diff options
| author | Kees Cook <keescook@chromium.org> | 2022-02-09 01:53:50 +0300 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2022-02-14 03:50:07 +0300 |
| commit | 281d0c962752fb40866dd8d4cade68656f34bd1f (patch) | |
| tree | 80e7f2219375ddbf042f9dab52a6e5dea45bcff5 /security/integrity/integrity_audit.c | |
| parent | 67ebc3ab446230c77fe3b545a9d8a11cac1cfb6e (diff) | |
| download | linux-281d0c962752fb40866dd8d4cade68656f34bd1f.tar.xz | |
fortify: Add Clang support
Enable FORTIFY_SOURCE support for Clang:
Use the new __pass_object_size and __overloadable attributes so that
Clang will have appropriate visibility into argument sizes such that
__builtin_object_size(p, 1) will behave correctly. Additional details
available here:
https://github.com/llvm/llvm-project/issues/53516
https://github.com/ClangBuiltLinux/linux/issues/1401
A bug with __builtin_constant_p() of globally defined variables was
fixed in Clang 13 (and backported to 12.0.1), so FORTIFY support must
depend on that version or later. Additional details here:
https://bugs.llvm.org/show_bug.cgi?id=41459
commit a52f8a59aef4 ("fortify: Explicitly disable Clang support")
A bug with Clang's -mregparm=3 and -m32 makes some builtins unusable,
so removing -ffreestanding (to gain the needed libcall optimizations
with Clang) cannot be done. Without the libcall optimizations, Clang
cannot provide appropriate FORTIFY coverage, so it must be disabled
for CONFIG_X86_32. Additional details here;
https://github.com/llvm/llvm-project/issues/53645
Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: George Burgess IV <gbiv@google.com>
Cc: llvm@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Link: https://lore.kernel.org/r/20220208225350.1331628-9-keescook@chromium.org
Diffstat (limited to 'security/integrity/integrity_audit.c')
0 files changed, 0 insertions, 0 deletions