From patchwork Fri Apr 24 14:39:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Guilherme G. Piccoli" X-Patchwork-Id: 1276424 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 497xfN75NPz9sSc; Sat, 25 Apr 2020 00:40:12 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1jRzUv-0005Y5-TG; Fri, 24 Apr 2020 14:40:09 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jRzUu-0005Xg-8n for kernel-team@lists.ubuntu.com; Fri, 24 Apr 2020 14:40:08 +0000 Received: from mail-qk1-f198.google.com ([209.85.222.198]) by youngberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jRzUt-0001gz-Tq for kernel-team@lists.ubuntu.com; Fri, 24 Apr 2020 14:40:08 +0000 Received: by mail-qk1-f198.google.com with SMTP id 198so1459021qkf.2 for ; Fri, 24 Apr 2020 07:40:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=L4pG+VGxeVeZUMhZbHOcN6Qw+ZnM0HVPBC3RNvVLomo=; b=CkeUHk5t3phXRlGOEC87Md4W8accoxrJm5arqMxd7+JaAzIPM6poEle2Z5sRcDEt7P BNKBbqIrItGjh1NWNAbI2/Hiila1CeD82oypXIP8kFzl+1mz0YePf8LbXQ7i93otKSF7 czi/6NF/Z0X08wnEjH71XQ4VZVcSBTf5Dx4R2DUvfuDY0Aj4GVsHJljEmwHUopKDI9pE fhRVpTPwdtiNJVyui0vHoZ9owMH+AZTo90ilMOXN6x5jD5vJJc6B9G43KPCWDlsJ1WrR zT5FUJWhxRW4h+gMVQWTWfzxe6IjLhA+/QKT5QSL5xgvSUjDDgjCjTaWxmnMONs9UjJk +FDw== X-Gm-Message-State: AGi0PuY3tdgg4RuJxyKcxPz9zreWNJrtK7fZaqHptKF5kE7wQXpuNqhZ g4gAXZL1DmHzgxmZNnQSaGr8anRHIUw53beNEyKUu1XbiPO8T2MIAwLM/7OCMQcNl68T0bB0q6M 84JReB3be8kOrjeq4sXXVVE9JtVKgXbjR0vgPBEUTTQ== X-Received: by 2002:a37:614a:: with SMTP id v71mr9648895qkb.326.1587739204418; Fri, 24 Apr 2020 07:40:04 -0700 (PDT) X-Google-Smtp-Source: APiQypKAVCHkWFFz7PSfd+KDcV2vQ+cQH9BhT1+mKz3BATQaJeFEHgtnLNkJLaCXY6mPZxmgsbOf9g== X-Received: by 2002:a37:614a:: with SMTP id v71mr9648559qkb.326.1587739200376; Fri, 24 Apr 2020 07:40:00 -0700 (PDT) Received: from localhost ([187.10.60.9]) by smtp.gmail.com with ESMTPSA id r9sm3773879qke.5.2020.04.24.07.39.59 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 24 Apr 2020 07:39:59 -0700 (PDT) From: "Guilherme G. Piccoli" To: kernel-team@lists.ubuntu.com Subject: [Bionic] [PATCH 1/1] UBUNTU: SAUCE: x86/purgatory: Fix Makefile to prevent undefined symbols Date: Fri, 24 Apr 2020 11:39:53 -0300 Message-Id: <20200424143953.22543-2-gpiccoli@canonical.com> X-Mailer: git-send-email 2.25.2 In-Reply-To: <20200424143953.22543-1-gpiccoli@canonical.com> References: <20200424143953.22543-1-gpiccoli@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: gpiccoli@canonical.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1869672 Two purgatory issues were introduced after the merge of commit [0] (upstream commit b059f801a937) in Ubuntu kernel Ubuntu-4.15.0-65.74, related to kexec through kexec_file_load() syscall. (a) First, such kexec fails due to undefined symbol in purgatory object (specifically __stack_chk_fail). The reasoning of this issue is the lack of the following 2 commits on Ubuntu kernel series 4.15: 44c6dc940b19 ("Makefile: introduce CONFIG_CC_STACKPROTECTOR_AUTO") 050e9baa9dc9 ("Kbuild: rename CC_STACKPROTECTOR[_STRONG] config variables") These commits were introduced in v4.16 and v4.18 - specially relevant is the latter (which is a "fix" for the former), since it renames the config options CONFIG_CC_STACKPROTECTOR and CONFIG_CC_STACKPROTECTOR_STRONG, removing the "CC_" substring. The purgatory patch [0] (originally written for mainline v5.3 kernel) makes use of the new config options names to guard purgatory against stack protector, so given that our 4.15 kernels still use the old name, purgatory ends up containing the undefined symbol, effectively breaking kexec/kdump in secureboot systems (which requires kexec_file_load() syscall). This patch fixes purgatory Makefile, in order it does use the right config options. I'd like to thank the Launchpad user "yamato" for the report and testing that led to this specific fix. (b) Also, purgatory flags were changed by commit [0] as we know, and it ends up lacking -fno-builtin flag. On top of it, the patch series [1] that introduced commit [0] also brought the following commit: 4ce97317f41d ("x86/purgatory: Do not use __builtin_memcpy and __builtin_memset") This commit is not present in Bionic 4.15 tree (nor one of its dependencies), but part of this commit is required in order to avoid undefined symbol "memcpy" in purgatory. Specially, we need to use the arch/x86/boot/compressed/string.c memcpy() implementation and mark it on Makefile, which is also done here. With parts (a) and (b) fixed, we can now succeed in kexec'ing on secure boot environment. [0] Ubuntu commit 9b9b35b8f982 ("x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS") [1] lore.kernel.org/lkml/20190807221539.94583-3-ndesaulniers@google.com/T/#u Fixes: Ubuntu commit [0] above Signed-off-by: Guilherme G. Piccoli Acked-by: Kleber Sacilotto de Souza --- arch/x86/purgatory/Makefile | 7 +++++-- arch/x86/purgatory/purgatory.c | 6 ++++++ arch/x86/purgatory/string.c | 13 ------------- 3 files changed, 11 insertions(+), 15 deletions(-) delete mode 100644 arch/x86/purgatory/string.c diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile index 931ab3eece2c..37ab2a5aa838 100644 --- a/arch/x86/purgatory/Makefile +++ b/arch/x86/purgatory/Makefile @@ -6,6 +6,9 @@ purgatory-y := purgatory.o stack.o setup-x86_$(BITS).o sha256.o entry64.o string targets += $(purgatory-y) PURGATORY_OBJS = $(addprefix $(obj)/,$(purgatory-y)) +$(obj)/string.o: $(srctree)/arch/x86/boot/compressed/string.c FORCE + $(call if_changed_rule,cc_o_c) + LDFLAGS_purgatory.ro := -e purgatory_start -r --no-undefined -nostdlib -z nodefaultlib targets += purgatory.ro @@ -26,11 +29,11 @@ ifdef CONFIG_FUNCTION_TRACER PURGATORY_CFLAGS_REMOVE += $(CC_FLAGS_FTRACE) endif -ifdef CONFIG_STACKPROTECTOR +ifdef CONFIG_CC_STACKPROTECTOR PURGATORY_CFLAGS_REMOVE += -fstack-protector endif -ifdef CONFIG_STACKPROTECTOR_STRONG +ifdef CONFIG_CC_STACKPROTECTOR_STRONG PURGATORY_CFLAGS_REMOVE += -fstack-protector-strong endif diff --git a/arch/x86/purgatory/purgatory.c b/arch/x86/purgatory/purgatory.c index 470edad96bb9..4f3c15d0bb86 100644 --- a/arch/x86/purgatory/purgatory.c +++ b/arch/x86/purgatory/purgatory.c @@ -70,3 +70,9 @@ void purgatory(void) } copy_backup_region(); } + +/* + * Defined in order to reuse memcpy() and memset() from + * arch/x86/boot/compressed/string.c + */ +void warn(const char *msg) {} diff --git a/arch/x86/purgatory/string.c b/arch/x86/purgatory/string.c deleted file mode 100644 index d886b1fa36f0..000000000000 --- a/arch/x86/purgatory/string.c +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Simple string functions. - * - * Copyright (C) 2014 Red Hat Inc. - * - * Author: - * Vivek Goyal - * - * This source code is licensed under the GNU General Public License, - * Version 2. See the file COPYING for more details. - */ - -#include "../boot/string.c"