On 1.06.24 г. 10:27 ч., Nikolay Borisov wrote:
On 31.05.24 г. 19:28 ч., Kees Cook wrote:
On Thu, May 30, 2024 at 09:23:36AM -0700, Jeff Johnson wrote:
On 5/30/2024 8:42 AM, Nikolay Borisov wrote:
On 29.05.24 г. 21:09 ч., Jeff Johnson wrote:
As discussed in [1] add a prototype for __fortify_panic() to fix the
'make W=1 C=1' warning:
arch/x86/boot/compressed/misc.c:535:6: warning: symbol
'__fortify_panic' was not declared. Should it be static?
Actually doesn't it make sense to have this defined under ../string.h ?
Actually given that we don't have any string fortification under the
boot/ why have the fortify _* functions at all ?
I'll let Kees answer these questions since I just took guidance from
him :)
Ah-ha, I see what's happening. When not built with
CONFIG_FORTIFY_SOURCE, fortify-string.h isn't included. But since misc.c
has the function definition, we get a warning that the function
declaration was never seen. This is likely the better solution:
fortify-strings.h is used in include/linux/string.h. However all the
files in the decompressor are using a local copy of string.h and not the
kernel-wide. When pre-processing misc.c with FORTIFY_SOURCE enabled
here's the status:
$ grep -i fortify arch/x86/boot/compressed/misc.i
void __fortify_panic(const u8 reason, size_t avail, size_t size)
It seems the decompressor is not using fortify-string at all because
it's not using the global string.h ?
Kees, care to comment about my observation? Have I missed anything?
Reading the following articles :
https://www.redhat.com/en/blog/enhance-application-security-fortifysource
it seems that fortification comes from using the system header string.h
(in our case that'd be include/linux/string.h) which is not being used
by the decompressor at all so simply removing the function definition
should be the correct fix, no ?
<snip>
