On Wed, Oct 16, 2024 at 01:26:24PM +0200, Alexandre Ghiti wrote:
On 16/10/2024 00:04, Jessica Clarke wrote:
Is the problem in [1] not just that the early boot path uses memcpy on the result of ALT_OLD_PTR, which is a wildly out-of-bounds pointer from the compiler’s perspective? If so, it would seem better to use unsafe_memcpy for that one call site rather than use the big __NO_FORTIFY hammer, surely?
Not sure why fortify complains here, and I have just seen that I forgot to cc Kees (done now).
I haven't had time to investigate this -- something is confusing the compiler about the object size. It's likely that it has decided that "char *" is literally pointing to a single byte. (Instead of being unable to determine the origin of the pointer and being forced to return SIZE_MAX for the object size -- "unknown" size.) In other cases, we've been able to convert "char *ptr" to "char ptr[]" and that tells the compiler it's an array of unknown size. That didn't look very possible here.
[...] And I believe that enabling fortify and using the unsafe_*() variants is error-prone since we'd have to make sure that all the "fortified" functions used in that code use the unsafe_*() variants.
So to me, it's way easier in terms of maintenance to just disabling fortify.
I would agree: there's no way to report a fortify failure, so best to turn it off here.