From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 998E7C4338F for ; Tue, 27 Jul 2021 21:20:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 80FDA60F9C for ; Tue, 27 Jul 2021 21:20:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234039AbhG0VUN (ORCPT ); Tue, 27 Jul 2021 17:20:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:37744 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234113AbhG0VT3 (ORCPT ); Tue, 27 Jul 2021 17:19:29 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 9C5BA60FA0; Tue, 27 Jul 2021 21:18:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1627420740; bh=WmBPx1Yv944WSgHzak0rUdbiFwHmXA9AEErppz095mw=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=Yhxrd8TFAkXrlR9r4ZRtp1p0sOIsB3ZuHtZ7oYU4pXZvEaqyymH79DJSjO7iRK0si GSkXTTyUofgJqP034jp+1ZTvpxMOzmU1ZGhjE0qTg4I6idDUP9ThURBnvBclsuNBhC u1tZ6C5YrfZBbxqk5ahpRO+VLSzVj3IEDOAgpOob/SggphKjlTaaTST/9JYGw9qJid 8957SpfZCeNiETD/zLB4cNWxzBDrGN9HQH+PNdMkwgJzIdpYFU/NFrV7mI6t8oFQsi iwRWwF/foCBjtefKMixR8I7lM2u4IUX+zsUkg8iCrC0hdyyEJdWn/XDDKg0i/Pt6xD FkiBVpBB37WQw== Subject: Re: [PATCH 31/64] fortify: Explicitly disable Clang support To: Kees Cook , linux-hardening@vger.kernel.org Cc: "Gustavo A. R. Silva" , Keith Packard , Greg Kroah-Hartman , Andrew Morton , linux-kernel@vger.kernel.org, linux-wireless@vger.kernel.org, netdev@vger.kernel.org, dri-devel@lists.freedesktop.org, linux-staging@lists.linux.dev, linux-block@vger.kernel.org, linux-kbuild@vger.kernel.org, clang-built-linux@googlegroups.com References: <20210727205855.411487-1-keescook@chromium.org> <20210727205855.411487-32-keescook@chromium.org> From: Nathan Chancellor Message-ID: Date: Tue, 27 Jul 2021 14:18:58 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 MIME-Version: 1.0 In-Reply-To: <20210727205855.411487-32-keescook@chromium.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7/27/2021 1:58 PM, Kees Cook wrote: > Clang has never correctly compiled the FORTIFY_SOURCE defenses due to > a couple bugs: > > Eliding inlines with matching __builtin_* names > https://bugs.llvm.org/show_bug.cgi?id=50322 > > Incorrect __builtin_constant_p() of some globals > https://bugs.llvm.org/show_bug.cgi?id=41459 > > In the process of making improvements to the FORTIFY_SOURCE defenses, the > first (silent) bug (coincidentally) becomes worked around, but exposes > the latter which breaks the build. As such, Clang must not be used with > CONFIG_FORTIFY_SOURCE until at least latter bug is fixed (in Clang 13), > and the fortify routines have been rearranged. > > Update the Kconfig to reflect the reality of the current situation. > > Signed-off-by: Kees Cook > --- > security/Kconfig | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/security/Kconfig b/security/Kconfig > index 0ced7fd33e4d..8f0e675e70a4 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -191,6 +191,9 @@ config HARDENED_USERCOPY_PAGESPAN > config FORTIFY_SOURCE > bool "Harden common str/mem functions against buffer overflows" > depends on ARCH_HAS_FORTIFY_SOURCE > + # https://bugs.llvm.org/show_bug.cgi?id=50322 > + # https://bugs.llvm.org/show_bug.cgi?id=41459 > + depends on !CONFIG_CC_IS_CLANG Should be !CC_IS_CLANG, Kconfig is hard :) > help > Detect overflows of buffers in common string and memory functions > where the compiler can determine and validate the buffer sizes. > Cheers, Nathan From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8CAE0C4338F for ; Tue, 27 Jul 2021 21:19:05 +0000 (UTC) Received: from gabe.freedesktop.org (gabe.freedesktop.org [131.252.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5E08F60FF1 for ; Tue, 27 Jul 2021 21:19:05 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 5E08F60FF1 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.freedesktop.org Received: from gabe.freedesktop.org (localhost [127.0.0.1]) by gabe.freedesktop.org (Postfix) with ESMTP id D74F76EAC3; Tue, 27 Jul 2021 21:19:04 +0000 (UTC) Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by gabe.freedesktop.org (Postfix) with ESMTPS id 6083C6EAC3 for ; Tue, 27 Jul 2021 21:19:02 +0000 (UTC) Received: by mail.kernel.org (Postfix) with ESMTPSA id 9C5BA60FA0; Tue, 27 Jul 2021 21:18:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1627420740; bh=WmBPx1Yv944WSgHzak0rUdbiFwHmXA9AEErppz095mw=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=Yhxrd8TFAkXrlR9r4ZRtp1p0sOIsB3ZuHtZ7oYU4pXZvEaqyymH79DJSjO7iRK0si GSkXTTyUofgJqP034jp+1ZTvpxMOzmU1ZGhjE0qTg4I6idDUP9ThURBnvBclsuNBhC u1tZ6C5YrfZBbxqk5ahpRO+VLSzVj3IEDOAgpOob/SggphKjlTaaTST/9JYGw9qJid 8957SpfZCeNiETD/zLB4cNWxzBDrGN9HQH+PNdMkwgJzIdpYFU/NFrV7mI6t8oFQsi iwRWwF/foCBjtefKMixR8I7lM2u4IUX+zsUkg8iCrC0hdyyEJdWn/XDDKg0i/Pt6xD FkiBVpBB37WQw== Subject: Re: [PATCH 31/64] fortify: Explicitly disable Clang support To: Kees Cook , linux-hardening@vger.kernel.org References: <20210727205855.411487-1-keescook@chromium.org> <20210727205855.411487-32-keescook@chromium.org> From: Nathan Chancellor Message-ID: Date: Tue, 27 Jul 2021 14:18:58 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 MIME-Version: 1.0 In-Reply-To: <20210727205855.411487-32-keescook@chromium.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: dri-devel@lists.freedesktop.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Direct Rendering Infrastructure - Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-kbuild@vger.kernel.org, Greg Kroah-Hartman , linux-staging@lists.linux.dev, linux-wireless@vger.kernel.org, "Gustavo A. R. Silva" , dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, clang-built-linux@googlegroups.com, Keith Packard , netdev@vger.kernel.org, Andrew Morton Errors-To: dri-devel-bounces@lists.freedesktop.org Sender: "dri-devel" On 7/27/2021 1:58 PM, Kees Cook wrote: > Clang has never correctly compiled the FORTIFY_SOURCE defenses due to > a couple bugs: > > Eliding inlines with matching __builtin_* names > https://bugs.llvm.org/show_bug.cgi?id=50322 > > Incorrect __builtin_constant_p() of some globals > https://bugs.llvm.org/show_bug.cgi?id=41459 > > In the process of making improvements to the FORTIFY_SOURCE defenses, the > first (silent) bug (coincidentally) becomes worked around, but exposes > the latter which breaks the build. As such, Clang must not be used with > CONFIG_FORTIFY_SOURCE until at least latter bug is fixed (in Clang 13), > and the fortify routines have been rearranged. > > Update the Kconfig to reflect the reality of the current situation. > > Signed-off-by: Kees Cook > --- > security/Kconfig | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/security/Kconfig b/security/Kconfig > index 0ced7fd33e4d..8f0e675e70a4 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -191,6 +191,9 @@ config HARDENED_USERCOPY_PAGESPAN > config FORTIFY_SOURCE > bool "Harden common str/mem functions against buffer overflows" > depends on ARCH_HAS_FORTIFY_SOURCE > + # https://bugs.llvm.org/show_bug.cgi?id=50322 > + # https://bugs.llvm.org/show_bug.cgi?id=41459 > + depends on !CONFIG_CC_IS_CLANG Should be !CC_IS_CLANG, Kconfig is hard :) > help > Detect overflows of buffers in common string and memory functions > where the compiler can determine and validate the buffer sizes. > Cheers, Nathan