On Fri, Feb 03, 2023 at 11:42:01AM -0800, Eric Biggers wrote:
From: Eric Biggers ebiggers@google.com
Randstruct with clang is currently unsafe to use in any clang release that supports it, due to a clang bug that is causing miscompilations: "-frandomize-layout-seed inconsistently randomizes all-function-pointers structs" (https://github.com/llvm/llvm-project/issues/60349). Disable it temporarily until the bug is fixed and the fix is released in a clang version that can be checked for.
Fixes: 035f7f87b729 ("randstruct: Enable Clang support") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers ebiggers@google.com
security/Kconfig.hardening | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index 53baa95cb644..aad16187148c 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -280,7 +280,8 @@ config ZERO_CALL_USED_REGS endmenu config CC_HAS_RANDSTRUCT
- def_bool $(cc-option,-frandomize-layout-seed-file=/dev/null)
- # Temporarily disabled due to https://github.com/llvm/llvm-project/issues/60349
- def_bool n
choice prompt "Randomize layout of sensitive kernel structures"
base-commit: 7b753a909f426f2789d9db6f357c3d59180a9354
2.39.1
This should be fixed with greater precision -- i.e. this is nearly fixed in Clang now, and is likely to be backported. So I think we'll need versioned checks here.