From: Mel Gorman Date: Thu, 23 Jan 2025 22:11:15 +0000 (+0000) Subject: fortify: Move FORTIFY_SOURCE under 'Kernel hardening options' X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=ca758b147e75f4b564225065d70b6526477185ce;p=users%2Fjedix%2Flinux-maple.git fortify: Move FORTIFY_SOURCE under 'Kernel hardening options' FORTIFY_SOURCE is a hardening option both at build and runtime. Move it under 'Kernel hardening options'. Signed-off-by: Mel Gorman Acked-by: Paul Moore Link: https://lore.kernel.org/r/20250123221115.19722-5-mgorman@techsingularity.net Signed-off-by: Kees Cook --- diff --git a/security/Kconfig b/security/Kconfig index 38ad111e07d0..536061cf33a9 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -164,15 +164,6 @@ config LSM_MMAP_MIN_ADDR this low address space will need the permission specific to the systems running LSM. -config FORTIFY_SOURCE - bool "Harden common str/mem functions against buffer overflows" - depends on ARCH_HAS_FORTIFY_SOURCE - # https://github.com/llvm/llvm-project/issues/53645 - depends on !CC_IS_CLANG || !X86_32 - help - Detect overflows of buffers in common string and memory functions - where the compiler can determine and validate the buffer sizes. - config STATIC_USERMODEHELPER bool "Force all usermode helper calls through a single binary" help diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index 45748379f896..23ffb0d7c845 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -282,6 +282,15 @@ endmenu menu "Bounds checking" +config FORTIFY_SOURCE + bool "Harden common str/mem functions against buffer overflows" + depends on ARCH_HAS_FORTIFY_SOURCE + # https://github.com/llvm/llvm-project/issues/53645 + depends on !CC_IS_CLANG || !X86_32 + help + Detect overflows of buffers in common string and memory functions + where the compiler can determine and validate the buffer sizes. + config HARDENED_USERCOPY bool "Harden memory copies between kernel and userspace" imply STRICT_DEVMEM