From: Luis Araneda Date: Sun, 4 Aug 2019 04:32:04 +0000 (-0400) Subject: zynq: k4.19: fix kernel panic on smp bring-up X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=d71cac96f3dc14065f1c25bd6677605dcb417619;p=openwrt%2Fstaging%2Fmkresin.git zynq: k4.19: fix kernel panic on smp bring-up This fixes a kernel panic when validating the arguments of memcpy at runtime, which is enabled by generic's CONFIG_FORTIFY_SOURCE for k4.19 This wasn't triggered on 4.14, as ARCH_HAS_FORTIFY_SOURCE was added on k4.17 for the ARM architecture Signed-off-by: Luis Araneda --- diff --git a/target/linux/zynq/patches-4.19/110-ARM-zynq-Use-memcpy_toio-instead-of-memcpy.patch b/target/linux/zynq/patches-4.19/110-ARM-zynq-Use-memcpy_toio-instead-of-memcpy.patch new file mode 100644 index 0000000000..03027b2016 --- /dev/null +++ b/target/linux/zynq/patches-4.19/110-ARM-zynq-Use-memcpy_toio-instead-of-memcpy.patch @@ -0,0 +1,35 @@ +From a801d4aa6000f7ba0ffc5ba9d841af62ec7e0bb1 Mon Sep 17 00:00:00 2001 +From: Luis Araneda +Date: Tue, 30 Jul 2019 00:29:03 -0400 +Subject: [RFC PATCH] ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up + +This fixes a kernel panic (read overflow) on memcpy when +FORTIFY_SOURCE is enabled. + +The computed size of memcpy args are: +- p_size (dst): 4294967295 = (size_t) -1 +- q_size (src): 1 +- size (len): 8 + +Additionally, the memory is marked as __iomem, so one of +the memcpy_* functions should be used for read/write + +Signed-off-by: Luis Araneda +--- +As of 2019-08-03, this patch is under review and waiting +comments from the maintainer / author +-- + arch/arm/mach-zynq/platsmp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm/mach-zynq/platsmp.c ++++ b/arch/arm/mach-zynq/platsmp.c +@@ -65,7 +65,7 @@ int zynq_cpun_start(u32 address, int cpu + * 0x4: Jump by mov instruction + * 0x8: Jumping address + */ +- memcpy((__force void *)zero, &zynq_secondary_trampoline, ++ memcpy_toio(zero, &zynq_secondary_trampoline, + trampoline_size); + writel(address, zero + trampoline_size); +