From 0e6d87fe833617454dfd3635d69b1eb3ec68d277 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6nke=20Holz?= Date: Fri, 19 Jan 2024 15:30:23 +0100 Subject: [PATCH] Kernel/riscv64: Don't disable stack protector and sanitizers I am not sure why 096cecb95e disabled the stack protector and sanitizers for all files, but this is not necessary. Only the pre_init code needs to run without them, as that code runs identity mapped. --- Kernel/Arch/riscv64/MMU.cpp | 6 +++++- Kernel/CMakeLists.txt | 21 ++++++++++++++++++++- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/Kernel/Arch/riscv64/MMU.cpp b/Kernel/Arch/riscv64/MMU.cpp index ab522a08aa..ba14d80f2c 100644 --- a/Kernel/Arch/riscv64/MMU.cpp +++ b/Kernel/Arch/riscv64/MMU.cpp @@ -45,7 +45,11 @@ public: u64* page = m_current; m_current += (PAGE_TABLE_SIZE / sizeof(FlatPtr)); - __builtin_memset(page, 0, PAGE_TABLE_SIZE); + // We can't use [__builtin_]memset here, as that would call into code which has stack protectors enabled, + // resulting in an access to an absolute address. + for (u64* p = page; p < page + (PAGE_TABLE_SIZE / sizeof(u64)); p++) + *p = 0; + return page; } diff --git a/Kernel/CMakeLists.txt b/Kernel/CMakeLists.txt index db6cce26b7..bfc2c7660f 100644 --- a/Kernel/CMakeLists.txt +++ b/Kernel/CMakeLists.txt @@ -510,8 +510,19 @@ elseif("${SERENITY_ARCH}" STREQUAL "aarch64") # by the compiler. The CPU cannot access global variables without the MMU as the kernel is linked for a virtual address in high memory. set_source_files_properties(${SOURCES_RUNNING_WITHOUT_MMU} PROPERTIES COMPILE_FLAGS "-fno-stack-protector -fno-sanitize=all") elseif("${SERENITY_ARCH}" STREQUAL "riscv64") + set(SOURCES_RUNNING_WITHOUT_MMU + Arch/riscv64/MMU.cpp + Arch/riscv64/pre_init.cpp + + # FIXME: Don't disable stack protectors and sanitizers in SBI.cpp. + # Maybe implement SBI debug console printing directly in pre_init.cpp as well? + Arch/riscv64/SBI.cpp + ) + set(KERNEL_SOURCES ${KERNEL_SOURCES} + ${SOURCES_RUNNING_WITHOUT_MMU} + Arch/Processor.cpp kprintf.cpp @@ -536,7 +547,15 @@ elseif("${SERENITY_ARCH}" STREQUAL "riscv64") Arch/riscv64/Timer.cpp ) - add_compile_options(-fno-stack-protector -fno-sanitize=all) + # NOTE: These files cannot use a stack protector and sanitizers, as these will cause accesses to global variables to be inserted + # by the compiler. The CPU cannot access global variables without the MMU as the kernel is linked for a virtual address in high memory. + # On GCC, also prevent loops from being optimized into functions like memset, as those might use stack protectors and sanitizers. + # We also have to disable our -ftrivial-auto-var-init=pattern mitigation, as that would cause memsets to be inserted. + if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU") + set_source_files_properties(${SOURCES_RUNNING_WITHOUT_MMU} PROPERTIES COMPILE_FLAGS "-fno-stack-protector -fno-sanitize=all -ftrivial-auto-var-init=uninitialized -fno-tree-loop-distribution -fno-tree-loop-distribute-patterns") + else() + set_source_files_properties(${SOURCES_RUNNING_WITHOUT_MMU} PROPERTIES COMPILE_FLAGS "-fno-stack-protector -fno-sanitize=all -ftrivial-auto-var-init=uninitialized") + endif() endif() set(AK_SOURCES