linux

mirror of https://github.com/torvalds/linux.git synced 2026-06-06 05:27:07 +02:00

History

Kees Cook eaafc59005 fortify: Explicitly disable Clang support commit `a52f8a59ae` upstream. Clang has never correctly compiled the FORTIFY_SOURCE defenses due to a couple bugs: Eliding inlines with matching __builtin_* names https://bugs.llvm.org/show_bug.cgi?id=50322 Incorrect __builtin_constant_p() of some globals https://bugs.llvm.org/show_bug.cgi?id=41459 In the process of making improvements to the FORTIFY_SOURCE defenses, the first (silent) bug (coincidentally) becomes worked around, but exposes the latter which breaks the build. As such, Clang must not be used with CONFIG_FORTIFY_SOURCE until at least latter bug is fixed (in Clang 13), and the fortify routines have been rearranged. Update the Kconfig to reflect the reality of the current situation. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Nick Desaulniers <ndesaulniers@google.com> Link: https://lore.kernel.org/lkml/CAKwvOd=A+ueGV2ihdy5GtgR2fQbcXjjAtVxv3=cPjffpebZB7A@mail.gmail.com Cc: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2021-11-21 13:46:35 +01:00
..
apparmor	apparmor: fix error check	2021-11-18 14:04:22 +01:00
bpf
integrity	evm: mark evm_fixmode as __ro_after_init	2021-11-18 14:03:46 +01:00
keys
loadpin
lockdown
safesetid
selinux	selinux: fix race condition when computing ocontext SIDs	2021-11-18 14:03:44 +01:00
smack	smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi	2021-11-18 14:04:10 +01:00
tomoyo
yama
commoncap.c
device_cgroup.c
inode.c
Kconfig	fortify: Explicitly disable Clang support	2021-11-21 13:46:35 +01:00
Kconfig.hardening
lsm_audit.c
Makefile
min_addr.c
security.c	binder: use cred instead of task for selinux checks	2021-11-18 14:03:36 +01:00