From patchwork Thu Feb  3 17:33:04 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 12734438
Return-Path: <linux-hardening-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 395F7C433F5
	for <linux-hardening@archiver.kernel.org>;
 Thu,  3 Feb 2022 17:33:15 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234141AbiBCRdO (ORCPT
        <rfc822;linux-hardening@archiver.kernel.org>);
        Thu, 3 Feb 2022 12:33:14 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44306 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1352888AbiBCRdK (ORCPT
        <rfc822;linux-hardening@vger.kernel.org>);
        Thu, 3 Feb 2022 12:33:10 -0500
Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com
 [IPv6:2607:f8b0:4864:20::1033])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1E015C061744
        for <linux-hardening@vger.kernel.org>;
 Thu,  3 Feb 2022 09:33:10 -0800 (PST)
Received: by mail-pj1-x1033.google.com with SMTP id
 my12-20020a17090b4c8c00b001b528ba1cd7so3715589pjb.1
        for <linux-hardening@vger.kernel.org>;
 Thu, 03 Feb 2022 09:33:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=MUiPfv0b7HtsA+1Jcxd4DfVz2PUbbY6hEsnvf5ttu8A=;
        b=jQX8gcsSwOP/KkAMh84nBim4wKeykymorf6yx9m/h38b779HWbddx6xXTzDoKpAb75
         nVQ5JeWLhwZae6+zxQb2tpP83N409i3WWRcHX5vCKkFgiXL9NyftIiPvIL+qIe2+zKrY
         6kxji9nYmzRSU+WUV+bq9onehswNvGSwRL7vw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=MUiPfv0b7HtsA+1Jcxd4DfVz2PUbbY6hEsnvf5ttu8A=;
        b=OESe6CzKMazNzEgvjzTxQ8TvolbH37VKo0o6aa6/4IcnwvcvwkMVw4CkRmiGpgQbPv
         /fBc2HIRK7GHMGpgbms9SDlSVRKoVKW+TeqsSWlmSUKepXccP3ILBDTHaykhDNjCaxgF
         M68Zf5UMvZyAkP0NXgd15dEVWtGtJM9zWLiGatLVsAJxp04kD2TzFR+N8PXcX0H8k3N9
         /RH1N6ItIUVoa6lhhsVHvAT8ldZ6hQob3vhCZDOFpg6fSdnba0EPE8ZSNvoMmw/vqkux
         B4Tt/LBdwaZxcgi5OQk2n29AFRiBU5r7cyAAT1o9w55gwdhY/vcy1nZTTt0dNQsTZaYX
         rzrg==
X-Gm-Message-State: AOAM533P5cGWdcqm2qFcKC7Oc7X7zYHZUsk9Qp/5ftaoiXBLYB1lXt9u
        h4JrRwclev7yCQZmrXatTTfm1w==
X-Google-Smtp-Source: 
 ABdhPJwm1hJ64GoD9Ys8S1VDk2Ymu61lFup/+cIM4lzAuJOKaqXIk0DUkZSlFidJmOUh9Hqg1vGtlw==
X-Received: by 2002:a17:902:7d97:: with SMTP id
 a23mr36351894plm.92.1643909589655;
        Thu, 03 Feb 2022 09:33:09 -0800 (PST)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id
 lb3sm11414786pjb.47.2022.02.03.09.33.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 03 Feb 2022 09:33:09 -0800 (PST)
From: Kees Cook <keescook@chromium.org>
To: Kees Cook <keescook@chromium.org>
Cc: Miguel Ojeda <ojeda@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Nathan Chancellor <nathan@kernel.org>, llvm@lists.linux.dev,
        George Burgess IV <gbiv@google.com>,
        linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH v6 1/4] Compiler Attributes: Add __pass_object_size for Clang
Date: Thu,  3 Feb 2022 09:33:04 -0800
Message-Id: <20220203173307.1033257-2-keescook@chromium.org>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20220203173307.1033257-1-keescook@chromium.org>
References: <20220203173307.1033257-1-keescook@chromium.org>
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=1990; h=from:subject;
 bh=4kvv64bSH/70KUK07qLc8wQXlhwvQ6HObY6O2DORONc=;
 b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBh/BHSjG3rQ/CXubaKddHLMHMFjiyYRstsDgXydL47
 wn/JpEeJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYfwR0gAKCRCJcvTf3G3AJh/yEA
 CxCjO7ReiNJg3LHPAqDhDOOCqIutYxL53os7hP2tTYD942c2cdT1Qu6VZNnwNRaRUNPiuo+UcKUgzX
 MqClYq+59CuiJr4gfKJyN0ixxXMuC7YEghZpE2sJnWSGRaRI7XUDjlDnYtdn9sW48QUDfr0cySO4Fd
 xJ7lY93vsK51fYyRcCGNX0+AGfqa+Q6I0vORoo1WnyhRh50sSfETEEtXM4H8FDqZ8f0fnldWuZKc1N
 NotoKcD3pvIe5pKTWWxvTyxe9vc1wQtbyWevg/uFVx35supMhYFgHlAxCO4A7in5wBKwH+SBB56x2B
 5aV8yQ17ZpKOyLfb8KZG7ZD7mIpOWcsoFaRF8wNTanonUyRuDlToGhRaskCPAjaIXvpeZub+BJGczy
 4/Q8LOoJHGu8KQqKNvmDbzZp0xtvatffWwty+zBcBukYxgauzeA9MJdeEJ5HsZFEKKcCJa35indnoB
 s1SsYtjfMlnlajZ2Tpd43Ys1Ir+mOcbe4mY/j0FuY5cjzit3HBuMv0afU1cgqwsYDx46hwwNJQJ5ce
 QH5fBHLI7oxky0aDplTKbq/41yqQiH0Z3FQASlOZHVhKkdln4gGoSGrDFP9vuu90k7Gcfph47fcleZ
 F/8Tc9qTDACdqzb08XSs6+if8D6I8LClaqvaXkPkvAYuEhQ8fHYxSOBSJ8RA==
X-Developer-Key: i=keescook@chromium.org; a=openpgp;
 fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Precedence: bulk
List-ID: <linux-hardening.vger.kernel.org>
X-Mailing-List: linux-hardening@vger.kernel.org

In order to gain greater visibility to type information when using
__builtin_object_size(), Clang has a function attribute "pass_object_size"
that will make size information available for marked arguments in
a function by way of implicit additional function arguments that are
then wired up the __builtin_object_size().

This is needed to implement FORTIFY_SOURCE in Clang, as a workaround
to Clang's __builtin_object_size() having limited visibility[1] into types
across function calls (even inlines).

Since any usage must also be const, include it in the macro.

This attribute has an additional benefit that it can be used even on
non-inline functions to gain argument size information.

[1] https://github.com/llvm/llvm-project/issues/53516

Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: llvm@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/linux/compiler_attributes.h | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h
index 37e260020221..4ce370094e3a 100644
--- a/include/linux/compiler_attributes.h
+++ b/include/linux/compiler_attributes.h
@@ -263,6 +263,20 @@
  */
 #define __packed                        __attribute__((__packed__))
 
+/*
+ * Note: the "type" argument should match any __builtin_object_size(p, type) usage.
+ *
+ * Optional: not supported by gcc.
+ * Optional: not supported by icc.
+ *
+ * clang: https://clang.llvm.org/docs/AttributeReference.html#pass-object-size-pass-dynamic-object-size
+ */
+#if __has_attribute(__pass_object_size__)
+# define __pass_object_size(type)	const __attribute__((__pass_object_size__(type)))
+#else
+# define __pass_object_size(type)
+#endif
+
 /*
  *   gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-pure-function-attribute
  */

From patchwork Thu Feb  3 17:33:05 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 12734435
Return-Path: <linux-hardening-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8F4BEC433EF
	for <linux-hardening@archiver.kernel.org>;
 Thu,  3 Feb 2022 17:33:12 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1352894AbiBCRdK (ORCPT
        <rfc822;linux-hardening@archiver.kernel.org>);
        Thu, 3 Feb 2022 12:33:10 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44290 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S238092AbiBCRdJ (ORCPT
        <rfc822;linux-hardening@vger.kernel.org>);
        Thu, 3 Feb 2022 12:33:09 -0500
Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com
 [IPv6:2607:f8b0:4864:20::1033])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 84E6FC061714
        for <linux-hardening@vger.kernel.org>;
 Thu,  3 Feb 2022 09:33:09 -0800 (PST)
Received: by mail-pj1-x1033.google.com with SMTP id
 s2-20020a17090ad48200b001b501977b23so10695327pju.2
        for <linux-hardening@vger.kernel.org>;
 Thu, 03 Feb 2022 09:33:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=+zBssxH/WxmaUO1sr/ghPwh4fL8f/bXW9MZNrOKPr/w=;
        b=oHqJMzOtTUhUby05qTiPD+GwE2p690AUteZEv8NOXiqzXdXNe9W7NYPJF7Fdhhy0d6
         HrbpsdReZ8syYLPk1n7PqQX0GrdwxvuhtNFpIWiQQ8VoJYKpVRr/YxdoyGUpZA17rTWO
         x1c2kkxyfTcGDUI6iBxO9lRGNTqe/95y+6LxY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=+zBssxH/WxmaUO1sr/ghPwh4fL8f/bXW9MZNrOKPr/w=;
        b=2mbqcMCCFSioa4/gEEzTiB6gOgDBH9Sl4inc3ohAnXeUKl7CQ2MPQtYdCXg8GVeB7X
         bxeI92feh0dzrJaulrCNFi0Y85s4EFrlxWSvD8JRw/iOcUf4BB40kcwJISIP4IXOehlt
         ihVcDqbe7AQPGnNGVXmOaDMlTKEXwZz/JKJVnif/Ny2ZAdh7Qy9Ctf0zIewKpWmJ5EWn
         qjTWZc9aOH6c9bIpBHWGobZYbGGPS6nXyHWouV4sG2yuNbzjStyb8tYuccZoxVo9/4yy
         EBKQ8KfJ++canz6Rsd7JoiQemZeXygb1YcYfXGl1/Hgw6y2rhuxDEiKYW5HJvlCEEpH/
         Sigw==
X-Gm-Message-State: AOAM531pc7W8awaJt51ghnZV+H8ssqQnYz9NoFHWsRXMcCgS8lDbfFCD
        eHri4iyDI1SrM1p4yW1gYuUgEg==
X-Google-Smtp-Source: 
 ABdhPJwZxP5UEfB4voCN4yq/C38B+fyMmytMwS4/oRagiqzmZRs0yri0Cci2rcPZ2J8Oe8mJzENBOQ==
X-Received: by 2002:a17:90a:290b:: with SMTP id
 g11mr15030650pjd.8.1643909589126;
        Thu, 03 Feb 2022 09:33:09 -0800 (PST)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id
 u18sm29724557pfk.14.2022.02.03.09.33.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 03 Feb 2022 09:33:08 -0800 (PST)
From: Kees Cook <keescook@chromium.org>
To: Kees Cook <keescook@chromium.org>
Cc: Miguel Ojeda <ojeda@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Nathan Chancellor <nathan@kernel.org>, llvm@lists.linux.dev,
        George Burgess IV <gbiv@google.com>,
        linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH v6 2/4] Compiler Attributes: Add __overloadable for Clang
Date: Thu,  3 Feb 2022 09:33:05 -0800
Message-Id: <20220203173307.1033257-3-keescook@chromium.org>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20220203173307.1033257-1-keescook@chromium.org>
References: <20220203173307.1033257-1-keescook@chromium.org>
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=1446; h=from:subject;
 bh=KMIyemBEeogv0prZ4PjXHBrE0psPPqx5j7gZUW7T9OQ=;
 b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBh/BHSjKRmsjxgw96UF0ULSGoSRDajl4PKbrjZ5H1m
 qvM6GwuJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYfwR0gAKCRCJcvTf3G3AJvp+EA
 CHifGQYlU/vyOgRTFiBUh2o2UcOBRzjmfvCANd+VySak7rvfpyLFYaD2b/KZR+bvpMIwxmKKRMVMgA
 bcOzv588jJFGqgeabG/ez2ppSc31+DZYscdVT16K5tdTMd56FsbYQWsIauZGy25an5pOe1vdX7qUdU
 96CRYKYktuZCj8rLFsN/2ptyObfY0ZDMWx+oY+uT+eQJsk7QICGaycui8n7ZDF+umQ9bXi34Vmm5a0
 iq48nXsnOXqWLSFXEfl23DrXjOWRxhf5IMrwX+7pHvxfE1IXC6oTk+t5Y/LqAirc5OqBEUY2kxS94Z
 9nblGXGO3EDSh3DAFhTGUqNO/LdU3HuyFeVau3TSCgD2MFV/kePGim0QGn7NTrvbpclEcBDeV+T1cL
 uqNDvQsvJ2O6c25GtWehSZWPsb3Q5Sn7oW541ZBfAIUZtAz8tT+8AhYQY6rMcJr10BYH7euQgiYSeH
 j+rdQCt2ux5XL93GfgjCOaeXaEOT2dPN1hm+mcMJksEY1pG2ZoKsDvrZ2Fl+w0tofWJhPpsN6tbmrj
 3yojOjQnE0K+C3p0otFZulTm2JsRe9FUxfV/c3Z0FAKDpaea3BE7TjonpuMsJ4HyockIjz+Fv8dJl5
 0PPfQL56Ph+nm9i3dFsl0YbJgHJdaKyCmsevhv8YZEyzCZ8lSXCy6HO38Rxg==
X-Developer-Key: i=keescook@chromium.org; a=openpgp;
 fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Precedence: bulk
List-ID: <linux-hardening.vger.kernel.org>
X-Mailing-List: linux-hardening@vger.kernel.org

In order for FORTIFY_SOURCE to use __pass_object_size on an "inline
extern" function, as all the fortified string functions are, the functions
must be marked as being overloadable (i.e. different prototypes).
This allows the __pass_object_size versions to take precedence.

Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: llvm@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
---
 include/linux/compiler_attributes.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h
index 4ce370094e3a..dc3bf2a6e1c9 100644
--- a/include/linux/compiler_attributes.h
+++ b/include/linux/compiler_attributes.h
@@ -257,6 +257,18 @@
  */
 #define __noreturn                      __attribute__((__noreturn__))
 
+/*
+ * Optional: not supported by gcc.
+ * Optional: not supported by icc.
+ *
+ * clang: https://clang.llvm.org/docs/AttributeReference.html#overloadable
+ */
+#if __has_attribute(__overloadable__)
+# define __overloadable			__attribute__((__overloadable__))
+#else
+# define __overloadable
+#endif
+
 /*
  *   gcc: https://gcc.gnu.org/onlinedocs/gcc/Common-Type-Attributes.html#index-packed-type-attribute
  * clang: https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-packed-variable-attribute

From patchwork Thu Feb  3 17:33:06 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 12734437
Return-Path: <linux-hardening-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DE0E0C433FE
	for <linux-hardening@archiver.kernel.org>;
 Thu,  3 Feb 2022 17:33:14 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1352905AbiBCRdN (ORCPT
        <rfc822;linux-hardening@archiver.kernel.org>);
        Thu, 3 Feb 2022 12:33:13 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44294 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1352853AbiBCRdJ (ORCPT
        <rfc822;linux-hardening@vger.kernel.org>);
        Thu, 3 Feb 2022 12:33:09 -0500
Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com
 [IPv6:2607:f8b0:4864:20::1032])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BB80DC06173D
        for <linux-hardening@vger.kernel.org>;
 Thu,  3 Feb 2022 09:33:09 -0800 (PST)
Received: by mail-pj1-x1032.google.com with SMTP id
 my12-20020a17090b4c8c00b001b528ba1cd7so3715572pjb.1
        for <linux-hardening@vger.kernel.org>;
 Thu, 03 Feb 2022 09:33:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=yw6irJOhAN2vbye3KxjS913II9TZEzxb21xQrAwi3o4=;
        b=mP/6SYnCRJH9tpjoHEfJtObmNSTaNoU503LyosBGp2no0Jy/0I8gdDTScbDK0P+Pj5
         NpSVZevzjhlKTmzlpKub1pEGXI6h/dPGSMX6JG4joMv9IVsVGO/3KKdKT1vHuV71aYkq
         AlgkOo8bpwxTWSGMwZXNOB80pM+oVA+q/YjE4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=yw6irJOhAN2vbye3KxjS913II9TZEzxb21xQrAwi3o4=;
        b=vBFk5Q45HBF4ceFU0WFc6J4vvQaA94fOeTXwWxbPY8eTzK2+YeOHVnbx45tvx95Sa6
         K5enxJVFVtrJcLjMNBYb4tx+Y8kC4rEL9Y8YL2fJvvbUQtpHkkaEZ8PXTcTlEcpwc7HQ
         Bww+W9cgxsoBROU2S0pOqueP4aThJBt5XLWNArJL6zP2jwVN1OtsjQaU/258Eliz5lBh
         lm5I0Nmf3rpm+AdhQ85EgJ8pCULuHtiQzmgWPaTpjNFnIBNLLXEjGe+hGHmWbImNzsv1
         7ThppaVdE5NzgrqiMNEPMYjPzRUOAodMmWtyJunbBihwWP0FCshfh88dEh00br4/0I1T
         f4HQ==
X-Gm-Message-State: AOAM532DZNoXdAY8XhRaPn9D4ecMZR7ratUiLCBfyEffTKRALyzTRzvC
        3R4CFR1aqBYLRlcE3vzJA7OL4g==
X-Google-Smtp-Source: 
 ABdhPJz4tqpeFvhVI9ywT579VtsGqHvct54NQZZJbykcuYldQGI3P6+8TsH5i1RCoYEBMA+OGSKagQ==
X-Received: by 2002:a17:90b:3907:: with SMTP id
 ob7mr14667143pjb.193.1643909589265;
        Thu, 03 Feb 2022 09:33:09 -0800 (PST)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id
 m7sm16882072pfb.80.2022.02.03.09.33.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 03 Feb 2022 09:33:08 -0800 (PST)
From: Kees Cook <keescook@chromium.org>
To: Kees Cook <keescook@chromium.org>
Cc: Miguel Ojeda <ojeda@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Nathan Chancellor <nathan@kernel.org>, llvm@lists.linux.dev,
        George Burgess IV <gbiv@google.com>,
        linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH v6 3/4] Compiler Attributes: Add __diagnose_as for Clang
Date: Thu,  3 Feb 2022 09:33:06 -0800
Message-Id: <20220203173307.1033257-4-keescook@chromium.org>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20220203173307.1033257-1-keescook@chromium.org>
References: <20220203173307.1033257-1-keescook@chromium.org>
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=1556; h=from:subject;
 bh=PFNBq+XBBzqPg0PXB+hOZffkoQePkvVqefaYT0cGhkA=;
 b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBh/BHSJikbTtPWOya8ANlt+DjlpP25rfy61MJkv6kC
 DdbWiWaJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYfwR0gAKCRCJcvTf3G3AJvnsD/
 94wjTMkiZ67z0/rOtOWAOd9wx3QvMbt0JJpgWptsGyD2zaCist6dx7Tua/1oHZrwwBfRUXaXY2jOi8
 0BxCmdTsmhcqBZVphRl/fbqYikyQG1cj2r41y8eV4xEBf5gzqh3y/7rIJVFpe2PWWodErO9i4j9NkY
 xYc2Ij/9LuVbbXlL1LSDQpsrEWVaQtBBAwb1wqZsx/+Sghwqn0WjCcY0fbvjjELX9mJyC87AY8kzE8
 5Q3i+XRakLy5q3p3ZEqZsAXbM4AMqp1cFDKbf1iHsRaZIn/ZnnQbyFuIkrsWMLINQDp+PFstmIBu9m
 uJqSIHBIVaJHA/64Yx42sutxUybGcVN7waqVE4U9TT38lPyDwztqH8dk/L/eOTTYSFrZBxBhqQyqsD
 qfDm3N8ZNdFJkJVk2QCxp52S0ox6GSUeUlr7f/yRs54MJqTGdyWc23qkLlWDkK0Q5KlXQE4box4b9N
 TsG5seV1LmjHTkspOXw29uwuZ3eIMiRmIQO7+pBMF9+D9hRci+rhmyQLI8WzloRJ7VSiSL1xGdN66S
 4YyEfH2sxu7PdtWE56FVHASJXsRQQnNAeqRL53MXxUiSc2/Br/RCtcK32wGH37fxdWCLP1DBCTo+jK
 gDFLaUlT2bOPk5OTNWCCuZLGRPoOX9XXBKx2NJUjD7k8vEtEWo4uMiPQXakQ==
X-Developer-Key: i=keescook@chromium.org; a=openpgp;
 fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Precedence: bulk
List-ID: <linux-hardening.vger.kernel.org>
X-Mailing-List: linux-hardening@vger.kernel.org

Clang will perform various compile-time diagnostics on uses of various
functions (e.g. simple bounds-checking on strcpy(), etc). These
diagnostics can be assigned to other functions (for example, new
implementations of the string functions under CONFIG_FORTIFY_SOURCE)
using the "diagnose_as_builtin" attribute. This allows those functions
to retain their compile-time diagnostic warnings.

Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: llvm@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
---
 include/linux/compiler_attributes.h | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/include/linux/compiler_attributes.h b/include/linux/compiler_attributes.h
index dc3bf2a6e1c9..df9c7e5e8818 100644
--- a/include/linux/compiler_attributes.h
+++ b/include/linux/compiler_attributes.h
@@ -100,6 +100,19 @@
 # define __copy(symbol)
 #endif
 
+/*
+ * Optional: not supported by gcc
+ * Optional: only supported since clang >= 14.0
+ * Optional: not supported by icc
+ *
+ * clang: https://clang.llvm.org/docs/AttributeReference.html#diagnose_as_builtin
+ */
+#if __has_attribute(__diagnose_as_builtin__)
+# define __diagnose_as(builtin...)	__attribute__((__diagnose_as_builtin__(builtin)))
+#else
+# define __diagnose_as(builtin...)
+#endif
+
 /*
  * Don't. Just don't. See commit 771c035372a0 ("deprecate the '__deprecated'
  * attribute warnings entirely and for good") for more information.

From patchwork Thu Feb  3 17:33:07 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kees Cook <keescook@chromium.org>
X-Patchwork-Id: 12734439
Return-Path: <linux-hardening-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CB3B3C4332F
	for <linux-hardening@archiver.kernel.org>;
 Thu,  3 Feb 2022 17:33:15 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S242666AbiBCRdP (ORCPT
        <rfc822;linux-hardening@archiver.kernel.org>);
        Thu, 3 Feb 2022 12:33:15 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44304 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1352893AbiBCRdK (ORCPT
        <rfc822;linux-hardening@vger.kernel.org>);
        Thu, 3 Feb 2022 12:33:10 -0500
Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com
 [IPv6:2607:f8b0:4864:20::1035])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6D3E3C06173B
        for <linux-hardening@vger.kernel.org>;
 Thu,  3 Feb 2022 09:33:10 -0800 (PST)
Received: by mail-pj1-x1035.google.com with SMTP id m7so3110535pjk.0
        for <linux-hardening@vger.kernel.org>;
 Thu, 03 Feb 2022 09:33:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=ohgfedv3LwtwNETDhjR036lLD285TgXCIf8rd9WVcis=;
        b=ZKq/5ytew9BK9Lh8BB4tSBlllMmYkfCVq5RReDz80vC9xYkeb3gxlImeo5sP73aszU
         F1MX8UeliIKOo/X5QSMKjUFuwKb28nVnSQAWRmp48ijuMAczEhWp4WqT/MG0VnEhqTui
         iSVNGj5LfRVfMyc5xznalktQhS8S8ELpgLlXQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=ohgfedv3LwtwNETDhjR036lLD285TgXCIf8rd9WVcis=;
        b=rdalbg6lgg8d1JN8blm+5f/PggkAaRFJ1EB69/MyIf7MubRS4AG1jZeZb0q/W4bzdX
         ZJS1+tP+m9nvOZ5kHtURuXlyfAAIb+hbX4eAjvX8+e8fovcVF6bgEdeWqe1Ndumbs1Jn
         GsxCp1SYFuA00CbM7Eyl0nUR0vHaR4jqPA8kmeWNCW4oXn1nETKQZl1Ns5jzWfboEUnM
         /EAyvnWUzIjhExh3lLdcYwxjeqYiGp3SDm0m5ZNxOUvpV+n0aRJgTn0uBt86il36bYEj
         NtqKCdPtcxjFY4ivJ7tS18/d3hcAnfw4TLUnTnNVagyzZA9mppEwtiquse8FflGoY9G6
         3TaQ==
X-Gm-Message-State: AOAM530okoPZNTcjukHLKE8B8H9Ki19GiAbZpMfDWEgjotvNOEP5Dp2q
        c1vUPC+eveXsO7YkQDQxNkD6zQ==
X-Google-Smtp-Source: 
 ABdhPJzsNyxzMdJajlX2kferYLJukTQwYeGriE8c/jigKo0VPiMicgW8v4YjlKseMqZjxCAnoRl9yQ==
X-Received: by 2002:a17:902:e74c:: with SMTP id
 p12mr24215988plf.115.1643909589981;
        Thu, 03 Feb 2022 09:33:09 -0800 (PST)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id
 a3sm29194310pfk.73.2022.02.03.09.33.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 03 Feb 2022 09:33:09 -0800 (PST)
From: Kees Cook <keescook@chromium.org>
To: Kees Cook <keescook@chromium.org>
Cc: Miguel Ojeda <ojeda@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Nathan Chancellor <nathan@kernel.org>,
        George Burgess IV <gbiv@google.com>, llvm@lists.linux.dev,
        linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH v6 4/4] fortify: Add Clang support
Date: Thu,  3 Feb 2022 09:33:07 -0800
Message-Id: <20220203173307.1033257-5-keescook@chromium.org>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20220203173307.1033257-1-keescook@chromium.org>
References: <20220203173307.1033257-1-keescook@chromium.org>
MIME-Version: 1.0
X-Developer-Signature: v=1; a=openpgp-sha256; l=9118; h=from:subject;
 bh=uLvObXCa+adv21+oycDwxFQbsQPVkjm/KcsEJAaVL24=;
 b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBh/BHSRAe50TfqZrZ5b0CNzhS6YwX2RSr5uLu8PnaW
 83nmD7uJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCYfwR0gAKCRCJcvTf3G3AJmFOD/
 9dEzcmHLz8Z5AvIisKzABHSI10XiJsEDXvPZaL+ApPvNb3rXZvruQSSk4mD5ey2wzLvhhhscHzI9/a
 8Qkn/Qn0MeGULVHxs4ELBiuLaU5Bqgj5ktVPfOw/frDALuyuELU7D5U3fSI9m8hSbOsqRweqSnWeVB
 TweDP4g472HILclqF44oZ57W2UDFTC8NE1c9HuCsNilCPZ08l/v/QHVPcHpnZY4FruGBAy0uV099F+
 KVDpSzmMiv6ErQQM3hqderKgG/2BsnE5HkSLC2dArLdmge686MF+ivACiQp7fM7C5SujNfxTRw4Iqt
 mJJ/UBr7OoEHBPRLw9Gy0/qgkioHPKCX7cZQP3Nh1UB+kxzAejQDrorU0zmdgJ06GgVWbrv9++h6MX
 9pYPK2nxGlwzxo3fBJmYosDkQrRVhM/LL+/2C8vjLeW03Ey0CjFjO76nxW0tuL8X49xtR7zJpKaZ6Y
 nmNPYJ6UgU8uGwGQJFjYOVnzHTq9ASCFoSlMSKZPFS8Y028G7HaIXJpdGi5yCfQgluHGgbHtHXIzbm
 9+/24plGAJOCRBE6SyELvJ5pUiBmsmYnli6yajJKL0lAUjeONI+5gnfxMZR6xFQc4HKcYlU97EPasa
 FSiiBpm1jDK3c5uzIrWv/NiwigQ6mWUHPWHHnYTOPHNo5vj5oDB/JqOpuQ0g==
X-Developer-Key: i=keescook@chromium.org; a=openpgp;
 fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026
Precedence: bulk
List-ID: <linux-hardening.vger.kernel.org>
X-Mailing-List: linux-hardening@vger.kernel.org

Enable FORTIFY_SOURCE support for Clang:

Use the new __pass_object_size and __overloadable attributes so
that Clang will have appropriate visibility into argument sizes such
that __builtin_object_size(p, 1) will behave correctly. Additional
details here:
    https://github.com/llvm/llvm-project/issues/53516
    https://github.com/ClangBuiltLinux/linux/issues/1401

When available, use the new __diagnose_as attribute to make sure no
compile-time diagnostic warnings are lost due to the effectively renamed
string functions.

Redefine strlen() as a macro that tests for being a constant expression
so that strlen() can still be used in static initializers, which was
lost when adding __pass_object_size and __overloadable.

Finally, a bug with __builtin_constant_p() of globally defined variables
was fixed in Clang 13 (and backported to 12.0.1), so FORTIFY support
must depend on that version or later. Additional details here:
    https://bugs.llvm.org/show_bug.cgi?id=41459
    commit a52f8a59aef4 ("fortify: Explicitly disable Clang support")

Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: George Burgess IV <gbiv@google.com>
Cc: llvm@lists.linux.dev
Signed-off-by: Kees Cook <keescook@chromium.org>
---
 include/linux/fortify-string.h | 58 +++++++++++++++++++++++++---------
 security/Kconfig               |  3 +-
 2 files changed, 44 insertions(+), 17 deletions(-)

diff --git a/include/linux/fortify-string.h b/include/linux/fortify-string.h
index c45159dbdaa1..2ffe4f2f79eb 100644
--- a/include/linux/fortify-string.h
+++ b/include/linux/fortify-string.h
@@ -2,7 +2,9 @@
 #ifndef _LINUX_FORTIFY_STRING_H_
 #define _LINUX_FORTIFY_STRING_H_
 
-#define __FORTIFY_INLINE extern __always_inline __attribute__((gnu_inline))
+#include <linux/const.h>
+
+#define __FORTIFY_INLINE extern __always_inline __attribute__((gnu_inline)) __overloadable
 #define __RENAME(x) __asm__(#x)
 
 void fortify_panic(const char *name) __noreturn __cold;
@@ -50,7 +52,17 @@ extern char *__underlying_strncpy(char *p, const char *q, __kernel_size_t size)
 #define __underlying_strncpy	__builtin_strncpy
 #endif
 
-__FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size)
+/*
+ * Clang's use of __builtin_object_size() within inlines needs hinting via
+ * __pass_object_size(). The preference is to only ever use type 1 (member
+ * size, rather than struct size), but there remain some stragglers using
+ * type 0 that will be converted in the future.
+ */
+#define POS	__pass_object_size(1)
+#define POS0	__pass_object_size(0)
+
+__FORTIFY_INLINE __diagnose_as(__builtin_strncpy, 1, 2, 3)
+char *strncpy(char * POS p, const char *q, __kernel_size_t size)
 {
 	size_t p_size = __builtin_object_size(p, 1);
 
@@ -61,7 +73,8 @@ __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size)
 	return __underlying_strncpy(p, q, size);
 }
 
-__FORTIFY_INLINE char *strcat(char *p, const char *q)
+__FORTIFY_INLINE __diagnose_as(__builtin_strcat, 1, 2)
+char *strcat(char * POS p, const char *q)
 {
 	size_t p_size = __builtin_object_size(p, 1);
 
@@ -73,7 +86,7 @@ __FORTIFY_INLINE char *strcat(char *p, const char *q)
 }
 
 extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen);
-__FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen)
+__FORTIFY_INLINE __kernel_size_t strnlen(const char * POS p, __kernel_size_t maxlen)
 {
 	size_t p_size = __builtin_object_size(p, 1);
 	size_t p_len = __compiletime_strlen(p);
@@ -93,8 +106,16 @@ __FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen)
 	return ret;
 }
 
-/* defined after fortified strnlen to reuse it. */
-__FORTIFY_INLINE __kernel_size_t strlen(const char *p)
+/*
+ * Defined after fortified strnlen to reuse it. However, it must still be
+ * possible for strlen() to be used on compile-time strings for use in
+ * static initializers (i.e. as a constant expression).
+ */
+#define strlen(p)							\
+	__builtin_choose_expr(__is_constexpr(__builtin_strlen(p)),	\
+		__builtin_strlen(p), __fortify_strlen(p))
+__FORTIFY_INLINE __diagnose_as(__builtin_strlen, 1)
+__kernel_size_t __fortify_strlen(const char * POS p)
 {
 	__kernel_size_t ret;
 	size_t p_size = __builtin_object_size(p, 1);
@@ -110,7 +131,7 @@ __FORTIFY_INLINE __kernel_size_t strlen(const char *p)
 
 /* defined after fortified strlen to reuse it */
 extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy);
-__FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size)
+__FORTIFY_INLINE size_t strlcpy(char * POS p, const char * POS q, size_t size)
 {
 	size_t p_size = __builtin_object_size(p, 1);
 	size_t q_size = __builtin_object_size(q, 1);
@@ -137,7 +158,7 @@ __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size)
 
 /* defined after fortified strnlen to reuse it */
 extern ssize_t __real_strscpy(char *, const char *, size_t) __RENAME(strscpy);
-__FORTIFY_INLINE ssize_t strscpy(char *p, const char *q, size_t size)
+__FORTIFY_INLINE ssize_t strscpy(char * POS p, const char * POS q, size_t size)
 {
 	size_t len;
 	/* Use string size rather than possible enclosing struct size. */
@@ -183,7 +204,8 @@ __FORTIFY_INLINE ssize_t strscpy(char *p, const char *q, size_t size)
 }
 
 /* defined after fortified strlen and strnlen to reuse them */
-__FORTIFY_INLINE char *strncat(char *p, const char *q, __kernel_size_t count)
+__FORTIFY_INLINE __diagnose_as(__builtin_strncat, 1, 2, 3)
+char *strncat(char * POS p, const char * POS q, __kernel_size_t count)
 {
 	size_t p_len, copy_len;
 	size_t p_size = __builtin_object_size(p, 1);
@@ -354,7 +376,7 @@ __FORTIFY_INLINE void fortify_memcpy_chk(__kernel_size_t size,
 		memmove)
 
 extern void *__real_memscan(void *, int, __kernel_size_t) __RENAME(memscan);
-__FORTIFY_INLINE void *memscan(void *p, int c, __kernel_size_t size)
+__FORTIFY_INLINE void *memscan(void * POS0 p, int c, __kernel_size_t size)
 {
 	size_t p_size = __builtin_object_size(p, 0);
 
@@ -365,7 +387,8 @@ __FORTIFY_INLINE void *memscan(void *p, int c, __kernel_size_t size)
 	return __real_memscan(p, c, size);
 }
 
-__FORTIFY_INLINE int memcmp(const void *p, const void *q, __kernel_size_t size)
+__FORTIFY_INLINE __diagnose_as(__builtin_memcmp, 1, 2, 3)
+int memcmp(const void * POS0 p, const void * POS0 q, __kernel_size_t size)
 {
 	size_t p_size = __builtin_object_size(p, 0);
 	size_t q_size = __builtin_object_size(q, 0);
@@ -381,7 +404,8 @@ __FORTIFY_INLINE int memcmp(const void *p, const void *q, __kernel_size_t size)
 	return __underlying_memcmp(p, q, size);
 }
 
-__FORTIFY_INLINE void *memchr(const void *p, int c, __kernel_size_t size)
+__FORTIFY_INLINE __diagnose_as(__builtin_memchr, 1, 2, 3)
+void *memchr(const void * POS0 p, int c, __kernel_size_t size)
 {
 	size_t p_size = __builtin_object_size(p, 0);
 
@@ -393,7 +417,7 @@ __FORTIFY_INLINE void *memchr(const void *p, int c, __kernel_size_t size)
 }
 
 void *__real_memchr_inv(const void *s, int c, size_t n) __RENAME(memchr_inv);
-__FORTIFY_INLINE void *memchr_inv(const void *p, int c, size_t size)
+__FORTIFY_INLINE void *memchr_inv(const void * POS0 p, int c, size_t size)
 {
 	size_t p_size = __builtin_object_size(p, 0);
 
@@ -405,7 +429,7 @@ __FORTIFY_INLINE void *memchr_inv(const void *p, int c, size_t size)
 }
 
 extern void *__real_kmemdup(const void *src, size_t len, gfp_t gfp) __RENAME(kmemdup);
-__FORTIFY_INLINE void *kmemdup(const void *p, size_t size, gfp_t gfp)
+__FORTIFY_INLINE void *kmemdup(const void * POS0 p, size_t size, gfp_t gfp)
 {
 	size_t p_size = __builtin_object_size(p, 0);
 
@@ -417,7 +441,8 @@ __FORTIFY_INLINE void *kmemdup(const void *p, size_t size, gfp_t gfp)
 }
 
 /* Defined after fortified strlen to reuse it. */
-__FORTIFY_INLINE char *strcpy(char *p, const char *q)
+__FORTIFY_INLINE __diagnose_as(__builtin_strcpy, 1, 2)
+char *strcpy(char * POS p, const char * POS q)
 {
 	size_t p_size = __builtin_object_size(p, 1);
 	size_t q_size = __builtin_object_size(q, 1);
@@ -446,4 +471,7 @@ __FORTIFY_INLINE char *strcpy(char *p, const char *q)
 #undef __underlying_strncat
 #undef __underlying_strncpy
 
+#undef POS0
+#undef POS
+
 #endif /* _LINUX_FORTIFY_STRING_H_ */
diff --git a/security/Kconfig b/security/Kconfig
index 0b847f435beb..c125026ed088 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -177,9 +177,8 @@ config HARDENED_USERCOPY_PAGESPAN
 config FORTIFY_SOURCE
 	bool "Harden common str/mem functions against buffer overflows"
 	depends on ARCH_HAS_FORTIFY_SOURCE
-	# https://bugs.llvm.org/show_bug.cgi?id=50322
 	# https://bugs.llvm.org/show_bug.cgi?id=41459
-	depends on !CC_IS_CLANG
+	depends on !CC_IS_CLANG || CLANG_VERSION >= 120001
 	help
 	  Detect overflows of buffers in common string and memory functions
 	  where the compiler can determine and validate the buffer sizes.