* [PATCH] security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6
@ 2022-12-14 23:26 Nathan Chancellor
2022-12-15 0:06 ` Kees Cook
0 siblings, 1 reply; 2+ messages in thread
From: Nathan Chancellor @ 2022-12-14 23:26 UTC (permalink / raw)
To: Kees Cook, Nick Desaulniers
Cc: Tom Rix, linux-hardening, linux-kernel, llvm, patches,
Nathan Chancellor, stable
A bad bug in clang's implementation of -fzero-call-used-regs can result
in NULL pointer dereferences (see the links above the check for more
information). Restrict CONFIG_CC_HAS_ZERO_CALL_USED_REGS to either a
supported GCC version or a clang newer than 15.0.6, which will catch
both a theoretical 15.0.7 and the upcoming 16.0.0, which will both have
the bug fixed.
Cc: stable@vger.kernel.org # v5.15+
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
---
security/Kconfig.hardening | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index d766b7d0ffd1..53baa95cb644 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -257,6 +257,9 @@ config INIT_ON_FREE_DEFAULT_ON
config CC_HAS_ZERO_CALL_USED_REGS
def_bool $(cc-option,-fzero-call-used-regs=used-gpr)
+ # https://github.com/ClangBuiltLinux/linux/issues/1766
+ # https://github.com/llvm/llvm-project/issues/59242
+ depends on !CC_IS_CLANG || CLANG_VERSION > 150006
config ZERO_CALL_USED_REGS
bool "Enable register zeroing on function exit"
base-commit: 830b3c68c1fb1e9176028d02ef86f3cf76aa2476
--
2.39.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6
2022-12-14 23:26 [PATCH] security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 Nathan Chancellor
@ 2022-12-15 0:06 ` Kees Cook
0 siblings, 0 replies; 2+ messages in thread
From: Kees Cook @ 2022-12-15 0:06 UTC (permalink / raw)
To: ndesaulniers, nathan
Cc: Kees Cook, stable, trix, linux-kernel, linux-hardening, patches, llvm
On Wed, 14 Dec 2022 16:26:03 -0700, Nathan Chancellor wrote:
> A bad bug in clang's implementation of -fzero-call-used-regs can result
> in NULL pointer dereferences (see the links above the check for more
> information). Restrict CONFIG_CC_HAS_ZERO_CALL_USED_REGS to either a
> supported GCC version or a clang newer than 15.0.6, which will catch
> both a theoretical 15.0.7 and the upcoming 16.0.0, which will both have
> the bug fixed.
>
> [...]
Applied to for-next/hardening, thanks! (And I'll send it for v6.2-rc1 too.)
[1/1] security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6
https://git.kernel.org/kees/c/d6a9fb87e9d1
--
Kees Cook
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-12-15 0:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-12-14 23:26 [PATCH] security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6 Nathan Chancellor
2022-12-15 0:06 ` Kees Cook
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.