Received: by 2002:a05:6500:2018:b0:1fb:9675:f89d with SMTP id t24csp582167lqh; Fri, 31 May 2024 09:53:38 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXEy6yXkwNqYGAh8z01qEky1Spxjog8U0DaYfd6GF5qUcukYz1XzEI/OyMKb202uzzDe1wnCWAZcQzOcve6rbgOntMj+JX9lId3J1B90Q== X-Google-Smtp-Source: AGHT+IFGBpOWXhPNPTZz8pROxPq6gSDz4nazGeaE9Uzg1a29v0yDgkV+YyXL26t3M3GXamBrvtBA X-Received: by 2002:a17:906:1ed1:b0:a59:a85c:a5ca with SMTP id a640c23a62f3a-a6818672754mr239856966b.7.1717174418787; Fri, 31 May 2024 09:53:38 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717174418; cv=pass; d=google.com; s=arc-20160816; b=NDTyc/o9krRdnjBZL6GRMu2MWthaFyiBGYVdnO9Cti2xztY7iQGuaUPvNZYbVQxkrs w6lAh8xPN1L5oXTR8QrbkDE+U8118Snpc37yJ6bECF461nYnZ7R49vvvNpQpz/friuhW d/0bz36zudjvU8IuVDDx+2jwu+m1wy2zoGt6ZSrCriX19SiBaMAsKvDnLkFzIIcqE4D/ 4KF/hgm3MDCoc8VYDjdPQeN9UZKf7FTwHOMC9KzY5rymFPsapnSGZ2wA4j0+nhQ/sGgQ 1nBqZOLpJlvNnSD94s6V+TLGW4yiVX26pTifqMkm7QsoIZOQd74rinFYwD6RXUGcAlWo QSYQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=wXHwJXGoMcYVcT5MZNW98POTszxohh6ZGQSc5daGDDA=; fh=2UCDsxYzIdp7EGIHmtBJesLjQo1GmeijCS6HmfIiff8=; b=iX3IXmSJyAx/+V+cD74SwX6OKRvk9RQ4xAggd9w46BSpb/8+/LPjr2VB6u9RdUt4GV s69ji6U0qWGEQIpGiw+XOkIVQ4gk7FdN6TlnFZtjKvi0U/+sNp3VEJGwcusxpfIiou9N 7O1/xcVqZxhRzuC4QkkcgpLNBgdnAWwk0P7Bw2w5GrPrlTPwitYocmnaLnURbLKDDhzg NhBm1K+f3Bs3NA7YC7g8DDzoukOu/UURTNZlylf72BRRLbP6OzodflpE5zVc3I/uBz0h WlcXgYeD03kcKhDBZmOBJU7Tsx0Lq+3nAjf2bYZJuP6Ya+R6pY67fBmC3TkY8YQOe9Ev LtIQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=chF5K+Jg; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-197198-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-197198-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id a640c23a62f3a-a67ea38db51si109506566b.398.2024.05.31.09.53.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 May 2024 09:53:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-197198-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=chF5K+Jg; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-197198-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-197198-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 740D41F26A1B for ; Fri, 31 May 2024 16:53:38 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E027D16EBF1; Fri, 31 May 2024 16:53:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="chF5K+Jg" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0FB5A158D78; Fri, 31 May 2024 16:53:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717174410; cv=none; b=bIiiIhgcSD2zsFxW0/Wl7cMBv+8lXthxBHFoGi19gLd5WZfwDYqlDjoXvJ+QMHM7XSH1i6f4rPcRk2zoGVGg09OQgb1IaeB6RBxx+OaNYkDIjiTxoP977WaCFjemTyFcVNWA0fhUVPfHMrGlgUegwDezhJeK0/3OBAV60Xfm3J0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717174410; c=relaxed/simple; bh=A0VCX7boZ90t1G554mzzcAAyW5pi+5OsLc8t8Pv/41s=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=X++TAZESsdA5tv4NXBziXqmMN1OhmJZ/chrn3XhDSMz07hK1RtI4JJVgcFMw0X59UrBG8yCWKhII9bPZETPN7RLiRWbnz8Ia2PoeqoP8AmWu4DagJvblSKOSEGMF827rB/TbaUhqt4EgLDQe0WlFTRv3fBSuH9g+8EM1OYMkwgU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=chF5K+Jg; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6F4DFC116B1; Fri, 31 May 2024 16:53:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1717174409; bh=A0VCX7boZ90t1G554mzzcAAyW5pi+5OsLc8t8Pv/41s=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=chF5K+JgyD3w37TtdSB2AESkw6uLvl4AkHW/MlWX0bRq5Tpu2rdXGgvVUvPPSTHBp YkVK5HhdThUPDkgipZfcMGtuvAzRQAjgwyUfBuV+svm1CycIYnwp9lfOBxAyVw0S/t MYkFc+X2HFtxR/r9udAjhGBVUcUAhpfxmRzM8zHwW5sV6M+D0Z5wSyjNTkA5yKM3yr Y+8JLgftyLFJQvyvY4ZveBO9SONjQsWUP3Sqt3WAfnHLKvCfkR9qezooLXMX4CJNUc NJew6a6JXCQQ1CsfxMsZ1s29BspclaZhxA9N+VhmdM2Nluk+3riwXZhZioQUUxIfA/ j8PAepjQVMtVA== Date: Fri, 31 May 2024 09:53:28 -0700 From: Kees Cook To: Borislav Petkov Cc: Jeff Johnson , Nikolay Borisov , Thomas Gleixner , Ingo Molnar , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: Re: [PATCH] x86/boot: add prototype for __fortify_panic() Message-ID: <202405310951.56D9BD5C41@keescook> References: <20240529-fortify_panic-v1-1-9923d5c77657@quicinc.com> <0d3f7c58-7fc0-4e8b-b6fb-c4d0d9969ce7@suse.com> <5658B525-6642-43A2-B14C-BC4AA916FBCC@alien8.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <5658B525-6642-43A2-B14C-BC4AA916FBCC@alien8.de> On Thu, May 30, 2024 at 06:46:39PM +0200, Borislav Petkov wrote: > On May 30, 2024 6:23:36 PM GMT+02:00, Jeff Johnson wrote: > >On 5/30/2024 8:42 AM, Nikolay Borisov wrote: > >> > >> > >> On 29.05.24 г. 21:09 ч., Jeff Johnson wrote: > >>> As discussed in [1] add a prototype for __fortify_panic() to fix the > >>> 'make W=1 C=1' warning: > >>> > >>> arch/x86/boot/compressed/misc.c:535:6: warning: symbol '__fortify_panic' was not declared. Should it be static? > >> > >> Actually doesn't it make sense to have this defined under ../string.h ? > >> Actually given that we don't have any string fortification under the > >> boot/ why have the fortify _* functions at all ? > > > >I'll let Kees answer these questions since I just took guidance from him :) > > The more important question is how does the decompressor build even know of this symbol? And then make it forget it again instead of adding silly prototypes... Under CONFIG_FORTIFY_SOURCE, the boot code *does* still uses fortify-string.h. It lets us both catch mistakes we can discover at compile and will catch egregious runtime mistakes, though the reporting is much simpler in the boot code. -- Kees Cook