On Tue, Jul 18, 2023 at 12:47:14AM -0500, Glenn Washburn wrote: > GCC is electing to instrument grub_efi_init() to give it stack smashing > protection when configuring with --enable-stack-protector on the x86_64-efi > target. In the function prologue, the canary at the top of the stack frame > is set to the value of the stack guard. And in the epilogue, the canary is > checked to verify if it is equal to the guard and if not to call the stack > check fail function. The issue is that grub_efi_init() sets up the guard > by initializing it with random bytes, if the firmware supports the RNG > protocol. So in its prologue the canary will be set with the value of the > uninitialized guard, likely NULL bytes. Then the guard is initialized, and > finally the epilogue checks the canary against the guard, which will almost > certainly be different. This causes the code path for a smashed stack to be > taken, causing the machine to print out a message that stack smashing was > detected, wait 5 seconds, and then reboot. Disable grub_efi_init() > instrumentation so there is no stack smashing false positive generated. > > Signed-off-by: Glenn Washburn <developm...@efficientek.com>
Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
