summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorNathan Chancellor <nathan@kernel.org>2022-12-14 16:26:03 -0700
committerKees Cook <keescook@chromium.org>2022-12-14 16:05:36 -0800
commitd6a9fb87e9d18f3394a9845546bbe868efdccfd2 (patch)
treed5c94c1a1096489916a2f52f9edc06410c258588 /security
parentf68022ae0aeb0803450e05abc0e984027c33ef1b (diff)
downloadlinux-stable-d6a9fb87e9d18f3394a9845546bbe868efdccfd2.tar.gz
linux-stable-d6a9fb87e9d18f3394a9845546bbe868efdccfd2.tar.bz2
linux-stable-d6a9fb87e9d18f3394a9845546bbe868efdccfd2.zip
security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6
A bad bug in clang's implementation of -fzero-call-used-regs can result in NULL pointer dereferences (see the links above the check for more information). Restrict CONFIG_CC_HAS_ZERO_CALL_USED_REGS to either a supported GCC version or a clang newer than 15.0.6, which will catch both a theoretical 15.0.7 and the upcoming 16.0.0, which will both have the bug fixed. Cc: stable@vger.kernel.org # v5.15+ Signed-off-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20221214232602.4118147-1-nathan@kernel.org
Diffstat (limited to 'security')
-rw-r--r--security/Kconfig.hardening3
1 files changed, 3 insertions, 0 deletions
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index d766b7d0ffd1..53baa95cb644 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -257,6 +257,9 @@ config INIT_ON_FREE_DEFAULT_ON
config CC_HAS_ZERO_CALL_USED_REGS
def_bool $(cc-option,-fzero-call-used-regs=used-gpr)
+ # https://github.com/ClangBuiltLinux/linux/issues/1766
+ # https://github.com/llvm/llvm-project/issues/59242
+ depends on !CC_IS_CLANG || CLANG_VERSION > 150006
config ZERO_CALL_USED_REGS
bool "Enable register zeroing on function exit"