Re: x86/stack protector: X86_32_LAZY_GS=n hangs kernel on old processors

From: Kees Cook
Date: Tue Feb 13 2018 - 18:33:32 EST


On Tue, Feb 13, 2018 at 3:14 PM, tedheadster <tedheadster@xxxxxxxxx> wrote:
> Kees,
> I am running the 4.16-rc1 release. My arch/x86/Kconfig has this logic:
>
> config X86_32_LAZY_GS
> def_bool y
> depends on X86_32 && CC_STACKPROTECTOR_NONE
>
> I get a hang on i486 when I choose any of these configuration options:
>
> CONFIG_CC_STACKPROTECTOR_AUTO=y
> CONFIG_CC_STACKPROTECTOR_REGULAR=y
> CONFIG_CC_STACKPROTECTOR_STRONG=y
>
> Also, CONFIG_X86_32_LAZY_GS does not appear in any of these config
> files, not even as "# CONFIG_X86_32_LAZY_GS is not set", which I
> thought was strange.

I think that's normal because it's forced to be unselectedable due to
CC_STACKPROTECTOR_NONE not being set.

> The only configuration that works on i486 is:
>
> CONFIG_CC_STACKPROTECTOR_NONE=y
> CONFIG_X86_32_LAZY_GS=y
>
> Now it gets interesting. All four of these configurations boots
> successfully when compiled for, and run on, a Pentium 4 M
> (CONFIG_PENTIUM4). So it certainly is related to what version of the
> processor you use.
>
> I will continue to try other configuration combinations and report back.

Okay, that's pretty weird. And does 4.15 boot with either of:

CONFIG_CC_STACKPROTECTOR_REGULAR=y
CONFIG_CC_STACKPROTECTOR_STRONG=y

Because if so, I'm very confused. If it does _not_ boot, then I can
chalk this up to an untested CPU/compiler combo and disable _AUTO on
X86_32, as there appears to be a pre-existing conflict there. (I doubt
it will turn out to be that easy... it never is.)

FWIW, the core change is 2bc2f688fdf8808de4f36be563ccdb0bde7c0c54
(though the next two commits build on it and introduce _AUTO).

-Kees

--
Kees Cook
Pixel Security