From patchwork Mon May 8 17:57:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Axtens X-Patchwork-Id: 9716515 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id AC461602A0 for ; Mon, 8 May 2017 17:57:39 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A10521FF29 for ; Mon, 8 May 2017 17:57:39 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 92C3D212E8; Mon, 8 May 2017 17:57:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id D0DA11FF29 for ; Mon, 8 May 2017 17:57:37 +0000 (UTC) Received: (qmail 32384 invoked by uid 550); 8 May 2017 17:57:35 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 32354 invoked from network); 8 May 2017 17:57:34 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axtens.net; s=google; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version; bh=9P18+lcdnY8x13s4TLPPXZQhzmtm3GVUZtzRxgPir9A=; b=qsumg6+mo4wD4lCuOe0DzhSTnGN0vDqcxe4IXt8RCGuTCHeg8DrebFEu5QNV+2izYq W7BzYTSWIo+6lgBKlrRUXabOOY8LMyZCrIK/zgxEHFt3aEXd8vOCJgXYv6ZyEesilaeM qrJjMVnUyScYjkRLMu/l3v3WMEu/q6zy81e0c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=9P18+lcdnY8x13s4TLPPXZQhzmtm3GVUZtzRxgPir9A=; b=fk1cvQJBoHaizvj9xe8ccevmDl9Yr4Pj/Q8BtnPI/Xgyaxgc77RCk7j3XTp3WECbt6 bEzPjYZdi9ha6yeVwvDyOrOOKsWa6roKL6zqdmqnsZZisTV+GYs5pavjS9MhThNEsee6 Q/1ulpEKjfPKd9ec1zUE5P+Fa3YhgU2TwkIbI7S664Sq01t09ti0VPTczYTrwZa1NDJ/ gMeI4GUw6hqrHp+NrZ0NgzxUXaCzvo+u6sTdqkR5t2qgskVOr9TKhCHbLV84IWRSTCOH utjFzQRPnZd1Gv4slMglmv19CIbO+u2OH/iVIzEfgNmSQWJ5+SMnp3BH1pJDsm2cQTXf rCuQ== X-Gm-Message-State: AN3rC/7VBycOlUqYnJ26dv1UzMt3pLMuz1wwT8dZOgpbjg6Kb2iPc6yu A1bj4rTlw/DGVw== X-Received: by 10.237.54.193 with SMTP id f59mr27692962qtb.63.1494266242755; Mon, 08 May 2017 10:57:22 -0700 (PDT) From: Daniel Axtens To: Daniel Micay , Kees Cook , kernel-hardening@lists.openwall.com, linuxppc-dev@lists.ozlabs.org Cc: Daniel Micay , andrew.donnellan@au1.ibm.com In-Reply-To: <20170504142435.10175-1-danielmicay@gmail.com> References: <20170504142435.10175-1-danielmicay@gmail.com> Date: Tue, 09 May 2017 03:57:20 +1000 Message-ID: <87pofjqlj3.fsf@possimpible.ozlabs.ibm.com> MIME-Version: 1.0 Subject: Re: [kernel-hardening] [PATCH] add the option of fortified string.h functions X-Virus-Scanned: ClamAV using ClamSMTP Hi Daniel and ppc people, (ppc people: this does some compile and run time bounds checking on string functions. It's cool - currently it picks up a lot of random things so it will require some more work across the tree, but hopefully it will eventually hit mainline.) I've tested this on ppc with pseries_le_defconfig. I needed a couple of the fixes from github (https://github.com/thestinger/linux-hardened/commits/4.11) in order to build, specifically https://github.com/thestinger/linux-hardened/commit/c65d6a6f309b06703584a23ac2b2bda4bb363143 https://github.com/thestinger/linux-hardened/commit/adcec4756574a8c7f7cb5b6fa51ebeaeeae71aae Once those were added, I needed to disable fortification in prom_init.c, as we apparently can't have new symbols there. (I don't understand that file so I haven't dug into it.) We also have problems with the feature fixup tests leading to a panic on boot. It relates to getting what I think are asm labels(?) and how we address them. I have just disabled fortify here for now; I think the code could be rewritten to take the labels as unsigned char *, but I haven't dug into it. With the following fixups, I can boot a LE buildroot initrd (per https://github.com/linuxppc/linux/wiki/Booting-with-Qemu). Sadly I don't have access to real hardware any more, so I can't say anything more than that. (ajd - perhaps relevant to your interests?) Regards, Daniel From 33db928b21e6bcb78f93b7883b423282d65af609 Mon Sep 17 00:00:00 2001 From: Daniel Axtens Date: Tue, 9 May 2017 03:15:05 +1000 Subject: [PATCH] powerpc fixes for fortify Signed-off-by: Daniel Axtens --- arch/powerpc/kernel/prom_init.c | 3 +++ arch/powerpc/lib/feature-fixups.c | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/arch/powerpc/kernel/prom_init.c b/arch/powerpc/kernel/prom_init.c index dd8a04f3053a..613f79f03877 100644 --- a/arch/powerpc/kernel/prom_init.c +++ b/arch/powerpc/kernel/prom_init.c @@ -15,6 +15,9 @@ #undef DEBUG_PROM +/* we cannot use FORTIFY as it brings in new symbols */ +#define __NO_FORTIFY + #include #include #include diff --git a/arch/powerpc/lib/feature-fixups.c b/arch/powerpc/lib/feature-fixups.c index f3917705c686..2eee8558df61 100644 --- a/arch/powerpc/lib/feature-fixups.c +++ b/arch/powerpc/lib/feature-fixups.c @@ -12,6 +12,12 @@ * 2 of the License, or (at your option) any later version. */ +/* + * feature fixup tests do memcmp with raw addresses rather than + * objects, which panics on boot with fortify on. TODO FIXME + */ +#define __NO_FORTIFY + #include #include #include