Received: by 2002:a05:7208:2202:b0:86:316c:7444 with SMTP id s2csp677558rbb; Fri, 31 May 2024 14:37:36 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCU92kKyxOeHF5F3MeIbu1T2suHiTuzkco/rob2HnV3fQVcouoJkKznD1orf7j4CfYUrPVCR/v1xwr/q7FFioGD5w7Yp/ROeXK5JIcMANA== X-Google-Smtp-Source: AGHT+IEu301UoPBnjLzBOyT0M1U1Ktr3QnCHsS/Qe36HDDVLMlA5SS9EYI/RxzBqBL4D/uT6ywV5 X-Received: by 2002:a05:6a00:a27:b0:6ea:c7bd:90e3 with SMTP id d2e1a72fcca58-702457ab374mr4216457b3a.14.1717191456551; Fri, 31 May 2024 14:37:36 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717191456; cv=pass; d=google.com; s=arc-20160816; b=buxNUnk+D9PRt201FUnfz0gxRtbTH5WSw9NaXfkjDQOnzxH7ItkgyeWb1gNXKt4QSw ZlxxmpvvMje6DjaDvDdplpttTbMGggrJJ6G7tp2fwQr6q/r+si7Yxeg3nRFeN/iAYWO+ 6QB5cJhxMp+kdkR+ieWMYKV6ReQgOlUmSVRGTanaV+e/tucYPXbqC+E0yyyonnnAM4fY 8N62T3/MQiYYe783+Ww+uVt/MzsaJ0rqDNTd3rxqbQvy5whU9aRJ5X4R5ajX2BE18aMJ Ig/Nat7grw+AJD/tdTEf6zb3VV4u7Ja7YpAj1aEwdqulLyIISapxmFwfMaJfb0BB3yp7 yYJA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=EICb1zwTF5FtFzBovE2dQg25fOjDGjvBPHPdD2IKe0Q=; fh=2UCDsxYzIdp7EGIHmtBJesLjQo1GmeijCS6HmfIiff8=; b=Vi3ShN1tbF0DhK2T0viI0sENBjmpcTVEriMUkpBYUKmijg6MDjki40AIjdE0nnqODS nZZVmuRGnJWY7OS4hrs6nh34/lVKSWd6EZOrMvuYZB17/TrLUAw/Cnxjxd9GV4zAPrW/ DN69W4eovUjA8zcTTh7a10ST8mVictw1VmMlT2e2Yz+Q0If3JPRrHY87a0WF0gSH00ZV aS3sChXYv2+OJqDDsAbVMCe5GSSdkcj5tgA3hDEqr63HOeR6hGyNN1myhrS6IMbBDIki DWm6+2ZFOKGJLJ4KkxrNg14fOjVlKz7WJRelPnqVTGpymbTIFZvnuEEO9zPRLP8I40pH pPhQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=e780E88G; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-197509-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-197509-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id d2e1a72fcca58-70251a6a8e3si768110b3a.25.2024.05.31.14.37.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 May 2024 14:37:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-197509-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=e780E88G; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-197509-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-197509-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 7C0C9B25515 for ; Fri, 31 May 2024 21:34:20 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1C5817B3EB; Fri, 31 May 2024 21:34:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="e780E88G" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3DC4A78297; Fri, 31 May 2024 21:34:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717191248; cv=none; b=WZOvGQ4/7ISdqJMfnrj3ELFdtE6Uc57/FmzLOb5PID5b6LIRfcyMyBE0KfQu7mrdkN8MXWEKNYPits9k+YIKvMdadBB+Tn0NDhDoTOZyPu9RmuGG1HjwQBF1X8ScT3UJRak7OoAl9taQvuuVo78zHgvc4NvWiDHxm96amMldJck= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717191248; c=relaxed/simple; bh=5XrG2J6SVqee4hIqh84eanP4nIKsw+RWFUhT9yYHKWY=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=RR1lui8dZq9IT3DH6pnsY2u/Obq0DTygTcTZWC7QJEsOQYMn6OYJLLB02lTmz4tfdqzvr0it86bfJodX9M1DiULcMvU5ZPvBGGcBDua9q7UfRNKAkXw9kCw992BdV+IWfgVPB7egIx1mRggI/wvgUDmEeB3iF+c46V2oaP8rtmQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=e780E88G; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id C8B24C116B1; Fri, 31 May 2024 21:34:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1717191247; bh=5XrG2J6SVqee4hIqh84eanP4nIKsw+RWFUhT9yYHKWY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=e780E88GVClsTNDLNrUjuA7InVXijoPt9sB8FTQxLBJ2Yu4rUiFi5ZyfUrkGycrR2 TSfOaOtGvPtPNzL67W9XtsqvhT6onGlaDVyRQhCGKPfvqKbjlNbOrsaEJ1XuTuLppA yqAVEfueuA7298ZtjfU8ibVMr+YUMKriyqBJCJIlRevOj7WmCuCYw5Eq1oa/jQkfEn aCYn0r4s9pJYdMjZ+X912kxPeechU7Olo77Ly1DBBKbDJOtxh7GUvjHgzakmG8KlKO 1XK6tTMVE9JzT9NsBn1so59E7ccwBy4CLeasmfm9u2stuSBos289ifwvy+/UtE9De/ Wm/PG31j3vZNw== Date: Fri, 31 May 2024 14:34:07 -0700 From: Kees Cook To: Borislav Petkov Cc: Jeff Johnson , Nikolay Borisov , Thomas Gleixner , Ingo Molnar , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: Re: [PATCH] x86/boot: add prototype for __fortify_panic() Message-ID: <202405311431.BF9FE3F7A7@keescook> References: <20240529-fortify_panic-v1-1-9923d5c77657@quicinc.com> <0d3f7c58-7fc0-4e8b-b6fb-c4d0d9969ce7@suse.com> <5658B525-6642-43A2-B14C-BC4AA916FBCC@alien8.de> <202405310951.56D9BD5C41@keescook> <20240531190816.GLZlogIGgpc5maOeLN@fat_crate.local> <202405311345.D91BF6E9@keescook> <20240531204947.GNZlo367G0YXVbOk1I@fat_crate.local> <202405311359.EFC7345EC@keescook> <20240531212009.GOZlo_CV0lxZ1xviQW@fat_crate.local> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240531212009.GOZlo_CV0lxZ1xviQW@fat_crate.local> On Fri, May 31, 2024 at 11:20:09PM +0200, Borislav Petkov wrote: > So I get an allergic reaction everytime we wag the dog - i.e., fix the > code because some tool or option can't handle it even if it is > a perfectly fine code. In that case it is an unused symbol. > > And frankly, I'd prefer the silly warning to denote that fortify doesn't > need to do any checking there vs shutting it up just because. If we want to declare that x86 boot will never perform string handling on strings with unknown lengths, we could just delete the boot/ implementation of __fortify_panic(), and make it a hard failure if such cases are introduced in the future. This hasn't been a particularly friendly solution in the past, though, as the fortify routines do tend to grow additional coverage over time, so there may be future cases that do trip the runtime checking... -- Kees Cook