New issue
Advanced search Search tips

Issue 902947 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Nov 9
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Test build errors in chromeos-4.4 due to fortify changes

Project Member Reported by groeck@chromium.org, Nov 7

Issue description

i386:allmodconfig:

Error log:

In file included from ./arch/x86/include/asm/page_32.h:34:0,
                 from ./arch/x86/include/asm/page.h:13,
                 from ./arch/x86/include/asm/thread_info.h:11,
                 from include/linux/thread_info.h:25,
                 from ./arch/x86/include/asm/preempt.h:6,
                 from include/linux/preempt.h:59,
                 from include/linux/spinlock.h:50,
                 from include/linux/mmzone.h:7,
                 from include/linux/gfp.h:5,
                 from include/linux/slab.h:14,
                 from fs/hfs/hfs_fs.h:18,
                 from fs/hfs/dir.c:14:
In function 'memcpy',
    inlined from 'hfs_readdir' at fs/hfs/dir.c:166:2:
include/linux/string.h:292:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter
    __read_overflow2();
    ^
make[2]: *** [fs/hfs/dir.o] Error 1
make[1]: *** [fs/hfs] Error 2

powerpc:allmodconfig:

Error: External symbol 'fortify_panic' referenced from prom_init.c
Error: External symbol 'strnlen' referenced from prom_init.c
Error: External symbol 'strscpy' referenced from prom_init.c
make[1]: *** [prom_init_check] Error 1

 
Status: Started (was: Assigned)
0day:

All warnings (new ones prefixed by >>): 

   arch/x86/boot/compressed/misc.c: In function 'fortify_panic': 
>> arch/x86/boot/compressed/misc.c:471:1: warning: 'noreturn' function does return 
    } 
    ^ 

Thanks Guenter, I had totally missed these warnings somehow. I hadn't tried a powerpc build either, I'll keep that in mind next time.
No worries; you can't test everything. That is what 0day and my build tests are for.

Project Member

Comment 5 by bugdroid1@chromium.org, Nov 9

Labels: merge-merged-chromeos-4.4
The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/ca0a90e701548e02c581db55196f46da54978089

commit ca0a90e701548e02c581db55196f46da54978089
Author: Dan Carpenter <dan.carpenter@oracle.com>
Date: Fri Nov 09 15:19:31 2018

BACKPORT: hfs: fix hfs_readdir()

I was looking through static analysis warnings and there is a bug here
that goes all the way back to the start of git.  Basically we're copying
the pointer and nearby garbage instead of the data the fd.key pointer is
pointing to.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Vyacheslav Dubeyko <slava@dubeyko.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(cherry picked from commit eec11535ca3d3e2daa2c8f59fa8ce1963db98abd)

Conflicts:
   fs/hfs/dir.c

BUG= chromium:902947 
TEST=test build

Change-Id: I2db93ddd8556f6b35556217a06b6b1f44c75ea33
Signed-off-by: Guenter Roeck <groeck@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1324670
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zubin Mithra <zsm@chromium.org>

[modify] https://crrev.com/ca0a90e701548e02c581db55196f46da54978089/fs/hfs/dir.c

Project Member

Comment 6 by bugdroid1@chromium.org, Nov 9

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/42e51bbba1dde596efb3132d1d5c0fed23b9ad43

commit 42e51bbba1dde596efb3132d1d5c0fed23b9ad43
Author: Daniel Axtens <dja@axtens.net>
Date: Fri Nov 09 15:19:33 2018

UPSTREAM: powerpc: don't fortify prom_init

prom_init is a bit special; in theory it should be able to be linked
separately to the kernel.  To keep this from getting too complex, the
symbols that prom_init.c uses are checked.

Fortification adds symbols, and it gets quite messy as it includes
things like panic().  So just don't fortify prom_init.c for now.

Link: http://lkml.kernel.org/r/1497903987-21002-6-git-send-email-keescook@chromium.org
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Michael Ellerman <mpe@ellerman.id.au>
Cc: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 054f367a32381b5640c5d150fe0b7ba285564998)

BUG= chromium:902947 
TEST=test build

Change-Id: If10384531300eb1682040eb4e55787cfe40b4318
Signed-off-by: Guenter Roeck <groeck@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1324671
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zubin Mithra <zsm@chromium.org>

[modify] https://crrev.com/42e51bbba1dde596efb3132d1d5c0fed23b9ad43/arch/powerpc/kernel/prom_init.c

Project Member

Comment 7 by bugdroid1@chromium.org, Nov 9

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/kernel/+/fb87b49f78dc49490805b14faa98c0a3a9b49710

commit fb87b49f78dc49490805b14faa98c0a3a9b49710
Author: Kees Cook <keescook@chromium.org>
Date: Fri Nov 09 15:19:34 2018

BACKPORT: x86/boot: Declare error() as noreturn

The compressed boot function error() is used to halt execution, but it
wasn't marked with "noreturn". This fixes that in preparation for
supporting kernel FORTIFY_SOURCE, which uses the noreturn annotation
on panic, and calls error(). GCC would warn about a noreturn function
calling a non-noreturn function:

  arch/x86/boot/compressed/misc.c: In function fortify_panic:
  arch/x86/boot/compressed/misc.c:416:1: warning: noreturn function does return
   }
 ^

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Daniel Micay <danielmicay@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: H. Peter Anvin <hpa@zytor.com>
Link: http://lkml.kernel.org/r/20170506045116.GA2879@beast
Signed-off-by: Ingo Molnar <mingo@kernel.org>
(cherry picked from commit 60854a12d281e2fa25662fa32ac8022bbff17432)

Conflicts:
   arch/x86/boot/compressed/error.h
   [declaration is in arch/x86/boot/compressed/misc.c]

BUG= chromium:902947 
TEST=test build

Change-Id: I3340332fc26d6f31221db1756e034472e291ea84
Signed-off-by: Guenter Roeck <groeck@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1324672
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Zubin Mithra <zsm@chromium.org>

[modify] https://crrev.com/fb87b49f78dc49490805b14faa98c0a3a9b49710/arch/x86/boot/compressed/misc.c

Status: Fixed (was: Started)

Sign in to add a comment