[PATCH] kernel: Activate FORTIFY_SOURCE for MIPS kernel 5.4

Hauke Mehrtens hauke at hauke-m.de
Wed Apr 7 23:23:37 BST 2021 

CONFIG_FORTIFY_SOURCE=y is already set in the generic kernel
configuration, but it is not working for MIPS on kernel 5.4, support for
MIPS was only added with kernel 5.5, other architectures like aarch64
support FORTIFY_SOURCE already since some time.

This patch adds support for FORTIFY_SOURCE to MIPS with kernel 5.4,
kernel 5.10 already supports this and needs no changes.

This backports one patch from kernel 5.5 and one fix from 5.8 to make
fortify source also work on our kernel 5.4.

The changes are not compatible with the
306-mips_mem_functions_performance.patch patch which was also removed
with kernel 5.10, probably because of the same problems. I think it is
not needed anyway as the compiler should automatically optimize the
calls to memset(), memcpy() and memmove() even when not explicitly
telling the compiler to use the build in variant.

Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---

I would like to backport this to 21.02 too.

 ...-Kconfig-Add-ARCH_HAS_FORTIFY_SOURCE.patch |  32 ++++++
 ...11-MIPS-Fix-exception-handler-memcpy.patch | 107 ++++++++++++++++++
 .../301-mips_image_cmdline_hack.patch         |   2 +-
 ...CPU_MIPS64-for-remaining-MIPS64-CPUs.patch |   2 +-
 .../300-mips_expose_boot_raw.patch            |   4 +-
 .../306-mips_mem_functions_performance.patch  | 106 -----------------
 6 files changed, 143 insertions(+), 110 deletions(-)
 create mode 100644 target/linux/generic/backport-5.4/310-mips-Kconfig-Add-ARCH_HAS_FORTIFY_SOURCE.patch
 create mode 100644 target/linux/generic/backport-5.4/311-MIPS-Fix-exception-handler-memcpy.patch
 delete mode 100644 target/linux/generic/pending-5.4/306-mips_mem_functions_performance.patch

diff --git a/target/linux/generic/backport-5.4/310-mips-Kconfig-Add-ARCH_HAS_FORTIFY_SOURCE.patch b/target/linux/generic/backport-5.4/310-mips-Kconfig-Add-ARCH_HAS_FORTIFY_SOURCE.patch
new file mode 100644
index 000000000000..e02f10354376
--- /dev/null
+++ b/target/linux/generic/backport-5.4/310-mips-Kconfig-Add-ARCH_HAS_FORTIFY_SOURCE.patch
@@ -0,0 +1,32 @@
+From a8d2bb0559b5fefa5173ff4e7496cc6250db2c8a Mon Sep 17 00:00:00 2001
+From: Dmitry Korotin <dkorotin at wavecomp.com>
+Date: Thu, 12 Sep 2019 22:53:45 +0000
+Subject: [PATCH] mips: Kconfig: Add ARCH_HAS_FORTIFY_SOURCE
+
+FORTIFY_SOURCE detects various overflows at compile and run time.
+(6974f0c4555e ("include/linux/string.h:
+add the option of fortified string.h functions)
+
+ARCH_HAS_FORTIFY_SOURCE means that the architecture can be built and
+run with CONFIG_FORTIFY_SOURCE.
+
+Since mips can be built and run with that flag,
+select ARCH_HAS_FORTIFY_SOURCE as default.
+
+Signed-off-by: Dmitry Korotin <dkorotin at wavecomp.com>
+Signed-off-by: Paul Burton <paul.burton at mips.com>
+Cc: linux-mips at vger.kernel.org
+---
+ arch/mips/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/mips/Kconfig
++++ b/arch/mips/Kconfig
+@@ -7,6 +7,7 @@ config MIPS
+ 	select ARCH_CLOCKSOURCE_DATA
+ 	select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
+ 	select ARCH_HAS_UBSAN_SANITIZE_ALL
++	select ARCH_HAS_FORTIFY_SOURCE
+ 	select ARCH_SUPPORTS_UPROBES
+ 	select ARCH_USE_BUILTIN_BSWAP
+ 	select ARCH_USE_CMPXCHG_LOCKREF if 64BIT
diff --git a/target/linux/generic/backport-5.4/311-MIPS-Fix-exception-handler-memcpy.patch b/target/linux/generic/backport-5.4/311-MIPS-Fix-exception-handler-memcpy.patch
new file mode 100644
index 000000000000..5a6725c7a072
--- /dev/null
+++ b/target/linux/generic/backport-5.4/311-MIPS-Fix-exception-handler-memcpy.patch
@@ -0,0 +1,107 @@
+From e01c91a360793298c9e1656a61faceff01487a43 Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sat, 23 May 2020 23:50:34 +0800
+Subject: [PATCH] MIPS: Fix exception handler memcpy()
+
+The exception handler subroutines are declared as a single char, but
+when copied to the required addresses the copy length is 0x80.
+
+When range checks are enabled for memcpy() this results in a build
+failure, with error messages such as:
+
+In file included from arch/mips/mti-malta/malta-init.c:15:
+In function 'memcpy',
+    inlined from 'mips_nmi_setup' at arch/mips/mti-malta/malta-init.c:98:2:
+include/linux/string.h:376:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter
+  376 |    __read_overflow2();
+      |    ^~~~~~~~~~~~~~~~~~
+
+Change the declarations to use type char[].
+
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+Signed-off-by: YunQiang Su <syq at debian.org>
+Signed-off-by: Thomas Bogendoerfer <tsbogend at alpha.franken.de>
+---
+ arch/mips/loongson64/common/init.c | 4 ++--
+ arch/mips/mti-malta/malta-init.c   | 8 ++++----
+ arch/mips/pistachio/init.c         | 8 ++++----
+ 3 files changed, 10 insertions(+), 10 deletions(-)
+
+--- a/arch/mips/loongson64/common/init.c
++++ b/arch/mips/loongson64/common/init.c
+@@ -18,10 +18,10 @@ unsigned long __maybe_unused _loongson_a
+ static void __init mips_nmi_setup(void)
+ {
+ 	void *base;
+-	extern char except_vec_nmi;
++	extern char except_vec_nmi[];
+ 
+ 	base = (void *)(CAC_BASE + 0x380);
+-	memcpy(base, &except_vec_nmi, 0x80);
++	memcpy(base, except_vec_nmi, 0x80);
+ 	flush_icache_range((unsigned long)base, (unsigned long)base + 0x80);
+ }
+ 
+--- a/arch/mips/mti-malta/malta-init.c
++++ b/arch/mips/mti-malta/malta-init.c
+@@ -90,24 +90,24 @@ static void __init console_config(void)
+ static void __init mips_nmi_setup(void)
+ {
+ 	void *base;
+-	extern char except_vec_nmi;
++	extern char except_vec_nmi[];
+ 
+ 	base = cpu_has_veic ?
+ 		(void *)(CAC_BASE + 0xa80) :
+ 		(void *)(CAC_BASE + 0x380);
+-	memcpy(base, &except_vec_nmi, 0x80);
++	memcpy(base, except_vec_nmi, 0x80);
+ 	flush_icache_range((unsigned long)base, (unsigned long)base + 0x80);
+ }
+ 
+ static void __init mips_ejtag_setup(void)
+ {
+ 	void *base;
+-	extern char except_vec_ejtag_debug;
++	extern char except_vec_ejtag_debug[];
+ 
+ 	base = cpu_has_veic ?
+ 		(void *)(CAC_BASE + 0xa00) :
+ 		(void *)(CAC_BASE + 0x300);
+-	memcpy(base, &except_vec_ejtag_debug, 0x80);
++	memcpy(base, except_vec_ejtag_debug, 0x80);
+ 	flush_icache_range((unsigned long)base, (unsigned long)base + 0x80);
+ }
+ 
+--- a/arch/mips/pistachio/init.c
++++ b/arch/mips/pistachio/init.c
+@@ -83,12 +83,12 @@ phys_addr_t mips_cdmm_phys_base(void)
+ static void __init mips_nmi_setup(void)
+ {
+ 	void *base;
+-	extern char except_vec_nmi;
++	extern char except_vec_nmi[];
+ 
+ 	base = cpu_has_veic ?
+ 		(void *)(CAC_BASE + 0xa80) :
+ 		(void *)(CAC_BASE + 0x380);
+-	memcpy(base, &except_vec_nmi, 0x80);
++	memcpy(base, except_vec_nmi, 0x80);
+ 	flush_icache_range((unsigned long)base,
+ 			   (unsigned long)base + 0x80);
+ }
+@@ -96,12 +96,12 @@ static void __init mips_nmi_setup(void)
+ static void __init mips_ejtag_setup(void)
+ {
+ 	void *base;
+-	extern char except_vec_ejtag_debug;
++	extern char except_vec_ejtag_debug[];
+ 
+ 	base = cpu_has_veic ?
+ 		(void *)(CAC_BASE + 0xa00) :
+ 		(void *)(CAC_BASE + 0x300);
+-	memcpy(base, &except_vec_ejtag_debug, 0x80);
++	memcpy(base, except_vec_ejtag_debug, 0x80);
+ 	flush_icache_range((unsigned long)base,
+ 			   (unsigned long)base + 0x80);
+ }
diff --git a/target/linux/generic/hack-5.4/301-mips_image_cmdline_hack.patch b/target/linux/generic/hack-5.4/301-mips_image_cmdline_hack.patch
index da0aa3425064..ada65cd2a08a 100644
--- a/target/linux/generic/hack-5.4/301-mips_image_cmdline_hack.patch
+++ b/target/linux/generic/hack-5.4/301-mips_image_cmdline_hack.patch
@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg at openwrt.org>
 
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -1158,6 +1158,10 @@ config SYNC_R4K
+@@ -1159,6 +1159,10 @@ config SYNC_R4K
  config MIPS_MACHINE
  	def_bool n
  
diff --git a/target/linux/generic/pending-5.4/103-MIPS-select-CPU_MIPS64-for-remaining-MIPS64-CPUs.patch b/target/linux/generic/pending-5.4/103-MIPS-select-CPU_MIPS64-for-remaining-MIPS64-CPUs.patch
index 3b0431669283..4e7a532156d6 100644
--- a/target/linux/generic/pending-5.4/103-MIPS-select-CPU_MIPS64-for-remaining-MIPS64-CPUs.patch
+++ b/target/linux/generic/pending-5.4/103-MIPS-select-CPU_MIPS64-for-remaining-MIPS64-CPUs.patch
@@ -25,7 +25,7 @@ Signed-off-by: Jason A. Donenfeld <Jason at zx2c4.com>
 
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -2036,7 +2036,8 @@ config CPU_MIPS32
+@@ -2037,7 +2037,8 @@ config CPU_MIPS32
  
  config CPU_MIPS64
  	bool
diff --git a/target/linux/generic/pending-5.4/300-mips_expose_boot_raw.patch b/target/linux/generic/pending-5.4/300-mips_expose_boot_raw.patch
index 476ae501d645..7b9ae65c60b0 100644
--- a/target/linux/generic/pending-5.4/300-mips_expose_boot_raw.patch
+++ b/target/linux/generic/pending-5.4/300-mips_expose_boot_raw.patch
@@ -9,7 +9,7 @@ Acked-by: Rob Landley <rob at landley.net>
 ---
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -1068,9 +1068,6 @@ config FW_ARC
+@@ -1069,9 +1069,6 @@ config FW_ARC
  config ARCH_MAY_HAVE_PC_FDC
  	bool
  
@@ -19,7 +19,7 @@ Acked-by: Rob Landley <rob at landley.net>
  config CEVT_BCM1480
  	bool
  
-@@ -3043,6 +3040,18 @@ choice
+@@ -3044,6 +3041,18 @@ choice
  		bool "Extend builtin kernel arguments with bootloader arguments"
  endchoice
  
diff --git a/target/linux/generic/pending-5.4/306-mips_mem_functions_performance.patch b/target/linux/generic/pending-5.4/306-mips_mem_functions_performance.patch
deleted file mode 100644
index 611aa0314f99..000000000000
--- a/target/linux/generic/pending-5.4/306-mips_mem_functions_performance.patch
+++ /dev/null
@@ -1,106 +0,0 @@
-From: Felix Fietkau <nbd at nbd.name>
-Subject: [PATCH] mips: allow the compiler to optimize memset, memcmp, memcpy  for better performance and (in some instances) smaller code
-
-lede-commit: 07e59c7bc7f375f792ec9734be42fe4fa391a8bb
-Signed-off-by: Felix Fietkau <nbd at nbd.name>
----
- arch/mips/boot/compressed/Makefile |  3 ++-
- arch/mips/include/asm/string.h     | 38 ++++++++++++++++++++++++++++++++++++++
- arch/mips/lib/Makefile             |  2 +-
- arch/mips/lib/memcmp.c             | 22 ++++++++++++++++++++++
- 4 files changed, 63 insertions(+), 2 deletions(-)
- create mode 100644 arch/mips/lib/memcmp.c
-
---- a/arch/mips/boot/compressed/Makefile
-+++ b/arch/mips/boot/compressed/Makefile
-@@ -23,7 +23,8 @@ KBUILD_CFLAGS := $(filter-out -pg, $(KBU
- KBUILD_CFLAGS := $(filter-out -fstack-protector, $(KBUILD_CFLAGS))
- 
- KBUILD_CFLAGS := $(KBUILD_CFLAGS) -D__KERNEL__ \
--	-DBOOT_HEAP_SIZE=$(BOOT_HEAP_SIZE) -D"VMLINUX_LOAD_ADDRESS_ULL=$(VMLINUX_LOAD_ADDRESS)ull"
-+	-DBOOT_HEAP_SIZE=$(BOOT_HEAP_SIZE) -D"VMLINUX_LOAD_ADDRESS_ULL=$(VMLINUX_LOAD_ADDRESS)ull" \
-+	-D__ZBOOT__
- 
- KBUILD_AFLAGS := $(KBUILD_AFLAGS) -D__ASSEMBLY__ \
- 	-DBOOT_HEAP_SIZE=$(BOOT_HEAP_SIZE) \
---- a/arch/mips/include/asm/string.h
-+++ b/arch/mips/include/asm/string.h
-@@ -19,4 +19,42 @@ extern void *memcpy(void *__to, __const_
- #define __HAVE_ARCH_MEMMOVE
- extern void *memmove(void *__dest, __const__ void *__src, size_t __n);
- 
-+#ifndef __ZBOOT__
-+#define memset(__s, __c, len)					\
-+({								\
-+	size_t __len = (len);					\
-+	void *__ret;						\
-+	if (__builtin_constant_p(len) && __len >= 64)		\
-+		__ret = memset((__s), (__c), __len);		\
-+	else							\
-+		__ret = __builtin_memset((__s), (__c), __len);	\
-+	__ret;							\
-+})
-+
-+#define memcpy(dst, src, len)					\
-+({								\
-+	size_t __len = (len);					\
-+	void *__ret;						\
-+	if (__builtin_constant_p(len) && __len >= 64)		\
-+		__ret = memcpy((dst), (src), __len);		\
-+	else							\
-+		__ret = __builtin_memcpy((dst), (src), __len);	\
-+	__ret;							\
-+})
-+
-+#define memmove(dst, src, len)					\
-+({								\
-+	size_t __len = (len);					\
-+	void *__ret;						\
-+	if (__builtin_constant_p(len) && __len >= 64)		\
-+		__ret = memmove((dst), (src), __len);		\
-+	else							\
-+		__ret = __builtin_memmove((dst), (src), __len);	\
-+	__ret;							\
-+})
-+
-+#define __HAVE_ARCH_MEMCMP
-+#define memcmp(src1, src2, len) __builtin_memcmp((src1), (src2), (len))
-+#endif
-+
- #endif /* _ASM_STRING_H */
---- a/arch/mips/lib/Makefile
-+++ b/arch/mips/lib/Makefile
-@@ -5,7 +5,7 @@
- 
- lib-y	+= bitops.o csum_partial.o delay.o memcpy.o memset.o \
- 	   mips-atomic.o strncpy_user.o \
--	   strnlen_user.o uncached.o
-+	   strnlen_user.o uncached.o memcmp.o
- 
- obj-y			+= iomap_copy.o
- obj-$(CONFIG_PCI)	+= iomap-pci.o
---- /dev/null
-+++ b/arch/mips/lib/memcmp.c
-@@ -0,0 +1,22 @@
-+/*
-+ *  copied from linux/lib/string.c
-+ *
-+ *  Copyright (C) 1991, 1992  Linus Torvalds
-+ */
-+
-+#include <linux/module.h>
-+#include <linux/string.h>
-+
-+#undef memcmp
-+int memcmp(const void *cs, const void *ct, size_t count)
-+{
-+	const unsigned char *su1, *su2;
-+	int res = 0;
-+
-+	for (su1 = cs, su2 = ct; 0 < count; ++su1, ++su2, count--)
-+		if ((res = *su1 - *su2) != 0)
-+			break;
-+	return res;
-+}
-+EXPORT_SYMBOL(memcmp);
-+
-- 
2.30.2

More information about the openwrt-devel mailing list