From: Kees Cook Date: Wed, 31 May 2023 00:33:48 +0000 (-0700) Subject: x86/purgatory: Do not use fortified string functions X-Git-Tag: v6.6.17~4409^2~17 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=91218d7d708ed2f4b77323ca70a948b8334dd767;p=platform%2Fkernel%2Flinux-rpi.git x86/purgatory: Do not use fortified string functions With the addition of -fstrict-flex-arrays=3, struct sha256_state's trailing array is no longer ignored by CONFIG_FORTIFY_SOURCE: struct sha256_state { u32 state[SHA256_DIGEST_SIZE / 4]; u64 count; u8 buf[SHA256_BLOCK_SIZE]; }; This means that the memcpy() calls with "buf" as a destination in sha256.c's code will attempt to perform run-time bounds checking, which could lead to calling missing functions, specifically a potential WARN_ONCE, which isn't callable from purgatory. Reported-by: Thorsten Leemhuis Closes: https://lore.kernel.org/lkml/175578ec-9dec-7a9c-8d3a-43f24ff86b92@leemhuis.info/ Bisected-by: "Joan Bruguera Micó" Fixes: df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3") Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: Dave Hansen Cc: x86@kernel.org Cc: "H. Peter Anvin" Cc: Nick Desaulniers Cc: Masahiro Yamada Cc: "Peter Zijlstra (Intel)" Cc: Alyssa Ross Cc: Sami Tolvanen Cc: Alexander Potapenko Signed-off-by: Kees Cook Tested-by: Thorsten Leemhuis Acked-by: Dave Hansen Link: https://lore.kernel.org/r/20230531003345.never.325-kees@kernel.org --- diff --git a/arch/x86/purgatory/Makefile b/arch/x86/purgatory/Makefile index 82fec66..005324d 100644 --- a/arch/x86/purgatory/Makefile +++ b/arch/x86/purgatory/Makefile @@ -12,7 +12,7 @@ $(obj)/string.o: $(srctree)/arch/x86/boot/compressed/string.c FORCE $(obj)/sha256.o: $(srctree)/lib/crypto/sha256.c FORCE $(call if_changed_rule,cc_o_c) -CFLAGS_sha256.o := -D__DISABLE_EXPORTS +CFLAGS_sha256.o := -D__DISABLE_EXPORTS -D__NO_FORTIFY # When linking purgatory.ro with -r unresolved symbols are not checked, # also link a purgatory.chk binary without -r to check for unresolved symbols.