[PATCH] kernel: Activate FORTIFY_SOURCE for MIPS kernel 5.4
Rosen Penev
rosenp at gmail.com
Wed Apr 7 23:28:49 BST 2021
On Wed, Apr 7, 2021 at 3:26 PM Hauke Mehrtens <hauke at hauke-m.de> wrote:
>
> CONFIG_FORTIFY_SOURCE=y is already set in the generic kernel
> configuration, but it is not working for MIPS on kernel 5.4, support for
> MIPS was only added with kernel 5.5, other architectures like aarch64
> support FORTIFY_SOURCE already since some time.
>
> This patch adds support for FORTIFY_SOURCE to MIPS with kernel 5.4,
> kernel 5.10 already supports this and needs no changes.
>
> This backports one patch from kernel 5.5 and one fix from 5.8 to make
> fortify source also work on our kernel 5.4.
>
> The changes are not compatible with the
> 306-mips_mem_functions_performance.patch patch which was also removed
> with kernel 5.10, probably because of the same problems. I think it is
> not needed anyway as the compiler should automatically optimize the
> calls to memset(), memcpy() and memmove() even when not explicitly
> telling the compiler to use the build in variant.
>
> Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
Acked-by: Rosen Penev <rosenp at gmail.com>
> ---
>
> I would like to backport this to 21.02 too.
Seems good.
>
> ...-Kconfig-Add-ARCH_HAS_FORTIFY_SOURCE.patch | 32 ++++++
> ...11-MIPS-Fix-exception-handler-memcpy.patch | 107 ++++++++++++++++++
> .../301-mips_image_cmdline_hack.patch | 2 +-
> ...CPU_MIPS64-for-remaining-MIPS64-CPUs.patch | 2 +-
> .../300-mips_expose_boot_raw.patch | 4 +-
> .../306-mips_mem_functions_performance.patch | 106 -----------------
> 6 files changed, 143 insertions(+), 110 deletions(-)
> create mode 100644 target/linux/generic/backport-5.4/310-mips-Kconfig-Add-ARCH_HAS_FORTIFY_SOURCE.patch
> create mode 100644 target/linux/generic/backport-5.4/311-MIPS-Fix-exception-handler-memcpy.patch
> delete mode 100644 target/linux/generic/pending-5.4/306-mips_mem_functions_performance.patch
>
> diff --git a/target/linux/generic/backport-5.4/310-mips-Kconfig-Add-ARCH_HAS_FORTIFY_SOURCE.patch b/target/linux/generic/backport-5.4/310-mips-Kconfig-Add-ARCH_HAS_FORTIFY_SOURCE.patch
> new file mode 100644
> index 000000000000..e02f10354376
> --- /dev/null
> +++ b/target/linux/generic/backport-5.4/310-mips-Kconfig-Add-ARCH_HAS_FORTIFY_SOURCE.patch
> @@ -0,0 +1,32 @@
> +From a8d2bb0559b5fefa5173ff4e7496cc6250db2c8a Mon Sep 17 00:00:00 2001
> +From: Dmitry Korotin <dkorotin at wavecomp.com>
> +Date: Thu, 12 Sep 2019 22:53:45 +0000
> +Subject: [PATCH] mips: Kconfig: Add ARCH_HAS_FORTIFY_SOURCE
> +
> +FORTIFY_SOURCE detects various overflows at compile and run time.
> +(6974f0c4555e ("include/linux/string.h:
> +add the option of fortified string.h functions)
> +
> +ARCH_HAS_FORTIFY_SOURCE means that the architecture can be built and
> +run with CONFIG_FORTIFY_SOURCE.
> +
> +Since mips can be built and run with that flag,
> +select ARCH_HAS_FORTIFY_SOURCE as default.
> +
> +Signed-off-by: Dmitry Korotin <dkorotin at wavecomp.com>
> +Signed-off-by: Paul Burton <paul.burton at mips.com>
> +Cc: linux-mips at vger.kernel.org
> +---
> + arch/mips/Kconfig | 1 +
> + 1 file changed, 1 insertion(+)
> +
> +--- a/arch/mips/Kconfig
> ++++ b/arch/mips/Kconfig
> +@@ -7,6 +7,7 @@ config MIPS
> + select ARCH_CLOCKSOURCE_DATA
> + select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
> + select ARCH_HAS_UBSAN_SANITIZE_ALL
> ++ select ARCH_HAS_FORTIFY_SOURCE
> + select ARCH_SUPPORTS_UPROBES
> + select ARCH_USE_BUILTIN_BSWAP
> + select ARCH_USE_CMPXCHG_LOCKREF if 64BIT
> diff --git a/target/linux/generic/backport-5.4/311-MIPS-Fix-exception-handler-memcpy.patch b/target/linux/generic/backport-5.4/311-MIPS-Fix-exception-handler-memcpy.patch
> new file mode 100644
> index 000000000000..5a6725c7a072
> --- /dev/null
> +++ b/target/linux/generic/backport-5.4/311-MIPS-Fix-exception-handler-memcpy.patch
> @@ -0,0 +1,107 @@
> +From e01c91a360793298c9e1656a61faceff01487a43 Mon Sep 17 00:00:00 2001
> +From: Ben Hutchings <ben at decadent.org.uk>
> +Date: Sat, 23 May 2020 23:50:34 +0800
> +Subject: [PATCH] MIPS: Fix exception handler memcpy()
> +
> +The exception handler subroutines are declared as a single char, but
> +when copied to the required addresses the copy length is 0x80.
> +
> +When range checks are enabled for memcpy() this results in a build
> +failure, with error messages such as:
> +
> +In file included from arch/mips/mti-malta/malta-init.c:15:
> +In function 'memcpy',
> + inlined from 'mips_nmi_setup' at arch/mips/mti-malta/malta-init.c:98:2:
> +include/linux/string.h:376:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter
> + 376 | __read_overflow2();
> + | ^~~~~~~~~~~~~~~~~~
> +
> +Change the declarations to use type char[].
> +
> +Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
> +Signed-off-by: YunQiang Su <syq at debian.org>
> +Signed-off-by: Thomas Bogendoerfer <tsbogend at alpha.franken.de>
> +---
> + arch/mips/loongson64/common/init.c | 4 ++--
> + arch/mips/mti-malta/malta-init.c | 8 ++++----
> + arch/mips/pistachio/init.c | 8 ++++----
> + 3 files changed, 10 insertions(+), 10 deletions(-)
> +
> +--- a/arch/mips/loongson64/common/init.c
> ++++ b/arch/mips/loongson64/common/init.c
> +@@ -18,10 +18,10 @@ unsigned long __maybe_unused _loongson_a
> + static void __init mips_nmi_setup(void)
> + {
> + void *base;
> +- extern char except_vec_nmi;
> ++ extern char except_vec_nmi[];
> +
> + base = (void *)(CAC_BASE + 0x380);
> +- memcpy(base, &except_vec_nmi, 0x80);
> ++ memcpy(base, except_vec_nmi, 0x80);
> + flush_icache_range((unsigned long)base, (unsigned long)base + 0x80);
> + }
> +
> +--- a/arch/mips/mti-malta/malta-init.c
> ++++ b/arch/mips/mti-malta/malta-init.c
> +@@ -90,24 +90,24 @@ static void __init console_config(void)
> + static void __init mips_nmi_setup(void)
> + {
> + void *base;
> +- extern char except_vec_nmi;
> ++ extern char except_vec_nmi[];
> +
> + base = cpu_has_veic ?
> + (void *)(CAC_BASE + 0xa80) :
> + (void *)(CAC_BASE + 0x380);
> +- memcpy(base, &except_vec_nmi, 0x80);
> ++ memcpy(base, except_vec_nmi, 0x80);
> + flush_icache_range((unsigned long)base, (unsigned long)base + 0x80);
> + }
> +
> + static void __init mips_ejtag_setup(void)
> + {
> + void *base;
> +- extern char except_vec_ejtag_debug;
> ++ extern char except_vec_ejtag_debug[];
> +
> + base = cpu_has_veic ?
> + (void *)(CAC_BASE + 0xa00) :
> + (void *)(CAC_BASE + 0x300);
> +- memcpy(base, &except_vec_ejtag_debug, 0x80);
> ++ memcpy(base, except_vec_ejtag_debug, 0x80);
> + flush_icache_range((unsigned long)base, (unsigned long)base + 0x80);
> + }
> +
> +--- a/arch/mips/pistachio/init.c
> ++++ b/arch/mips/pistachio/init.c
> +@@ -83,12 +83,12 @@ phys_addr_t mips_cdmm_phys_base(void)
> + static void __init mips_nmi_setup(void)
> + {
> + void *base;
> +- extern char except_vec_nmi;
> ++ extern char except_vec_nmi[];
> +
> + base = cpu_has_veic ?
> + (void *)(CAC_BASE + 0xa80) :
> + (void *)(CAC_BASE + 0x380);
> +- memcpy(base, &except_vec_nmi, 0x80);
> ++ memcpy(base, except_vec_nmi, 0x80);
> + flush_icache_range((unsigned long)base,
> + (unsigned long)base + 0x80);
> + }
> +@@ -96,12 +96,12 @@ static void __init mips_nmi_setup(void)
> + static void __init mips_ejtag_setup(void)
> + {
> + void *base;
> +- extern char except_vec_ejtag_debug;
> ++ extern char except_vec_ejtag_debug[];
> +
> + base = cpu_has_veic ?
> + (void *)(CAC_BASE + 0xa00) :
> + (void *)(CAC_BASE + 0x300);
> +- memcpy(base, &except_vec_ejtag_debug, 0x80);
> ++ memcpy(base, except_vec_ejtag_debug, 0x80);
> + flush_icache_range((unsigned long)base,
> + (unsigned long)base + 0x80);
> + }
> diff --git a/target/linux/generic/hack-5.4/301-mips_image_cmdline_hack.patch b/target/linux/generic/hack-5.4/301-mips_image_cmdline_hack.patch
> index da0aa3425064..ada65cd2a08a 100644
> --- a/target/linux/generic/hack-5.4/301-mips_image_cmdline_hack.patch
> +++ b/target/linux/generic/hack-5.4/301-mips_image_cmdline_hack.patch
> @@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg at openwrt.org>
>
> --- a/arch/mips/Kconfig
> +++ b/arch/mips/Kconfig
> -@@ -1158,6 +1158,10 @@ config SYNC_R4K
> +@@ -1159,6 +1159,10 @@ config SYNC_R4K
> config MIPS_MACHINE
> def_bool n
>
> diff --git a/target/linux/generic/pending-5.4/103-MIPS-select-CPU_MIPS64-for-remaining-MIPS64-CPUs.patch b/target/linux/generic/pending-5.4/103-MIPS-select-CPU_MIPS64-for-remaining-MIPS64-CPUs.patch
> index 3b0431669283..4e7a532156d6 100644
> --- a/target/linux/generic/pending-5.4/103-MIPS-select-CPU_MIPS64-for-remaining-MIPS64-CPUs.patch
> +++ b/target/linux/generic/pending-5.4/103-MIPS-select-CPU_MIPS64-for-remaining-MIPS64-CPUs.patch
> @@ -25,7 +25,7 @@ Signed-off-by: Jason A. Donenfeld <Jason at zx2c4.com>
>
> --- a/arch/mips/Kconfig
> +++ b/arch/mips/Kconfig
> -@@ -2036,7 +2036,8 @@ config CPU_MIPS32
> +@@ -2037,7 +2037,8 @@ config CPU_MIPS32
>
> config CPU_MIPS64
> bool
> diff --git a/target/linux/generic/pending-5.4/300-mips_expose_boot_raw.patch b/target/linux/generic/pending-5.4/300-mips_expose_boot_raw.patch
> index 476ae501d645..7b9ae65c60b0 100644
> --- a/target/linux/generic/pending-5.4/300-mips_expose_boot_raw.patch
> +++ b/target/linux/generic/pending-5.4/300-mips_expose_boot_raw.patch
> @@ -9,7 +9,7 @@ Acked-by: Rob Landley <rob at landley.net>
> ---
> --- a/arch/mips/Kconfig
> +++ b/arch/mips/Kconfig
> -@@ -1068,9 +1068,6 @@ config FW_ARC
> +@@ -1069,9 +1069,6 @@ config FW_ARC
> config ARCH_MAY_HAVE_PC_FDC
> bool
>
> @@ -19,7 +19,7 @@ Acked-by: Rob Landley <rob at landley.net>
> config CEVT_BCM1480
> bool
>
> -@@ -3043,6 +3040,18 @@ choice
> +@@ -3044,6 +3041,18 @@ choice
> bool "Extend builtin kernel arguments with bootloader arguments"
> endchoice
>
> diff --git a/target/linux/generic/pending-5.4/306-mips_mem_functions_performance.patch b/target/linux/generic/pending-5.4/306-mips_mem_functions_performance.patch
> deleted file mode 100644
> index 611aa0314f99..000000000000
> --- a/target/linux/generic/pending-5.4/306-mips_mem_functions_performance.patch
> +++ /dev/null
> @@ -1,106 +0,0 @@
> -From: Felix Fietkau <nbd at nbd.name>
> -Subject: [PATCH] mips: allow the compiler to optimize memset, memcmp, memcpy for better performance and (in some instances) smaller code
> -
> -lede-commit: 07e59c7bc7f375f792ec9734be42fe4fa391a8bb
> -Signed-off-by: Felix Fietkau <nbd at nbd.name>
> ----
> - arch/mips/boot/compressed/Makefile | 3 ++-
> - arch/mips/include/asm/string.h | 38 ++++++++++++++++++++++++++++++++++++++
> - arch/mips/lib/Makefile | 2 +-
> - arch/mips/lib/memcmp.c | 22 ++++++++++++++++++++++
> - 4 files changed, 63 insertions(+), 2 deletions(-)
> - create mode 100644 arch/mips/lib/memcmp.c
> -
> ---- a/arch/mips/boot/compressed/Makefile
> -+++ b/arch/mips/boot/compressed/Makefile
> -@@ -23,7 +23,8 @@ KBUILD_CFLAGS := $(filter-out -pg, $(KBU
> - KBUILD_CFLAGS := $(filter-out -fstack-protector, $(KBUILD_CFLAGS))
> -
> - KBUILD_CFLAGS := $(KBUILD_CFLAGS) -D__KERNEL__ \
> -- -DBOOT_HEAP_SIZE=$(BOOT_HEAP_SIZE) -D"VMLINUX_LOAD_ADDRESS_ULL=$(VMLINUX_LOAD_ADDRESS)ull"
> -+ -DBOOT_HEAP_SIZE=$(BOOT_HEAP_SIZE) -D"VMLINUX_LOAD_ADDRESS_ULL=$(VMLINUX_LOAD_ADDRESS)ull" \
> -+ -D__ZBOOT__
> -
> - KBUILD_AFLAGS := $(KBUILD_AFLAGS) -D__ASSEMBLY__ \
> - -DBOOT_HEAP_SIZE=$(BOOT_HEAP_SIZE) \
> ---- a/arch/mips/include/asm/string.h
> -+++ b/arch/mips/include/asm/string.h
> -@@ -19,4 +19,42 @@ extern void *memcpy(void *__to, __const_
> - #define __HAVE_ARCH_MEMMOVE
> - extern void *memmove(void *__dest, __const__ void *__src, size_t __n);
> -
> -+#ifndef __ZBOOT__
> -+#define memset(__s, __c, len) \
> -+({ \
> -+ size_t __len = (len); \
> -+ void *__ret; \
> -+ if (__builtin_constant_p(len) && __len >= 64) \
> -+ __ret = memset((__s), (__c), __len); \
> -+ else \
> -+ __ret = __builtin_memset((__s), (__c), __len); \
> -+ __ret; \
> -+})
> -+
> -+#define memcpy(dst, src, len) \
> -+({ \
> -+ size_t __len = (len); \
> -+ void *__ret; \
> -+ if (__builtin_constant_p(len) && __len >= 64) \
> -+ __ret = memcpy((dst), (src), __len); \
> -+ else \
> -+ __ret = __builtin_memcpy((dst), (src), __len); \
> -+ __ret; \
> -+})
> -+
> -+#define memmove(dst, src, len) \
> -+({ \
> -+ size_t __len = (len); \
> -+ void *__ret; \
> -+ if (__builtin_constant_p(len) && __len >= 64) \
> -+ __ret = memmove((dst), (src), __len); \
> -+ else \
> -+ __ret = __builtin_memmove((dst), (src), __len); \
> -+ __ret; \
> -+})
> -+
> -+#define __HAVE_ARCH_MEMCMP
> -+#define memcmp(src1, src2, len) __builtin_memcmp((src1), (src2), (len))
> -+#endif
> -+
> - #endif /* _ASM_STRING_H */
> ---- a/arch/mips/lib/Makefile
> -+++ b/arch/mips/lib/Makefile
> -@@ -5,7 +5,7 @@
> -
> - lib-y += bitops.o csum_partial.o delay.o memcpy.o memset.o \
> - mips-atomic.o strncpy_user.o \
> -- strnlen_user.o uncached.o
> -+ strnlen_user.o uncached.o memcmp.o
> -
> - obj-y += iomap_copy.o
> - obj-$(CONFIG_PCI) += iomap-pci.o
> ---- /dev/null
> -+++ b/arch/mips/lib/memcmp.c
> -@@ -0,0 +1,22 @@
> -+/*
> -+ * copied from linux/lib/string.c
> -+ *
> -+ * Copyright (C) 1991, 1992 Linus Torvalds
> -+ */
> -+
> -+#include <linux/module.h>
> -+#include <linux/string.h>
> -+
> -+#undef memcmp
> -+int memcmp(const void *cs, const void *ct, size_t count)
> -+{
> -+ const unsigned char *su1, *su2;
> -+ int res = 0;
> -+
> -+ for (su1 = cs, su2 = ct; 0 < count; ++su1, ++su2, count--)
> -+ if ((res = *su1 - *su2) != 0)
> -+ break;
> -+ return res;
> -+}
> -+EXPORT_SYMBOL(memcmp);
> -+
> --
> 2.30.2
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list