From: Kees Cook <keescook@chromium.org>
To: linux-kernel@vger.kernel.org
Cc: Kees Cook <keescook@chromium.org>,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
Daniel Micay <danielmicay@gmail.com>,
Francis Laniel <laniel_francis@privacyrequired.com>,
Bart Van Assche <bvanassche@acm.org>,
David Gow <davidgow@google.com>,
linux-mm@kvack.org, clang-built-linux@googlegroups.com,
linux-hardening@vger.kernel.org
Subject: [PATCH for-next 16/25] fortify: Explicitly disable Clang support
Date: Sun, 22 Aug 2021 00:51:13 -0700 [thread overview]
Message-ID: <20210822075122.864511-17-keescook@chromium.org> (raw)
In-Reply-To: <20210822075122.864511-1-keescook@chromium.org>
Clang has never correctly compiled the FORTIFY_SOURCE defenses due to
a couple bugs:
Eliding inlines with matching __builtin_* names
https://bugs.llvm.org/show_bug.cgi?id=50322
Incorrect __builtin_constant_p() of some globals
https://bugs.llvm.org/show_bug.cgi?id=41459
In the process of making improvements to the FORTIFY_SOURCE defenses, the
first (silent) bug (coincidentally) becomes worked around, but exposes
the latter which breaks the build. As such, Clang must not be used with
CONFIG_FORTIFY_SOURCE until at least latter bug is fixed (in Clang 13),
and the fortify routines have been rearranged.
Update the Kconfig to reflect the reality of the current situation.
Signed-off-by: Kees Cook <keescook@chromium.org>
---
security/Kconfig | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/Kconfig b/security/Kconfig
index 0ced7fd33e4d..fe6c0395fa02 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -191,6 +191,9 @@ config HARDENED_USERCOPY_PAGESPAN
config FORTIFY_SOURCE
bool "Harden common str/mem functions against buffer overflows"
depends on ARCH_HAS_FORTIFY_SOURCE
+ # https://bugs.llvm.org/show_bug.cgi?id=50322
+ # https://bugs.llvm.org/show_bug.cgi?id=41459
+ depends on !CC_IS_CLANG
help
Detect overflows of buffers in common string and memory functions
where the compiler can determine and validate the buffer sizes.
--
2.30.2
next prev parent reply other threads:[~2021-08-22 7:57 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-22 7:50 [PATCH for-next 00/25] Prepare for better FORTIFY_SOURCE Kees Cook
2021-08-22 7:50 ` [PATCH for-next 01/25] scsi: ibmvscsi: Avoid multi-field memset() overflow by aiming at srp Kees Cook
2021-08-22 7:50 ` Kees Cook
2021-08-22 7:50 ` [PATCH for-next 02/25] powerpc: Split memset() to avoid multi-field overflow Kees Cook
2021-08-22 7:50 ` Kees Cook
2021-08-22 7:51 ` [PATCH for-next 03/25] stddef: Fix kerndoc for sizeof_field() and offsetofend() Kees Cook
2021-08-22 7:51 ` [PATCH for-next 04/25] stddef: Introduce struct_group() helper macro Kees Cook
2021-08-22 7:51 ` [PATCH for-next 05/25] cxl/core: Replace unions with struct_group() Kees Cook
2021-08-22 7:51 ` [PATCH for-next 06/25] bnxt_en: Use struct_group_attr() for memcpy() region Kees Cook
2021-08-22 7:51 ` [PATCH for-next 07/25] iommu/amd: Use struct_group() " Kees Cook
2021-08-22 7:51 ` [PATCH for-next 08/25] drm/mga/mga_ioc32: " Kees Cook
2021-08-22 7:51 ` [PATCH for-next 09/25] HID: cp2112: " Kees Cook
2021-08-22 7:51 ` [PATCH for-next 10/25] HID: roccat: Use struct_group() to zero kone_mouse_event Kees Cook
2021-08-22 7:51 ` [PATCH for-next 11/25] can: flexcan: Use struct_group() to zero struct flexcan_regs regions Kees Cook
2021-08-22 7:51 ` [PATCH for-next 12/25] cm4000_cs: Use struct_group() to zero struct cm4000_dev region Kees Cook
2021-08-22 7:51 ` [PATCH for-next 13/25] compiler_types.h: Remove __compiletime_object_size() Kees Cook
2021-08-23 6:43 ` Rasmus Villemoes
2021-08-25 19:43 ` Nick Desaulniers
2021-08-25 19:43 ` Nick Desaulniers
2021-08-22 7:51 ` [PATCH for-next 14/25] lib/string: Move helper functions out of string.c Kees Cook
2021-08-25 21:48 ` Nick Desaulniers
2021-08-25 21:48 ` Nick Desaulniers
2021-08-26 2:47 ` Kees Cook
2021-08-26 18:08 ` Nick Desaulniers
2021-08-26 18:08 ` Nick Desaulniers
2021-08-22 7:51 ` [PATCH for-next 15/25] fortify: Move remaining fortify helpers into fortify-string.h Kees Cook
2021-08-25 21:59 ` Nick Desaulniers
2021-08-25 21:59 ` Nick Desaulniers
2021-08-22 7:51 ` Kees Cook [this message]
2021-08-25 19:41 ` [PATCH for-next 16/25] fortify: Explicitly disable Clang support Nick Desaulniers
2021-08-25 19:41 ` Nick Desaulniers
2021-08-22 7:51 ` [PATCH for-next 17/25] fortify: Fix dropped strcpy() compile-time write overflow check Kees Cook
2021-08-25 21:55 ` Nick Desaulniers
2021-08-25 21:55 ` Nick Desaulniers
2021-08-22 7:51 ` [PATCH for-next 18/25] fortify: Prepare to improve strnlen() and strlen() warnings Kees Cook
2021-08-25 22:01 ` Nick Desaulniers
2021-08-25 22:01 ` Nick Desaulniers
2021-08-22 7:51 ` [PATCH for-next 19/25] fortify: Allow strlen() and strnlen() to pass compile-time known lengths Kees Cook
2021-08-25 22:05 ` Nick Desaulniers
2021-08-25 22:05 ` Nick Desaulniers
2021-08-26 2:56 ` Kees Cook
2021-08-26 18:02 ` Nick Desaulniers
2021-08-26 18:02 ` Nick Desaulniers
2021-08-22 7:51 ` [PATCH for-next 20/25] fortify: Add compile-time FORTIFY_SOURCE tests Kees Cook
2021-08-22 7:51 ` [PATCH for-next 21/25] lib: Introduce CONFIG_TEST_MEMCPY Kees Cook
2021-08-24 7:00 ` David Gow
2021-08-24 7:00 ` David Gow
2021-08-25 2:32 ` Kees Cook
2021-10-18 15:46 ` Arnd Bergmann
2021-10-18 19:28 ` Kees Cook
2021-08-22 7:51 ` [PATCH for-next 22/25] string.h: Introduce memset_after() for wiping trailing members/padding Kees Cook
2021-08-22 7:51 ` [PATCH for-next 23/25] xfrm: Use memset_after() to clear padding Kees Cook
2021-08-22 7:51 ` [PATCH for-next 24/25] string.h: Introduce memset_startat() for wiping trailing members and padding Kees Cook
2021-08-22 7:51 ` [PATCH for-next 25/25] btrfs: Use memset_startat() to clear end of struct Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210822075122.864511-17-keescook@chromium.org \
--to=keescook@chromium.org \
--cc=bvanassche@acm.org \
--cc=clang-built-linux@googlegroups.com \
--cc=danielmicay@gmail.com \
--cc=davidgow@google.com \
--cc=laniel_francis@privacyrequired.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux@rasmusvillemoes.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.