From patchwork Tue Feb 8 22:53:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 12739474 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94AAEC433F5 for ; Tue, 8 Feb 2022 22:53:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231793AbiBHWx4 (ORCPT ); Tue, 8 Feb 2022 17:53:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54518 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230427AbiBHWxz (ORCPT ); Tue, 8 Feb 2022 17:53:55 -0500 Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E7DC3C0613CB for ; Tue, 8 Feb 2022 14:53:52 -0800 (PST) Received: by mail-pl1-x634.google.com with SMTP id t9so576942plg.13 for ; Tue, 08 Feb 2022 14:53:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=i9+TXKUAkpTaSSFkDc82oY8i+zzLmeGGAoJvsbwdSmc=; b=DpHAirTaqreuTh3qO0clDbGWizOcXR8ahrX4F1ymRrFVbFS6CRYSM9SFmB6IAfTrk2 xrQktak/8DfZMh4wzNznNm3R5p/8Bc+t3+mDTYX2OKBvEIMZ+v/xV+vflABKXocII+Wb +HSJfiymNB9IUaCaXTEuyVo4x/KSlYxBD2Yi8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=i9+TXKUAkpTaSSFkDc82oY8i+zzLmeGGAoJvsbwdSmc=; b=3gkra3m8n+62zqJTnvfl4g5yWh5h2IabycsQ6XySFkuxz7srNXDDC4pNGagHQHVN2k tpvnUkteVOIKIRNM0fCf8rKJR0F+iQnm0Vq1adF/Ed3pXhFpvVHkV+MMsEc6lI978+Or Jw5+iVVPBMwyQxm5zCxvi/397rVqhIB797VpoEaQlB4EPSZn7k8REeuBSeGdxhIudBg3 /+uHaChzV3UumeOiLKfnuTr0zj3zCCJgwG+b9jyu7J/FJH+BsZEfh2fKpKH5LgRwPvcH szmJ1wDb0nuRTHlOPYTlNHHSWMHM5QHdPLJrlmmmrYCS9DhlsrotG9AKxbsIV/ENqvqg eIkA== X-Gm-Message-State: AOAM530IY1Ddw7bvphhkNt/v45qvUBd+AawTgHvNODMVoRKjfkz+sMo1 Fo6RdBa1UlTh4kkevP8fO8MQVg== X-Google-Smtp-Source: ABdhPJxghJG0s80oPtx6cPs1tw9srhe66vxlFmTMitgk04CQTZOEHnGk8ydDSx5mkScbfCr5Zukeow== X-Received: by 2002:a17:902:f70c:: with SMTP id h12mr6619293plo.53.1644360832442; Tue, 08 Feb 2022 14:53:52 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id y8sm12371181pgs.31.2022.02.08.14.53.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Feb 2022 14:53:51 -0800 (PST) From: Kees Cook To: Kees Cook Cc: Miguel Ojeda , Nick Desaulniers , Nathan Chancellor , George Burgess IV , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, llvm@lists.linux.dev Subject: [PATCH v7 0/8] fortify: Add Clang support Date: Tue, 8 Feb 2022 14:53:42 -0800 Message-Id: <20220208225350.1331628-1-keescook@chromium.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1778; h=from:subject; bh=VgPaboUfDiJcgnmAPga8l6bF+y6/pdp/kTPZknfOtHc=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBiAvR7gB2hyAJzJb1CAb7+XpPx3wUAMnqCrCC+4SiR pd9TJfqJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYgL0ewAKCRCJcvTf3G3AJpsHD/ 9ZNIlnurQBvW2LVZrp41Dk0XSrYzoX0gMRlpSdXpfucgrtBfM+i/zQvvm9bPOetNqljg+r+iZDzJ47 TLF+5NQJCrAxw/JWpwAcDZZITYVnpP9deKRiRaeADTAgCgJEa1BPKBXOYv7zd+jqpA8ErZS7xqxCg9 zLlUkCWdcDpRhLOEsz8SiHXHUR5FBqI/HmKi8tAkCFQTyyeamXGWsHszvD7eclVjozTkwrt40aMpd/ Y2AXDv+RDe4BM9JHrwUkIYoKdgjtp4iwEe451T/Wn91ztzWg12zA2aqaw28KbgBK3lubqcOL7dn5qB g2TjOlEwdL1pTjhGx0grwPN/xydfSOMTevRogCBUPsbg0ap7dRpy6HvBIerAX7BCSE0AgTlkMQmoOL 80RX6u6JPMcKcDlbVCSSzcW6B7LlM3zrdBNHMpHWTUHHtvO9513WY2vtW450Gr4GegvoWK5IOlkegf a7fYyrFWAI9QGyEIpx51mWDl4eL+eo8Dk+LBRZRVWIZCw1xafO5roM29QfNZn2VJAtyybrmP5ooOGW h6iRUyHI4c42L3MKfMWTEp0Z2U8yaNZvhJGvFz49qNWW4wlP9+enwd4RyuwR7wOFgO70GNorYTGwKs YZ8a2RbFi0p9LY/IhQt6UU6+gG6M2U4Cqk8RxrBNSdWXQvuP/4pIkDzau3Jg== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 Precedence: bulk List-ID: X-Mailing-List: linux-hardening@vger.kernel.org Hi, This is the updated series for getting Clang to work with CONFIG_FORTIFY_SOURCE. We went around a few times since v6 on dealing with -ffreestanding (thank you Nick for figuring out the root cause), and are dropping X86_32 support until the associated Clang bug is fixed. I also split up the last patch, since it was doing a bunch of separate changes, which seemed better as separate patches. Thanks! -Kees v1: https://lore.kernel.org/linux-hardening/20210727205855.411487-61-keescook@chromium.org/ v2: https://lore.kernel.org/linux-hardening/20210818060533.3569517-64-keescook@chromium.org/ v3: https://lore.kernel.org/linux-hardening/20211213223331.135412-18-keescook@chromium.org/ v4: https://lore.kernel.org/linux-hardening/20220130182204.420775-1-keescook@chromium.org/ v5: https://lore.kernel.org/linux-hardening/20220202003033.704951-1-keescook@chromium.org/ v6: https://lore.kernel.org/linux-hardening/20220203173307.1033257-1-keescook@chromium.org/ v7: - split last patch into separate logical change patches - drop X86_32 support for now Kees Cook (8): fortify: Replace open-coded __gnu_inline attribute Compiler Attributes: Add __pass_object_size for Clang Compiler Attributes: Add __overloadable for Clang Compiler Attributes: Add __diagnose_as for Clang fortify: Make pointer arguments const fortify: Use __diagnose_as() for better diagnostic coverage fortify: Make sure strlen() may still be used as a constant expression fortify: Add Clang support include/linux/compiler_attributes.h | 39 +++++++++++++++++++ include/linux/fortify-string.h | 58 +++++++++++++++++++++-------- security/Kconfig | 5 ++- 3 files changed, 85 insertions(+), 17 deletions(-)