Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AEAECC433EF for ; Fri, 19 Nov 2021 17:40:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9A34B61ACE for ; Fri, 19 Nov 2021 17:40:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235933AbhKSRnF (ORCPT ); Fri, 19 Nov 2021 12:43:05 -0500 Received: from mail.kernel.org ([198.145.29.99]:45800 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237089AbhKSRmy (ORCPT ); Fri, 19 Nov 2021 12:42:54 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id AA4F161279; Fri, 19 Nov 2021 17:39:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1637343592; bh=tnqyqeyXW3Bwsd24Il137clZkPiw8fFv9CZzmxu8VcM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jBx2cO6NHPd/jYm1aVkZ4kL7NGR2+/+uaje7a2DgXDOv314jjg51vej6PiP8cEpUK Nk+T/cD53KUToTPQSnJnAl/qSt4jugxLl8QGekuAmo9amQ/ajgBpEzISYMc0bU944C RUgGr+hXxfLNypw14McIsKkUbAO2ZWq1sRVQULr0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kees Cook , Nick Desaulniers , Nathan Chancellor Subject: [PATCH 5.15 11/20] fortify: Explicitly disable Clang support Date: Fri, 19 Nov 2021 18:39:29 +0100 Message-Id: <20211119171445.023010151@linuxfoundation.org> X-Mailer: git-send-email 2.34.0 In-Reply-To: <20211119171444.640508836@linuxfoundation.org> References: <20211119171444.640508836@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Kees Cook commit a52f8a59aef46b59753e583bf4b28fccb069ce64 upstream. Clang has never correctly compiled the FORTIFY_SOURCE defenses due to a couple bugs: Eliding inlines with matching __builtin_* names https://bugs.llvm.org/show_bug.cgi?id=50322 Incorrect __builtin_constant_p() of some globals https://bugs.llvm.org/show_bug.cgi?id=41459 In the process of making improvements to the FORTIFY_SOURCE defenses, the first (silent) bug (coincidentally) becomes worked around, but exposes the latter which breaks the build. As such, Clang must not be used with CONFIG_FORTIFY_SOURCE until at least latter bug is fixed (in Clang 13), and the fortify routines have been rearranged. Update the Kconfig to reflect the reality of the current situation. Signed-off-by: Kees Cook Acked-by: Nick Desaulniers Link: https://lore.kernel.org/lkml/CAKwvOd=A+ueGV2ihdy5GtgR2fQbcXjjAtVxv3=cPjffpebZB7A@mail.gmail.com Cc: Nathan Chancellor Signed-off-by: Greg Kroah-Hartman --- security/Kconfig | 3 +++ 1 file changed, 3 insertions(+) --- a/security/Kconfig +++ b/security/Kconfig @@ -191,6 +191,9 @@ config HARDENED_USERCOPY_PAGESPAN config FORTIFY_SOURCE bool "Harden common str/mem functions against buffer overflows" depends on ARCH_HAS_FORTIFY_SOURCE + # https://bugs.llvm.org/show_bug.cgi?id=50322 + # https://bugs.llvm.org/show_bug.cgi?id=41459 + depends on !CC_IS_CLANG help Detect overflows of buffers in common string and memory functions where the compiler can determine and validate the buffer sizes.