Buildresult: linus-rand/arm64-randconfig/arm64-gcc11 built on Oct 4 2022, 12:57
kisskb
Revisions
|
Branches
|
Compilers
|
Configs
|
Build Results
|
Build Failures
|
Status:
OK
Date/Time:
Oct 4 2022, 12:57
Duration:
0:05:15.128350
Builder:
ka4
Revision:
Merge tag 'hardening-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux (
d0989d01c66fed6a741820a96b8cca6688f183ff)
Target:
linus-rand/arm64-randconfig/arm64-gcc11
Branch:
linus-rand
Compiler:
arm64-gcc11
(aarch64-linux-gcc (GCC) 11.1.0 / GNU ld (GNU Binutils) 2.36.1)
Config:
randconfig
(
download
)
Log:
Download original
Possible warnings (1)
.config:7420:warning: override: reassigning to symbol PREVENT_FIRMWARE_BUILD
Full Log
# git rev-parse -q --verify d0989d01c66fed6a741820a96b8cca6688f183ff^{commit} # git fetch -q -n -f git://fs.ozlabs.ibm.com/kernel/linus master # git rev-parse -q --verify d0989d01c66fed6a741820a96b8cca6688f183ff^{commit} d0989d01c66fed6a741820a96b8cca6688f183ff # git checkout -q -f -B kisskb d0989d01c66fed6a741820a96b8cca6688f183ff # git clean -qxdf # < git log -1 # commit d0989d01c66fed6a741820a96b8cca6688f183ff # Merge: 865dad2022c5 2120635108b3 # Author: Linus Torvalds <torvalds@linux-foundation.org> # Date: Mon Oct 3 17:24:22 2022 -0700 # # Merge tag 'hardening-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux # # Pull kernel hardening updates from Kees Cook: # "Most of the collected changes here are fixes across the tree for # various hardening features (details noted below). # # The most notable new feature here is the addition of the memcpy() # overflow warning (under CONFIG_FORTIFY_SOURCE), which is the next step # on the path to killing the common class of "trivially detectable" # buffer overflow conditions (i.e. on arrays with sizes known at compile # time) that have resulted in many exploitable vulnerabilities over the # years (e.g. BleedingTooth). # # This feature is expected to still have some undiscovered false # positives. It's been in -next for a full development cycle and all the # reported false positives have been fixed in their respective trees. # All the known-bad code patterns we could find with Coccinelle are also # either fixed in their respective trees or in flight. # # The commit message in commit 54d9469bc515 ("fortify: Add run-time WARN # for cross-field memcpy()") for the feature has extensive details, but # I'll repeat here that this is a warning _only_, and is not intended to # actually block overflows (yet). The many patches fixing array sizes # and struct members have been landing for several years now, and we're # finally able to turn this on to find any remaining stragglers. # # Summary: # # Various fixes across several hardening areas: # # - loadpin: Fix verity target enforcement (Matthias Kaehlcke). # # - zero-call-used-regs: Add missing clobbers in paravirt (Bill # Wendling). # # - CFI: clean up sparc function pointer type mismatches (Bart Van # Assche). # # - Clang: Adjust compiler flag detection for various Clang changes # (Sami Tolvanen, Kees Cook). # # - fortify: Fix warnings in arch-specific code in sh, ARM, and xen. # # Improvements to existing features: # # - testing: improve overflow KUnit test, introduce fortify KUnit test, # add more coverage to LKDTM tests (Bart Van Assche, Kees Cook). # # - overflow: Relax overflow type checking for wider utility. # # New features: # # - string: Introduce strtomem() and strtomem_pad() to fill a gap in # strncpy() replacement needs. # # - um: Enable FORTIFY_SOURCE support. # # - fortify: Enable run-time struct member memcpy() overflow warning" # # * tag 'hardening-v6.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: (27 commits) # Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 # hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero # sparc: Unbreak the build # x86/paravirt: add extra clobbers with ZERO_CALL_USED_REGS enabled # x86/paravirt: clean up typos and grammaros # fortify: Convert to struct vs member helpers # fortify: Explicitly check bounds are compile-time constants # x86/entry: Work around Clang __bdos() bug # ARM: decompressor: Include .data.rel.ro.local # fortify: Adjust KUnit test for modular build # sh: machvec: Use char[] for section boundaries # kunit/memcpy: Avoid pathological compile-time string size # lib: Improve the is_signed_type() kunit test # LoadPin: Require file with verity root digests to have a header # dm: verity-loadpin: Only trust verity targets with enforcement # LoadPin: Fix Kconfig doc about format of file with verity digests # um: Enable FORTIFY_SOURCE # lkdtm: Update tests for memcpy() run-time warnings # fortify: Add run-time WARN for cross-field memcpy() # fortify: Use SIZE_MAX instead of (size_t)-1 # ... # < /opt/cross/kisskb/korg/gcc-11.1.0-nolibc/aarch64-linux/bin/aarch64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-11.1.0-nolibc/aarch64-linux/bin/aarch64-linux-ld --version # < git log --format=%s --max-count=1 d0989d01c66fed6a741820a96b8cca6688f183ff # < make -s -j 40 ARCH=arm64 O=/kisskb/build/linus-rand_arm64-randconfig_arm64-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/aarch64-linux/bin/aarch64-linux- randconfig # Added to kconfig CONFIG_PREVENT_FIRMWARE_BUILD=y # < make -s -j 40 ARCH=arm64 O=/kisskb/build/linus-rand_arm64-randconfig_arm64-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/aarch64-linux/bin/aarch64-linux- help # make -s -j 40 ARCH=arm64 O=/kisskb/build/linus-rand_arm64-randconfig_arm64-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/aarch64-linux/bin/aarch64-linux- olddefconfig .config:7420:warning: override: reassigning to symbol PREVENT_FIRMWARE_BUILD # make -s -j 40 ARCH=arm64 O=/kisskb/build/linus-rand_arm64-randconfig_arm64-gcc11 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-11.1.0-nolibc/aarch64-linux/bin/aarch64-linux- Completed OK # rm -rf /kisskb/build/linus-rand_arm64-randconfig_arm64-gcc11 # Build took: 0:05:15.128350
© Michael Ellerman 2006-2018.