Re: [PATCH 7/7] include/linux/string.h: add the option of fortified string.h functions
From: Geert Uytterhoeven
Date: Sun Sep 10 2017 - 07:08:11 EST
Hi Kees, Daniel,
On Mon, Jun 19, 2017 at 10:26 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> From: Daniel Micay <danielmicay@xxxxxxxxx>
>
> This adds support for compiling with a rough equivalent to the glibc
> _FORTIFY_SOURCE=1 feature, providing compile-time and runtime buffer
> overflow checks for string.h functions when the compiler determines the
> size of the source or destination buffer at compile-time. Unlike glibc,
> it covers buffer reads in addition to writes.
[...]
> Link: http://lkml.kernel.org/r/20170526095404.20439-1-danielmicay@xxxxxxxxx
> Signed-off-by: Daniel Micay <danielmicay@xxxxxxxxx>
> Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>
> Cc: Mark Rutland <mark.rutland@xxxxxxx>
> Cc: Daniel Axtens <dja@xxxxxxxxxx>
> Cc: Rasmus Villemoes <linux@xxxxxxxxxxxxxxxxxx>
> Cc: Andy Shevchenko <andriy.shevchenko@xxxxxxxxxxxxxxx>
> Cc: Chris Metcalf <cmetcalf@xxxxxxxxxx>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxx>
> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
> [kees: move from -mm, add ARCH_HAS_FORTIFY_SOURCE, tweak Kconfig help]
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
This is now commit 6974f0c4555e285a upstream.
> --- a/include/linux/string.h
> +++ b/include/linux/string.h
> @@ -187,4 +187,204 @@ static inline const char *kbasename(const char *path)
> return tail ? tail + 1 : path;
> }
>
> +#define __FORTIFY_INLINE extern __always_inline __attribute__((gnu_inline))
With gcc-4.1.2, I now get zillions of:
include/linux/string.h:439: warning: âgnu_inlineâ attribute
directive ignored
This attribute seems to be supported as of gcc 4.2?
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds