| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a54db95c-e22a-4e13-ae4b-6a5a67d1c49b@suse.com>
Date: Sat, 1 Jun 2024 10:27:28 +0300
From: Nikolay Borisov <nik.borisov@...e.com>
To: Kees Cook <kees@...nel.org>, Jeff Johnson <quic_jjohnson@...cinc.com>
Cc: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>,
x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org,
kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] x86/boot: add prototype for __fortify_panic()
On 31.05.24 г. 19:28 ч., Kees Cook wrote:
> On Thu, May 30, 2024 at 09:23:36AM -0700, Jeff Johnson wrote:
>> On 5/30/2024 8:42 AM, Nikolay Borisov wrote:
>>>
>>>
>>> On 29.05.24 г. 21:09 ч., Jeff Johnson wrote:
>>>> As discussed in [1] add a prototype for __fortify_panic() to fix the
>>>> 'make W=1 C=1' warning:
>>>>
>>>> arch/x86/boot/compressed/misc.c:535:6: warning: symbol '__fortify_panic' was not declared. Should it be static?
>>>
>>> Actually doesn't it make sense to have this defined under ../string.h ?
>>> Actually given that we don't have any string fortification under the
>>> boot/ why have the fortify _* functions at all ?
>>
>> I'll let Kees answer these questions since I just took guidance from him :)
>
> Ah-ha, I see what's happening. When not built with
> CONFIG_FORTIFY_SOURCE, fortify-string.h isn't included. But since misc.c
> has the function definition, we get a warning that the function
> declaration was never seen. This is likely the better solution:
fortify-strings.h is used in include/linux/string.h. However all the
files in the decompressor are using a local copy of string.h and not the
kernel-wide. When pre-processing misc.c with FORTIFY_SOURCE enabled
here's the status:
$ grep -i fortify arch/x86/boot/compressed/misc.i
void __fortify_panic(const u8 reason, size_t avail, size_t size)
It seems the decompressor is not using fortify-string at all because
it's not using the global string.h ?
>
>
> diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
> index b70e4a21c15f..3f21a5e218f8 100644
> --- a/arch/x86/boot/compressed/misc.c
> +++ b/arch/x86/boot/compressed/misc.c
> @@ -532,7 +532,9 @@ asmlinkage __visible void *extract_kernel(void *rmode, unsigned char *output)
> return output + entry_offset;
> }
>
> +#ifdef CONFIG_FORTIFY_SOURCE
> void __fortify_panic(const u8 reason, size_t avail, size_t size)
> {
> error("detected buffer overflow");
> }
> +#endif
>
>
> Jeff, can you test this? (I still haven't been able to reproduce the
> warning.)
>
Powered by blists - more mailing lists