Received: by 2002:a05:6500:2018:b0:1fb:9675:f89d with SMTP id t24csp709836lqh; Fri, 31 May 2024 14:07:20 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVg1NYHdyDRE+HbEG8g2QYv42pdlzEX5CokuDvOBB2MtABn5cPrNKPh5D27BuiK902Llv8JhKSqznJQGGEylavHFFrtSGPd/0oJ+VkJ5w== X-Google-Smtp-Source: AGHT+IGQaPd1Gof2rDIq6bbxwbhRobP5WwprvWzu1sL0S14pC5nDy+7KfyB68N3PGmtTwc1tvnz+ X-Received: by 2002:a05:6a00:21c8:b0:702:3375:85cc with SMTP id d2e1a72fcca58-702477e5c29mr3287042b3a.8.1717189640045; Fri, 31 May 2024 14:07:20 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717189640; cv=pass; d=google.com; s=arc-20160816; b=lQ7tWHPnkafuFldB/NRO6HMQ8vzI35YmzzXlxo7Ry3fcP7dhA5vUFolOnhieBlqQon eI1bvhBxh+fHOaMIotjzQJwfln7KSMvHZDqjY0myTjxJ+xadD4gA9QTBPjvUBYMYmtXK as+wNbDCCaG4Gw7FvnP2VcT6i3zKTbXxM6l5HAh2Fjbnz4LaKt7D7DU4bvOBQa7l6GXa +E2ZjpIHzKLaO7AtRWBfOVKcQxe/K8bKuRtSZSeYxsMyiEXc1MMP2uSMXruNJpGmpNZU 6dAoqgIHPuH/f2lzIUjw+0xQVsJCg0uwOID+WM9EqEfciFi13NtKSHregKVrwPpCU9+V gKSQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=H76tEcRPnUVApdjgm0lFgWcd2RYkmOxF84hjZM2LJXQ=; fh=2UCDsxYzIdp7EGIHmtBJesLjQo1GmeijCS6HmfIiff8=; b=tjdhU/ouGBxIiT2u+yGW8iONVT6ltn4FdJN1yQ14aff9XakIEuIQlCnnH24fE8oWeA 6Yc0rvnkLpoq6Vqou7qyKv0eZ8yJ4lhbhW3vFIlGf8C0Eq2MNUoPxb5/8uUGPiy1KoxT fhsyttwlEL1rSkVsV8KQAAxPXRRGoNk92fZPNN98T1q4o1IQUu3F3KuB7iUjeaJuSE3G ASZzyn1KcnAKwFo0K2ZqYENA8F7Ss2dspQdX4MtK/KjdMxHMuWFZbiIebmtdHbScv4Q1 QoWFODk2pTZlGt/21qXTf1sKuZCb9MbHy1qrzpPihXWbad2IK2YL3EMzjHbgxeZghAok h63Q==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="ZewBY5t/"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-197481-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-197481-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id 41be03b00d2f7-6c5bc8af383si1188117a12.413.2024.05.31.14.07.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 May 2024 14:07:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-197481-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b="ZewBY5t/"; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-197481-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-197481-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 3EB8F284EB2 for ; Fri, 31 May 2024 21:07:01 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E713578C91; Fri, 31 May 2024 21:06:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ZewBY5t/" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0DF9F2C1AE; Fri, 31 May 2024 21:06:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717189609; cv=none; b=jgKrzG4jr4VfSf+ClUUBTTnDdPhecDL3nE0N8oThWGO7njEtOGdkPLZlZC/SuStQG7Yhkh8MKYP2nUhVCrcH64yHyU6T98KfwntbnSBkgQSzroFd1EZjafZMym7azNmXIA54Twt6+vfEsBIzy20JO1fcfw7Xby5UvDfDL0IZveI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717189609; c=relaxed/simple; bh=wy7ME3NK+NpCINbYpHDrtrVy3m+OPYt3joS/LqYwsBQ=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=f+Cu2Z1ithDBj0GWBze3ewWoE1mJGkIm4f0UULnTwq+4ufYJye/4DPoE7h4ApEXTvuPvbO/vFXtmUbc2mqP2MatL6lc7nDLVU7dEw76QAAh2s8UPWxcAfUb/ABv3bD9T24sIiCV7MTeY2SKH5zdwTduZzLwa4E8i2X6Uwt/T92w= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ZewBY5t/; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7A692C116B1; Fri, 31 May 2024 21:06:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1717189608; bh=wy7ME3NK+NpCINbYpHDrtrVy3m+OPYt3joS/LqYwsBQ=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ZewBY5t/gjrzWBfnaqyXsvegO39ZktPzm+Cyll3Afn2d87/YSXcnGd6lqJWDbGopt 9lSE0QoRzfYavhED7N5Fu2Ug3FBtE3gVNMJFHYbTd0qqSYnrPMHKga6kksHET5fLH0 G/PYefNDRJlCqIgTMVo5bys/KF0qAXQIFg/0dlsiH5ZONRvJHNVMlRCj/JFna0w0IJ Dkr9P3KnKnio5topk/oA1uuvOUfWr+nEx9tolQq5prm/5AsXxFd48FF/ozVu0d8R4C lKZJAdoqpunIoX0cdCQNIHk0p5PuX7VRjqcVXtS6md1vYrLoK6zHe1fnEOXk6/V0pw O5/jgLT4WFUMw== Date: Fri, 31 May 2024 14:06:48 -0700 From: Kees Cook To: Borislav Petkov Cc: Jeff Johnson , Nikolay Borisov , Thomas Gleixner , Ingo Molnar , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: Re: [PATCH] x86/boot: add prototype for __fortify_panic() Message-ID: <202405311359.EFC7345EC@keescook> References: <20240529-fortify_panic-v1-1-9923d5c77657@quicinc.com> <0d3f7c58-7fc0-4e8b-b6fb-c4d0d9969ce7@suse.com> <5658B525-6642-43A2-B14C-BC4AA916FBCC@alien8.de> <202405310951.56D9BD5C41@keescook> <20240531190816.GLZlogIGgpc5maOeLN@fat_crate.local> <202405311345.D91BF6E9@keescook> <20240531204947.GNZlo367G0YXVbOk1I@fat_crate.local> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240531204947.GNZlo367G0YXVbOk1I@fat_crate.local> On Fri, May 31, 2024 at 10:49:47PM +0200, Borislav Petkov wrote: > On Fri, May 31, 2024 at 01:46:37PM -0700, Kees Cook wrote: > > Please do not do this. It still benefits from compile-time sanity > > checking. > > Care to elaborate how exactly it benefits? Because when new code gets added that accidentally does improper string handling, fortify will yell about it at compile time. e.g, if someone typos something like: #define BUF_LEN_FOO 16 ... #define BUF_LEN_BAR 10 struct foo { ... char buf[BUF_LEN_FOO]; ... }; ... void process_stuff(struct foo *p) { ... char local_copy[BUF_LEN_BAR]; ... strcpy(local_copy, p->buf); ... } or refactors and forgets to change some name, etc. It's all for catching bugs before they happen, etc. And when source string lengths aren't known, the runtime checking can kick in too. It happens x86 boot doesn't have any of those (good!) so __fortify_panic() goes unused there. But that's a larger topic covered by stuff like CONFIG_LD_DEAD_CODE_DATA_ELIMINATION, etc. -- Kees Cook