MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-07-19 12:09:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
v5.14/base
linux-yocto/security
History
Kees Cook 5b9f31a3be fortify: Explicitly disable Clang support 
commit a52f8a59ae upstream.

Clang has never correctly compiled the FORTIFY_SOURCE defenses due to
a couple bugs:

	Eliding inlines with matching __builtin_* names
	https://bugs.llvm.org/show_bug.cgi?id=50322

	Incorrect __builtin_constant_p() of some globals
	https://bugs.llvm.org/show_bug.cgi?id=41459

In the process of making improvements to the FORTIFY_SOURCE defenses, the
first (silent) bug (coincidentally) becomes worked around, but exposes
the latter which breaks the build. As such, Clang must not be used with
CONFIG_FORTIFY_SOURCE until at least latter bug is fixed (in Clang 13),
and the fortify routines have been rearranged.

Update the Kconfig to reflect the reality of the current situation.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Nick Desaulniers <ndesaulniers@google.com>
Link: https://lore.kernel.org/lkml/CAKwvOd=A+ueGV2ihdy5GtgR2fQbcXjjAtVxv3=cPjffpebZB7A@mail.gmail.com
Cc: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-11-21 13:49:08 +01:00
..
apparmor apparmor: fix error check 2021-11-17 11:04:31 +01:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity IMA: reject unknown hash algorithms in ima_get_hash_algo 2021-11-17 11:04:52 +01:00
keys ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring 2021-10-27 09:59:44 +02:00
landlock landlock: Enable user space to infer supported features 2021-04-22 12:22:11 -07:00
loadpin
lockdown
safesetid LSM: SafeSetID: Mark safesetid_initialized as __initdata 2021-06-10 09:52:32 -07:00
selinux selinux: fix race condition when computing ocontext SIDs 2021-11-17 11:03:32 +01:00
smack smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi 2021-11-17 11:04:13 +01:00
tomoyo tomoyo: fix doc warnings 2021-06-16 00:01:28 +09:00
yama
commoncap.c Miscellaneous minor fixes for v5.13. 2021-04-27 19:32:55 -07:00
device_cgroup.c
inode.c
Kconfig fortify: Explicitly disable Clang support 2021-11-21 13:49:08 +01:00
Kconfig.hardening kasan: remove redundant config option 2021-04-16 16:10:36 -07:00
lsm_audit.c audit: remove unnecessary 'ret' initialization 2021-06-11 13:21:28 -04:00
Makefile landlock: Add object management 2021-04-22 12:22:10 -07:00
min_addr.c
security.c binder: use cred instead of task for selinux checks 2021-11-12 15:02:55 +01:00