bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-18 14:53:58 -04:00
Code Issues Packages Projects Releases Wiki Activity

hardening: Enable i386 FORTIFY_SOURCE on Clang 16+

Browse Source 
The i386 regparm bug exposed with FORTIFY_SOURCE with Clang was fixed
in Clang 16[1].

Link: c167c0a4dc [1]
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Link: https://lore.kernel.org/r/20250308042929.1753543-2-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>
This commit is contained in:
Kees Cook
2025-03-07 20:29:26 -08:00
parent 16cb16e0d2
commit d70da12453
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
arch/x86/Makefile
View File

@@ -137,7 +137,7 @@ ifeq ($(CONFIG_X86_32),y)
include $(srctree)/arch/x86/Makefile_32.cpu include $(srctree)/arch/x86/Makefile_32.cpu
KBUILD_CFLAGS += $(cflags-y) KBUILD_CFLAGS += $(cflags-y)
ifeq ($(CONFIG_CC_IS_CLANG),y) ifneq ($(call clang-min-version, 160000),y)
# https://github.com/llvm/llvm-project/issues/53645 # https://github.com/llvm/llvm-project/issues/53645
KBUILD_CFLAGS += -ffreestanding KBUILD_CFLAGS += -ffreestanding
endif endif

2
security/Kconfig.hardening
View File

@@ -286,7 +286,7 @@ config FORTIFY_SOURCE
bool "Harden common str/mem functions against buffer overflows" bool "Harden common str/mem functions against buffer overflows"
depends on ARCH_HAS_FORTIFY_SOURCE depends on ARCH_HAS_FORTIFY_SOURCE
# https://github.com/llvm/llvm-project/issues/53645 # https://github.com/llvm/llvm-project/issues/53645
depends on !CC_IS_CLANG || !X86_32 depends on !X86_32 || !CC_IS_CLANG || CLANG_VERSION >= 160000
help help
Detect overflows of buffers in common string and memory functions Detect overflows of buffers in common string and memory functions
where the compiler can determine and validate the buffer sizes. where the compiler can determine and validate the buffer sizes.