From: Nathan Chancellor <nathan@kernel.org>
To: Simon Glass <sjg@chromium.org>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: u-boot@lists.denx.de, linux-mips@vger.kernel.org
Subject: mkimage regression when building ARCH=mips defconfig Linux kernel
Date: Thu, 8 Apr 2021 11:22:53 -0700 [thread overview]
Message-ID: <20210408182253.6m3j6lhmh3iflquz@archlinux-ax161> (raw)
Hi Simon,
Apologies if this is not the proper way to report a regression, this is my first
time interacting with the U-Boot community.
My distribution updated the uboot-tools package to 2021.04, which broke my
Linux kernel builds for ARCH=mips:
$ make -skj"$(nproc)" ARCH=mips CROSS_COMPILE=mips-linux- defconfig all
...
/usr/bin/mkimage: verify_header failed for FIT Image support with exit code 1
make[2]: *** [arch/mips/boot/Makefile:173: arch/mips/boot/vmlinux.gz.itb] Error 1
...
I bisected this down to your commit:
3f04db891a353f4b127ed57279279f851c6b4917 is the first bad commit
commit 3f04db891a353f4b127ed57279279f851c6b4917
Author: Simon Glass <sjg@chromium.org>
Date: Mon Feb 15 17:08:12 2021 -0700
image: Check for unit addresses in FITs
Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.
CVE-2021-27138
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
common/image-fit.c | 56 +++++++++++++++++++++++++++++++++++++++++----
test/py/tests/test_vboot.py | 9 ++++----
2 files changed, 57 insertions(+), 8 deletions(-)
bisect run success
$ git bisect log
# bad: [e9c99db7787e3b5c2ef05701177c43ed1c023c27] Merge branch '2021-04-07-CI-improvements'
# good: [c4fddedc48f336eabc4ce3f74940e6aa372de18c] Prepare v2021.01
git bisect start 'e9c99db7787e3b5c2ef05701177c43ed1c023c27' 'v2021.01'
# good: [b2c86f596cfb1ea9f7f5138f72f1c5c49e3ae3f1] arm: dts: r8a774a1: Import DTS queued for Linux 5.12-rc1
git bisect good b2c86f596cfb1ea9f7f5138f72f1c5c49e3ae3f1
# bad: [74f4929c2c73beb595faf7d5d9bb6a78d710c2fd] ddr: marvell: axp: fix array types have different bounds warning
git bisect bad 74f4929c2c73beb595faf7d5d9bb6a78d710c2fd
# bad: [cbe607b920bc0827d8fe379ed4f5ae4e2058513e] Merge tag 'xilinx-for-v2021.04-rc3' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze
git bisect bad cbe607b920bc0827d8fe379ed4f5ae4e2058513e
# good: [d5f3aadacbc63df3b690d6fd9f0aa3f575b43356] test: Add tests for the 'evil' vboot attacks
git bisect good d5f3aadacbc63df3b690d6fd9f0aa3f575b43356
# bad: [a1a652e8016426e2d67148cab225cd5ec45189fb] Merge tag 'mmc-2021-2-19' of https://gitlab.denx.de/u-boot/custodians/u-boot-mmc
git bisect bad a1a652e8016426e2d67148cab225cd5ec45189fb
# bad: [aeedeae40733131467de72c68e639cf9d795e059] spl: fit: Replace #ifdef blocks with more readable constructs
git bisect bad aeedeae40733131467de72c68e639cf9d795e059
# bad: [eb5fd9e46c11ea41430d9c5bcc81d4583424216e] usb: kbd: destroy device after console is stopped
git bisect bad eb5fd9e46c11ea41430d9c5bcc81d4583424216e
# bad: [99cb2b996bd649d98069a95941beaaade0a4447a] stdio: Split out nulldev_register() and move it under #if
git bisect bad 99cb2b996bd649d98069a95941beaaade0a4447a
# bad: [3f04db891a353f4b127ed57279279f851c6b4917] image: Check for unit addresses in FITs
git bisect bad 3f04db891a353f4b127ed57279279f851c6b4917
# good: [6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01] image: Add an option to do a full check of the FIT
git bisect good 6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01
# good: [124c255731c76a2b09587378b2bcce561bcd3f2d] libfdt: Check for multiple/invalid root nodes
git bisect good 124c255731c76a2b09587378b2bcce561bcd3f2d
# first bad commit: [3f04db891a353f4b127ed57279279f851c6b4917] image: Check for unit addresses in FITs
Is this an actual regression or is this now the expected behavior? I have added
Thomas and the linux-mips mailing list to take a look and see if the Linux
kernel needs to have its sources updated.
Cheers,
Nathan
WARNING: multiple messages have this Message-ID (diff)
From: Nathan Chancellor <nathan@kernel.org>
To: u-boot@lists.denx.de
Subject: mkimage regression when building ARCH=mips defconfig Linux kernel
Date: Thu, 8 Apr 2021 11:22:53 -0700 [thread overview]
Message-ID: <20210408182253.6m3j6lhmh3iflquz@archlinux-ax161> (raw)
Hi Simon,
Apologies if this is not the proper way to report a regression, this is my first
time interacting with the U-Boot community.
My distribution updated the uboot-tools package to 2021.04, which broke my
Linux kernel builds for ARCH=mips:
$ make -skj"$(nproc)" ARCH=mips CROSS_COMPILE=mips-linux- defconfig all
...
/usr/bin/mkimage: verify_header failed for FIT Image support with exit code 1
make[2]: *** [arch/mips/boot/Makefile:173: arch/mips/boot/vmlinux.gz.itb] Error 1
...
I bisected this down to your commit:
3f04db891a353f4b127ed57279279f851c6b4917 is the first bad commit
commit 3f04db891a353f4b127ed57279279f851c6b4917
Author: Simon Glass <sjg@chromium.org>
Date: Mon Feb 15 17:08:12 2021 -0700
image: Check for unit addresses in FITs
Using unit addresses in a FIT is a security risk. Add a check for this
and disallow it.
CVE-2021-27138
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
common/image-fit.c | 56 +++++++++++++++++++++++++++++++++++++++++----
test/py/tests/test_vboot.py | 9 ++++----
2 files changed, 57 insertions(+), 8 deletions(-)
bisect run success
$ git bisect log
# bad: [e9c99db7787e3b5c2ef05701177c43ed1c023c27] Merge branch '2021-04-07-CI-improvements'
# good: [c4fddedc48f336eabc4ce3f74940e6aa372de18c] Prepare v2021.01
git bisect start 'e9c99db7787e3b5c2ef05701177c43ed1c023c27' 'v2021.01'
# good: [b2c86f596cfb1ea9f7f5138f72f1c5c49e3ae3f1] arm: dts: r8a774a1: Import DTS queued for Linux 5.12-rc1
git bisect good b2c86f596cfb1ea9f7f5138f72f1c5c49e3ae3f1
# bad: [74f4929c2c73beb595faf7d5d9bb6a78d710c2fd] ddr: marvell: axp: fix array types have different bounds warning
git bisect bad 74f4929c2c73beb595faf7d5d9bb6a78d710c2fd
# bad: [cbe607b920bc0827d8fe379ed4f5ae4e2058513e] Merge tag 'xilinx-for-v2021.04-rc3' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze
git bisect bad cbe607b920bc0827d8fe379ed4f5ae4e2058513e
# good: [d5f3aadacbc63df3b690d6fd9f0aa3f575b43356] test: Add tests for the 'evil' vboot attacks
git bisect good d5f3aadacbc63df3b690d6fd9f0aa3f575b43356
# bad: [a1a652e8016426e2d67148cab225cd5ec45189fb] Merge tag 'mmc-2021-2-19' of https://gitlab.denx.de/u-boot/custodians/u-boot-mmc
git bisect bad a1a652e8016426e2d67148cab225cd5ec45189fb
# bad: [aeedeae40733131467de72c68e639cf9d795e059] spl: fit: Replace #ifdef blocks with more readable constructs
git bisect bad aeedeae40733131467de72c68e639cf9d795e059
# bad: [eb5fd9e46c11ea41430d9c5bcc81d4583424216e] usb: kbd: destroy device after console is stopped
git bisect bad eb5fd9e46c11ea41430d9c5bcc81d4583424216e
# bad: [99cb2b996bd649d98069a95941beaaade0a4447a] stdio: Split out nulldev_register() and move it under #if
git bisect bad 99cb2b996bd649d98069a95941beaaade0a4447a
# bad: [3f04db891a353f4b127ed57279279f851c6b4917] image: Check for unit addresses in FITs
git bisect bad 3f04db891a353f4b127ed57279279f851c6b4917
# good: [6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01] image: Add an option to do a full check of the FIT
git bisect good 6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01
# good: [124c255731c76a2b09587378b2bcce561bcd3f2d] libfdt: Check for multiple/invalid root nodes
git bisect good 124c255731c76a2b09587378b2bcce561bcd3f2d
# first bad commit: [3f04db891a353f4b127ed57279279f851c6b4917] image: Check for unit addresses in FITs
Is this an actual regression or is this now the expected behavior? I have added
Thomas and the linux-mips mailing list to take a look and see if the Linux
kernel needs to have its sources updated.
Cheers,
Nathan
next reply other threads:[~2021-04-08 18:22 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-08 18:22 Nathan Chancellor [this message]
2021-04-08 18:22 ` mkimage regression when building ARCH=mips defconfig Linux kernel Nathan Chancellor
2021-04-08 23:55 ` Simon Glass
2021-04-08 23:55 ` Simon Glass
2021-04-09 17:47 ` Tom Rini
2021-04-09 17:47 ` Tom Rini
2021-04-09 19:21 ` [PATCH] MIPS: generic: Update node names to avoid unit addresses Nathan Chancellor
2021-04-09 19:41 ` Tom Rini
2021-04-12 15:05 ` Thomas Bogendoerfer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210408182253.6m3j6lhmh3iflquz@archlinux-ax161 \
--to=nathan@kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=sjg@chromium.org \
--cc=tsbogend@alpha.franken.de \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.