verify Clang's fortified string routines are called in the kernel #1002
Comments
nickdesaulniers
added
security
|
Thanks for filing! I hear no discomfort with #979's resolution, so I'll close it.
This depends on the implementation of the routine in question, but yeah, clang won't generate IR for There's some discussion of approaches we can try on #980 (comment). Kees noted that automated testing would be really nice to have here before we start trying to thread this particular needle. I agree with that. :) |
|
@kees had mentioned recently that he was still looking into this? |
|
Yup, currently investigating this as a part of my memcpy work. |
|
This is blocked on an LLVM bug: https://llvm.org/pr41459 |
|
And blocked on this LLVM bug: https://llvm.org/pr50322 |
|
jotting down notes from trying to run LKDTM: / # mount -t sys /sys
/ # mount -t debugfs debugfs /sys/kernel/debug
/ # cat /sys/kernel/debug/provoke-crash/DIRECT
/ # echo FORTIFIED_OBJECT | cat > /sys/kernel/debug/provoke-crash/DIRECT |
|
This is fixed with https://git.kernel.org/linus/281d0c962752fb40866dd8d4cade68656f34bd1f. #1583 is tracking the |
nathanchance
added
[FIXED][LINUX] 5.18
forking #979 which focuses on regressions. cc @kees @gburgessiv @m-gupta
(If we're happy with a new bug, please close #979 as fixed, otherwise close this as a dup of #979).
Kees mentions that the runtime implementations of fortified string routines in the kernel may never have been called in a clang built kernel, irrespective of regressions in #979 ? If that's so, we should figure out what we need to fix and where to leverage this technology. It's probably possible to write a kselftest to help prevent support from regressing.
The text was updated successfully, but these errors were encountered: