asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/security
History
Kees Cook 9000f2a528 fortify: Explicitly disable Clang support 
commit a52f8a59aef46b59753e583bf4b28fccb069ce64 upstream.

Clang has never correctly compiled the FORTIFY_SOURCE defenses due to
a couple bugs:

	Eliding inlines with matching __builtin_* names
	https://bugs.llvm.org/show_bug.cgi?id=50322

	Incorrect __builtin_constant_p() of some globals
	https://bugs.llvm.org/show_bug.cgi?id=41459

In the process of making improvements to the FORTIFY_SOURCE defenses, the
first (silent) bug (coincidentally) becomes worked around, but exposes
the latter which breaks the build. As such, Clang must not be used with
CONFIG_FORTIFY_SOURCE until at least latter bug is fixed (in Clang 13),
and the fortify routines have been rearranged.

Update the Kconfig to reflect the reality of the current situation.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Nick Desaulniers <ndesaulniers@google.com>
Link: https://lore.kernel.org/lkml/CAKwvOd=A+ueGV2ihdy5GtgR2fQbcXjjAtVxv3=cPjffpebZB7A@mail.gmail.com
Cc: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-11-26 11:36:18 +01:00
..
apparmor apparmor: fix error check 2021-11-26 11:36:14 +01:00
integrity evm: mark evm_fixmode as __ro_after_init 2021-11-26 11:36:01 +01:00
keys KEYS: trusted: Fix migratable=1 failing 2021-03-04 09:39:53 +01:00
loadpin module: replace the existing LSM hook in init_module 2018-07-16 12:31:57 -07:00
selinux binder: use cred instead of task for selinux checks 2021-11-26 11:35:56 +01:00
smack smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi 2021-11-26 11:36:10 +01:00
tomoyo tomoyo: Use atomic_t for statistics counter 2020-02-05 14:43:38 +00:00
yama Yama: Check for pid death before checking ancestry 2019-01-22 21:40:32 +01:00
commoncap.c security: commoncap: fix -Wstringop-overread warning 2021-05-22 10:59:21 +02:00
device_cgroup.c device_cgroup: fix RCU imbalance in error case 2019-04-27 09:36:40 +02:00
inode.c securityfs: fix use-after-free on symlink traversal 2019-05-25 18:23:42 +02:00
Kconfig fortify: Explicitly disable Clang support 2021-11-26 11:36:18 +01:00
lsm_audit.c dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-19 18:22:37 +01:00
Makefile
min_addr.c
security.c binder: use cred instead of task for selinux checks 2021-11-26 11:35:56 +01:00