On 5/31/2024 2:45 PM, Borislav Petkov wrote: > On Fri, May 31, 2024 at 02:34:07PM -0700, Kees Cook wrote: >> On Fri, May 31, 2024 at 11:20:09PM +0200, Borislav Petkov wrote: >>> So I get an allergic reaction everytime we wag the dog - i.e., fix the >>> code because some tool or option can't handle it even if it is >>> a perfectly fine code. In that case it is an unused symbol. >>> >>> And frankly, I'd prefer the silly warning to denote that fortify doesn't >>> need to do any checking there vs shutting it up just because. >> >> If we want to declare that x86 boot will never perform string handling >> on strings with unknown lengths, we could just delete the boot/ >> implementation of __fortify_panic(), and make it a hard failure if such >> cases are introduced in the future. This hasn't been a particularly >> friendly solution in the past, though, as the fortify routines do tend >> to grow additional coverage over time, so there may be future cases that >> do trip the runtime checking... > > Yes, and we should not do anything right now either. > > As said, I'd prefer the warning which actually says that fortify > routines are not used, which in itself is useful information vs shutting > it up. > I'm ok with whatever you want to do. I was just following the example from ARM where they have a prototype in arch/arm/boot/compressed/misc.h to match the implementation in arch/arm/boot/compressed/misc.c /jeff
