All of lore.kernel.org
 help / color / mirror / Atom feed
From: Nathan Chancellor <nathan@kernel.org>
To: Simon Glass <sjg@chromium.org>,
	Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: u-boot@lists.denx.de, linux-mips@vger.kernel.org
Subject: mkimage regression when building ARCH=mips defconfig Linux kernel
Date: Thu, 8 Apr 2021 11:22:53 -0700	[thread overview]
Message-ID: <20210408182253.6m3j6lhmh3iflquz@archlinux-ax161> (raw)

Hi Simon,

Apologies if this is not the proper way to report a regression, this is my first
time interacting with the U-Boot community.

My distribution updated the uboot-tools package to 2021.04, which broke my
Linux kernel builds for ARCH=mips:

$ make -skj"$(nproc)" ARCH=mips CROSS_COMPILE=mips-linux- defconfig all
...
/usr/bin/mkimage: verify_header failed for FIT Image support with exit code 1
make[2]: *** [arch/mips/boot/Makefile:173: arch/mips/boot/vmlinux.gz.itb] Error 1
...

I bisected this down to your commit:

3f04db891a353f4b127ed57279279f851c6b4917 is the first bad commit
commit 3f04db891a353f4b127ed57279279f851c6b4917
Author: Simon Glass <sjg@chromium.org>
Date:   Mon Feb 15 17:08:12 2021 -0700

    image: Check for unit addresses in FITs

    Using unit addresses in a FIT is a security risk. Add a check for this
    and disallow it.

    CVE-2021-27138

    Signed-off-by: Simon Glass <sjg@chromium.org>
    Reported-by: Bruce Monroe <bruce.monroe@intel.com>
    Reported-by: Arie Haenel <arie.haenel@intel.com>
    Reported-by: Julien Lenoir <julien.lenoir@intel.com>

 common/image-fit.c          | 56 +++++++++++++++++++++++++++++++++++++++++----
 test/py/tests/test_vboot.py |  9 ++++----
 2 files changed, 57 insertions(+), 8 deletions(-)
bisect run success

$ git bisect log
# bad: [e9c99db7787e3b5c2ef05701177c43ed1c023c27] Merge branch '2021-04-07-CI-improvements'
# good: [c4fddedc48f336eabc4ce3f74940e6aa372de18c] Prepare v2021.01
git bisect start 'e9c99db7787e3b5c2ef05701177c43ed1c023c27' 'v2021.01'
# good: [b2c86f596cfb1ea9f7f5138f72f1c5c49e3ae3f1] arm: dts: r8a774a1: Import DTS queued for Linux 5.12-rc1
git bisect good b2c86f596cfb1ea9f7f5138f72f1c5c49e3ae3f1
# bad: [74f4929c2c73beb595faf7d5d9bb6a78d710c2fd] ddr: marvell: axp: fix array types have different bounds warning
git bisect bad 74f4929c2c73beb595faf7d5d9bb6a78d710c2fd
# bad: [cbe607b920bc0827d8fe379ed4f5ae4e2058513e] Merge tag 'xilinx-for-v2021.04-rc3' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze
git bisect bad cbe607b920bc0827d8fe379ed4f5ae4e2058513e
# good: [d5f3aadacbc63df3b690d6fd9f0aa3f575b43356] test: Add tests for the 'evil' vboot attacks
git bisect good d5f3aadacbc63df3b690d6fd9f0aa3f575b43356
# bad: [a1a652e8016426e2d67148cab225cd5ec45189fb] Merge tag 'mmc-2021-2-19' of https://gitlab.denx.de/u-boot/custodians/u-boot-mmc
git bisect bad a1a652e8016426e2d67148cab225cd5ec45189fb
# bad: [aeedeae40733131467de72c68e639cf9d795e059] spl: fit: Replace #ifdef blocks with more readable constructs
git bisect bad aeedeae40733131467de72c68e639cf9d795e059
# bad: [eb5fd9e46c11ea41430d9c5bcc81d4583424216e] usb: kbd: destroy device after console is stopped
git bisect bad eb5fd9e46c11ea41430d9c5bcc81d4583424216e
# bad: [99cb2b996bd649d98069a95941beaaade0a4447a] stdio: Split out nulldev_register() and move it under #if
git bisect bad 99cb2b996bd649d98069a95941beaaade0a4447a
# bad: [3f04db891a353f4b127ed57279279f851c6b4917] image: Check for unit addresses in FITs
git bisect bad 3f04db891a353f4b127ed57279279f851c6b4917
# good: [6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01] image: Add an option to do a full check of the FIT
git bisect good 6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01
# good: [124c255731c76a2b09587378b2bcce561bcd3f2d] libfdt: Check for multiple/invalid root nodes
git bisect good 124c255731c76a2b09587378b2bcce561bcd3f2d
# first bad commit: [3f04db891a353f4b127ed57279279f851c6b4917] image: Check for unit addresses in FITs

Is this an actual regression or is this now the expected behavior? I have added
Thomas and the linux-mips mailing list to take a look and see if the Linux
kernel needs to have its sources updated.

Cheers,
Nathan

WARNING: multiple messages have this Message-ID
From: Nathan Chancellor <nathan@kernel.org>
To: u-boot@lists.denx.de
Subject: mkimage regression when building ARCH=mips defconfig Linux kernel
Date: Thu, 8 Apr 2021 11:22:53 -0700	[thread overview]
Message-ID: <20210408182253.6m3j6lhmh3iflquz@archlinux-ax161> (raw)

Hi Simon,

Apologies if this is not the proper way to report a regression, this is my first
time interacting with the U-Boot community.

My distribution updated the uboot-tools package to 2021.04, which broke my
Linux kernel builds for ARCH=mips:

$ make -skj"$(nproc)" ARCH=mips CROSS_COMPILE=mips-linux- defconfig all
...
/usr/bin/mkimage: verify_header failed for FIT Image support with exit code 1
make[2]: *** [arch/mips/boot/Makefile:173: arch/mips/boot/vmlinux.gz.itb] Error 1
...

I bisected this down to your commit:

3f04db891a353f4b127ed57279279f851c6b4917 is the first bad commit
commit 3f04db891a353f4b127ed57279279f851c6b4917
Author: Simon Glass <sjg@chromium.org>
Date:   Mon Feb 15 17:08:12 2021 -0700

    image: Check for unit addresses in FITs

    Using unit addresses in a FIT is a security risk. Add a check for this
    and disallow it.

    CVE-2021-27138

    Signed-off-by: Simon Glass <sjg@chromium.org>
    Reported-by: Bruce Monroe <bruce.monroe@intel.com>
    Reported-by: Arie Haenel <arie.haenel@intel.com>
    Reported-by: Julien Lenoir <julien.lenoir@intel.com>

 common/image-fit.c          | 56 +++++++++++++++++++++++++++++++++++++++++----
 test/py/tests/test_vboot.py |  9 ++++----
 2 files changed, 57 insertions(+), 8 deletions(-)
bisect run success

$ git bisect log
# bad: [e9c99db7787e3b5c2ef05701177c43ed1c023c27] Merge branch '2021-04-07-CI-improvements'
# good: [c4fddedc48f336eabc4ce3f74940e6aa372de18c] Prepare v2021.01
git bisect start 'e9c99db7787e3b5c2ef05701177c43ed1c023c27' 'v2021.01'
# good: [b2c86f596cfb1ea9f7f5138f72f1c5c49e3ae3f1] arm: dts: r8a774a1: Import DTS queued for Linux 5.12-rc1
git bisect good b2c86f596cfb1ea9f7f5138f72f1c5c49e3ae3f1
# bad: [74f4929c2c73beb595faf7d5d9bb6a78d710c2fd] ddr: marvell: axp: fix array types have different bounds warning
git bisect bad 74f4929c2c73beb595faf7d5d9bb6a78d710c2fd
# bad: [cbe607b920bc0827d8fe379ed4f5ae4e2058513e] Merge tag 'xilinx-for-v2021.04-rc3' of https://gitlab.denx.de/u-boot/custodians/u-boot-microblaze
git bisect bad cbe607b920bc0827d8fe379ed4f5ae4e2058513e
# good: [d5f3aadacbc63df3b690d6fd9f0aa3f575b43356] test: Add tests for the 'evil' vboot attacks
git bisect good d5f3aadacbc63df3b690d6fd9f0aa3f575b43356
# bad: [a1a652e8016426e2d67148cab225cd5ec45189fb] Merge tag 'mmc-2021-2-19' of https://gitlab.denx.de/u-boot/custodians/u-boot-mmc
git bisect bad a1a652e8016426e2d67148cab225cd5ec45189fb
# bad: [aeedeae40733131467de72c68e639cf9d795e059] spl: fit: Replace #ifdef blocks with more readable constructs
git bisect bad aeedeae40733131467de72c68e639cf9d795e059
# bad: [eb5fd9e46c11ea41430d9c5bcc81d4583424216e] usb: kbd: destroy device after console is stopped
git bisect bad eb5fd9e46c11ea41430d9c5bcc81d4583424216e
# bad: [99cb2b996bd649d98069a95941beaaade0a4447a] stdio: Split out nulldev_register() and move it under #if
git bisect bad 99cb2b996bd649d98069a95941beaaade0a4447a
# bad: [3f04db891a353f4b127ed57279279f851c6b4917] image: Check for unit addresses in FITs
git bisect bad 3f04db891a353f4b127ed57279279f851c6b4917
# good: [6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01] image: Add an option to do a full check of the FIT
git bisect good 6f3c2d8aa5e6cbd80b5e869bbbddecb66c329d01
# good: [124c255731c76a2b09587378b2bcce561bcd3f2d] libfdt: Check for multiple/invalid root nodes
git bisect good 124c255731c76a2b09587378b2bcce561bcd3f2d
# first bad commit: [3f04db891a353f4b127ed57279279f851c6b4917] image: Check for unit addresses in FITs

Is this an actual regression or is this now the expected behavior? I have added
Thomas and the linux-mips mailing list to take a look and see if the Linux
kernel needs to have its sources updated.

Cheers,
Nathan

             reply	other threads:[~2021-04-08 18:22 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-08 18:22 Nathan Chancellor [this message]
2021-04-08 18:22 ` Nathan Chancellor
2021-04-08 23:55 ` Simon Glass
2021-04-08 23:55   ` Simon Glass
2021-04-09 17:47   ` Tom Rini
2021-04-09 17:47     ` Tom Rini
2021-04-09 19:21     ` [PATCH] MIPS: generic: Update node names to avoid unit addresses Nathan Chancellor
2021-04-09 19:41       ` Tom Rini
2021-04-12 15:05       ` Thomas Bogendoerfer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210408182253.6m3j6lhmh3iflquz@archlinux-ax161 \
    --to=nathan@kernel.org \
    --cc=linux-mips@vger.kernel.org \
    --cc=sjg@chromium.org \
    --cc=tsbogend@alpha.franken.de \
    --cc=u-boot@lists.denx.de \
    --subject='Re: mkimage regression when building ARCH=mips defconfig Linux kernel' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.