lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <92bc0a65-608f-4307-bb1c-16d8836d42e5@arm.com>
Date: Tue, 11 Mar 2025 10:53:33 -0500
From: Stuart Yoder <stuart.yoder@....com>
To: Thorsten Leemhuis <linux@...mhuis.info>, jarkko@...nel.org
Cc: linux-acpi@...r.kernel.org, linux-kernel@...r.kernel.org,
 lenb@...nel.org, rafael@...nel.org, jgg@...pe.ca, peterhuewe@....de,
 sudeep.holla@....com, linux-integrity@...r.kernel.org,
 Linux Next Mailing List <linux-next@...r.kernel.org>
Subject: Re: Build error on -next due to tpm_crb.c changes?



On 3/11/25 10:21 AM, Thorsten Leemhuis wrote:
> On 05.03.25 18:36, Stuart Yoder wrote:
>> Firmware Framework for Arm A-profile (FF-A) is a messaging framework
>> for Arm-based systems, and in the context of the TPM CRB driver is used
>> to signal 'start' to a CRB-based TPM service which is hosted in an
>> FF-A secure partition running in TrustZone.
>>
>> These patches add support for the CRB FF-A start method defined
>> in the TCG ACPI specification v1.4 and the FF-A ABI defined
>> in the Arm TPM Service CRB over FF-A (DEN0138) specification:
>> https://developer.arm.com/documentation/den0138/latest/
>> [...]
>> Stuart Yoder (5):
>>    tpm_crb: implement driver compliant to CRB over FF-A
>>    tpm_crb: clean-up and refactor check for idle support
>>    ACPICA: add start method for Arm FF-A
>>    tpm_crb: add support for the Arm FF-A start method
>>    Documentation: tpm: add documentation for the CRB FF-A interface
>>
>>   Documentation/security/tpm/tpm_ffa_crb.rst |  65 ++++
>>   drivers/char/tpm/Kconfig                   |   9 +
>>   drivers/char/tpm/Makefile                  |   1 +
>>   drivers/char/tpm/tpm_crb.c                 | 105 +++++--
>>   drivers/char/tpm/tpm_crb_ffa.c             | 348 +++++++++++++++++++++
>>   drivers/char/tpm/tpm_crb_ffa.h             |  25 ++
>>   include/acpi/actbl3.h                      |   1 +
>> [...]
> 
> My daily linux-next builds for Fedora failed building on ARM64 today. I did
> not bisect, but from the error message I suspect it's du to  patches in this
> series touching drivers/char/tpm/tpm_crb.c :
> 
> ld: Unexpected GOT/PLT entries detected!
> ld: Unexpected run-time procedure linkages detected!
> ld: drivers/char/tpm/tpm_crb.o: in function `crb_cancel':
> /builddir/foo//drivers/char/tpm/tpm_crb.c:496:(.text+0x2c0): undefined reference to `tpm_crb_ffa_start'
> ld: drivers/char/tpm/tpm_crb.o: in function `__crb_request_locality':
> /builddir/foo/drivers/char/tpm/tpm_crb.c:285:(.text+0x768): undefined reference to `tpm_crb_ffa_start'
> ld: drivers/char/tpm/tpm_crb.o: in function `__crb_relinquish_locality':
> /builddir/foo/drivers/char/tpm/tpm_crb.c:319:(.text+0x81c): undefined reference to `tpm_crb_ffa_start'
> ld: drivers/char/tpm/tpm_crb.o: in function `__crb_request_locality':
> /builddir/foo/drivers/char/tpm/tpm_crb.c:285:(.text+0x8bc): undefined reference to `tpm_crb_ffa_start'
> ld: drivers/char/tpm/tpm_crb.o: in function `__crb_relinquish_locality':
> /builddir/foo/drivers/char/tpm/tpm_crb.c:319:(.text+0x958): undefined reference to `tpm_crb_ffa_start'
> ld: drivers/char/tpm/tpm_crb.o:/builddir/foo/drivers/char/tpm/tpm_crb.c:474: more undefined references to `tpm_crb_ffa_start' follow
> ld: drivers/char/tpm/tpm_crb.o: in function `crb_acpi_add':
> /builddir/foo/drivers/char/tpm/tpm_crb.c:830:(.text+0x1518): undefined reference to `tpm_crb_ffa_init'
> make[2]: *** [scripts/Makefile.vmlinux:77: vmlinux] Error 1
> make[1]: *** [/builddir/foo/Makefile:1242: vmlinux] Error 2
> make: *** [Makefile:259: __sub-make] Error 2
> 
> Full log:
> https://download.copr.fedorainfracloud.org/results/@kernel-vanilla/next/fedora-41-aarch64/08750241-next-next-all/builder-live.log.gz
> 
> Same problem on Fedora 40, 42 and 43.

The problem seems to be that tpm_crb.o was built with
CONFIG_TCG_ARM_CRB_FFA enabled, yet somehow the
tpm_crb_ffa.o file is not being picked up by the build.

Not sure how this is possible. I've tested all combinations
I could through make menuconfig.

tpm_crb_ffa.h is defined as:

#if IS_ENABLED(CONFIG_TCG_ARM_CRB_FFA)
int tpm_crb_ffa_init(void);
int tpm_crb_ffa_get_interface_version(u16 *major, u16 *minor);
int tpm_crb_ffa_start(int request_type, int locality);
#else
static inline int tpm_crb_ffa_init(void) { return 0; }
static inline int tpm_crb_ffa_get_interface_version(u16 *major, u16 
*minor) { return 0; }
static inline int tpm_crb_ffa_start(int request_type, int locality) { 
return 0; }
#endif

And so due to the linker error, it's clear we're getting the function
prototypes and not the inline functions.

The tpm Makefile defines

obj-$(CONFIG_TCG_ARM_CRB_FFA) += tpm_crb_ffa.o

So, it should not be possible on one had have
CONFIG_TCG_ARM_CRB_FFA being true when building tpm_crb.c
and false resulting in the tpm_crb_ffa.o not being
picked up in the build.

Thanks,
Stuart

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ