On Fri, Feb 03, 2023 at 11:42:01AM -0800, Eric Biggers wrote: > From: Eric Biggers <ebiggers@xxxxxxxxxx> > > Randstruct with clang is currently unsafe to use in any clang release > that supports it, due to a clang bug that is causing miscompilations: > "-frandomize-layout-seed inconsistently randomizes all-function-pointers > structs" (https://github.com/llvm/llvm-project/issues/60349). Disable > it temporarily until the bug is fixed and the fix is released in a clang > version that can be checked for. > > Fixes: 035f7f87b729 ("randstruct: Enable Clang support") > Cc: stable@xxxxxxxxxxxxxxx > Signed-off-by: Eric Biggers <ebiggers@xxxxxxxxxx> > --- > security/Kconfig.hardening | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening > index 53baa95cb644..aad16187148c 100644 > --- a/security/Kconfig.hardening > +++ b/security/Kconfig.hardening > @@ -280,7 +280,8 @@ config ZERO_CALL_USED_REGS > endmenu > > config CC_HAS_RANDSTRUCT > - def_bool $(cc-option,-frandomize-layout-seed-file=/dev/null) > + # Temporarily disabled due to https://github.com/llvm/llvm-project/issues/60349 > + def_bool n > > choice > prompt "Randomize layout of sensitive kernel structures" > > base-commit: 7b753a909f426f2789d9db6f357c3d59180a9354 > -- > 2.39.1 This should be fixed with greater precision -- i.e. this is nearly fixed in Clang now, and is likely to be backported. So I think we'll need versioned checks here. -- Kees Cook
