[PATCH] hardening: Enable i386 FORTIFY_SOURCE on Clang 16+

From: Kees Cook
Date: Mon Mar 03 2025 - 16:49:48 EST

Next message: Jason Gunthorpe: "Re: [RFC PATCH 0/3] gpu: nova-core: add basic timer subdevice implementation"
Previous message: Heiko Stuebner: "Re: [PATCH v16 0/7] VOP Support for rk3576"
Next in thread: Nathan Chancellor: "Re: [PATCH] hardening: Enable i386 FORTIFY_SOURCE on Clang 16+"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The i386 regparm bug exposed with FORTIFY_SOURCE with Clang was fixed
in Clang 16[1].

Link: https://github.com/llvm/llvm-project/commit/c167c0a4dcdb998affb2756ce76903a12f7d8ca5 [1]
Signed-off-by: Kees Cook <kees@xxxxxxxxxx>
---
Cc: Nathan Chancellor <nathan@xxxxxxxxxx>
Cc: Nick Desaulniers <ndesaulniers@xxxxxxxxxx>
Cc: Bill Wendling <morbo@xxxxxxxxxx>
Cc: Justin Stitt <justinstitt@xxxxxxxxxx>
Cc: "Gustavo A. R. Silva" <gustavoars@xxxxxxxxxx>
Cc: llvm@xxxxxxxxxxxxxxx
Cc: linux-hardening@xxxxxxxxxxxxxxx
---
security/Kconfig.hardening | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index 23ffb0d7c845..c17366ce8224 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -286,7 +286,7 @@ config FORTIFY_SOURCE
bool "Harden common str/mem functions against buffer overflows"
depends on ARCH_HAS_FORTIFY_SOURCE
# https://github.com/llvm/llvm-project/issues/53645
- depends on !CC_IS_CLANG || !X86_32
+ depends on !X86_32 || !CC_IS_CLANG || CLANG_VERSION >= 160000
help
Detect overflows of buffers in common string and memory functions
where the compiler can determine and validate the buffer sizes.
--
2.34.1

Next message: Jason Gunthorpe: "Re: [RFC PATCH 0/3] gpu: nova-core: add basic timer subdevice implementation"
Previous message: Heiko Stuebner: "Re: [PATCH v16 0/7] VOP Support for rk3576"
Next in thread: Nathan Chancellor: "Re: [PATCH] hardening: Enable i386 FORTIFY_SOURCE on Clang 16+"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]