From fd8b96e5cb6a020a76fc797161f9faf800623eac Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 13 Dec 2024 13:12:13 +0100 Subject: [PATCH] drop stackprotector patch --- queue-5.10/series | 1 - ...or-work-around-strict-clang-tls-symb.patch | 138 ------------------ queue-5.15/series | 1 - ...or-work-around-strict-clang-tls-symb.patch | 138 ------------------ queue-6.1/series | 1 - ...or-work-around-strict-clang-tls-symb.patch | 138 ------------------ 6 files changed, 417 deletions(-) delete mode 100644 queue-5.10/x86-stackprotector-work-around-strict-clang-tls-symb.patch delete mode 100644 queue-5.15/x86-stackprotector-work-around-strict-clang-tls-symb.patch delete mode 100644 queue-6.1/x86-stackprotector-work-around-strict-clang-tls-symb.patch diff --git a/queue-5.10/series b/queue-5.10/series index ca734c4ea89..80bcb7ddeec 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -48,7 +48,6 @@ proc-softirqs-replace-seq_printf-with-seq_put_decima.patch alsa-usb-audio-fix-yamaha-p-125-quirk-entry.patch ipmr-fix-access-to-mfc_cache_list-without-lock-held.patch rcu-tasks-idle-tasks-on-offline-cpus-are-in-quiescen.patch -x86-stackprotector-work-around-strict-clang-tls-symb.patch cifs-fix-buffer-overflow-when-parsing-nfs-reparse-po.patch nvme-fix-metadata-handling-in-nvme-passthrough.patch x86-barrier-do-not-serialize-msr-accesses-on-amd.patch diff --git a/queue-5.10/x86-stackprotector-work-around-strict-clang-tls-symb.patch b/queue-5.10/x86-stackprotector-work-around-strict-clang-tls-symb.patch deleted file mode 100644 index 714da7ee6fe..00000000000 --- a/queue-5.10/x86-stackprotector-work-around-strict-clang-tls-symb.patch +++ /dev/null @@ -1,138 +0,0 @@ -From 97faa51a302d85d2a395731e6d8c880f21571bd5 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Thu, 21 Nov 2024 09:29:54 -0500 -Subject: x86/stackprotector: Work around strict Clang TLS symbol requirements - -From: Ard Biesheuvel - -[ Upstream commit 577c134d311b9b94598d7a0c86be1f431f823003 ] - -GCC and Clang both implement stack protector support based on Thread Local -Storage (TLS) variables, and this is used in the kernel to implement per-task -stack cookies, by copying a task's stack cookie into a per-CPU variable every -time it is scheduled in. - -Both now also implement -mstack-protector-guard-symbol=, which permits the TLS -variable to be specified directly. This is useful because it will allow to -move away from using a fixed offset of 40 bytes into the per-CPU area on -x86_64, which requires a lot of special handling in the per-CPU code and the -runtime relocation code. - -However, while GCC is rather lax in its implementation of this command line -option, Clang actually requires that the provided symbol name refers to a TLS -variable (i.e., one declared with __thread), although it also permits the -variable to be undeclared entirely, in which case it will use an implicit -declaration of the right type. - -The upshot of this is that Clang will emit the correct references to the stack -cookie variable in most cases, e.g., - - 10d: 64 a1 00 00 00 00 mov %fs:0x0,%eax - 10f: R_386_32 __stack_chk_guard - -However, if a non-TLS definition of the symbol in question is visible in the -same compilation unit (which amounts to the whole of vmlinux if LTO is -enabled), it will drop the per-CPU prefix and emit a load from a bogus -address. - -Work around this by using a symbol name that never occurs in C code, and emit -it as an alias in the linker script. - -Fixes: 3fb0fdb3bbe7 ("x86/stackprotector/32: Make the canary into a regular percpu variable") -Signed-off-by: Ard Biesheuvel -Signed-off-by: Brian Gerst -Signed-off-by: Borislav Petkov (AMD) -Reviewed-by: Nathan Chancellor -Tested-by: Nathan Chancellor -Cc: stable@vger.kernel.org -Link: https://github.com/ClangBuiltLinux/linux/issues/1854 -Link: https://lore.kernel.org/r/20241105155801.1779119-2-brgerst@gmail.com -Signed-off-by: Sasha Levin ---- - arch/x86/Makefile | 3 ++- - arch/x86/entry/entry.S | 15 +++++++++++++++ - arch/x86/include/asm/asm-prototypes.h | 3 +++ - arch/x86/kernel/cpu/common.c | 2 ++ - arch/x86/kernel/vmlinux.lds.S | 3 +++ - 5 files changed, 25 insertions(+), 1 deletion(-) - -diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index 8b9fa777f513b..dcd8c6f676cac 100644 ---- a/arch/x86/Makefile -+++ b/arch/x86/Makefile -@@ -90,7 +90,8 @@ ifeq ($(CONFIG_X86_32),y) - - ifeq ($(CONFIG_STACKPROTECTOR),y) - ifeq ($(CONFIG_SMP),y) -- KBUILD_CFLAGS += -mstack-protector-guard-reg=fs -mstack-protector-guard-symbol=__stack_chk_guard -+ KBUILD_CFLAGS += -mstack-protector-guard-reg=fs \ -+ -mstack-protector-guard-symbol=__ref_stack_chk_guard - else - KBUILD_CFLAGS += -mstack-protector-guard=global - endif -diff --git a/arch/x86/entry/entry.S b/arch/x86/entry/entry.S -index f4419afc7147d..23f9efbe9d705 100644 ---- a/arch/x86/entry/entry.S -+++ b/arch/x86/entry/entry.S -@@ -48,3 +48,18 @@ EXPORT_SYMBOL_GPL(mds_verw_sel); - - .popsection - -+#ifndef CONFIG_X86_64 -+/* -+ * Clang's implementation of TLS stack cookies requires the variable in -+ * question to be a TLS variable. If the variable happens to be defined as an -+ * ordinary variable with external linkage in the same compilation unit (which -+ * amounts to the whole of vmlinux with LTO enabled), Clang will drop the -+ * segment register prefix from the references, resulting in broken code. Work -+ * around this by avoiding the symbol used in -mstack-protector-guard-symbol= -+ * entirely in the C code, and use an alias emitted by the linker script -+ * instead. -+ */ -+#ifdef CONFIG_STACKPROTECTOR -+EXPORT_SYMBOL(__ref_stack_chk_guard); -+#endif -+#endif -diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h -index 5cdccea455544..390b13db24b81 100644 ---- a/arch/x86/include/asm/asm-prototypes.h -+++ b/arch/x86/include/asm/asm-prototypes.h -@@ -18,3 +18,6 @@ - extern void cmpxchg8b_emu(void); - #endif - -+#if defined(__GENKSYMS__) && defined(CONFIG_STACKPROTECTOR) -+extern unsigned long __ref_stack_chk_guard; -+#endif -diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index bdcf1e9375ee2..f8e5598408bfd 100644 ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -1974,8 +1974,10 @@ EXPORT_PER_CPU_SYMBOL(cpu_current_top_of_stack); - - #ifdef CONFIG_STACKPROTECTOR - DEFINE_PER_CPU(unsigned long, __stack_chk_guard); -+#ifndef CONFIG_SMP - EXPORT_PER_CPU_SYMBOL(__stack_chk_guard); - #endif -+#endif - - #endif /* CONFIG_X86_64 */ - -diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S -index 740f87d8aa481..60fb61dffe98e 100644 ---- a/arch/x86/kernel/vmlinux.lds.S -+++ b/arch/x86/kernel/vmlinux.lds.S -@@ -490,6 +490,9 @@ SECTIONS - ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!") - } - -+/* needed for Clang - see arch/x86/entry/entry.S */ -+PROVIDE(__ref_stack_chk_guard = __stack_chk_guard); -+ - #ifdef CONFIG_X86_32 - /* - * The ASSERT() sink to . is intentional, for binutils 2.14 compatibility: --- -2.43.0 - diff --git a/queue-5.15/series b/queue-5.15/series index ed517d3f0ef..f650eb57ea7 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -70,7 +70,6 @@ alsa-usb-audio-fix-yamaha-p-125-quirk-entry.patch arm-9420-1-smp-fix-smp-for-xip-kernels.patch ipmr-fix-access-to-mfc_cache_list-without-lock-held.patch rcu-tasks-idle-tasks-on-offline-cpus-are-in-quiescen.patch -x86-stackprotector-work-around-strict-clang-tls-symb.patch cifs-fix-buffer-overflow-when-parsing-nfs-reparse-po.patch nvme-fix-metadata-handling-in-nvme-passthrough.patch x86-barrier-do-not-serialize-msr-accesses-on-amd.patch diff --git a/queue-5.15/x86-stackprotector-work-around-strict-clang-tls-symb.patch b/queue-5.15/x86-stackprotector-work-around-strict-clang-tls-symb.patch deleted file mode 100644 index 2a8f100ccee..00000000000 --- a/queue-5.15/x86-stackprotector-work-around-strict-clang-tls-symb.patch +++ /dev/null @@ -1,138 +0,0 @@ -From e4ce1ed17940e830e150996ef3b08f47b4acd592 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Thu, 21 Nov 2024 09:44:14 -0500 -Subject: x86/stackprotector: Work around strict Clang TLS symbol requirements - -From: Ard Biesheuvel - -[ Upstream commit 577c134d311b9b94598d7a0c86be1f431f823003 ] - -GCC and Clang both implement stack protector support based on Thread Local -Storage (TLS) variables, and this is used in the kernel to implement per-task -stack cookies, by copying a task's stack cookie into a per-CPU variable every -time it is scheduled in. - -Both now also implement -mstack-protector-guard-symbol=, which permits the TLS -variable to be specified directly. This is useful because it will allow to -move away from using a fixed offset of 40 bytes into the per-CPU area on -x86_64, which requires a lot of special handling in the per-CPU code and the -runtime relocation code. - -However, while GCC is rather lax in its implementation of this command line -option, Clang actually requires that the provided symbol name refers to a TLS -variable (i.e., one declared with __thread), although it also permits the -variable to be undeclared entirely, in which case it will use an implicit -declaration of the right type. - -The upshot of this is that Clang will emit the correct references to the stack -cookie variable in most cases, e.g., - - 10d: 64 a1 00 00 00 00 mov %fs:0x0,%eax - 10f: R_386_32 __stack_chk_guard - -However, if a non-TLS definition of the symbol in question is visible in the -same compilation unit (which amounts to the whole of vmlinux if LTO is -enabled), it will drop the per-CPU prefix and emit a load from a bogus -address. - -Work around this by using a symbol name that never occurs in C code, and emit -it as an alias in the linker script. - -Fixes: 3fb0fdb3bbe7 ("x86/stackprotector/32: Make the canary into a regular percpu variable") -Signed-off-by: Ard Biesheuvel -Signed-off-by: Brian Gerst -Signed-off-by: Borislav Petkov (AMD) -Reviewed-by: Nathan Chancellor -Tested-by: Nathan Chancellor -Cc: stable@vger.kernel.org -Link: https://github.com/ClangBuiltLinux/linux/issues/1854 -Link: https://lore.kernel.org/r/20241105155801.1779119-2-brgerst@gmail.com -Signed-off-by: Sasha Levin ---- - arch/x86/Makefile | 3 ++- - arch/x86/entry/entry.S | 15 +++++++++++++++ - arch/x86/include/asm/asm-prototypes.h | 3 +++ - arch/x86/kernel/cpu/common.c | 2 ++ - arch/x86/kernel/vmlinux.lds.S | 3 +++ - 5 files changed, 25 insertions(+), 1 deletion(-) - -diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index 9c09bbd390cec..f8a7d2a654347 100644 ---- a/arch/x86/Makefile -+++ b/arch/x86/Makefile -@@ -81,7 +81,8 @@ ifeq ($(CONFIG_X86_32),y) - - ifeq ($(CONFIG_STACKPROTECTOR),y) - ifeq ($(CONFIG_SMP),y) -- KBUILD_CFLAGS += -mstack-protector-guard-reg=fs -mstack-protector-guard-symbol=__stack_chk_guard -+ KBUILD_CFLAGS += -mstack-protector-guard-reg=fs \ -+ -mstack-protector-guard-symbol=__ref_stack_chk_guard - else - KBUILD_CFLAGS += -mstack-protector-guard=global - endif -diff --git a/arch/x86/entry/entry.S b/arch/x86/entry/entry.S -index f4419afc7147d..23f9efbe9d705 100644 ---- a/arch/x86/entry/entry.S -+++ b/arch/x86/entry/entry.S -@@ -48,3 +48,18 @@ EXPORT_SYMBOL_GPL(mds_verw_sel); - - .popsection - -+#ifndef CONFIG_X86_64 -+/* -+ * Clang's implementation of TLS stack cookies requires the variable in -+ * question to be a TLS variable. If the variable happens to be defined as an -+ * ordinary variable with external linkage in the same compilation unit (which -+ * amounts to the whole of vmlinux with LTO enabled), Clang will drop the -+ * segment register prefix from the references, resulting in broken code. Work -+ * around this by avoiding the symbol used in -mstack-protector-guard-symbol= -+ * entirely in the C code, and use an alias emitted by the linker script -+ * instead. -+ */ -+#ifdef CONFIG_STACKPROTECTOR -+EXPORT_SYMBOL(__ref_stack_chk_guard); -+#endif -+#endif -diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h -index 5cdccea455544..390b13db24b81 100644 ---- a/arch/x86/include/asm/asm-prototypes.h -+++ b/arch/x86/include/asm/asm-prototypes.h -@@ -18,3 +18,6 @@ - extern void cmpxchg8b_emu(void); - #endif - -+#if defined(__GENKSYMS__) && defined(CONFIG_STACKPROTECTOR) -+extern unsigned long __ref_stack_chk_guard; -+#endif -diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index f0cc4c616ceb3..5db433cfaaa78 100644 ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -2000,8 +2000,10 @@ EXPORT_PER_CPU_SYMBOL(cpu_current_top_of_stack); - - #ifdef CONFIG_STACKPROTECTOR - DEFINE_PER_CPU(unsigned long, __stack_chk_guard); -+#ifndef CONFIG_SMP - EXPORT_PER_CPU_SYMBOL(__stack_chk_guard); - #endif -+#endif - - #endif /* CONFIG_X86_64 */ - -diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S -index 351c604de263a..ab36dacb4cc50 100644 ---- a/arch/x86/kernel/vmlinux.lds.S -+++ b/arch/x86/kernel/vmlinux.lds.S -@@ -490,6 +490,9 @@ SECTIONS - ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!") - } - -+/* needed for Clang - see arch/x86/entry/entry.S */ -+PROVIDE(__ref_stack_chk_guard = __stack_chk_guard); -+ - /* - * The ASSERT() sink to . is intentional, for binutils 2.14 compatibility: - */ --- -2.43.0 - diff --git a/queue-6.1/series b/queue-6.1/series index c001e56ff05..236bba93200 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -29,7 +29,6 @@ ipmr-fix-access-to-mfc_cache_list-without-lock-held.patch closures-change-bug_on-to-warn_on.patch net-fix-crash-when-config-small-gso_max_size-gso_ipv.patch serial-sc16is7xx-fix-invalid-fifo-access-with-specia.patch -x86-stackprotector-work-around-strict-clang-tls-symb.patch cifs-fix-buffer-overflow-when-parsing-nfs-reparse-po.patch fpga-bridge-add-owner-module-and-take-its-refcount.patch fpga-manager-add-owner-module-and-take-its-refcount.patch diff --git a/queue-6.1/x86-stackprotector-work-around-strict-clang-tls-symb.patch b/queue-6.1/x86-stackprotector-work-around-strict-clang-tls-symb.patch deleted file mode 100644 index be95ed25342..00000000000 --- a/queue-6.1/x86-stackprotector-work-around-strict-clang-tls-symb.patch +++ /dev/null @@ -1,138 +0,0 @@ -From 0836f330b1ed3535ee119cb7a29b5dc3666e1fb2 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Thu, 21 Nov 2024 10:03:37 -0500 -Subject: x86/stackprotector: Work around strict Clang TLS symbol requirements - -From: Ard Biesheuvel - -[ Upstream commit 577c134d311b9b94598d7a0c86be1f431f823003 ] - -GCC and Clang both implement stack protector support based on Thread Local -Storage (TLS) variables, and this is used in the kernel to implement per-task -stack cookies, by copying a task's stack cookie into a per-CPU variable every -time it is scheduled in. - -Both now also implement -mstack-protector-guard-symbol=, which permits the TLS -variable to be specified directly. This is useful because it will allow to -move away from using a fixed offset of 40 bytes into the per-CPU area on -x86_64, which requires a lot of special handling in the per-CPU code and the -runtime relocation code. - -However, while GCC is rather lax in its implementation of this command line -option, Clang actually requires that the provided symbol name refers to a TLS -variable (i.e., one declared with __thread), although it also permits the -variable to be undeclared entirely, in which case it will use an implicit -declaration of the right type. - -The upshot of this is that Clang will emit the correct references to the stack -cookie variable in most cases, e.g., - - 10d: 64 a1 00 00 00 00 mov %fs:0x0,%eax - 10f: R_386_32 __stack_chk_guard - -However, if a non-TLS definition of the symbol in question is visible in the -same compilation unit (which amounts to the whole of vmlinux if LTO is -enabled), it will drop the per-CPU prefix and emit a load from a bogus -address. - -Work around this by using a symbol name that never occurs in C code, and emit -it as an alias in the linker script. - -Fixes: 3fb0fdb3bbe7 ("x86/stackprotector/32: Make the canary into a regular percpu variable") -Signed-off-by: Ard Biesheuvel -Signed-off-by: Brian Gerst -Signed-off-by: Borislav Petkov (AMD) -Reviewed-by: Nathan Chancellor -Tested-by: Nathan Chancellor -Cc: stable@vger.kernel.org -Link: https://github.com/ClangBuiltLinux/linux/issues/1854 -Link: https://lore.kernel.org/r/20241105155801.1779119-2-brgerst@gmail.com -Signed-off-by: Sasha Levin ---- - arch/x86/Makefile | 3 ++- - arch/x86/entry/entry.S | 15 +++++++++++++++ - arch/x86/include/asm/asm-prototypes.h | 3 +++ - arch/x86/kernel/cpu/common.c | 2 ++ - arch/x86/kernel/vmlinux.lds.S | 3 +++ - 5 files changed, 25 insertions(+), 1 deletion(-) - -diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index 3419ffa2a3507..a88eede6e7db4 100644 ---- a/arch/x86/Makefile -+++ b/arch/x86/Makefile -@@ -113,7 +113,8 @@ ifeq ($(CONFIG_X86_32),y) - - ifeq ($(CONFIG_STACKPROTECTOR),y) - ifeq ($(CONFIG_SMP),y) -- KBUILD_CFLAGS += -mstack-protector-guard-reg=fs -mstack-protector-guard-symbol=__stack_chk_guard -+ KBUILD_CFLAGS += -mstack-protector-guard-reg=fs \ -+ -mstack-protector-guard-symbol=__ref_stack_chk_guard - else - KBUILD_CFLAGS += -mstack-protector-guard=global - endif -diff --git a/arch/x86/entry/entry.S b/arch/x86/entry/entry.S -index f4419afc7147d..23f9efbe9d705 100644 ---- a/arch/x86/entry/entry.S -+++ b/arch/x86/entry/entry.S -@@ -48,3 +48,18 @@ EXPORT_SYMBOL_GPL(mds_verw_sel); - - .popsection - -+#ifndef CONFIG_X86_64 -+/* -+ * Clang's implementation of TLS stack cookies requires the variable in -+ * question to be a TLS variable. If the variable happens to be defined as an -+ * ordinary variable with external linkage in the same compilation unit (which -+ * amounts to the whole of vmlinux with LTO enabled), Clang will drop the -+ * segment register prefix from the references, resulting in broken code. Work -+ * around this by avoiding the symbol used in -mstack-protector-guard-symbol= -+ * entirely in the C code, and use an alias emitted by the linker script -+ * instead. -+ */ -+#ifdef CONFIG_STACKPROTECTOR -+EXPORT_SYMBOL(__ref_stack_chk_guard); -+#endif -+#endif -diff --git a/arch/x86/include/asm/asm-prototypes.h b/arch/x86/include/asm/asm-prototypes.h -index 5cdccea455544..390b13db24b81 100644 ---- a/arch/x86/include/asm/asm-prototypes.h -+++ b/arch/x86/include/asm/asm-prototypes.h -@@ -18,3 +18,6 @@ - extern void cmpxchg8b_emu(void); - #endif - -+#if defined(__GENKSYMS__) && defined(CONFIG_STACKPROTECTOR) -+extern unsigned long __ref_stack_chk_guard; -+#endif -diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 7f922a359ccc5..b4e999048e9a4 100644 ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -2158,8 +2158,10 @@ EXPORT_PER_CPU_SYMBOL(cpu_current_top_of_stack); - - #ifdef CONFIG_STACKPROTECTOR - DEFINE_PER_CPU(unsigned long, __stack_chk_guard); -+#ifndef CONFIG_SMP - EXPORT_PER_CPU_SYMBOL(__stack_chk_guard); - #endif -+#endif - - #endif /* CONFIG_X86_64 */ - -diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S -index 78ccb5ec3c0e7..c1e776ed71b06 100644 ---- a/arch/x86/kernel/vmlinux.lds.S -+++ b/arch/x86/kernel/vmlinux.lds.S -@@ -486,6 +486,9 @@ SECTIONS - ASSERT(SIZEOF(.rela.dyn) == 0, "Unexpected run-time relocations (.rela) detected!") - } - -+/* needed for Clang - see arch/x86/entry/entry.S */ -+PROVIDE(__ref_stack_chk_guard = __stack_chk_guard); -+ - /* - * The ASSERT() sink to . is intentional, for binutils 2.14 compatibility: - */ --- -2.43.0 - -- 2.47.3