From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9A880748D; Thu, 3 Oct 2024 21:21:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727990477; cv=none; b=ig6//xcDwCRX/jBme97WCx1WGAcd7WBy1b8iYbylmeA12bFMWhsF8jozPMqhaI2XIhjOEmUVcCdoRR1qgaob5m4WvwGzs6c+9aSQdIyCuuqW6hgrzyRqTRNFEDpaE2aQXQiDuQ9gJw368Pi52eEUinmgU05k2QKIyO9+xqRMKvs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1727990477; c=relaxed/simple; bh=MyO0mEN1r8H/oKU5bxpARWbwameUHysvIHiV6FcP700=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=CmFm4WNn4umj33A3uNU+LW7SykQnR1Su5Mtlf/ZQhG54bYbdLbxb17tJplGu0s8mwCIveWfbLhtY0zWrlpPsqRi9BztxzI9l/BZEkvdiCyjXc19+Q+ujKrQJQAcyhwa1yIf+y4ubqdc3M4qWpYSDvvVD/5c5UeRl13ncu58dY5U= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=PPg34YVs; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="PPg34YVs" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1CE41C4CEC5; Thu, 3 Oct 2024 21:21:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727990477; bh=MyO0mEN1r8H/oKU5bxpARWbwameUHysvIHiV6FcP700=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=PPg34YVsXCAp7pJvZLK0zV3RJMEwEU7lOh0UIO7ZIcVp2soY8IlkVcYY0wYWWwe9F LXHbVw2ZP5ZeOni+gTiOn8h3ecqgft9fwWHIRCt/4TX/YS/U1enNW6+64j7SBcclQf kJs9NB6B1xNxM2JpmdJwDwz9o9+wcqkS0tgEHhHIvdV5tTc3qrIKwwM4c4cnR1PX8G j7L+gwuiKsklCWGiLh2gxOSv/1/JXOmR+uDi5zqv0pdD5mLM9tWsa0HsI2vtTvMK+1 LE5pw4I0IScZfYrsun5cZiS8RBmYs8gUW5fo6u3ZO97qX9wloVcNfpxBs6GtbauAvX /iAIHpjg1Ddtg== Date: Thu, 3 Oct 2024 14:21:13 -0700 From: Kees Cook To: Jason Montleon Cc: Alexandre Ghiti , linux-hardening@vger.kernel.org, Linux regressions mailing list , linux-riscv@lists.infradead.org Subject: Re: [REGRESSION][BISECTED] Cannot boot Lichee Pi 4A with FORTIFY_SOURCE enabled Message-ID: <202410031417.A5AB8BA5@keescook> References: <202409221511.9AF49BD@keescook> <800CC050-E858-409C-A565-A6EF430E1B25@kernel.org> Precedence: bulk X-Mailing-List: linux-hardening@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Thu, Oct 03, 2024 at 01:12:59PM -0400, Jason Montleon wrote: > On Thu, Oct 3, 2024 at 10:41 AM Alexandre Ghiti wrote: > > So I was able to reproduce the issue on qemu by adding a few tweaks, and > > indeed we trap in __warn_printk() on a virtual address but MMU is not > > enabled yet. > > > > The following diff though allows me to pass this failure but I can't get > > much further in the boot since the tweaks I added won't allow it, can > > you give the following a try? > > > > diff --git a/arch/riscv/errata/Makefile b/arch/riscv/errata/Makefile > > index 8a27394851233..4913f3b3f198c 100644 > > --- a/arch/riscv/errata/Makefile > > +++ b/arch/riscv/errata/Makefile > > @@ -2,6 +2,10 @@ ifdef CONFIG_RELOCATABLE > > KBUILD_CFLAGS += -fno-pie > > endif > > > > +ifdef CONFIG_RISCV_ALTERNATIVE_EARLY > > +KBUILD_CFLAGS += -D__NO_FORTIFY > > +endif > > + > > obj-$(CONFIG_ERRATA_ANDES) += andes/ > > obj-$(CONFIG_ERRATA_SIFIVE) += sifive/ > > obj-$(CONFIG_ERRATA_THEAD) += thead/ > > Yes, this worked. Thanks for testing! Yeah, this matches similar fortify disabling in other early boot areas. Usually it's part of a common header, but setting it via the Makefile also works. I'll leave it up to the riscv maintainers! :) -Kees -- Kees Cook From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 5A250CF34C8 for ; Thu, 3 Oct 2024 21:21:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=LT8f4CrpyfKfjrFEAgp/kRjBRAw0jgGvmsGRrwGRnQ4=; b=2YKvsGBE+/7qOs axJBiHQwGnOYeco6ee4m27PxPyo7mjkdmbt4757Kjv0LIqJn0Y4jzDYHEEeSdR0+SSzvu4P53DNgr icocJRXTy0kq3N2JhSVHLNs4oK/fk2bAe26Jo5yt6s53DE0kZ5XbeimiOHIcGQGtq89ke/Fgwm6BJ ElJjJbfV1LR7LaoYqxr/eI5qMXLspR9bklplXnti4IedoQkDHln2d71gnIg6kkx2TwVLbCY9sYbN3 Y8FFYvt6zVYJpKDAi1tjYoyQ2VFgV3wpwa1sCz8gRnqWlve5AdVdP22R7ytlIcn3Oq8/1X+8yGX7+ 9CfW2Fy5JtEvE3xXVrzQ==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1swTGD-0000000ANs1-2mPc; Thu, 03 Oct 2024 21:21:21 +0000 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1swTGA-0000000ANrH-28Ls for linux-riscv@lists.infradead.org; Thu, 03 Oct 2024 21:21:19 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 50E315C5E3A; Thu, 3 Oct 2024 21:21:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1CE41C4CEC5; Thu, 3 Oct 2024 21:21:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727990477; bh=MyO0mEN1r8H/oKU5bxpARWbwameUHysvIHiV6FcP700=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=PPg34YVsXCAp7pJvZLK0zV3RJMEwEU7lOh0UIO7ZIcVp2soY8IlkVcYY0wYWWwe9F LXHbVw2ZP5ZeOni+gTiOn8h3ecqgft9fwWHIRCt/4TX/YS/U1enNW6+64j7SBcclQf kJs9NB6B1xNxM2JpmdJwDwz9o9+wcqkS0tgEHhHIvdV5tTc3qrIKwwM4c4cnR1PX8G j7L+gwuiKsklCWGiLh2gxOSv/1/JXOmR+uDi5zqv0pdD5mLM9tWsa0HsI2vtTvMK+1 LE5pw4I0IScZfYrsun5cZiS8RBmYs8gUW5fo6u3ZO97qX9wloVcNfpxBs6GtbauAvX /iAIHpjg1Ddtg== Date: Thu, 3 Oct 2024 14:21:13 -0700 From: Kees Cook To: Jason Montleon Cc: Alexandre Ghiti , linux-hardening@vger.kernel.org, Linux regressions mailing list , linux-riscv@lists.infradead.org Subject: Re: [REGRESSION][BISECTED] Cannot boot Lichee Pi 4A with FORTIFY_SOURCE enabled Message-ID: <202410031417.A5AB8BA5@keescook> References: <202409221511.9AF49BD@keescook> <800CC050-E858-409C-A565-A6EF430E1B25@kernel.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241003_142118_616651_AB7F7AEB X-CRM114-Status: GOOD ( 15.06 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org T24gVGh1LCBPY3QgMDMsIDIwMjQgYXQgMDE6MTI6NTlQTSAtMDQwMCwgSmFzb24gTW9udGxlb24g d3JvdGU6Cj4gT24gVGh1LCBPY3QgMywgMjAyNCBhdCAxMDo0MeKAr0FNIEFsZXhhbmRyZSBHaGl0 aSA8YWxleEBnaGl0aS5mcj4gd3JvdGU6Cj4gPiBTbyBJIHdhcyBhYmxlIHRvIHJlcHJvZHVjZSB0 aGUgaXNzdWUgb24gcWVtdSBieSBhZGRpbmcgYSBmZXcgdHdlYWtzLCBhbmQKPiA+IGluZGVlZCB3 ZSB0cmFwIGluIF9fd2Fybl9wcmludGsoKSBvbiBhIHZpcnR1YWwgYWRkcmVzcyBidXQgTU1VIGlz IG5vdAo+ID4gZW5hYmxlZCB5ZXQuCj4gPgo+ID4gVGhlIGZvbGxvd2luZyBkaWZmIHRob3VnaCBh bGxvd3MgbWUgdG8gcGFzcyB0aGlzIGZhaWx1cmUgYnV0IEkgY2FuJ3QgZ2V0Cj4gPiBtdWNoIGZ1 cnRoZXIgaW4gdGhlIGJvb3Qgc2luY2UgdGhlIHR3ZWFrcyBJIGFkZGVkIHdvbid0IGFsbG93IGl0 LCBjYW4KPiA+IHlvdSBnaXZlIHRoZSBmb2xsb3dpbmcgYSB0cnk/Cj4gPgo+ID4gZGlmZiAtLWdp dCBhL2FyY2gvcmlzY3YvZXJyYXRhL01ha2VmaWxlIGIvYXJjaC9yaXNjdi9lcnJhdGEvTWFrZWZp bGUKPiA+IGluZGV4IDhhMjczOTQ4NTEyMzMuLjQ5MTNmM2IzZjE5OGMgMTAwNjQ0Cj4gPiAtLS0g YS9hcmNoL3Jpc2N2L2VycmF0YS9NYWtlZmlsZQo+ID4gKysrIGIvYXJjaC9yaXNjdi9lcnJhdGEv TWFrZWZpbGUKPiA+IEBAIC0yLDYgKzIsMTAgQEAgaWZkZWYgQ09ORklHX1JFTE9DQVRBQkxFCj4g PiAgIEtCVUlMRF9DRkxBR1MgKz0gLWZuby1waWUKPiA+ICAgZW5kaWYKPiA+Cj4gPiAraWZkZWYg Q09ORklHX1JJU0NWX0FMVEVSTkFUSVZFX0VBUkxZCj4gPiArS0JVSUxEX0NGTEFHUyArPSAtRF9f Tk9fRk9SVElGWQo+ID4gK2VuZGlmCj4gPiArCj4gPiAgIG9iai0kKENPTkZJR19FUlJBVEFfQU5E RVMpICs9IGFuZGVzLwo+ID4gICBvYmotJChDT05GSUdfRVJSQVRBX1NJRklWRSkgKz0gc2lmaXZl Lwo+ID4gICBvYmotJChDT05GSUdfRVJSQVRBX1RIRUFEKSArPSB0aGVhZC8KPiAKPiBZZXMsIHRo aXMgd29ya2VkLgoKVGhhbmtzIGZvciB0ZXN0aW5nIQoKWWVhaCwgdGhpcyBtYXRjaGVzIHNpbWls YXIgZm9ydGlmeSBkaXNhYmxpbmcgaW4gb3RoZXIgZWFybHkgYm9vdCBhcmVhcy4KVXN1YWxseSBp dCdzIHBhcnQgb2YgYSBjb21tb24gaGVhZGVyLCBidXQgc2V0dGluZyBpdCB2aWEgdGhlIE1ha2Vm aWxlCmFsc28gd29ya3MuIEknbGwgbGVhdmUgaXQgdXAgdG8gdGhlIHJpc2N2IG1haW50YWluZXJz ISA6KQoKLUtlZXMKCi0tIApLZWVzIENvb2sKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fCmxpbnV4LXJpc2N2IG1haWxpbmcgbGlzdApsaW51eC1yaXNjdkBs aXN0cy5pbmZyYWRlYWQub3JnCmh0dHA6Ly9saXN0cy5pbmZyYWRlYWQub3JnL21haWxtYW4vbGlz dGluZm8vbGludXgtcmlzY3YK