From: Kees Cook <kees@kernel.org>
To: Jason Montleon <jmontleo@redhat.com>
Cc: Alexandre Ghiti <alex@ghiti.fr>,
linux-hardening@vger.kernel.org,
Linux regressions mailing list <regressions@lists.linux.dev>,
linux-riscv@lists.infradead.org
Subject: Re: [REGRESSION][BISECTED] Cannot boot Lichee Pi 4A with FORTIFY_SOURCE enabled
Date: Thu, 3 Oct 2024 14:21:13 -0700 [thread overview]
Message-ID: <202410031417.A5AB8BA5@keescook> (raw)
In-Reply-To: <CAJD_bP+ZYKFaeZ2hQXjAZda=RhLkfnXfGLW-ZYTrOV4GfNRzpA@mail.gmail.com>
On Thu, Oct 03, 2024 at 01:12:59PM -0400, Jason Montleon wrote:
> On Thu, Oct 3, 2024 at 10:41 AM Alexandre Ghiti <alex@ghiti.fr> wrote:
> > So I was able to reproduce the issue on qemu by adding a few tweaks, and
> > indeed we trap in __warn_printk() on a virtual address but MMU is not
> > enabled yet.
> >
> > The following diff though allows me to pass this failure but I can't get
> > much further in the boot since the tweaks I added won't allow it, can
> > you give the following a try?
> >
> > diff --git a/arch/riscv/errata/Makefile b/arch/riscv/errata/Makefile
> > index 8a27394851233..4913f3b3f198c 100644
> > --- a/arch/riscv/errata/Makefile
> > +++ b/arch/riscv/errata/Makefile
> > @@ -2,6 +2,10 @@ ifdef CONFIG_RELOCATABLE
> > KBUILD_CFLAGS += -fno-pie
> > endif
> >
> > +ifdef CONFIG_RISCV_ALTERNATIVE_EARLY
> > +KBUILD_CFLAGS += -D__NO_FORTIFY
> > +endif
> > +
> > obj-$(CONFIG_ERRATA_ANDES) += andes/
> > obj-$(CONFIG_ERRATA_SIFIVE) += sifive/
> > obj-$(CONFIG_ERRATA_THEAD) += thead/
>
> Yes, this worked.
Thanks for testing!
Yeah, this matches similar fortify disabling in other early boot areas.
Usually it's part of a common header, but setting it via the Makefile
also works. I'll leave it up to the riscv maintainers! :)
-Kees
--
Kees Cook
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2024-10-03 21:21 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-21 17:42 [REGRESSION][BISECTED] Cannot boot Lichee Pi 4A with FORTIFY_SOURCE enabled Jason Montleon
2024-09-22 2:42 ` Kees Cook
2024-09-22 20:18 ` Jason Montleon
2024-09-22 22:37 ` Kees Cook
2024-09-24 15:58 ` Jason Montleon
2024-09-24 17:36 ` Kees Cook
2024-09-25 14:32 ` Jason Montleon
2024-10-01 14:28 ` Alexandre Ghiti
2024-10-02 15:14 ` Jason Montleon
2024-10-03 14:41 ` Alexandre Ghiti
2024-10-03 17:12 ` Jason Montleon
2024-10-03 21:21 ` Kees Cook [this message]
2024-10-04 11:37 ` Alexandre Ghiti
2024-10-04 17:56 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202410031417.A5AB8BA5@keescook \
--to=kees@kernel.org \
--cc=alex@ghiti.fr \
--cc=jmontleo@redhat.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=regressions@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox