github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-02 19:43:40 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
281d0c9627
linux/security
History
Kees Cook 281d0c9627 fortify: Add Clang support 
Enable FORTIFY_SOURCE support for Clang:

Use the new __pass_object_size and __overloadable attributes so that
Clang will have appropriate visibility into argument sizes such that
__builtin_object_size(p, 1) will behave correctly. Additional details
available here:
    https://github.com/llvm/llvm-project/issues/53516
    https://github.com/ClangBuiltLinux/linux/issues/1401

A bug with __builtin_constant_p() of globally defined variables was
fixed in Clang 13 (and backported to 12.0.1), so FORTIFY support must
depend on that version or later. Additional details here:
    https://bugs.llvm.org/show_bug.cgi?id=41459
    commit a52f8a59ae ("fortify: Explicitly disable Clang support")

A bug with Clang's -mregparm=3 and -m32 makes some builtins unusable,
so removing -ffreestanding (to gain the needed libcall optimizations
with Clang) cannot be done. Without the libcall optimizations, Clang
cannot provide appropriate FORTIFY coverage, so it must be disabled
for CONFIG_X86_32. Additional details here;
    https://github.com/llvm/llvm-project/issues/53645

Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: George Burgess IV <gbiv@google.com>
Cc: llvm@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Link: https://lore.kernel.org/r/20220208225350.1331628-9-keescook@chromium.org
2022-02-13 16:50:07 -08:00
..
apparmor lsm: security_task_getsecid_subj() -> security_current_getsecid_subj() 2021-11-22 17:52:47 -05:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity integrity-v5.17 2022-01-11 13:11:10 -08:00
keys security: DH - use KDF implementation from crypto API 2021-11-26 16:25:17 +11:00
landlock landlock: Enable user space to infer supported features 2021-04-22 12:22:11 -07:00
loadpin LSM: Add "contents" flag to kernel_read_file hook 2020-10-05 13:37:03 +02:00
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid LSM: SafeSetID: Mark safesetid_initialized as __initdata 2021-06-10 09:52:32 -07:00
selinux selinux: fix double free of cond_list on error paths 2022-02-02 11:02:10 -05:00
smack lsm: security_task_getsecid_subj() -> security_current_getsecid_subj() 2021-11-22 17:52:47 -05:00
tomoyo tomoyo: use hwight16() in tomoyo_domain_quota_is_ok() 2021-12-15 20:13:55 +09:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
commoncap.c fs: support mapped mounts of mapped filesystems 2021-12-05 10:28:57 +01:00
device_cgroup.c add missing bpf-cgroup.h includes 2021-12-16 14:57:09 -08:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
Kconfig fortify: Add Clang support 2022-02-13 16:50:07 -08:00
Kconfig.hardening gcc-plugins: Explicitly document purpose and deprecation schedule 2021-10-21 08:41:38 -07:00
lsm_audit.c lsm_audit: avoid overloading the "key" audit field 2021-09-19 22:47:04 -04:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c Fix NULL pointer crash in LSM via Ceph, from Vivek Goyal <vgoyal@redhat.com>. 2022-01-29 08:52:27 +02:00