microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/security
История
Kees Cook 8d0956438e fortify: Explicitly disable Clang support 
commit a52f8a59ae upstream.

Clang has never correctly compiled the FORTIFY_SOURCE defenses due to
a couple bugs:

	Eliding inlines with matching __builtin_* names
	https://bugs.llvm.org/show_bug.cgi?id=50322

	Incorrect __builtin_constant_p() of some globals
	https://bugs.llvm.org/show_bug.cgi?id=41459

In the process of making improvements to the FORTIFY_SOURCE defenses, the
first (silent) bug (coincidentally) becomes worked around, but exposes
the latter which breaks the build. As such, Clang must not be used with
CONFIG_FORTIFY_SOURCE until at least latter bug is fixed (in Clang 13),
and the fortify routines have been rearranged.

Update the Kconfig to reflect the reality of the current situation.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Nick Desaulniers <ndesaulniers@google.com>
Link: https://lore.kernel.org/lkml/CAKwvOd=A+ueGV2ihdy5GtgR2fQbcXjjAtVxv3=cPjffpebZB7A@mail.gmail.com
Cc: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2021-11-21 13:44:13 +01:00
..
apparmor apparmor: fix error check 2021-11-18 19:16:58 +01:00
bpf
integrity ima: fix deadlock when traversing "ima_default_rules". 2021-11-18 19:16:31 +01:00
keys ucounts: Move get_ucounts from cred_alloc_blank to key_change_session_keyring 2021-10-20 10:34:20 -05:00
landlock
loadpin
lockdown
safesetid
selinux selinux: fix race condition when computing ocontext SIDs 2021-11-18 19:15:57 +01:00
smack smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi 2021-11-18 19:16:39 +01:00
tomoyo mm/pagemap: add mmap_assert_locked() annotations to find_vma*() 2021-09-03 09:58:13 -07:00
yama
Kconfig fortify: Explicitly disable Clang support 2021-11-21 13:44:13 +01:00
Kconfig.hardening
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
commoncap.c
device_cgroup.c
inode.c
lsm_audit.c
min_addr.c
security.c binder: use cred instead of task for selinux checks 2021-11-12 15:05:48 +01:00