom_init.c +++ b/arch/powerpc/kernel/prom_init.c @@ -15,6 +15,9 @@ #undef DEBUG_PROM +/* we cannot use FORTIFY as it brings in new symbols */ +#define __NO_FORTIFY + #include #include #include diff --git a/arch/powerpc/lib/feature-fixups.c b/arch/powerpc/lib/feature-fixups.c index f3917705c686..2eee8558df61 100644 --- a/arch/powerpc/lib/feature-fixups.c +++ b/arch/powerpc/lib/feature-fixups.c @@ -12,6 +12,12 @@ * 2 of the License, or (at your option) any later version. */ +/* + * feature fixup tests do memcmp with raw addresses rather than + * objects, which panics on boot with fortify on. TODO FIXME + */ +#define __NO_FORTIFY + #include #include #include