diff options
| author | Kees Cook <[email protected]> | 2023-05-31 00:33:48 +0000 |
|---|---|---|
| committer | Kees Cook <[email protected]> | 2023-06-01 18:24:51 +0000 |
| commit | 91218d7d708ed2f4b77323ca70a948b8334dd767 (patch) | |
| tree | 8d7a53c8c740fcb2b9d41183a472f7cf3cedec9e /lib/debugobjects.c | |
| parent | acpi: Replace struct acpi_table_slit 1-element array with flex-array (diff) | |
| download | kernel-91218d7d708ed2f4b77323ca70a948b8334dd767.tar.gz kernel-91218d7d708ed2f4b77323ca70a948b8334dd767.zip | |
x86/purgatory: Do not use fortified string functions
With the addition of -fstrict-flex-arrays=3, struct sha256_state's
trailing array is no longer ignored by CONFIG_FORTIFY_SOURCE:
struct sha256_state {
u32 state[SHA256_DIGEST_SIZE / 4];
u64 count;
u8 buf[SHA256_BLOCK_SIZE];
};
This means that the memcpy() calls with "buf" as a destination in
sha256.c's code will attempt to perform run-time bounds checking, which
could lead to calling missing functions, specifically a potential
WARN_ONCE, which isn't callable from purgatory.
Reported-by: Thorsten Leemhuis <[email protected]>
Closes: https://lore.kernel.org/lkml/[email protected]/
Bisected-by: "Joan Bruguera Micó" <[email protected]>
Fixes: df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3")
Cc: Thomas Gleixner <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Dave Hansen <[email protected]>
Cc: [email protected]
Cc: "H. Peter Anvin" <[email protected]>
Cc: Nick Desaulniers <[email protected]>
Cc: Masahiro Yamada <[email protected]>
Cc: "Peter Zijlstra (Intel)" <[email protected]>
Cc: Alyssa Ross <[email protected]>
Cc: Sami Tolvanen <[email protected]>
Cc: Alexander Potapenko <[email protected]>
Signed-off-by: Kees Cook <[email protected]>
Tested-by: Thorsten Leemhuis <[email protected]>
Acked-by: Dave Hansen <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Diffstat (limited to 'lib/debugobjects.c')
0 files changed, 0 insertions, 0 deletions