From ee333554fed55555a986a90bb097ac7f9d6f05bf Mon Sep 17 00:00:00 2001 From: Jinbum Park Date: Tue, 6 Mar 2018 01:39:24 +0100 Subject: [PATCH 1/3] ARM: 8749/1: Kconfig: Add ARCH_HAS_FORTIFY_SOURCE CONFIG_FORTIFY_SOURCE detects various overflows at compile-time. (6974f0c4555e ("include/linux/string.h: add the option of fortified string.h functions) ARCH_HAS_FORTIFY_SOURCE means that the architecture can be built and run with CONFIG_FORTIFY_SOURCE. Since ARM can be built and run with that flag like other architectures, select ARCH_HAS_FORTIFY_SOURCE as default. Acked-by: Kees Cook Signed-off-by: Jinbum Park Signed-off-by: Russell King --- arch/arm/Kconfig | 1 + arch/arm/boot/compressed/misc.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 7e3d53575486..3765336e5ec6 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -7,6 +7,7 @@ config ARM select ARCH_HAS_DEBUG_VIRTUAL if MMU select ARCH_HAS_DEVMEM_IS_ALLOWED select ARCH_HAS_ELF_RANDOMIZE + select ARCH_HAS_FORTIFY_SOURCE select ARCH_HAS_SET_MEMORY select ARCH_HAS_PHYS_TO_DMA select ARCH_HAS_STRICT_KERNEL_RWX if MMU && !XIP_KERNEL diff --git a/arch/arm/boot/compressed/misc.c b/arch/arm/boot/compressed/misc.c index 16a8a804e958..4a247acd1b96 100644 --- a/arch/arm/boot/compressed/misc.c +++ b/arch/arm/boot/compressed/misc.c @@ -167,3 +167,8 @@ decompress_kernel(unsigned long output_start, unsigned long free_mem_ptr_p, else putstr(" done, booting the kernel.\n"); } + +void fortify_panic(const char *name) +{ + error("detected buffer overflow"); +} From 8aeaf4a0d22c6b3ab00003e3412e934852e7a112 Mon Sep 17 00:00:00 2001 From: Luca Scalabrino Date: Wed, 21 Mar 2018 14:38:21 +0100 Subject: [PATCH 2/3] ARM: 8751/1: Add support for Cortex-R8 processor Cortex-R8 has identical initialisation requirements to Cortex-R7, so hook it up in proc-v7.S in the same way. Signed-off-by: Luca Scalabrino Signed-off-by: Vladimir Murzin Signed-off-by: Russell King --- arch/arm/mm/proc-v7.S | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S index d55d493f9a1e..b528a15f460d 100644 --- a/arch/arm/mm/proc-v7.S +++ b/arch/arm/mm/proc-v7.S @@ -272,6 +272,7 @@ ENDPROC(cpu_pj4b_do_resume) __v7_ca5mp_setup: __v7_ca9mp_setup: __v7_cr7mp_setup: +__v7_cr8mp_setup: mov r10, #(1 << 0) @ Cache/TLB ops broadcasting b 1f __v7_ca7mp_setup: @@ -641,6 +642,16 @@ __v7_cr7mp_proc_info: __v7_proc __v7_cr7mp_proc_info, __v7_cr7mp_setup .size __v7_cr7mp_proc_info, . - __v7_cr7mp_proc_info + /* + * ARM Ltd. Cortex R8 processor. + */ + .type __v7_cr8mp_proc_info, #object +__v7_cr8mp_proc_info: + .long 0x410fc180 + .long 0xff0ffff0 + __v7_proc __v7_cr8mp_proc_info, __v7_cr8mp_setup + .size __v7_cr8mp_proc_info, . - __v7_cr8mp_proc_info + /* * ARM Ltd. Cortex A7 processor. */ From 5f8d561fb019a3ebe073c019bf5f797f5b06c55e Mon Sep 17 00:00:00 2001 From: Russell King Date: Thu, 29 Mar 2018 11:59:17 +0100 Subject: [PATCH 3/3] ARM: decompressor: fix warning introduced in fortify patch Commit ee333554fed5 ("ARM: 8749/1: Kconfig: Add ARCH_HAS_FORTIFY_SOURCE") introduced a new warning: arch/arm/boot/compressed/misc.c: In function 'fortify_panic': arch/arm/boot/compressed/misc.c:167:1: error: 'noreturn' function does return [-Werror] The simple solution would be to make 'error' a noreturn function, but this causes a prototype mismatch as the function is prototyped in several .c files. So, move the function prototype to a new header. There are also a couple of variables that are also declared in several locations. Clean this up while we are here. Signed-off-by: Russell King --- arch/arm/boot/compressed/decompress.c | 5 +---- arch/arm/boot/compressed/misc.c | 2 +- arch/arm/boot/compressed/misc.h | 10 ++++++++++ 3 files changed, 12 insertions(+), 5 deletions(-) create mode 100644 arch/arm/boot/compressed/misc.h diff --git a/arch/arm/boot/compressed/decompress.c b/arch/arm/boot/compressed/decompress.c index a2ac3fe7dbf8..c16c1829a5e4 100644 --- a/arch/arm/boot/compressed/decompress.c +++ b/arch/arm/boot/compressed/decompress.c @@ -6,10 +6,7 @@ #include /* for NULL */ #include #include - -extern unsigned long free_mem_ptr; -extern unsigned long free_mem_end_ptr; -extern void error(char *); +#include "misc.h" #define STATIC static #define STATIC_RW_DATA /* non-static please */ diff --git a/arch/arm/boot/compressed/misc.c b/arch/arm/boot/compressed/misc.c index 4a247acd1b96..79f56c5a9fe5 100644 --- a/arch/arm/boot/compressed/misc.c +++ b/arch/arm/boot/compressed/misc.c @@ -22,9 +22,9 @@ unsigned int __machine_arch_type; #include /* for inline */ #include #include +#include "misc.h" static void putstr(const char *ptr); -extern void error(char *x); #include CONFIG_UNCOMPRESS_INCLUDE diff --git a/arch/arm/boot/compressed/misc.h b/arch/arm/boot/compressed/misc.h new file mode 100644 index 000000000000..c958dccd1d97 --- /dev/null +++ b/arch/arm/boot/compressed/misc.h @@ -0,0 +1,10 @@ +#ifndef MISC_H +#define MISC_H + +#include + +void error(char *x) __noreturn; +extern unsigned long free_mem_ptr; +extern unsigned long free_mem_end_ptr; + +#endif