kernel: Activate FORTIFY_SOURCE for MIPS kernel 5.4
authorHauke Mehrtens <hauke@hauke-m.de>
Sat, 3 Apr 2021 18:02:54 +0000 (20:02 +0200)
committerHauke Mehrtens <hauke@hauke-m.de>
Fri, 30 Apr 2021 21:51:19 +0000 (23:51 +0200)
CONFIG_FORTIFY_SOURCE=y is already set in the generic kernel
configuration, but it is not working for MIPS on kernel 5.4, support for
MIPS was only added with kernel 5.5, other architectures like aarch64
support FORTIFY_SOURCE already since some time.

This patch adds support for FORTIFY_SOURCE to MIPS with kernel 5.4,
kernel 5.10 already supports this and needs no changes.

This backports one patch from kernel 5.5 and one fix from 5.8 to make
fortify source also work on our kernel 5.4.

The changes are not compatible with the
306-mips_mem_functions_performance.patch patch which was also removed
with kernel 5.10, probably because of the same problems. I think it is
not needed anyway as the compiler should automatically optimize the
calls to memset(), memcpy() and memmove() even when not explicitly
telling the compiler to use the build in variant.

This increases the size of an uncompressed kernel by less than 1 KB.

Acked-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
12 files changed:
target/linux/ath25/patches-5.4/107-ar5312_gpio.patch
target/linux/ath79/patches-5.4/0032-MIPS-ath79-sanitize-symbols.patch
target/linux/bcm63xx/patches-5.4/322-MIPS-BCM63XX-switch-to-IRQ_DOMAIN.patch
target/linux/generic/backport-5.4/310-mips-Kconfig-Add-ARCH_HAS_FORTIFY_SOURCE.patch [new file with mode: 0644]
target/linux/generic/backport-5.4/311-MIPS-Fix-exception-handler-memcpy.patch [new file with mode: 0644]
target/linux/generic/hack-5.4/301-mips_image_cmdline_hack.patch
target/linux/generic/pending-5.4/103-MIPS-select-CPU_MIPS64-for-remaining-MIPS64-CPUs.patch
target/linux/generic/pending-5.4/300-mips_expose_boot_raw.patch
target/linux/generic/pending-5.4/306-mips_mem_functions_performance.patch [deleted file]
target/linux/lantiq/patches-5.4/0152-lantiq-VPE.patch
target/linux/ramips/patches-5.4/0122-mips-ralink-enable-zboot-support.patch
target/linux/ramips/patches-5.4/105-mt7621-memory-detect.patch

index cd7b27d636395ba77ec3c3349ff14e9cd3f4de98..7b8c9650cc7ba87254f4d986fa8c7664c70d3716 100644 (file)
 +subsys_initcall(ar5312_gpio_init);
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -189,6 +189,7 @@ config ATH25
+@@ -190,6 +190,7 @@ config ATH25
        select CEVT_R4K
        select CSRC_R4K
        select DMA_NONCOHERENT
index 14dddd5147670a3244db30c3c6a320fed37a9d4b..9fa199a2046e35492ec9c416eb23ea0e4d165c4c 100644 (file)
@@ -15,7 +15,7 @@ Signed-off-by: John Crispin <john@phrozen.org>
 
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -217,6 +217,8 @@ config ATH79
+@@ -218,6 +218,8 @@ config ATH79
        select SYS_SUPPORTS_BIG_ENDIAN
        select SYS_SUPPORTS_MIPS16
        select SYS_SUPPORTS_ZBOOT_UART_PROM
index 8f50dd689bb89f526fb12691b7fd0f74e00e3f83..eff4af025e34d5085dbe0c6653da6d2d4326c3c2 100644 (file)
@@ -14,7 +14,7 @@ Signed-off-by: Jonas Gorski <jogo@openwrt.org>
 
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -291,6 +291,9 @@ config BCM63XX
+@@ -292,6 +292,9 @@ config BCM63XX
        select SYNC_R4K
        select DMA_NONCOHERENT
        select IRQ_MIPS_CPU
diff --git a/target/linux/generic/backport-5.4/310-mips-Kconfig-Add-ARCH_HAS_FORTIFY_SOURCE.patch b/target/linux/generic/backport-5.4/310-mips-Kconfig-Add-ARCH_HAS_FORTIFY_SOURCE.patch
new file mode 100644 (file)
index 0000000..e02f103
--- /dev/null
@@ -0,0 +1,32 @@
+From a8d2bb0559b5fefa5173ff4e7496cc6250db2c8a Mon Sep 17 00:00:00 2001
+From: Dmitry Korotin <dkorotin@wavecomp.com>
+Date: Thu, 12 Sep 2019 22:53:45 +0000
+Subject: [PATCH] mips: Kconfig: Add ARCH_HAS_FORTIFY_SOURCE
+
+FORTIFY_SOURCE detects various overflows at compile and run time.
+(6974f0c4555e ("include/linux/string.h:
+add the option of fortified string.h functions)
+
+ARCH_HAS_FORTIFY_SOURCE means that the architecture can be built and
+run with CONFIG_FORTIFY_SOURCE.
+
+Since mips can be built and run with that flag,
+select ARCH_HAS_FORTIFY_SOURCE as default.
+
+Signed-off-by: Dmitry Korotin <dkorotin@wavecomp.com>
+Signed-off-by: Paul Burton <paul.burton@mips.com>
+Cc: linux-mips@vger.kernel.org
+---
+ arch/mips/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/mips/Kconfig
++++ b/arch/mips/Kconfig
+@@ -7,6 +7,7 @@ config MIPS
+       select ARCH_CLOCKSOURCE_DATA
+       select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
+       select ARCH_HAS_UBSAN_SANITIZE_ALL
++      select ARCH_HAS_FORTIFY_SOURCE
+       select ARCH_SUPPORTS_UPROBES
+       select ARCH_USE_BUILTIN_BSWAP
+       select ARCH_USE_CMPXCHG_LOCKREF if 64BIT
diff --git a/target/linux/generic/backport-5.4/311-MIPS-Fix-exception-handler-memcpy.patch b/target/linux/generic/backport-5.4/311-MIPS-Fix-exception-handler-memcpy.patch
new file mode 100644 (file)
index 0000000..5a6725c
--- /dev/null
@@ -0,0 +1,107 @@
+From e01c91a360793298c9e1656a61faceff01487a43 Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Sat, 23 May 2020 23:50:34 +0800
+Subject: [PATCH] MIPS: Fix exception handler memcpy()
+
+The exception handler subroutines are declared as a single char, but
+when copied to the required addresses the copy length is 0x80.
+
+When range checks are enabled for memcpy() this results in a build
+failure, with error messages such as:
+
+In file included from arch/mips/mti-malta/malta-init.c:15:
+In function 'memcpy',
+    inlined from 'mips_nmi_setup' at arch/mips/mti-malta/malta-init.c:98:2:
+include/linux/string.h:376:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter
+  376 |    __read_overflow2();
+      |    ^~~~~~~~~~~~~~~~~~
+
+Change the declarations to use type char[].
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+Signed-off-by: YunQiang Su <syq@debian.org>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+---
+ arch/mips/loongson64/common/init.c | 4 ++--
+ arch/mips/mti-malta/malta-init.c   | 8 ++++----
+ arch/mips/pistachio/init.c         | 8 ++++----
+ 3 files changed, 10 insertions(+), 10 deletions(-)
+
+--- a/arch/mips/loongson64/common/init.c
++++ b/arch/mips/loongson64/common/init.c
+@@ -18,10 +18,10 @@ unsigned long __maybe_unused _loongson_a
+ static void __init mips_nmi_setup(void)
+ {
+       void *base;
+-      extern char except_vec_nmi;
++      extern char except_vec_nmi[];
+       base = (void *)(CAC_BASE + 0x380);
+-      memcpy(base, &except_vec_nmi, 0x80);
++      memcpy(base, except_vec_nmi, 0x80);
+       flush_icache_range((unsigned long)base, (unsigned long)base + 0x80);
+ }
+--- a/arch/mips/mti-malta/malta-init.c
++++ b/arch/mips/mti-malta/malta-init.c
+@@ -90,24 +90,24 @@ static void __init console_config(void)
+ static void __init mips_nmi_setup(void)
+ {
+       void *base;
+-      extern char except_vec_nmi;
++      extern char except_vec_nmi[];
+       base = cpu_has_veic ?
+               (void *)(CAC_BASE + 0xa80) :
+               (void *)(CAC_BASE + 0x380);
+-      memcpy(base, &except_vec_nmi, 0x80);
++      memcpy(base, except_vec_nmi, 0x80);
+       flush_icache_range((unsigned long)base, (unsigned long)base + 0x80);
+ }
+ static void __init mips_ejtag_setup(void)
+ {
+       void *base;
+-      extern char except_vec_ejtag_debug;
++      extern char except_vec_ejtag_debug[];
+       base = cpu_has_veic ?
+               (void *)(CAC_BASE + 0xa00) :
+               (void *)(CAC_BASE + 0x300);
+-      memcpy(base, &except_vec_ejtag_debug, 0x80);
++      memcpy(base, except_vec_ejtag_debug, 0x80);
+       flush_icache_range((unsigned long)base, (unsigned long)base + 0x80);
+ }
+--- a/arch/mips/pistachio/init.c
++++ b/arch/mips/pistachio/init.c
+@@ -83,12 +83,12 @@ phys_addr_t mips_cdmm_phys_base(void)
+ static void __init mips_nmi_setup(void)
+ {
+       void *base;
+-      extern char except_vec_nmi;
++      extern char except_vec_nmi[];
+       base = cpu_has_veic ?
+               (void *)(CAC_BASE + 0xa80) :
+               (void *)(CAC_BASE + 0x380);
+-      memcpy(base, &except_vec_nmi, 0x80);
++      memcpy(base, except_vec_nmi, 0x80);
+       flush_icache_range((unsigned long)base,
+                          (unsigned long)base + 0x80);
+ }
+@@ -96,12 +96,12 @@ static void __init mips_nmi_setup(void)
+ static void __init mips_ejtag_setup(void)
+ {
+       void *base;
+-      extern char except_vec_ejtag_debug;
++      extern char except_vec_ejtag_debug[];
+       base = cpu_has_veic ?
+               (void *)(CAC_BASE + 0xa00) :
+               (void *)(CAC_BASE + 0x300);
+-      memcpy(base, &except_vec_ejtag_debug, 0x80);
++      memcpy(base, except_vec_ejtag_debug, 0x80);
+       flush_icache_range((unsigned long)base,
+                          (unsigned long)base + 0x80);
+ }
index da0aa342506483523db21e391c14f53952886e77..ada65cd2a08a653723392295c6e0454e88561640 100644 (file)
@@ -10,7 +10,7 @@ Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
 
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -1158,6 +1158,10 @@ config SYNC_R4K
+@@ -1159,6 +1159,10 @@ config SYNC_R4K
  config MIPS_MACHINE
        def_bool n
  
index 3b043166928323588c414599573fe6403aec08c5..4e7a532156d6c42bd3c4a2258d84407a0535b979 100644 (file)
@@ -25,7 +25,7 @@ Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -2036,7 +2036,8 @@ config CPU_MIPS32
+@@ -2037,7 +2037,8 @@ config CPU_MIPS32
  
  config CPU_MIPS64
        bool
index 476ae501d645682ddab0a9d62adcbb673cf32636..7b9ae65c60b0f6e47ab9f3dc5d4581ef80a92a65 100644 (file)
@@ -9,7 +9,7 @@ Acked-by: Rob Landley <rob@landley.net>
 ---
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -1068,9 +1068,6 @@ config FW_ARC
+@@ -1069,9 +1069,6 @@ config FW_ARC
  config ARCH_MAY_HAVE_PC_FDC
        bool
  
@@ -19,7 +19,7 @@ Acked-by: Rob Landley <rob@landley.net>
  config CEVT_BCM1480
        bool
  
-@@ -3043,6 +3040,18 @@ choice
+@@ -3044,6 +3041,18 @@ choice
                bool "Extend builtin kernel arguments with bootloader arguments"
  endchoice
  
diff --git a/target/linux/generic/pending-5.4/306-mips_mem_functions_performance.patch b/target/linux/generic/pending-5.4/306-mips_mem_functions_performance.patch
deleted file mode 100644 (file)
index 611aa03..0000000
+++ /dev/null
@@ -1,106 +0,0 @@
-From: Felix Fietkau <nbd@nbd.name>
-Subject: [PATCH] mips: allow the compiler to optimize memset, memcmp, memcpy  for better performance and (in some instances) smaller code
-
-lede-commit: 07e59c7bc7f375f792ec9734be42fe4fa391a8bb
-Signed-off-by: Felix Fietkau <nbd@nbd.name>
----
- arch/mips/boot/compressed/Makefile |  3 ++-
- arch/mips/include/asm/string.h     | 38 ++++++++++++++++++++++++++++++++++++++
- arch/mips/lib/Makefile             |  2 +-
- arch/mips/lib/memcmp.c             | 22 ++++++++++++++++++++++
- 4 files changed, 63 insertions(+), 2 deletions(-)
- create mode 100644 arch/mips/lib/memcmp.c
-
---- a/arch/mips/boot/compressed/Makefile
-+++ b/arch/mips/boot/compressed/Makefile
-@@ -23,7 +23,8 @@ KBUILD_CFLAGS := $(filter-out -pg, $(KBU
- KBUILD_CFLAGS := $(filter-out -fstack-protector, $(KBUILD_CFLAGS))
- KBUILD_CFLAGS := $(KBUILD_CFLAGS) -D__KERNEL__ \
--      -DBOOT_HEAP_SIZE=$(BOOT_HEAP_SIZE) -D"VMLINUX_LOAD_ADDRESS_ULL=$(VMLINUX_LOAD_ADDRESS)ull"
-+      -DBOOT_HEAP_SIZE=$(BOOT_HEAP_SIZE) -D"VMLINUX_LOAD_ADDRESS_ULL=$(VMLINUX_LOAD_ADDRESS)ull" \
-+      -D__ZBOOT__
- KBUILD_AFLAGS := $(KBUILD_AFLAGS) -D__ASSEMBLY__ \
-       -DBOOT_HEAP_SIZE=$(BOOT_HEAP_SIZE) \
---- a/arch/mips/include/asm/string.h
-+++ b/arch/mips/include/asm/string.h
-@@ -19,4 +19,42 @@ extern void *memcpy(void *__to, __const_
- #define __HAVE_ARCH_MEMMOVE
- extern void *memmove(void *__dest, __const__ void *__src, size_t __n);
-+#ifndef __ZBOOT__
-+#define memset(__s, __c, len)                                 \
-+({                                                            \
-+      size_t __len = (len);                                   \
-+      void *__ret;                                            \
-+      if (__builtin_constant_p(len) && __len >= 64)           \
-+              __ret = memset((__s), (__c), __len);            \
-+      else                                                    \
-+              __ret = __builtin_memset((__s), (__c), __len);  \
-+      __ret;                                                  \
-+})
-+
-+#define memcpy(dst, src, len)                                 \
-+({                                                            \
-+      size_t __len = (len);                                   \
-+      void *__ret;                                            \
-+      if (__builtin_constant_p(len) && __len >= 64)           \
-+              __ret = memcpy((dst), (src), __len);            \
-+      else                                                    \
-+              __ret = __builtin_memcpy((dst), (src), __len);  \
-+      __ret;                                                  \
-+})
-+
-+#define memmove(dst, src, len)                                        \
-+({                                                            \
-+      size_t __len = (len);                                   \
-+      void *__ret;                                            \
-+      if (__builtin_constant_p(len) && __len >= 64)           \
-+              __ret = memmove((dst), (src), __len);           \
-+      else                                                    \
-+              __ret = __builtin_memmove((dst), (src), __len); \
-+      __ret;                                                  \
-+})
-+
-+#define __HAVE_ARCH_MEMCMP
-+#define memcmp(src1, src2, len) __builtin_memcmp((src1), (src2), (len))
-+#endif
-+
- #endif /* _ASM_STRING_H */
---- a/arch/mips/lib/Makefile
-+++ b/arch/mips/lib/Makefile
-@@ -5,7 +5,7 @@
- lib-y += bitops.o csum_partial.o delay.o memcpy.o memset.o \
-          mips-atomic.o strncpy_user.o \
--         strnlen_user.o uncached.o
-+         strnlen_user.o uncached.o memcmp.o
- obj-y                 += iomap_copy.o
- obj-$(CONFIG_PCI)     += iomap-pci.o
---- /dev/null
-+++ b/arch/mips/lib/memcmp.c
-@@ -0,0 +1,22 @@
-+/*
-+ *  copied from linux/lib/string.c
-+ *
-+ *  Copyright (C) 1991, 1992  Linus Torvalds
-+ */
-+
-+#include <linux/module.h>
-+#include <linux/string.h>
-+
-+#undef memcmp
-+int memcmp(const void *cs, const void *ct, size_t count)
-+{
-+      const unsigned char *su1, *su2;
-+      int res = 0;
-+
-+      for (su1 = cs, su2 = ct; 0 < count; ++su1, ++su2, count--)
-+              if ((res = *su1 - *su2) != 0)
-+                      break;
-+      return res;
-+}
-+EXPORT_SYMBOL(memcmp);
-+
index f8c2343e19e21fffc8ea1dfe0702cfe4d09eafd3..2aff479024201ddcea2daddb8d3eb92f33598f00 100644 (file)
@@ -1,6 +1,6 @@
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -2378,6 +2378,12 @@ config MIPS_VPE_LOADER
+@@ -2379,6 +2379,12 @@ config MIPS_VPE_LOADER
          Includes a loader for loading an elf relocatable object
          onto another VPE and running it.
  
index 76615ed4915fee31c6f23352d05364eadd4df277..34617898c8aa44dd5b0c953c7c9978cc346dace4 100644 (file)
@@ -16,7 +16,7 @@ Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
 
 --- a/arch/mips/Kconfig
 +++ b/arch/mips/Kconfig
-@@ -625,6 +625,7 @@ config RALINK
+@@ -626,6 +626,7 @@ config RALINK
        select SYS_SUPPORTS_32BIT_KERNEL
        select SYS_SUPPORTS_LITTLE_ENDIAN
        select SYS_SUPPORTS_MIPS16
index 08b4b0de298eb226369cb9be9d2e7fa5397cedcf..277d2aa43c58e067ef6dbe8a386f76309f1807ee 100644 (file)
@@ -71,13 +71,13 @@ Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
 +      phys_addr_t size;
 +
 +      for (size = 32 * SZ_1M; size < 256 * SZ_1M; size <<= 1) {
-+              if (!memcmp(dm, dm + size, sizeof(detect_magic)))
++              if (!__builtin_memcmp(dm, dm + size, sizeof(detect_magic)))
 +                      break;
 +      }
 +
 +      if ((size == 256 * SZ_1M) &&
 +          (CPHYSADDR(dm + size) < MT7621_LOWMEM_MAX_SIZE) &&
-+          memcmp(dm, dm + size, sizeof(detect_magic))) {
++          __builtin_memcmp(dm, dm + size, sizeof(detect_magic))) {
 +              add_memory_region(MT7621_LOWMEM_BASE, MT7621_LOWMEM_MAX_SIZE,
 +                                BOOT_MEM_RAM);
 +              add_memory_region(MT7621_HIGHMEM_BASE, MT7621_HIGHMEM_SIZE,