[PATCH] objtool: Add fortify_panic as __noreturn function

[PATCH] objtool: Add fortify_panic as __noreturn function

[Kees Cook]

CONFIG_FORTIFY_SOURCE implements fortify_panic() as a __noreturn function,
so objtool needs to know about it too.

Suggested-by: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
---
 tools/objtool/builtin-check.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c
index 282a60368b14..5f66697fe1e0 100644
--- a/tools/objtool/builtin-check.c
+++ b/tools/objtool/builtin-check.c
@@ -192,7 +192,8 @@ static int __dead_end_function(struct objtool_file *file, struct symbol *func,
 		"complete_and_exit",
 		"kvm_spurious_fault",
 		"__reiserfs_panic",
-		"lbug_with_loc"
+		"lbug_with_loc",
+		"fortify_panic",
 	};
 
 	if (func->bind == STB_WEAK)
-- 
2.7.4


-- 
Kees Cook
Pixel Security

Re: [PATCH] objtool: Add fortify_panic as __noreturn function

[Stephen Rothwell]

Hi Kees,

On Wed, 14 Jun 2017 19:18:51 -0700 Kees Cook <keescook@chromium.org> wrote:
>
> CONFIG_FORTIFY_SOURCE implements fortify_panic() as a __noreturn function,
> so objtool needs to know about it too.
> 
> Suggested-by: Daniel Micay <danielmicay@gmail.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> Cc: Josh Poimboeuf <jpoimboe@redhat.com>
> ---
>  tools/objtool/builtin-check.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c
> index 282a60368b14..5f66697fe1e0 100644
> --- a/tools/objtool/builtin-check.c
> +++ b/tools/objtool/builtin-check.c
> @@ -192,7 +192,8 @@ static int __dead_end_function(struct objtool_file *file, struct symbol *func,
>  		"complete_and_exit",
>  		"kvm_spurious_fault",
>  		"__reiserfs_panic",
> -		"lbug_with_loc"
> +		"lbug_with_loc",
> +		"fortify_panic",
>  	};
>  
>  	if (func->bind == STB_WEAK)
> -- 
> 2.7.4

OK, I have added this to the end of linux-next today (in the part of
Andrew's tree afte the linux-next merge).  I also move the fortify
string patch to after it (but I assume I will still need to revert it).

I willl drop this patch when it appears elsewhere in linux-next.
-- 
Cheers,
Stephen Rothwell

Re: [PATCH] objtool: Add fortify_panic as __noreturn function

[Stephen Rothwell]

Hi all,

On Thu, 15 Jun 2017 14:05:22 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> On Wed, 14 Jun 2017 19:18:51 -0700 Kees Cook <keescook@chromium.org> wrote:
> >
> > CONFIG_FORTIFY_SOURCE implements fortify_panic() as a __noreturn function,
> > so objtool needs to know about it too.
> > 
> > Suggested-by: Daniel Micay <danielmicay@gmail.com>
> > Signed-off-by: Kees Cook <keescook@chromium.org>
> > Cc: Josh Poimboeuf <jpoimboe@redhat.com>
> > ---
> >  tools/objtool/builtin-check.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c
> > index 282a60368b14..5f66697fe1e0 100644
> > --- a/tools/objtool/builtin-check.c
> > +++ b/tools/objtool/builtin-check.c
> > @@ -192,7 +192,8 @@ static int __dead_end_function(struct objtool_file *file, struct symbol *func,
> >  		"complete_and_exit",
> >  		"kvm_spurious_fault",
> >  		"__reiserfs_panic",
> > -		"lbug_with_loc"
> > +		"lbug_with_loc",
> > +		"fortify_panic",
> >  	};
> >  
> >  	if (func->bind == STB_WEAK)
> > -- 
> > 2.7.4  
> 
> OK, I have added this to the end of linux-next today (in the part of
> Andrew's tree afte the linux-next merge).  I also move the fortify
> string patch to after it (but I assume I will still need to revert it).

So after that the errors (x86_64 allmodconfig build) are only:

In file included from include/linux/bitmap.h:8:0,
                 from include/linux/cpumask.h:11,
                 from arch/x86/include/asm/cpumask.h:4,
                 from arch/x86/include/asm/msr.h:10,
                 from arch/x86/include/asm/processor.h:20,
                 from arch/x86/include/asm/cpufeature.h:4,
                 from arch/x86/include/asm/thread_info.h:52,
                 from include/linux/thread_info.h:37,
                 from arch/x86/include/asm/preempt.h:6,
                 from include/linux/preempt.h:80,
                 from include/linux/spinlock.h:50,
                 from include/linux/mmzone.h:7,
                 from include/linux/gfp.h:5,
                 from arch/x86/power/hibernate_64.c:11:
In function 'memcpy',
    inlined from 'relocate_restore_code' at arch/x86/power/hibernate_64.c:150:2,
    inlined from 'swsusp_arch_resume' at arch/x86/power/hibernate_64.c:186:8:
include/linux/string.h:309:4: error: call to '__read_overflow2' declared with attribute error: detected read beyond size of object passed as 2nd parameter
    __read_overflow2();
    ^
In file included from include/linux/bitmap.h:8:0,
                 from include/linux/cpumask.h:11,
                 from arch/x86/include/asm/cpumask.h:4,
                 from arch/x86/include/asm/msr.h:10,
                 from arch/x86/include/asm/processor.h:20,
                 from arch/x86/include/asm/cpufeature.h:4,
                 from arch/x86/include/asm/thread_info.h:52,
                 from include/linux/thread_info.h:37,
                 from arch/x86/include/asm/preempt.h:6,
                 from include/linux/preempt.h:80,
                 from include/linux/spinlock.h:50,
                 from include/linux/mmzone.h:7,
                 from include/linux/gfp.h:5,
                 from include/linux/mm.h:9,
                 from kernel/kexec_file.c:15:
In function 'memcmp',
    inlined from 'kexec_load_purgatory' at kernel/kexec_file.c:900:6:
include/linux/string.h:348:4: error: call to '__read_overflow' declared with attribute error: detected read beyond size of object passed as 1st parameter
    __read_overflow();
    ^

-- 
Cheers,
Stephen Rothwell

Re: [PATCH] objtool: Add fortify_panic as __noreturn function

[Daniel Micay]

> So after that the errors (x86_64 allmodconfig build) are only:
> 
> In file included from include/linux/bitmap.h:8:0,
>                  from include/linux/cpumask.h:11,
>                  from arch/x86/include/asm/cpumask.h:4,
>                  from arch/x86/include/asm/msr.h:10,
>                  from arch/x86/include/asm/processor.h:20,
>                  from arch/x86/include/asm/cpufeature.h:4,
>                  from arch/x86/include/asm/thread_info.h:52,
>                  from include/linux/thread_info.h:37,
>                  from arch/x86/include/asm/preempt.h:6,
>                  from include/linux/preempt.h:80,
>                  from include/linux/spinlock.h:50,
>                  from include/linux/mmzone.h:7,
>                  from include/linux/gfp.h:5,
>                  from arch/x86/power/hibernate_64.c:11:
> In function 'memcpy',
>     inlined from 'relocate_restore_code' at
> arch/x86/power/hibernate_64.c:150:2,
>     inlined from 'swsusp_arch_resume' at
> arch/x86/power/hibernate_64.c:186:8:
> include/linux/string.h:309:4: error: call to '__read_overflow2'
> declared with attribute error: detected read beyond size of object
> passed as 2nd parameter
>     __read_overflow2();
>     ^
> In file included from include/linux/bitmap.h:8:0,
>                  from include/linux/cpumask.h:11,
>                  from arch/x86/include/asm/cpumask.h:4,
>                  from arch/x86/include/asm/msr.h:10,
>                  from arch/x86/include/asm/processor.h:20,
>                  from arch/x86/include/asm/cpufeature.h:4,
>                  from arch/x86/include/asm/thread_info.h:52,
>                  from include/linux/thread_info.h:37,
>                  from arch/x86/include/asm/preempt.h:6,
>                  from include/linux/preempt.h:80,
>                  from include/linux/spinlock.h:50,
>                  from include/linux/mmzone.h:7,
>                  from include/linux/gfp.h:5,
>                  from include/linux/mm.h:9,
>                  from kernel/kexec_file.c:15:
> In function 'memcmp',
>     inlined from 'kexec_load_purgatory' at kernel/kexec_file.c:900:6:
> include/linux/string.h:348:4: error: call to '__read_overflow'
> declared with attribute error: detected read beyond size of object
> passed as 1st parameter
>     __read_overflow();
>     ^
> 

Kees has the remaining ones here now:

https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=for-next/kspp

Not entirely sure what happened to the powerpc bits though.

Re: [PATCH] objtool: Add fortify_panic as __noreturn function

[Stephen Rothwell]

Hi Daniel,

On Thu, 15 Jun 2017 00:49:21 -0400 Daniel Micay <danielmicay@gmail.com> wrote:
>
> > So after that the errors (x86_64 allmodconfig build) are only:
> > 
> > In file included from include/linux/bitmap.h:8:0,
> >                  from include/linux/cpumask.h:11,
> >                  from arch/x86/include/asm/cpumask.h:4,
> >                  from arch/x86/include/asm/msr.h:10,
> >                  from arch/x86/include/asm/processor.h:20,
> >                  from arch/x86/include/asm/cpufeature.h:4,
> >                  from arch/x86/include/asm/thread_info.h:52,
> >                  from include/linux/thread_info.h:37,
> >                  from arch/x86/include/asm/preempt.h:6,
> >                  from include/linux/preempt.h:80,
> >                  from include/linux/spinlock.h:50,
> >                  from include/linux/mmzone.h:7,
> >                  from include/linux/gfp.h:5,
> >                  from arch/x86/power/hibernate_64.c:11:
> > In function 'memcpy',
> >     inlined from 'relocate_restore_code' at
> > arch/x86/power/hibernate_64.c:150:2,
> >     inlined from 'swsusp_arch_resume' at
> > arch/x86/power/hibernate_64.c:186:8:
> > include/linux/string.h:309:4: error: call to '__read_overflow2'
> > declared with attribute error: detected read beyond size of object
> > passed as 2nd parameter
> >     __read_overflow2();
> >     ^
> > In file included from include/linux/bitmap.h:8:0,
> >                  from include/linux/cpumask.h:11,
> >                  from arch/x86/include/asm/cpumask.h:4,
> >                  from arch/x86/include/asm/msr.h:10,
> >                  from arch/x86/include/asm/processor.h:20,
> >                  from arch/x86/include/asm/cpufeature.h:4,
> >                  from arch/x86/include/asm/thread_info.h:52,
> >                  from include/linux/thread_info.h:37,
> >                  from arch/x86/include/asm/preempt.h:6,
> >                  from include/linux/preempt.h:80,
> >                  from include/linux/spinlock.h:50,
> >                  from include/linux/mmzone.h:7,
> >                  from include/linux/gfp.h:5,
> >                  from include/linux/mm.h:9,
> >                  from kernel/kexec_file.c:15:
> > In function 'memcmp',
> >     inlined from 'kexec_load_purgatory' at kernel/kexec_file.c:900:6:
> > include/linux/string.h:348:4: error: call to '__read_overflow'
> > declared with attribute error: detected read beyond size of object
> > passed as 1st parameter
> >     __read_overflow();
> >     ^
> >   
> 
> Kees has the remaining ones here now:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=for-next/kspp

Excellent, so hopefully tomorrow I won't need to revert (at which point
the overnight builds (http://kisskb.ellerman.id.au/linux-next) will
point out any more problems).

> Not entirely sure what happened to the powerpc bits though.

Maybe in the powerpc tree
(git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git#next).

-- 
Cheers,
Stephen Rothwell

Re: [PATCH] objtool: Add fortify_panic as __noreturn function

[Stephen Rothwell]

Hi Kees,

On Wed, 14 Jun 2017 19:18:51 -0700 Kees Cook <keescook@chromium.org> wrote:
>
> CONFIG_FORTIFY_SOURCE implements fortify_panic() as a __noreturn function,
> so objtool needs to know about it too.
> 
> Suggested-by: Daniel Micay <danielmicay@gmail.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> Cc: Josh Poimboeuf <jpoimboe@redhat.com>

Tested-by: Stephen Rothwell <sfr@canb.auug.org.au>

-- 
Cheers,
Stephen Rothwell

Re: [PATCH] objtool: Add fortify_panic as __noreturn function

[Josh Poimboeuf]

On Wed, Jun 14, 2017 at 07:18:51PM -0700, Kees Cook wrote:
> CONFIG_FORTIFY_SOURCE implements fortify_panic() as a __noreturn function,
> so objtool needs to know about it too.
> 
> Suggested-by: Daniel Micay <danielmicay@gmail.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> Cc: Josh Poimboeuf <jpoimboe@redhat.com>
> ---
>  tools/objtool/builtin-check.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c
> index 282a60368b14..5f66697fe1e0 100644
> --- a/tools/objtool/builtin-check.c
> +++ b/tools/objtool/builtin-check.c
> @@ -192,7 +192,8 @@ static int __dead_end_function(struct objtool_file *file, struct symbol *func,
>  		"complete_and_exit",
>  		"kvm_spurious_fault",
>  		"__reiserfs_panic",
> -		"lbug_with_loc"
> +		"lbug_with_loc",
> +		"fortify_panic",
>  	};
>  
>  	if (func->bind == STB_WEAK)

Thanks, I'll take the patch.

Eventually I'd like to experiment with a GCC plugin to automatically
detect these noreturn cases instead of the hard-coded list.

-- 
Josh

[PATCH] objtool: Add fortify_panic as __noreturn function

[Josh Poimboeuf]

From: Kees Cook <keescook@chromium.org>

CONFIG_FORTIFY_SOURCE implements fortify_panic() as a __noreturn function,
so objtool needs to know about it too.

Suggested-by: Daniel Micay <danielmicay@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
---
 tools/objtool/builtin-check.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/objtool/builtin-check.c b/tools/objtool/builtin-check.c
index 282a60368b14..5f66697fe1e0 100644
--- a/tools/objtool/builtin-check.c
+++ b/tools/objtool/builtin-check.c
@@ -192,7 +192,8 @@ static int __dead_end_function(struct objtool_file *file, struct symbol *func,
 		"complete_and_exit",
 		"kvm_spurious_fault",
 		"__reiserfs_panic",
-		"lbug_with_loc"
+		"lbug_with_loc",
+		"fortify_panic",
 	};
 
 	if (func->bind == STB_WEAK)
-- 
2.7.4


-- 
Kees Cook
Pixel Security