From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B1CF9C433FE for ; Fri, 19 Nov 2021 17:39:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9C57B6113A for ; Fri, 19 Nov 2021 17:39:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237157AbhKSRmi (ORCPT ); Fri, 19 Nov 2021 12:42:38 -0500 Received: from mail.kernel.org ([198.145.29.99]:44492 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237022AbhKSRmS (ORCPT ); Fri, 19 Nov 2021 12:42:18 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id CAF6160D42; Fri, 19 Nov 2021 17:39:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1637343556; bh=tnqyqeyXW3Bwsd24Il137clZkPiw8fFv9CZzmxu8VcM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gumyZRcCrOPdf6wM4URip9V5JnCygYINjCpWiisU4mqcfjoaZJ90aUp3kYzD4cykI B/bdUpWuEZ6Y9iwXAnKj9uwHO5bXhfT7xbKN9TKiZ6KNKnIw+dZozyPL33sqRM7EKr hAKRcjH9vJYa6vRRyVTfue0GWLKTbC/mKespChgA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kees Cook , Nick Desaulniers , Nathan Chancellor Subject: [PATCH 5.14 04/15] fortify: Explicitly disable Clang support Date: Fri, 19 Nov 2021 18:38:37 +0100 Message-Id: <20211119171443.866051513@linuxfoundation.org> X-Mailer: git-send-email 2.34.0 In-Reply-To: <20211119171443.724340448@linuxfoundation.org> References: <20211119171443.724340448@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Kees Cook commit a52f8a59aef46b59753e583bf4b28fccb069ce64 upstream. Clang has never correctly compiled the FORTIFY_SOURCE defenses due to a couple bugs: Eliding inlines with matching __builtin_* names https://bugs.llvm.org/show_bug.cgi?id=50322 Incorrect __builtin_constant_p() of some globals https://bugs.llvm.org/show_bug.cgi?id=41459 In the process of making improvements to the FORTIFY_SOURCE defenses, the first (silent) bug (coincidentally) becomes worked around, but exposes the latter which breaks the build. As such, Clang must not be used with CONFIG_FORTIFY_SOURCE until at least latter bug is fixed (in Clang 13), and the fortify routines have been rearranged. Update the Kconfig to reflect the reality of the current situation. Signed-off-by: Kees Cook Acked-by: Nick Desaulniers Link: https://lore.kernel.org/lkml/CAKwvOd=A+ueGV2ihdy5GtgR2fQbcXjjAtVxv3=cPjffpebZB7A@mail.gmail.com Cc: Nathan Chancellor Signed-off-by: Greg Kroah-Hartman --- security/Kconfig | 3 +++ 1 file changed, 3 insertions(+) --- a/security/Kconfig +++ b/security/Kconfig @@ -191,6 +191,9 @@ config HARDENED_USERCOPY_PAGESPAN config FORTIFY_SOURCE bool "Harden common str/mem functions against buffer overflows" depends on ARCH_HAS_FORTIFY_SOURCE + # https://bugs.llvm.org/show_bug.cgi?id=50322 + # https://bugs.llvm.org/show_bug.cgi?id=41459 + depends on !CC_IS_CLANG help Detect overflows of buffers in common string and memory functions where the compiler can determine and validate the buffer sizes.