Merge pull request #9280 from douzzer/20251007-linuxkm-fortify-source-sunrise

20251007-linuxkm-fortify-source-sunrise
2026-01-26 17:32:50 +01:00 · 2025-10-07 17:31:45 -06:00
parent a3af514b65 e4f0acdc1d
commit 4dbf96b7bc
2 changed files with 13 additions and 1 deletions
--- a/.wolfssl_known_macro_extras
+++ b/.wolfssl_known_macro_extras
@@ -602,6 +602,7 @@ WC_DILITHIUM_FIXED_ARRAY
 WC_DISABLE_RADIX_ZERO_PAD
 WC_ECC_NONBLOCK_ONLY
 WC_FLAG_DONT_USE_AESNI
+WC_FORCE_LINUXKM_FORTIFY_SOURCE
 WC_KDF_NIST_SP_800_56C
 WC_LMS_FULL_HASH
 WC_NO_RNG_SIMPLE
--- a/linuxkm/linuxkm_wc_port.h
+++ b/linuxkm/linuxkm_wc_port.h
@@ -228,14 +228,25 @@

    #include <linux/kconfig.h>

-    #if defined(CONFIG_FORTIFY_SOURCE) && defined(HAVE_LINUXKM_PIE_SUPPORT)
+    #if defined(CONFIG_FORTIFY_SOURCE) && \
+        !defined(WC_FORCE_LINUXKM_FORTIFY_SOURCE) && \
+        (defined(HAVE_LINUXKM_PIE_SUPPORT) || \
+         (LINUX_VERSION_CODE < KERNEL_VERSION(5, 18, 0)))
        /* fortify-source causes all sorts of awkward problems for the PIE
         * build, up to and including stubborn external references and multiple
         * definitions of string functions.
+         *
+         * fortify-source before kernel 5.18 has similar issues regardless of
+         * PIE, around our macro-shimming of the string functions.
         */
        #undef CONFIG_FORTIFY_SOURCE
    #endif

+    #if defined(WC_FORCE_LINUXKM_FORTIFY_SOURCE) && \
+        !defined(CONFIG_FORTIFY_SOURCE)
+        #error WC_FORCE_LINUXKM_FORTIFY_SOURCE without CONFIG_FORTIFY_SOURCE.
+    #endif
+
    #if defined(__PIE__) && defined(CONFIG_ARM64)
        #define alt_cb_patch_nops my__alt_cb_patch_nops
        #define queued_spin_lock_slowpath my__queued_spin_lock_slowpath