hardening: Enable i386 FORTIFY_SOURCE on Clang 16+

The i386 regparm bug exposed with FORTIFY_SOURCE with Clang was fixed in Clang 16[1]. Link: c167c0a4dc [1] Reviewed-by: Nathan Chancellor <nathan@kernel.org> Link: https://lore.kernel.org/r/20250308042929.1753543-2-kees@kernel.org Signed-off-by: Kees Cook <kees@kernel.org>
2025-04-19 20:58:31 +09:00 · 2025-03-07 20:29:26 -08:00 · 2025-03-07 20:29:26 -08:00 · d70da12453
commit d70da12453
parent 16cb16e0d2
2 changed files with 2 additions and 2 deletions
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
@ -137,7 +137,7 @@ ifeq ($(CONFIG_X86_32),y)
        include $(srctree)/arch/x86/Makefile_32.cpu
        KBUILD_CFLAGS += $(cflags-y)

-    ifeq ($(CONFIG_CC_IS_CLANG),y)
+    ifneq ($(call clang-min-version, 160000),y)
        # https://github.com/llvm/llvm-project/issues/53645
        KBUILD_CFLAGS += -ffreestanding
    endif
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@ -286,7 +286,7 @@ config FORTIFY_SOURCE
 	bool "Harden common str/mem functions against buffer overflows"
 	depends on ARCH_HAS_FORTIFY_SOURCE
 	# https://github.com/llvm/llvm-project/issues/53645
-	depends on !CC_IS_CLANG || !X86_32
+	depends on !X86_32 || !CC_IS_CLANG || CLANG_VERSION >= 160000
 	help
 	  Detect overflows of buffers in common string and memory functions
 	  where the compiler can determine and validate the buffer sizes.