Re: [PATCH] x86/boot: add prototype for __fortify_panic()
From: Jeff Johnson
Date: Fri May 31 2024 - 18:20:48 EST
On 5/31/2024 2:45 PM, Borislav Petkov wrote:
> On Fri, May 31, 2024 at 02:34:07PM -0700, Kees Cook wrote:
>> On Fri, May 31, 2024 at 11:20:09PM +0200, Borislav Petkov wrote:
>>> So I get an allergic reaction everytime we wag the dog - i.e., fix the
>>> code because some tool or option can't handle it even if it is
>>> a perfectly fine code. In that case it is an unused symbol.
>>>
>>> And frankly, I'd prefer the silly warning to denote that fortify doesn't
>>> need to do any checking there vs shutting it up just because.
>>
>> If we want to declare that x86 boot will never perform string handling
>> on strings with unknown lengths, we could just delete the boot/
>> implementation of __fortify_panic(), and make it a hard failure if such
>> cases are introduced in the future. This hasn't been a particularly
>> friendly solution in the past, though, as the fortify routines do tend
>> to grow additional coverage over time, so there may be future cases that
>> do trip the runtime checking...
>
> Yes, and we should not do anything right now either.
>
> As said, I'd prefer the warning which actually says that fortify
> routines are not used, which in itself is useful information vs shutting
> it up.
>
I'm ok with whatever you want to do. I was just following the example from ARM
where they have a prototype in arch/arm/boot/compressed/misc.h to match the
implementation in arch/arm/boot/compressed/misc.c
/jeff