linuxkm/linuxkm_wc_port.h: disable CONFIG_FORTIFY_SOURCE module-wide on kernels <5.18 (shim conflicts), and add WC_FORCE_LINUXKM_FORTIFY_SOURCE for future use.

2026-01-26 14:12:20 +01:00 · 2025-10-07 12:49:54 -05:00
parent b75af93a05
commit e4f0acdc1d
2 changed files with 13 additions and 1 deletions
--- a/.wolfssl_known_macro_extras
+++ b/.wolfssl_known_macro_extras
@@ -602,6 +602,7 @@ WC_DILITHIUM_FIXED_ARRAY
 WC_DISABLE_RADIX_ZERO_PAD
 WC_ECC_NONBLOCK_ONLY
 WC_FLAG_DONT_USE_AESNI
+WC_FORCE_LINUXKM_FORTIFY_SOURCE
 WC_KDF_NIST_SP_800_56C
 WC_LMS_FULL_HASH
 WC_NO_RNG_SIMPLE
--- a/linuxkm/linuxkm_wc_port.h
+++ b/linuxkm/linuxkm_wc_port.h
@@ -228,14 +228,25 @@

    #include <linux/kconfig.h>

-    #if defined(CONFIG_FORTIFY_SOURCE) && defined(HAVE_LINUXKM_PIE_SUPPORT)
+    #if defined(CONFIG_FORTIFY_SOURCE) && \
+        !defined(WC_FORCE_LINUXKM_FORTIFY_SOURCE) && \
+        (defined(HAVE_LINUXKM_PIE_SUPPORT) || \
+         (LINUX_VERSION_CODE < KERNEL_VERSION(5, 18, 0)))
        /* fortify-source causes all sorts of awkward problems for the PIE
         * build, up to and including stubborn external references and multiple
         * definitions of string functions.
+         *
+         * fortify-source before kernel 5.18 has similar issues regardless of
+         * PIE, around our macro-shimming of the string functions.
         */
        #undef CONFIG_FORTIFY_SOURCE
    #endif

+    #if defined(WC_FORCE_LINUXKM_FORTIFY_SOURCE) && \
+        !defined(CONFIG_FORTIFY_SOURCE)
+        #error WC_FORCE_LINUXKM_FORTIFY_SOURCE without CONFIG_FORTIFY_SOURCE.
+    #endif
+
    #if defined(__PIE__) && defined(CONFIG_ARM64)
        #define alt_cb_patch_nops my__alt_cb_patch_nops
        #define queued_spin_lock_slowpath my__queued_spin_lock_slowpath